Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
178 messages
starting Jan 27 16 and
ending Jan 25 16
Date index |
Thread index |
Author index
Alessandro Ghedini
[SECURITY] [DSA 3455-1] curl security update Alessandro Ghedini (Jan 27)
Apple Product Security
APPLE-SA-2016-01-19-3 Safari 9.0.3 Apple Product Security (Jan 19)
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 Apple Product Security (Jan 19)
APPLE-SA-2016-01-19-1 iOS 9.2.1 Apple Product Security (Jan 19)
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 Apple Product Security (Jan 07)
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 Apple Product Security (Jan 07)
APPLE-SA-2016-01-25-1 tvOS 9.1.1 Apple Product Security (Jan 26)
benedikt . westermann
Netgear GS105Ev2 - Multiple Vulnerabilities benedikt . westermann (Jan 27)
Ben Hutchings
[SECURITY] [DSA 3452-1] claws-mail security update Ben Hutchings (Jan 25)
[SECURITY] [DSA 3440-1] sudo security update Ben Hutchings (Jan 11)
[SECURITY] [DSA 3434-1] linux security update Ben Hutchings (Jan 05)
bugtraq
[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 bugtraq (Jan 20)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Jan 27)
Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability Cisco Systems Product Security Incident Response Team (Jan 27)
Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team (Jan 14)
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jan 14)
Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team (Jan 14)
Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team (Jan 20)
Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jan 20)
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability Cisco Systems Product Security Incident Response Team (Jan 14)
Claus Ibsen
CVE-2015-5344 - Apache Camel medium disclosure vulnerability Claus Ibsen (Jan 31)
CORE Advisories Team
[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities CORE Advisories Team (Jan 26)
[CORE-2016-0001] - Intel Driver Update Utility MiTM CORE Advisories Team (Jan 19)
cxsecurity
Magento 1.9.x Multiple Man-In The Middle cxsecurity (Jan 26)
glibc catopen() Multiple unbounded stack allocations cxsecurity (Jan 26)
Daniel Schliebner
[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability Daniel Schliebner (Jan 07)
David Black
January 2016 - Bamboo - Critical Security Advisory David Black (Jan 21)
Egidio Romano
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability Egidio Romano (Jan 15)
Eitan Caspi
Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through Eitan Caspi (Jan 07)
erlijn . vangenuchten
[SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499) erlijn . vangenuchten (Jan 07)
ERPScan inc
[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption ERPScan inc (Jan 27)
fgghy
Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) fgghy (Jan 11)
Filippo Cavallarin
ProjectSend multiple vulnerabilities Filippo Cavallarin (Jan 29)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:07.openssh FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:11.openssl FreeBSD Security Advisories (Jan 30)
FreeBSD Security Advisory FreeBSD-SA-16:04.linux FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:03.linux FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:08.bind FreeBSD Security Advisories (Jan 27)
FreeBSD Security Advisory FreeBSD-SA-16:05.tcp FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:09.ntp FreeBSD Security Advisories (Jan 27)
FreeBSD Security Advisory FreeBSD-SA-16:01.sctp FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:02.ntp FreeBSD Security Advisories (Jan 14)
FreeBSD Security Advisory FreeBSD-SA-16:10.linux FreeBSD Security Advisories (Jan 27)
graphx
ZyXel WAP3205 v1 Multiple XSS graphx (Jan 25)
ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation graphx (Jan 29)
Hacking Corporation Sàrl
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase Hacking Corporation Sàrl (Jan 28)
High-Tech Bridge Security Research
Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module High-Tech Bridge Security Research (Jan 14)
Remote Code Execution in Roundcube High-Tech Bridge Security Research (Jan 14)
hyp3rlinx
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto hyp3rlinx (Jan 25)
Oracle HtmlConverter.exe Buffer Overflow hyp3rlinx (Jan 20)
Advanced Electron Forum v1.0.9 RFI / CSRF hyp3rlinx (Jan 17)
Advanced Electron Forum v1.0.9 CSRF hyp3rlinx (Jan 17)
Advanced Electron Forum v1.0.9 Persistent XSS hyp3rlinx (Jan 17)
hyp3rphp
Symantec EP DOS hyp3rphp (Jan 07)
iedb . team
imageone Cms Multiple vulnerabilities iedb . team (Jan 25)
imageone Cms Multiple vulnerabilities iedb . team (Jan 25)
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability iedb . team (Jan 11)
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability iedb . team (Jan 11)
Imre RAD
PHP LiteSpeed SAPI out of boundaries read due to missing input validation Imre RAD (Jan 26)
