Bugtraq: by date

PreviousPrevious period
Next periodNext

209 messages starting Feb 01 16 and ending Feb 29 16
Date index | Thread index | Author index

Monday, 01 February

[SECURITY] [DSA 3464-1] rails security update Moritz Muehlenhoff
[SECURITY] [DSA 3463-1] prosody security update Moritz Muehlenhoff
[SECURITY] [DSA 3462-1] radicale security update Yves-Alexis Perez
[SECURITY] [DSA 3461-1] freetype security update Sebastien Delafond
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities Vulnerability Lab
WebKitGTK+ Security Advisory WSA-2016-0001 Carlos Alberto Lopez Perez

Tuesday, 02 February

A tale of openssl_seal(), PHP and Apache2handle s3810
Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability Phil Pearl
MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS Onur Yilmaz

Wednesday, 03 February

[SECURITY] [DSA 3465-1] openjdk-6 security update Moritz Muehlenhoff
TimeClock - Multiple SQL Injections marcelabx
ASUS RT-N56U Persistent XSS graphx
Mezzanine CMS 4.1.0 Arbitrary File Upload hyp3rlinx
Mezzanine CMS 4.1.0 XSS hyp3rlinx
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability Vulnerability Lab
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability Vulnerability Lab
SimpleView CRM - Client Side Open Redirect Vulnerability Vulnerability Lab
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Soso Transfer v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab
Security Advisories Portcullis Advisories
Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability Cisco Systems Product Security Incident Response Team
Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability David Coomber
[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 Pedro Ribeiro
AST-2016-001: BEAST vulnerability in HTTP server Asterisk Security Team
AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. Asterisk Security Team
AST-2016-002: File descriptor exhaustion in chan_sip Asterisk Security Team
[slackware-security] MPlayer (SSA:2016-034-02) Slackware Security Team
[slackware-security] php (SSA:2016-034-04) Slackware Security Team
[slackware-security] openssl (SSA:2016-034-03) Slackware Security Team

Thursday, 04 February

[slackware-security] mozilla-firefox (SSA:2016-034-01) Slackware Security Team
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass Vulnerability Lab
WordPress User Meta Manager Plugin [Privilege Escalation] pan . vagenas
WordPress User Meta Manager Plugin [Blind SQLI] pan . vagenas
[SECURITY] [DSA 3466-1] krb5 security update Salvatore Bonaccorso
CVE-2015-3251: Apache CloudStack VM Credential Exposure John Kinsella

Friday, 05 February

CVE-2015-3252: Apache CloudStack VNC authentication issue John Kinsella

Sunday, 07 February

[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert
[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution security-alert
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox Stefan Kanthak
[security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege security-alert
Multiple vulnerabilities in Open Real Estate v 1.15.1 Simon Waters (Surevine)
[SECURITY] [DSA 3467-1] tiff security update Salvatore Bonaccorso
[SECURITY] [DSA 3468-1] polarssl security update Sebastien Delafond
CFP: SIN 2016 - 9th International Conference on Security of Information and Networks Hossain Shahriar
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
WordPress User Meta Manager Plugin [Information Disclosure] Panagiotis Vagenas

Monday, 08 February

Symphony CMS multiple vulnerabilities Filippo Cavallarin
Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) Ralf Spenneberg
JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability Vulnerability Lab
Getdpd BB #5 - Persistent Filename Vulnerability Vulnerability Lab
Getdpd BB #4 - (name) Persistent Validation Vulnerability Vulnerability Lab
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability Vulnerability Lab
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities Vulnerability Lab
WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] Panagiotis Vagenas
WordPress WP User Frontend Plugin [Unrestricted File Upload] Panagiotis Vagenas

Tuesday, 09 February

[SECURITY] [DSA 3471-1] qemu security update Sebastien Delafond
[SECURITY] [DSA 3469-1] qemu security update Sebastien Delafond
[SECURITY] [DSA 3470-1] qemu-kvm security update Sebastien Delafond
[SECURITY] [DSA 3472-1] wordpress security update Salvatore Bonaccorso
[slackware-security] libsndfile (SSA:2016-039-02) Slackware Security Team
[slackware-security] curl (SSA:2016-039-01) Slackware Security Team
Privilege escalation Vulnerability in ManageEngine Network Configuration Management kingkaustubh
ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities Security Alert
Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) Amit Klein
dotDefender Firewall CSRF hyp3rlinx
ManageEngine Eventlog Analyzer Privilege Escalation v10.8 graphx

