Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
108 messages
starting Nov 21 16 and
ending Nov 29 16
Date index |
Thread index |
Author index
Andrea Barisani
Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1 Andrea Barisani (Nov 21)
Andrew Klaus
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset Andrew Klaus (Nov 14)
Apache OpenOffice Security
CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability Apache OpenOffice Security (Nov 28)
apparitionsec
Axessh 4.2.2 Denial Of Service apparitionsec (Nov 07)
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow apparitionsec (Nov 08)
Rapid PHP Editor CSRF Remote Command Execution apparitionsec (Nov 08)
Putty Cleartext Password Storage apparitionsec (Nov 21)
Axessh 4.2.2 Denial Of Service apparitionsec (Nov 08)
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow apparitionsec (Nov 28)
Berend-Jan Wever
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details Berend-Jan Wever (Nov 10)
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details Berend-Jan Wever (Nov 01)
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details Berend-Jan Wever (Nov 18)
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details Berend-Jan Wever (Nov 16)
Google Chrome Accessibility blink::Node corruption details Berend-Jan Wever (Nov 29)
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever (Nov 10)
CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details Berend-Jan Wever (Nov 23)
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details Berend-Jan Wever (Nov 14)
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details Berend-Jan Wever (Nov 22)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
CORE Advisories Team
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities CORE Advisories Team (Nov 22)
Dawid Golunski
Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) Dawid Golunski (Nov 21)
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition Dawid Golunski (Nov 23)
MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) Dawid Golunski (Nov 07)
ERPScan inc
[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc (Nov 18)
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc (Nov 21)
[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc (Nov 18)
FOXMOLE Advisories
[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues FOXMOLE Advisories (Nov 30)
gerhard . klostermeier
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) gerhard . klostermeier (Nov 24)
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) gerhard . klostermeier (Nov 24)
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks gerhard . klostermeier (Nov 23)
Hafez Kamal
[HITB-Announce] HITB2017AMS CFP Hafez Kamal (Nov 01)
Hector Marco
CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 14)
iedb . team
WHM Panel Mail Delivery Reports crash database Vulnerability iedb . team (Nov 14)
WHM Panel Mail Delivery Reports crash database Vulnerability iedb . team (Nov 14)
Faraznet Cms Cross-Site Scripting Vulnerability iedb . team (Nov 08)
Faraznet Cms Cross-Site Scripting Vulnerability iedb . team (Nov 08)
Jackie Blanco
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic Jackie Blanco (Nov 24)
CfP and Special Session :: CyberSec2017 Jackie Blanco (Nov 01)
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic Jackie Blanco (Nov 24)
Julien Ahrens
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens (Nov 21)
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens (Nov 21)
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting Julien Ahrens (Nov 21)
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure Julien Ahrens (Nov 21)
KoreLogic Disclosures
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation KoreLogic Disclosures (Nov 07)
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution KoreLogic Disclosures (Nov 07)
Leo Famulari
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari (Nov 14)
Luciano Bello
[SECURITY] [DSA 3725-1] icu security update Luciano Bello (Nov 28)
matthias . deeg
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks matthias . deeg (Nov 23)
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks matthias . deeg (Nov 23)
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks matthias . deeg (Nov 24)
Maxim Solodovnik
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE Maxim Solodovnik (Nov 14)
Michael Heydon
Multiple issues in OpManager 12100 & 12200 Michael Heydon (Nov 21)
ML
WorldCIST'17 - Submission deadline: November 27 ML (Nov 24)
WorldCIST'2017 - Submission deadline: November 30 ML (Nov 28)
Moritz Muehlenhoff
[SECURITY] [DSA 3716-1] firefox-esr security update Moritz Muehlenhoff (Nov 17)
[SECURITY] [DSA 3707-1] openjdk-7 security update Moritz Muehlenhoff (Nov 08)
nickyccwu
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 nickyccwu (Nov 10)
Pedro Ribeiro
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow Pedro Ribeiro (Nov 08)
Ralf Spenneberg
OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) Ralf Spenneberg (Nov 01)
RedTeam Pentesting GmbH
[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting GmbH (Nov 30)
Salvatore Bonaccorso
[SECURITY] [DSA 3711-1] mariadb-10.0 security update Salvatore Bonaccorso (Nov 14)
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update Salvatore Bonaccorso (Nov 24)
[SECURITY] [DSA 3709-1] libxslt security update Salvatore Bonaccorso (Nov 09)
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update Salvatore Bonaccorso (Nov 24)
sanehsingh
Cross Site Scripting Vulnerability In Verint Impact 360 sanehsingh (Nov 08)
URL Redirection Vulnerability In Verint Impact 360 sanehsingh (Nov 09)
Sebastien Delafond
[SECURITY] [DSA 3719-1] wireshark security update Sebastien Delafond (Nov 21)
SEC Consult Vulnerability Lab
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic SEC Consult Vulnerability Lab (Nov 28)
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 SEC Consult Vulnerability Lab (Nov 14)
Secunia Research
Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability Secunia Research (Nov 10)
Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability Secunia Research (Nov 10)
Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability Secunia Research (Nov 10)
security-alert
[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities security-alert (Nov 23)
[security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution security-alert (Nov 08)
[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege security-alert (Nov 30)
[security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection security-alert (Nov 07)
[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) security-alert (Nov 02)
[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access security-alert (Nov 30)
[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution security-alert (Nov 08)
[security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) security-alert (Nov 21)
[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting security-alert (Nov 08)
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution security-alert (Nov 09)
[security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS) security-alert (Nov 17)
[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection security-alert (Nov 14)
[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery security-alert (Nov 14)
[security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information security-alert (Nov 15)
[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution security-alert (Nov 30)
[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection security-alert (Nov 30)
Slackware Security Team
[slackware-security] php (SSA:2016-305-04) Slackware Security Team (Nov 01)
[slackware-security] mozilla-firefox (SSA:2016-323-01) Slackware Security Team (Nov 21)
[slackware-security] x11 (SSA:2016-305-02) Slackware Security Team (Nov 01)
[slackware-security] mariadb (SSA:2016-305-03) Slackware Security Team (Nov 01)
Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody Stefan Kanthak (Nov 17)
Summer of Pwnage
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Summer of Pwnage (Nov 08)
Cross-Site Scripting in Check Email WordPress Plugin Summer of Pwnage (Nov 21)
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin Summer of Pwnage (Nov 21)
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage (Nov 21)
Cross-Site Scripting in Calendar WordPress Plugin Summer of Pwnage (Nov 08)
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Summer of Pwnage (Nov 08)
tallison
CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser tallison (Nov 10)
unlimitsec
CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart unlimitsec (Nov 14)
vincent.ruijter
Multiple vulnerabilities in Barco Clickshare vincent.ruijter (Nov 14)
Vulnerability Lab
Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Nov 08)
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Nov 08)
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability Vulnerability Lab (Nov 18)
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability Vulnerability Lab (Nov 08)
Winni Neessen
XSS in tooltip plugin of Zurb Foundation 5 Winni Neessen (Nov 29)