PHP-FPM fpm_log.c memory leak and buffer overflow Imre RAD (Jan 25)
Authentication bypass in PHP File Manager 0.9.8 Imre Rad (Jan 26)
PHP LiteSpeed SAPI secret key improper disposal Imre RAD (Jan 25)
issues
QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys issues (Jan 20)
jerold
eClinicalWorks (CCMR) - Multiple Vulnerabilities jerold (Jan 31)
kingkaustubh
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network kingkaustubh (Jan 29)
Laszlo Boszormenyi (GCS)
[SECURITY] [DSA 3435-1] git security update Laszlo Boszormenyi (GCS) (Jan 05)
Michael Gilbert
[SECURITY] [DSA 3438-1] xscreensaver security update Michael Gilbert (Jan 11)
[SECURITY] [DSA 3456-1] chromium-browser security update Michael Gilbert (Jan 27)
[SECURITY] [DSA 3442-1] isc-dhcp security update Michael Gilbert (Jan 14)
Moritz Muehlenhoff
[SECURITY] [DSA 3454-1] virtualbox security update Moritz Muehlenhoff (Jan 26)
[SECURITY] [DSA 3431-1] ganeti security update Moritz Muehlenhoff (Jan 01)
[SECURITY] [DSA 3458-1] openjdk-7 security update Moritz Muehlenhoff (Jan 27)
[SECURITY] [DSA 3457-1] iceweasel security update Moritz Muehlenhoff (Jan 27)
[SECURITY] [DSA 3432-1] icedove security update Moritz Muehlenhoff (Jan 01)
Ng, Sam (Fortify)
OpenBravo Hibernate HQL Injection Ng, Sam (Fortify) (Jan 11)
Nicolas Grégoire
Exploiting XXE vulnerabilities in AMF libraries Nicolas Grégoire (Jan 11)
Onur Yilmaz
Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 Onur Yilmaz (Jan 07)
LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability Onur Yilmaz (Jan 20)
Pierre Kim
FreeBSD bsnmpd information disclosure Pierre Kim (Jan 14)
CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Pierre Kim (Jan 04)
Qualys Security Advisory
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
Rahul Pratap Singh
Open Audit SQL Injection Vulnerability Rahul Pratap Singh (Jan 03)
Quick Cart v6.6 XSS Vulnerability Rahul Pratap Singh (Jan 19)
Quick CMS v 6.1 XSS Vulnerability Rahul Pratap Singh (Jan 19)
WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability Rahul Pratap Singh (Jan 07)
Log2Space Central v 6.2 Multiple XSS Vulnerability Rahul Pratap Singh (Jan 27)
WP-Comment-Rating XSS Vulnerability Rahul Pratap Singh (Jan 31)
Commentator Wordpress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh (Jan 14)
BK Mobile CMS SQLi and XSS Vulnerability Rahul Pratap Singh (Jan 27)
WP Symposium Pro Social Network Plugin XSS Vulnerability Rahul Pratap Singh (Jan 12)
WP Easy Gallery v4.1.4 Stored XSS Vulnerability Rahul Pratap Singh (Jan 26)
WP-Ultimate CSV Importer XSS Vulnerability Rahul Pratap Singh (Jan 26)
Ralf Spenneberg
OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S Ralf Spenneberg (Jan 01)
OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders Ralf Spenneberg (Jan 01)
OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag Ralf Spenneberg (Jan 01)
RedTeam Pentesting GmbH
[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials RedTeam Pentesting GmbH (Jan 07)
[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting GmbH (Jan 07)
[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images RedTeam Pentesting GmbH (Jan 07)
Reed Loden
Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability Reed Loden (Jan 11)
Salvatore Bonaccorso
[SECURITY] [DSA 3431-2] ganeti regression update Salvatore Bonaccorso (Jan 14)
[SECURITY] [DSA 3439-1] prosody security update Salvatore Bonaccorso (Jan 11)
[SECURITY] [DSA 3447-1] tomcat7 security update Salvatore Bonaccorso (Jan 17)
[SECURITY] [DSA 3453-1] mariadb-10.0 security update Salvatore Bonaccorso (Jan 26)
[SECURITY] [DSA 3436-1] openssl security update Salvatore Bonaccorso (Jan 10)
[SECURITY] [DSA 3445-1] pygments security update Salvatore Bonaccorso (Jan 14)
[SECURITY] [DSA 3437-1] gnutls26 security update Salvatore Bonaccorso (Jan 11)
[SECURITY] [DSA 3441-1] perl security update Salvatore Bonaccorso (Jan 11)
[SECURITY] [DSA 3444-1] wordpress security update Salvatore Bonaccorso (Jan 14)
[SECURITY] [DSA 3443-1] libpng security update Salvatore Bonaccorso (Jan 14)
[SECURITY] [DSA 3450-1] ecryptfs-utils security update Salvatore Bonaccorso (Jan 20)
[SECURITY] [DSA 3433-1] samba security update Salvatore Bonaccorso (Jan 03)
[SECURITY] [DSA 3449-1] bind9 security update Salvatore Bonaccorso (Jan 19)
[SECURITY] [DSA 3459-1] mysql-5.5 security update Salvatore Bonaccorso (Jan 28)
[SECURITY] [DSA 3448-1] linux security update Salvatore Bonaccorso (Jan 19)
Sarah Allen
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Sarah Allen (Jan 11)
Sebastian Perez
Confluence Vulnerabilities Sebastian Perez (Jan 04)
Sebastien Delafond
[SECURITY] [DSA 3460-1] privoxy security update Sebastien Delafond (Jan 31)
SEC Consult Vulnerability Lab
SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems SEC Consult Vulnerability Lab (Jan 12)
SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices SEC Consult Vulnerability Lab (Jan 21)
Securify B.V.