Wednesday, 10 February

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities SEC Consult Vulnerability Lab
VP2016-001: Remote Command Execution in File Replication Pro Vantage Point Security
Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability Vulnerability Lab
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability Vulnerability Lab
Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability Vulnerability Lab
Remote Code Execution in Exponent High-Tech Bridge Security Research
Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team
NPS Datastore server DLL side loading vulnerability Securify B.V.
BDA MPEG2 Transport Information Filter DLL side loading vulnerability Securify B.V.
MapsUpdateTask Task DLL side loading vulnerability Securify B.V.
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V.
Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox Jason Hellenthal
Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability Ratio Sec

Thursday, 11 February

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V.
Re: [oss-security] HTTPS Only (Open Source, Python) P J P
[SECURITY] [DSA 3473-1] nginx security update Salvatore Bonaccorso
[slackware-security] mozilla-firefox (SSA:2016-042-01) Slackware Security Team

Friday, 12 February

CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011) Berend-Jan Wever
HD Video Player v2.5 iOS - Multiple Web Vulnerabilities Vulnerability Lab

Saturday, 13 February

[SECURITY] [DSA 3474-1] libgcrypt20 security update Salvatore Bonaccorso
[ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability ERPScan inc
[ERPSCAN-15-032] SAP PCo agent – DoS vulnerability ERPScan inc
KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution KoreLogic Disclosures
[SECURITY] [DSA 3475-1] postgresql-9.1 security update Salvatore Bonaccorso

Sunday, 14 February

[SECURITY] [DSA 3476-1] postgresql-9.4 security update Salvatore Bonaccorso
[SECURITY] [DSA 3477-1] iceweasel security update Moritz Muehlenhoff
Xymon: Critical security issues in all versions prior to 4.3.25 Xymon Software

Monday, 15 February

BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware Blue Frost Security Research Lab

Tuesday, 16 February

phpMyBackupPro v.2.5 XSS hyp3rlinx
phpMyBackupPro v.2.5 Arbitrary File Upload hyp3rlinx
phpMyBackupPro v.2.5 Remote Command Execution / CSRF hyp3rlinx
CyberCop Scanner Smbgrind v5.5 Buffer Overflow hyp3rlinx
[SECURITY] [DSA 3479-1] graphite2 security update Moritz Muehlenhoff
[SECURITY] [DSA 3478-1] libgcrypt11 security update Salvatore Bonaccorso
Missing Function Level Access control Vulnerability in OPutils kingkaustubh
Privilege escalation Vulnerability in ManageEngine oputils kingkaustubh
CSRF and XsS In Manage Engine oputils kingkaustubh
[SECURITY] [DSA 3480-1] eglibc security update Salvatore Bonaccorso
[SECURITY] [DSA 3481-1] glibc security update Salvatore Bonaccorso
Redaxo CMS contains multiple vulnerabilities LSE-Advisories

Thursday, 18 February

RCE via CSRF in osCmax High-Tech Bridge Security Research
SQL Injection in Osclass High-Tech Bridge Security Research
SQL Injection in WeBid High-Tech Bridge Security Research
SQL Injection in TestLink High-Tech Bridge Security Research
SQL Injection in webSPELL High-Tech Bridge Security Research
SSO Authentication Bypass and Website Takeover in DOKEOS High-Tech Bridge Security Research
RCE via CSRF in osCommerce High-Tech Bridge Security Research
[SECURITY] [DSA 3482-1] libreoffice security update Sebastien Delafond
[security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) security-alert
CVE-2015-7521: Apache Hive authorization bug disclosure (update) Sushanth Sowmyan

Friday, 19 February

[SECURITY] [DSA 3484-1] xdelta3 security update Salvatore Bonaccorso
[SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) erlijn . vangenuchten
[SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79) erlijn . vangenuchten
[SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) erlijn . vangenuchten
[SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) erlijn . vangenuchten
[SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358) erlijn . vangenuchten
[SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) erlijn . vangenuchten
[SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting erlijn . vangenuchten

Saturday, 20 February

[SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection erlijn . vangenuchten
ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability Vulnerability Lab
Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab
Chamilo LMS - Persistent Cross Site Scripting Vulnerability Vulnerability Lab
Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability Vulnerability Lab
Investors Application - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability Vulnerability Lab
ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability Vulnerability Lab
[SECURITY] [DSA 3483-1] cpio security update Salvatore Bonaccorso
[security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution security-alert
Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 Cisco Systems Product Security Incident Response Team

