Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
166 messages
starting Jul 01 16 and
ending Jul 29 16
Date index |
Thread index |
Author index
Friday, 01 July
CA20160627-01: Security Notice for Release Automation Kotas, Kevin J
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c wpengfeinudt
[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c wpengfeinudt
Logic security flaw in TP-LINK - tplinklogin.net Info
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Stefan Kanthak
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability KoreLogic Disclosures
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam security-alert
Monday, 04 July
[SECURITY] [DSA 3612-1] gimp security update Salvatore Bonaccorso
[security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell
[SECURITY] [DSA 3613-1] libvirt security update Salvatore Bonaccorso
[SECURITY] [DSA 3615-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 3614-1] tomcat7 security update Salvatore Bonaccorso
[FD]CVE ID request : SQL injection in 24Online Client rahullraz
WebCalendar v1.2.7 PHP Code Injection hyp3rlinx
HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation Andrey B. Panfilov
WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx
WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx
WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx
[SECURITY] [DSA 3616-1] linux security update Salvatore Bonaccorso
[CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c wpengfeinudt
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability Vulnerability Lab
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability Vulnerability Lab
[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c wpengfeinudt
Syslog Server "npriority" field remote Denial of Service vulnerability chaoyi . huang
Tuesday, 05 July
Apple Safari for Mac OS X SVG local XXE Filippo Cavallarin
Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092
[slackware-security] mozilla-thunderbird (SSA:2016-187-01) Slackware Security Team
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik
[security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert
Wednesday, 06 July
IBM BlueMix Cloud - (API) Persistent Web Vulnerability Vulnerability Lab
Teampass 2.1.26 - Authenticated File Upload Vulnerability Vulnerability Lab
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability Vulnerability Lab
ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability Security Alert
Re: Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092
[SECURITY] [DSA 3617-1] horizon security update Moritz Muehlenhoff
Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) David Coomber
Thursday, 07 July
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability Egidio Romano
[security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information security-alert
[slackware-security] samba (SSA:2016-189-01) Slackware Security Team
Microsoft WinDbg logviewer.exe Buffer Overflow DOS hyp3rlinx
Microsoft Process Kill Utility "kill.exe" Buffer Overflow hyp3rlinx
Friday, 08 July
BMW ConnectedDrive - (Update) VIN Session Vulnerability Vulnerability Lab
BMW - (Token) Client Side Cross Site Scripting Vulnerability Vulnerability Lab
Monday, 11 July
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in WP Live Chat Support plugin Summer of Pwnage
Tuesday, 12 July
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries Julien Ahrens
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting Julien Ahrens
Persistent Cross-Site Scripting in WordPress Activity Log plugin Summer of Pwnage
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code security-alert
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Email Users WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin Summer of Pwnage
WP Fastest Cache Member Local File Inclusion vulnerability Summer of Pwnage
Easy Forms for MailChimp Local File Inclusion vulnerability Summer of Pwnage
Wednesday, 13 July
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Stefan Kanthak
missing input validation in pmount: arbitrary mount as non-root Imre RAD
Open-Xchange Security Advisory 2016-07-13 Martin Heiland
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Thursday, 14 July
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress Summer of Pwnage
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin Summer of Pwnage
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc
Friday, 15 July
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert
[SECURITY] [DSA 3619-1] libgd2 security update Salvatore Bonaccorso
Sunday, 17 July
[SECURITY] [DSA 3620-1] pidgin security update Salvatore Bonaccorso
Multiple vulns in Vodafone EasyBox 804 Tim Schughart
Monday, 18 July
[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon bashis
[SECURITY] [DSA 3621-1] mysql-connector-java security update Salvatore Bonaccorso
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak
Tuesday, 19 July
[SECURITY] [DSA 3622-1] python-django security update Salvatore Bonaccorso
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 Apple Product Security
APPLE-SA-2016-07-18-2 iOS 9.3.3 Apple Product Security
APPLE-SA-2016-07-18-3 watchOS 2.2.2 Apple Product Security