HP LaserJet Fax Preview DLL side loading vulnerability Securify B.V. (Jan 25)
HP ToComMsg DLL side loading vulnerability Securify B.V. (Jan 25)
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities Securify B.V. (Jan 25)
security-alert
[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) security-alert (Jan 19)
[security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access security-alert (Jan 07)
[security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS) security-alert (Jan 26)
[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege security-alert (Jan 14)
[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) security-alert (Jan 10)
[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) security-alert (Jan 28)
[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) security-alert (Jan 07)
[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification security-alert (Jan 29)
[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification security-alert (Jan 29)
[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access security-alert (Jan 29)
[security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities security-alert (Jan 14)
[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS) security-alert (Jan 29)
[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS) security-alert (Jan 26)
[security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities security-alert (Jan 14)
[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities security-alert (Jan 28)
[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS) security-alert (Jan 29)
[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution security-alert (Jan 29)
Slackware Security Team
[slackware-security] dhcp (SSA:2016-012-01) Slackware Security Team (Jan 14)
[slackware-security] openssh (SSA:2016-014-01) Slackware Security Team (Jan 14)
Stefan Kanthak
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ... Stefan Kanthak (Jan 14)
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 08)
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 07)
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe Stefan Kanthak (Jan 19)
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? Stefan Kanthak (Jan 15)
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities Stefan Kanthak (Jan 04)
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 31)
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution Stefan Kanthak (Jan 15)
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 07)
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" Stefan Kanthak (Jan 21)
Stefan Seelmann
[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability Stefan Seelmann (Jan 03)
Stelios Tsampas
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas (Jan 11)
CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas (Jan 11)
Sushanth Sowmyan
CVE-2015-7521: Apache Hive authorization bug disclosure Sushanth Sowmyan (Jan 28)
Thomas Bleier
MobaXTerm before version 8.5 vulnerability in "jump host" functionality Thomas Bleier (Jan 08)
t . schughart
VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability t . schughart (Jan 31)
OpenXchange | Information Disclosure t . schughart (Jan 31)
urikanonov
[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 urikanonov (Jan 17)
[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 urikanonov (Jan 17)
Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 urikanonov (Jan 20)
Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 urikanonov (Jan 20)
Vulnerability Lab
Classic Infomedia (Login) - Auth Bypass Web Vulnerability Vulnerability Lab (Jan 27)
Kleefa v1.7 (IR) - Multiple Web Vulnerabilities Vulnerability Lab (Jan 27)
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities Vulnerability Lab (Jan 27)
New Era Company CMS - (id) SQL Injection Vulnerability Vulnerability Lab (Jan 28)
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jan 29)
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab (Jan 28)
los818 CMS 2016 Q1 - SQL Injection Web Vulnerability Vulnerability Lab (Jan 27)
Telegram (API) - Cross Site Request Forgery Vulnerabilities Vulnerability Lab (Jan 27)
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability Vulnerability Lab (Jan 27)
Apple WatchOS v2.1 - Denial of Service Vulnerability Vulnerability Lab (Jan 27)
Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 27)
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability Vulnerability Lab (Jan 27)
Yves-Alexis Perez
[SECURITY] [DSA 3446-1] openssh security update Yves-Alexis Perez (Jan 14)
[SECURITY] [DSA 3451-1] fuse security update Yves-Alexis Perez (Jan 21)
zemnmez
Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) zemnmez (Jan 25)