Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

166 messages starting Jul 01 16 and ending Jul 29 16
Date index | Thread index | Author index

• CA20160627-01: Security Notice for Release Automation Kotas, Kevin J (Jul 01)
• [CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c wpengfeinudt (Jul 01)
• [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c wpengfeinudt (Jul 01)
• Logic security flaw in TP-LINK - tplinklogin.net Info (Jul 01)
• Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Stefan Kanthak (Jul 01)
• KL-001-2016-003 : SQLite Tempdir Selection Vulnerability KoreLogic Disclosures (Jul 01)
• [security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam security-alert (Jul 01)
• [SECURITY] [DSA 3612-1] gimp security update Salvatore Bonaccorso (Jul 04)
• [security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information security-alert (Jul 04)
• [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell (Jul 04)
• [SECURITY] [DSA 3613-1] libvirt security update Salvatore Bonaccorso (Jul 04)
• [SECURITY] [DSA 3615-1] wireshark security update Moritz Muehlenhoff (Jul 04)
• [SECURITY] [DSA 3614-1] tomcat7 security update Salvatore Bonaccorso (Jul 04)
• [FD]CVE ID request : SQL injection in 24Online Client rahullraz (Jul 04)
• WebCalendar v1.2.7 PHP Code Injection hyp3rlinx (Jul 04)
• HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation Andrey B. Panfilov (Jul 04)
• WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
  • <Possible follow-ups>
  • WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
  • WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
• [SECURITY] [DSA 3616-1] linux security update Salvatore Bonaccorso (Jul 04)
• [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c wpengfeinudt (Jul 04)
• KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)
• OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability Vulnerability Lab (Jul 04)
• [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c wpengfeinudt (Jul 04)
• Syslog Server "npriority" field remote Denial of Service vulnerability chaoyi . huang (Jul 04)
• Apple Safari for Mac OS X SVG local XXE Filippo Cavallarin (Jul 05)
• Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092 (Jul 05)
  • <Possible follow-ups>
  • Re: Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092 (Jul 06)
• [slackware-security] mozilla-thunderbird (SSA:2016-187-01) Slackware Security Team (Jul 05)
• CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 05)
  • <Possible follow-ups>
  • CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 07)
• [security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert (Jul 05)
• IBM BlueMix Cloud - (API) Persistent Web Vulnerability Vulnerability Lab (Jul 06)
• Teampass 2.1.26 - Authenticated File Upload Vulnerability Vulnerability Lab (Jul 06)
• Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability Vulnerability Lab (Jul 06)
• ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability Security Alert (Jul 06)
• [SECURITY] [DSA 3617-1] horizon security update Moritz Muehlenhoff (Jul 06)
• Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) David Coomber (Jul 06)
• [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability Egidio Romano (Jul 07)
• [security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information security-alert (Jul 07)
• [slackware-security] samba (SSA:2016-189-01) Slackware Security Team (Jul 07)
• Microsoft WinDbg logviewer.exe Buffer Overflow DOS hyp3rlinx (Jul 07)
• Microsoft Process Kill Utility "kill.exe" Buffer Overflow hyp3rlinx (Jul 07)
• BMW ConnectedDrive - (Update) VIN Session Vulnerability Vulnerability Lab (Jul 08)
• BMW - (Token) Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jul 08)
• Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin Summer of Pwnage (Jul 11)
• Persistent Cross-Site Scripting in WP Live Chat Support plugin Summer of Pwnage (Jul 11)
• [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries Julien Ahrens (Jul 12)
• [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting Julien Ahrens (Jul 12)
• Persistent Cross-Site Scripting in WordPress Activity Log plugin Summer of Pwnage (Jul 12)
• [security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code security-alert (Jul 12)
• Cross-Site Scripting vulnerability in Master Slider WordPress Plugin Summer of Pwnage (Jul 12)
