Bugtraq: by thread
166 messages
starting Jul 01 16 and
ending Jul 29 16
Date index |
Thread index |
Author index
- CA20160627-01: Security Notice for Release Automation Kotas, Kevin J (Jul 01)
- [CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c wpengfeinudt (Jul 01)
- [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c wpengfeinudt (Jul 01)
- Logic security flaw in TP-LINK - tplinklogin.net Info (Jul 01)
- Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Stefan Kanthak (Jul 01)
- KL-001-2016-003 : SQLite Tempdir Selection Vulnerability KoreLogic Disclosures (Jul 01)
- [security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam security-alert (Jul 01)
- [SECURITY] [DSA 3612-1] gimp security update Salvatore Bonaccorso (Jul 04)
- [security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information security-alert (Jul 04)
- [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell (Jul 04)
- [SECURITY] [DSA 3613-1] libvirt security update Salvatore Bonaccorso (Jul 04)
- [SECURITY] [DSA 3615-1] wireshark security update Moritz Muehlenhoff (Jul 04)
- [SECURITY] [DSA 3614-1] tomcat7 security update Salvatore Bonaccorso (Jul 04)
- [FD]CVE ID request : SQL injection in 24Online Client rahullraz (Jul 04)
- WebCalendar v1.2.7 PHP Code Injection hyp3rlinx (Jul 04)
- HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation Andrey B. Panfilov (Jul 04)
- WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
- <Possible follow-ups>
- WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
- WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
- [SECURITY] [DSA 3616-1] linux security update Salvatore Bonaccorso (Jul 04)
- [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c wpengfeinudt (Jul 04)
- KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)
- OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability Vulnerability Lab (Jul 04)
- [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c wpengfeinudt (Jul 04)
- Syslog Server "npriority" field remote Denial of Service vulnerability chaoyi . huang (Jul 04)
- Apple Safari for Mac OS X SVG local XXE Filippo Cavallarin (Jul 05)
- Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092 (Jul 05)
- <Possible follow-ups>
- Re: Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092 (Jul 06)
- [slackware-security] mozilla-thunderbird (SSA:2016-187-01) Slackware Security Team (Jul 05)
- CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 05)
- <Possible follow-ups>
- CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 07)
- [security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert (Jul 05)
- IBM BlueMix Cloud - (API) Persistent Web Vulnerability Vulnerability Lab (Jul 06)
- Teampass 2.1.26 - Authenticated File Upload Vulnerability Vulnerability Lab (Jul 06)
- Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability Vulnerability Lab (Jul 06)
- ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability Security Alert (Jul 06)
- [SECURITY] [DSA 3617-1] horizon security update Moritz Muehlenhoff (Jul 06)
- Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) David Coomber (Jul 06)
- [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability Egidio Romano (Jul 07)
- [security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information security-alert (Jul 07)
- [slackware-security] samba (SSA:2016-189-01) Slackware Security Team (Jul 07)
- Microsoft WinDbg logviewer.exe Buffer Overflow DOS hyp3rlinx (Jul 07)
- Microsoft Process Kill Utility "kill.exe" Buffer Overflow hyp3rlinx (Jul 07)
- BMW ConnectedDrive - (Update) VIN Session Vulnerability Vulnerability Lab (Jul 08)
- BMW - (Token) Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jul 08)
- Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin Summer of Pwnage (Jul 11)
- Persistent Cross-Site Scripting in WP Live Chat Support plugin Summer of Pwnage (Jul 11)
- [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries Julien Ahrens (Jul 12)
- [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting Julien Ahrens (Jul 12)
- Persistent Cross-Site Scripting in WordPress Activity Log plugin Summer of Pwnage (Jul 12)
- [security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code security-alert (Jul 12)
- Cross-Site Scripting vulnerability in Master Slider WordPress Plugin Summer of Pwnage (Jul 12)
- Cross-Site Scripting vulnerability in Email Users WordPress Plugin Summer of Pwnage (Jul 12)
- Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin Summer of Pwnage (Jul 12)
- WP Fastest Cache Member Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
- Easy Forms for MailChimp Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
- [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Stefan Kanthak (Jul 13)
- missing input validation in pmount: arbitrary mount as non-root Imre RAD (Jul 13)
- Open-Xchange Security Advisory 2016-07-13 Martin Heiland (Jul 13)
- Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jul 13)
- Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin Summer of Pwnage (Jul 14)
- Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress Summer of Pwnage (Jul 14)
- Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin Summer of Pwnage (Jul 14)
- Cross-Site Scripting vulnerability in Google Forms WordPress Plugin Summer of Pwnage (Jul 14)
- [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc (Jul 14)
- [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc (Jul 14)
- [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc (Jul 14)
- [security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Jul 15)
- [SECURITY] [DSA 3619-1] libgd2 security update Salvatore Bonaccorso (Jul 15)
- [SECURITY] [DSA 3620-1] pidgin security update Salvatore Bonaccorso (Jul 17)
- Multiple vulns in Vodafone EasyBox 804 Tim Schughart (Jul 17)
- [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon bashis (Jul 18)
- [SECURITY] [DSA 3621-1] mysql-connector-java security update Salvatore Bonaccorso (Jul 18)
- [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak (Jul 18)
- [SECURITY] [DSA 3622-1] python-django security update Salvatore Bonaccorso (Jul 19)
- APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 Apple Product Security (Jul 19)
- APPLE-SA-2016-07-18-2 iOS 9.3.3 Apple Product Security (Jul 19)
- APPLE-SA-2016-07-18-3 watchOS 2.2.2 Apple Product Security (Jul 19)
- APPLE-SA-2016-07-18-4 tvOS 9.2.2 Apple Product Security (Jul 19)
- APPLE-SA-2016-07-18-5 Safari 9.1.2 Apple Product Security (Jul 19)
- APPLE-SA-2016-07-18-6 iTunes 12.4.2 Apple Product Security (Jul 19)
- Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) Vulnerability Lab (Jul 19)
- Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking Stefan Kanthak (Jul 19)
- Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin Summer of Pwnage (Jul 19)
- Cross-Site Request Forgery in Icegram WordPress Plugin Summer of Pwnage (Jul 19)
- Multiple SQL injection vulnerabilities in WordPress Video Player Summer of Pwnage (Jul 19)
- CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] Programa STIC (Jul 19)
- [SECURITY] [DSA 3623-1] apache2 security update Salvatore Bonaccorso (Jul 20)
- [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities Gergely Eberhardt (Jul 20)
- [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
- [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
- [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
- [SEARCH-LAB advisory] UPC Hungary network problems Gergely Eberhardt (Jul 20)
- Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability Cisco Systems Product Security Incident Response Team (Jul 20)
- Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin Summer of Pwnage (Jul 20)
- Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) Summer of Pwnage (Jul 20)
- CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen (Jul 20)
- Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Jul 21)
- [SECURITY] [DSA 3624-1] mysql-5.5 security update Salvatore Bonaccorso (Jul 21)
- MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas (Jul 21)
- <Possible follow-ups>
- MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas (Jul 25)
- [security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) security-alert (Jul 21)
- [slackware-security] php (SSA:2016-203-02) Slackware Security Team (Jul 21)
- [slackware-security] gimp (SSA:2016-203-01) Slackware Security Team (Jul 21)
- Dreammail 5 mail client XSS Vulnerability wwiinngd (Jul 21)
- [SECURITY] [DSA 3625-1] squid3 security update Sebastien Delafond (Jul 22)
- [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison (Jul 25)
- CA20160721-01: Security Notice for CA eHealth Kotas, Kevin J (Jul 25)
- [slackware-security] bind (SSA:2016-204-01) Slackware Security Team (Jul 25)
- Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking Stefan Kanthak (Jul 25)
- Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design Stefan Kanthak (Jul 25)
- Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 mgill (Jul 25)
- [SECURITY] [DSA 3626-1] openssh security update Salvatore Bonaccorso (Jul 25)
- Neoscreen v4.5 Authentication bypass alex_haynes (Jul 25)
- Neoscreen v4.5 Blind SQL injection alex_haynes (Jul 25)
- Neoscreen v4.5 Cross-site scripting alex_haynes (Jul 25)
- Cross-Site Scripting in Contact Form to Email WordPress Plugin Summer of Pwnage (Jul 25)
- Cross-Site Scripting in Code Snippets WordPress Plugin Summer of Pwnage (Jul 25)
- [SECURITY] [DSA 3627-1] phpmyadmin security update Thijs Kinkhorst (Jul 25)
- SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr SEC Consult Vulnerability Lab (Jul 25)
- XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Jul 25)
- [SECURITY] [DSA 3628-1] perl security update Salvatore Bonaccorso (Jul 25)
- FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch FreeBSD Security Advisories (Jul 25)
- Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability Secunia Research (Jul 25)
- Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability Secunia Research (Jul 25)
- [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution security-alert (Jul 25)
- [SECURITY] [DSA 3629-1] ntp security update Moritz Muehlenhoff (Jul 25)
- July 2016 - Bamboo Server - Critical Security Advisory David Black (Jul 25)
- MySQL 0days followup (CVE-2016-3477) CVSS 8.1 lem . nikolas (Jul 25)
- Crashing Browsers Remotely via Insecure Search Suggestions research (Jul 26)
- Huawei ISM Professional XSS Vulnerability ak47464659484 (Jul 26)
- Dropbox 6.4.14 DLL Hijacking Vulnerability mehta . himanshu21 (Jul 26)
- Cross-Site Scripting vulnerability in ColorWay WordPress Theme Summer of Pwnage (Jul 26)
- Silurus Classifieds XSS Vulnerability ak47464659484 (Jul 26)
- [security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) security-alert (Jul 26)
- [SECURITY] [DSA 3630-1] libgd2 security update Salvatore Bonaccorso (Jul 26)
- [SECURITY] [DSA 3631-1] php5 security update Moritz Muehlenhoff (Jul 26)
- Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability Vulnerability Lab (Jul 27)
- DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Jul 27)
- VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
- VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
- RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Wick, Ryan (US - Chicago) (Jul 27)
- [SECURITY] [DSA 3632-1] mariadb-10.0 security update Salvatore Bonaccorso (Jul 27)
- CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal Grebovich, Dragan (Dragan) (Jul 27)
- [SECURITY] [DSA 3633-1] xen security update Moritz Muehlenhoff (Jul 27)
- Zortam Media Studio 20.60 - Buffer Overflow Vulnerability Vulnerability Lab (Jul 28)
- Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability Vulnerability Lab (Jul 28)
- Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Jul 28)
- Saveya Bounty #1 - Bypass & Persistent Vulnerability Vulnerability Lab (Jul 28)
- Vicon Network Cameras - Authentication Bypass reggie . dodd30 (Jul 28)
- [S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting S21sec Vulnerability Research (Jul 29)
- ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jul 29)
- [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg (Jul 29)
- <Possible follow-ups>
- [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg (Jul 29)
- [SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
- [SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
- [SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
- [SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) matthias . deeg (Jul 29)
- [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
- <Possible follow-ups>
- [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
- [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
- <Possible follow-ups>
- [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
- [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
- <Possible follow-ups>
- [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
- CVE-2016-5672: Intel Crosswalk SSL Prompt Issue research (Jul 29)
- [SECURITY] [DSA 3635-1] libdbd-mysql-perl security update Salvatore Bonaccorso (Jul 29)