Bugtraq: by thread
108 messages
starting Nov 01 16 and
ending Nov 30 16
Date index |
Thread index |
Author index
- [HITB-Announce] HITB2017AMS CFP Hafez Kamal (Nov 01)
- OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) Ralf Spenneberg (Nov 01)
- CfP and Special Session :: CyberSec2017 Jackie Blanco (Nov 01)
- [slackware-security] x11 (SSA:2016-305-02) Slackware Security Team (Nov 01)
- [slackware-security] mariadb (SSA:2016-305-03) Slackware Security Team (Nov 01)
- [slackware-security] php (SSA:2016-305-04) Slackware Security Team (Nov 01)
- Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details Berend-Jan Wever (Nov 01)
- Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
- Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
- [security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) security-alert (Nov 02)
- Axessh 4.2.2 Denial Of Service apparitionsec (Nov 07)
- <Possible follow-ups>
- Axessh 4.2.2 Denial Of Service apparitionsec (Nov 08)
- [security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection security-alert (Nov 07)
- MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) Dawid Golunski (Nov 07)
- KL-001-2016-008 : Sophos Web Appliance Privilege Escalation KoreLogic Disclosures (Nov 07)
- KL-001-2016-009 : Sophos Web Appliance Remote Code Execution KoreLogic Disclosures (Nov 07)
- [security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution security-alert (Nov 08)
- [security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting security-alert (Nov 08)
- Rapid PHP Editor CSRF Remote Command Execution apparitionsec (Nov 08)
- WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow apparitionsec (Nov 08)
- Faraznet Cms Cross-Site Scripting Vulnerability iedb . team (Nov 08)
- <Possible follow-ups>
- Faraznet Cms Cross-Site Scripting Vulnerability iedb . team (Nov 08)
- Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Nov 08)
- Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Nov 08)
- Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability Vulnerability Lab (Nov 08)
- [security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution security-alert (Nov 08)
- [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow Pedro Ribeiro (Nov 08)
- [SECURITY] [DSA 3707-1] openjdk-7 security update Moritz Muehlenhoff (Nov 08)
- Cross Site Scripting Vulnerability In Verint Impact 360 sanehsingh (Nov 08)
- Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Summer of Pwnage (Nov 08)
- Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Summer of Pwnage (Nov 08)
- Cross-Site Scripting in Calendar WordPress Plugin Summer of Pwnage (Nov 08)
- URL Redirection Vulnerability In Verint Impact 360 sanehsingh (Nov 09)
- [security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution security-alert (Nov 09)
- [SECURITY] [DSA 3709-1] libxslt security update Salvatore Bonaccorso (Nov 09)
- MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details Berend-Jan Wever (Nov 10)
- Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 nickyccwu (Nov 10)
- WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever (Nov 10)
- Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability Secunia Research (Nov 10)
- Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability Secunia Research (Nov 10)
- CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser tallison (Nov 10)
- Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability Secunia Research (Nov 10)
- [SECURITY] [DSA 3711-1] mariadb-10.0 security update Salvatore Bonaccorso (Nov 14)
- CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart unlimitsec (Nov 14)
- WHM Panel Mail Delivery Reports crash database Vulnerability iedb . team (Nov 14)
- <Possible follow-ups>
- WHM Panel Mail Delivery Reports crash database Vulnerability iedb . team (Nov 14)
- [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE Maxim Solodovnik (Nov 14)
- CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details Berend-Jan Wever (Nov 14)
- SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 SEC Consult Vulnerability Lab (Nov 14)
- Multiple vulnerabilities in Barco Clickshare vincent.ruijter (Nov 14)
- [security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery security-alert (Nov 14)
- [security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection security-alert (Nov 14)
- CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 14)
- Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari (Nov 14)
- Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset Andrew Klaus (Nov 14)
- [security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information security-alert (Nov 15)
- CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details Berend-Jan Wever (Nov 16)
- [security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS) security-alert (Nov 17)
- [SECURITY] [DSA 3716-1] firefox-esr security update Moritz Muehlenhoff (Nov 17)
- Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody Stefan Kanthak (Nov 17)
- [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc (Nov 18)
- [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc (Nov 18)
- Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability Vulnerability Lab (Nov 18)
- CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details Berend-Jan Wever (Nov 18)
- [slackware-security] mozilla-firefox (SSA:2016-323-01) Slackware Security Team (Nov 21)
- Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin Summer of Pwnage (Nov 21)
- Cross-Site Scripting in Check Email WordPress Plugin Summer of Pwnage (Nov 21)
- Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage (Nov 21)
- Putty Cleartext Password Storage apparitionsec (Nov 21)
- [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) security-alert (Nov 21)
- Multiple issues in OpManager 12100 & 12200 Michael Heydon (Nov 21)
- [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens (Nov 21)
- <Possible follow-ups>
- [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens (Nov 21)
- [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure Julien Ahrens (Nov 21)
- [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting Julien Ahrens (Nov 21)
- Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) Dawid Golunski (Nov 21)
- [ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc (Nov 21)
- [SECURITY] [DSA 3719-1] wireshark security update Sebastien Delafond (Nov 21)
- Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1 Andrea Barisani (Nov 21)
- CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details Berend-Jan Wever (Nov 22)
- [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities CORE Advisories Team (Nov 22)
- [SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks matthias . deeg (Nov 23)
- [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks matthias . deeg (Nov 23)
- CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details Berend-Jan Wever (Nov 23)
- [security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities security-alert (Nov 23)
- [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition Dawid Golunski (Nov 23)
- [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks gerhard . klostermeier (Nov 23)
- [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) gerhard . klostermeier (Nov 24)
- [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks matthias . deeg (Nov 24)
- [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) gerhard . klostermeier (Nov 24)
- WorldCIST'17 - Submission deadline: November 27 ML (Nov 24)
- [SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update Salvatore Bonaccorso (Nov 24)
- [SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update Salvatore Bonaccorso (Nov 24)
- Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic Jackie Blanco (Nov 24)
- <Possible follow-ups>
- Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic Jackie Blanco (Nov 24)
- CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability Apache OpenOffice Security (Nov 28)
- WorldCIST'2017 - Submission deadline: November 30 ML (Nov 28)
- Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow apparitionsec (Nov 28)
- [SECURITY] [DSA 3725-1] icu security update Luciano Bello (Nov 28)
- SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic SEC Consult Vulnerability Lab (Nov 28)
- Google Chrome Accessibility blink::Node corruption details Berend-Jan Wever (Nov 29)
- XSS in tooltip plugin of Zurb Foundation 5 Winni Neessen (Nov 29)
- [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting GmbH (Nov 30)
- [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access security-alert (Nov 30)
- [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues FOXMOLE Advisories (Nov 30)
- [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution security-alert (Nov 30)
- [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege security-alert (Nov 30)
- [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection security-alert (Nov 30)