• Cross-Site Scripting vulnerability in Email Users WordPress Plugin Summer of Pwnage (Jul 12)
• Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin Summer of Pwnage (Jul 12)
• WP Fastest Cache Member Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
• Easy Forms for MailChimp Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
• [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Stefan Kanthak (Jul 13)
• missing input validation in pmount: arbitrary mount as non-root Imre RAD (Jul 13)
• Open-Xchange Security Advisory 2016-07-13 Martin Heiland (Jul 13)
• Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jul 13)
• Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin Summer of Pwnage (Jul 14)
• Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress Summer of Pwnage (Jul 14)
• Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin Summer of Pwnage (Jul 14)
• Cross-Site Scripting vulnerability in Google Forms WordPress Plugin Summer of Pwnage (Jul 14)
• [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc (Jul 14)
• [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc (Jul 14)
• [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc (Jul 14)
• [security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Jul 15)
• [SECURITY] [DSA 3619-1] libgd2 security update Salvatore Bonaccorso (Jul 15)
• [SECURITY] [DSA 3620-1] pidgin security update Salvatore Bonaccorso (Jul 17)
• Multiple vulns in Vodafone EasyBox 804 Tim Schughart (Jul 17)
• [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon bashis (Jul 18)
• [SECURITY] [DSA 3621-1] mysql-connector-java security update Salvatore Bonaccorso (Jul 18)
• [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak (Jul 18)
• [SECURITY] [DSA 3622-1] python-django security update Salvatore Bonaccorso (Jul 19)
• APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 Apple Product Security (Jul 19)
• APPLE-SA-2016-07-18-2 iOS 9.3.3 Apple Product Security (Jul 19)
• APPLE-SA-2016-07-18-3 watchOS 2.2.2 Apple Product Security (Jul 19)
• APPLE-SA-2016-07-18-4 tvOS 9.2.2 Apple Product Security (Jul 19)
• APPLE-SA-2016-07-18-5 Safari 9.1.2 Apple Product Security (Jul 19)
• APPLE-SA-2016-07-18-6 iTunes 12.4.2 Apple Product Security (Jul 19)
• Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) Vulnerability Lab (Jul 19)
• Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking Stefan Kanthak (Jul 19)
• Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin Summer of Pwnage (Jul 19)
• Cross-Site Request Forgery in Icegram WordPress Plugin Summer of Pwnage (Jul 19)
• Multiple SQL injection vulnerabilities in WordPress Video Player Summer of Pwnage (Jul 19)
• CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] Programa STIC (Jul 19)
• [SECURITY] [DSA 3623-1] apache2 security update Salvatore Bonaccorso (Jul 20)
• [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities Gergely Eberhardt (Jul 20)
• [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
• [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
• [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
• [SEARCH-LAB advisory] UPC Hungary network problems Gergely Eberhardt (Jul 20)
• Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability Cisco Systems Product Security Incident Response Team (Jul 20)
• Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin Summer of Pwnage (Jul 20)
• Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) Summer of Pwnage (Jul 20)
• CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen (Jul 20)
• Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Jul 21)
• [SECURITY] [DSA 3624-1] mysql-5.5 security update Salvatore Bonaccorso (Jul 21)
• MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas (Jul 21)
  • <Possible follow-ups>
  • MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas (Jul 25)
• [security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) security-alert (Jul 21)
• [slackware-security] php (SSA:2016-203-02) Slackware Security Team (Jul 21)
• [slackware-security] gimp (SSA:2016-203-01) Slackware Security Team (Jul 21)
• Dreammail 5 mail client XSS Vulnerability wwiinngd (Jul 21)
• [SECURITY] [DSA 3625-1] squid3 security update Sebastien Delafond (Jul 22)
• [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison (Jul 25)
• CA20160721-01: Security Notice for CA eHealth Kotas, Kevin J (Jul 25)
• [slackware-security] bind (SSA:2016-204-01) Slackware Security Team (Jul 25)
• Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking Stefan Kanthak (Jul 25)
• Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design Stefan Kanthak (Jul 25)
• Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 mgill (Jul 25)
• [SECURITY] [DSA 3626-1] openssh security update Salvatore Bonaccorso (Jul 25)
• Neoscreen v4.5 Authentication bypass alex_haynes (Jul 25)
• Neoscreen v4.5 Blind SQL injection alex_haynes (Jul 25)
• Neoscreen v4.5 Cross-site scripting alex_haynes (Jul 25)
• Cross-Site Scripting in Contact Form to Email WordPress Plugin Summer of Pwnage (Jul 25)
• Cross-Site Scripting in Code Snippets WordPress Plugin Summer of Pwnage (Jul 25)
• [SECURITY] [DSA 3627-1] phpmyadmin security update Thijs Kinkhorst (Jul 25)
• SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr SEC Consult Vulnerability Lab (Jul 25)
• XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Jul 25)
• [SECURITY] [DSA 3628-1] perl security update Salvatore Bonaccorso (Jul 25)
• FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch FreeBSD Security Advisories (Jul 25)
• Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability Secunia Research (Jul 25)
• Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability Secunia Research (Jul 25)
• [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution security-alert (Jul 25)
• [SECURITY] [DSA 3629-1] ntp security update Moritz Muehlenhoff (Jul 25)
• July 2016 - Bamboo Server - Critical Security Advisory David Black (Jul 25)
• MySQL 0days followup (CVE-2016-3477) CVSS 8.1 lem . nikolas (Jul 25)
• Crashing Browsers Remotely via Insecure Search Suggestions research (Jul 26)
• Huawei ISM Professional XSS Vulnerability ak47464659484 (Jul 26)
• Dropbox 6.4.14 DLL Hijacking Vulnerability mehta . himanshu21 (Jul 26)
• Cross-Site Scripting vulnerability in ColorWay WordPress Theme Summer of Pwnage (Jul 26)
• Silurus Classifieds XSS Vulnerability ak47464659484 (Jul 26)
• [security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) security-alert (Jul 26)
• [SECURITY] [DSA 3630-1] libgd2 security update Salvatore Bonaccorso (Jul 26)
• [SECURITY] [DSA 3631-1] php5 security update Moritz Muehlenhoff (Jul 26)
• Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability Vulnerability Lab (Jul 27)
• DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Jul 27)
• VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
• VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
  • RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Wick, Ryan (US - Chicago) (Jul 27)
• [SECURITY] [DSA 3632-1] mariadb-10.0 security update Salvatore Bonaccorso (Jul 27)
• CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal Grebovich, Dragan (Dragan) (Jul 27)
• [SECURITY] [DSA 3633-1] xen security update Moritz Muehlenhoff (Jul 27)
• Zortam Media Studio 20.60 - Buffer Overflow Vulnerability Vulnerability Lab (Jul 28)
• Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability Vulnerability Lab (Jul 28)
• Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Jul 28)
• Saveya Bounty #1 - Bypass & Persistent Vulnerability Vulnerability Lab (Jul 28)
• Vicon Network Cameras - Authentication Bypass reggie . dodd30 (Jul 28)
• [S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting S21sec Vulnerability Research (Jul 29)
• ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jul 29)
• [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg (Jul 29)
  • <Possible follow-ups>
  • [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg (Jul 29)
• [SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
• [SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
• [SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
• [SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) matthias . deeg (Jul 29)
• [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
  • <Possible follow-ups>
  • [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
• [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
  • <Possible follow-ups>
  • [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
• [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
  • <Possible follow-ups>
  • [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
• CVE-2016-5672: Intel Crosswalk SSL Prompt Issue research (Jul 29)
• [SECURITY] [DSA 3635-1] libdbd-mysql-perl security update Salvatore Bonaccorso (Jul 29)

Previous period

Next period