APPLE-SA-2016-07-18-4 tvOS 9.2.2 Apple Product Security
APPLE-SA-2016-07-18-5 Safari 9.1.2 Apple Product Security
APPLE-SA-2016-07-18-6 iTunes 12.4.2 Apple Product Security
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) Vulnerability Lab
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking Stefan Kanthak
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery in Icegram WordPress Plugin Summer of Pwnage
Multiple SQL injection vulnerabilities in WordPress Video Player Summer of Pwnage
CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] Programa STIC
Wednesday, 20 July
[SECURITY] [DSA 3623-1] apache2 security update Salvatore Bonaccorso
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] UPC Hungary network problems Gergely Eberhardt
Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability Cisco Systems Product Security Incident Response Team
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) Summer of Pwnage
CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen
Thursday, 21 July
Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3624-1] mysql-5.5 security update Salvatore Bonaccorso
MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas
[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) security-alert
[slackware-security] php (SSA:2016-203-02) Slackware Security Team
[slackware-security] gimp (SSA:2016-203-01) Slackware Security Team
Dreammail 5 mail client XSS Vulnerability wwiinngd
Friday, 22 July
[SECURITY] [DSA 3625-1] squid3 security update Sebastien Delafond
Monday, 25 July
MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison
CA20160721-01: Security Notice for CA eHealth Kotas, Kevin J
[slackware-security] bind (SSA:2016-204-01) Slackware Security Team
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking Stefan Kanthak
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design Stefan Kanthak
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 mgill
[SECURITY] [DSA 3626-1] openssh security update Salvatore Bonaccorso
Neoscreen v4.5 Authentication bypass alex_haynes
Neoscreen v4.5 Blind SQL injection alex_haynes
Neoscreen v4.5 Cross-site scripting alex_haynes
Cross-Site Scripting in Contact Form to Email WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Code Snippets WordPress Plugin Summer of Pwnage
[SECURITY] [DSA 3627-1] phpmyadmin security update Thijs Kinkhorst
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr SEC Consult Vulnerability Lab
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar
[SECURITY] [DSA 3628-1] perl security update Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch FreeBSD Security Advisories
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability Secunia Research
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability Secunia Research
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution security-alert
[SECURITY] [DSA 3629-1] ntp security update Moritz Muehlenhoff
July 2016 - Bamboo Server - Critical Security Advisory David Black
MySQL 0days followup (CVE-2016-3477) CVSS 8.1 lem . nikolas
Tuesday, 26 July
Crashing Browsers Remotely via Insecure Search Suggestions research
Huawei ISM Professional XSS Vulnerability ak47464659484
Dropbox 6.4.14 DLL Hijacking Vulnerability mehta . himanshu21
Cross-Site Scripting vulnerability in ColorWay WordPress Theme Summer of Pwnage
Silurus Classifieds XSS Vulnerability ak47464659484
[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) security-alert
[SECURITY] [DSA 3630-1] libgd2 security update Salvatore Bonaccorso
[SECURITY] [DSA 3631-1] php5 security update Moritz Muehlenhoff
Wednesday, 27 July
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability Vulnerability Lab
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability Vulnerability Lab
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability Vulnerability Lab
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Vulnerability Lab
RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Wick, Ryan (US - Chicago)
[SECURITY] [DSA 3632-1] mariadb-10.0 security update Salvatore Bonaccorso
CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal Grebovich, Dragan (Dragan)
[SECURITY] [DSA 3633-1] xen security update Moritz Muehlenhoff
Thursday, 28 July
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability Vulnerability Lab
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability Vulnerability Lab
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab
Saveya Bounty #1 - Bypass & Persistent Vulnerability Vulnerability Lab
Vicon Network Cameras - Authentication Bypass reggie . dodd30
Friday, 29 July
[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting S21sec Vulnerability Research
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg
[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks matthias . deeg
[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability matthias . deeg
[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg
[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) matthias . deeg
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg
CVE-2016-5672: Intel Crosswalk SSL Prompt Issue research
[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update Salvatore Bonaccorso