Sunday, 21 February

[SECURITY] [DSA 3485-1] didiwiki security update Sebastien Delafond
[security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access security-alert
[SECURITY] [DSA 3486-1] chromium-browser security update Michael Gilbert

Monday, 22 February

[SECURITY] CVE-2015-5346 Apache Tomcat Session fixation Mark Thomas
[SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass Mark Thomas
[SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass Mark Thomas
[SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure Mark Thomas
[SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass Mark Thomas
[SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak Mark Thomas
[SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal Mark Thomas
InstantCoder v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities Vulnerability Lab
[SYSS-2015-063] OpenCms - Cross Site Scripting rainer . boie
Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability Vulnerability Lab

Tuesday, 23 February

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
CSNC-2016-002 - Open Redirect in OpenAM Alexandre Herzog
CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM) Alexandre Herzog
CSNC-2016-001 - XSS in OpenAM Alexandre Herzog

Wednesday, 24 February

[SECURITY] [DSA 3488-1] libssh security update Salvatore Bonaccorso
[SECURITY] [DSA 3489-1] lighttpd security update Sebastien Delafond
Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass Julien Ahrens
[slackware-security] bind (SSA:2016-054-01) Slackware Security Team
[slackware-security] glibc (SSA:2016-054-02) Slackware Security Team
[slackware-security] libgcrypt (SSA:2016-054-03) Slackware Security Team
[slackware-security] ntp (SSA:2016-054-04) Slackware Security Team
[KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability Egidio Romano
Extra User Details [Privilege Escalation] Panagiotis Vagenas
Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe Stefan Kanthak
eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability Vulnerability Lab
CSV Import XSS Vulnerability Rahul Pratap Singh
WP Advanced Importer XSS Vulnerability Rahul Pratap Singh
WP Ultimate Exporter XSS Vulnerability Rahul Pratap Singh
Import Woocommerce XSS Vulnerability Rahul Pratap Singh
Belkin N150 Router Multiple XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3490-1] websvn security update Sebastien Delafond
WordPress User Submitted Posts Plugin [Persistent XSS] Panagiotis Vagenas
JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities Ratio Sec
[SECURITY] [DSA 3491-1] icedove security update Moritz Muehlenhoff

Thursday, 25 February

CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Cantor, Scott
[SECURITY] [DSA 3493-1] xerces-c security update Salvatore Bonaccorso
[SECURITY] [DSA 3492-1] gajim security update Yves-Alexis Perez
APPLE-SA-2016-02-25-1 Apple TV 7.2.1 Apple Product Security
WordPress plugin wp-ultimate-exporter SQL injection vulnerability Henri Salo
Zimbra Cross-Site Scripting vulnerabilities pxli
RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Shivaprasad Sadashivappa

Sunday, 28 February

Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege Stefan Kanthak
[security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution security-alert
[slackware-security] libssh (SSA:2016-057-01) Slackware Security Team
Re: Symantec EP DOS hyp3rlinx
[SECURITY] [DSA 3494-1] cacti security update Salvatore Bonaccorso
[SECURITY] [DSA 3497-1] php-horde security update Salvatore Bonaccorso
Call For Papers - CISTI 2016 Workshops - Deadline March 15 Maria Lemos
[SECURITY] [DSA 3496-1] php-horde-core security update Salvatore Bonaccorso
[SECURITY] [DSA 3499-1] pillow security update Moritz Muehlenhoff
[SECURITY] [DSA 3498-1] drupal7 security advisory Moritz Muehlenhoff

Monday, 29 February

[SECURITY] [DSA 3495-1] xymon security update Sebastien Delafond
WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability Vulnerability Lab
[SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site matthias . deeg
[SYSS-2015-072] perfact::mpa - Insecure Direct Object References matthias . deeg
[SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery matthias . deeg
[SYSS-2015-070] perfact::mpa - Cross-Site Scripting matthias . deeg
[SYSS-2015-066] perfact::mpa - Cross-Site Scripting matthias . deeg
[SYSS-2015-067] perfact::mpa - Insecure Direct Object References matthias . deeg
[SYSS-2015-069] perfact::mpa - Insecure Direct Object References matthias . deeg
[security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS) security-alert
Microsoft PowerPointViewer Code Execution hyp3rlinx
PreviousPrevious period
Next periodNext