Bugtraq: by thread
92 messages
starting Apr 03 17 and
ending Apr 30 17
Date index |
Thread index |
Author index
- Splunk Enterprise Information Theft CVE-2017-5607 hyp3rlinx (Apr 03)
- SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function SEC Consult Vulnerability Lab (Apr 03)
- [security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) security-alert (Apr 03)
- Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Patrick Webster (Apr 03)
- Lotus Protector for Mail Security remote code execution Patrick Webster (Apr 04)
- Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection Patrick Webster (Apr 04)
- AirWatch Self Service Portal Username Parameter LDAP Injection Patrick Webster (Apr 04)
- Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure Patrick Webster (Apr 04)
- Lantern CMS Path Disclosure, SQL Injection, Reflected XSS Patrick Webster (Apr 04)
- CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service Advisories (Apr 04)
- Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities Patrick Webster (Apr 04)
- Tweek!DM Document Management Authentication bypass, SQL injection Patrick Webster (Apr 04)
- SilverStripe CMS - Path Disclosure Patrick Webster (Apr 04)
- SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package Patrick Webster (Apr 04)
- AcoraCMS browser redirect and Cross-site scripting vulnerabilities Patrick Webster (Apr 04)
- Kaseya information disclosure vulnerability Patrick Webster (Apr 04)
- iPlatinum iOneView Multiple Parameter Reflected XSS Patrick Webster (Apr 04)
- Moodle URL Manipulation Remote Account Information Disclosure Patrick Webster (Apr 04)
- OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. Ralf Spenneberg (Apr 04)
- The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. Ralf Spenneberg (Apr 04)
- AST-2017-001: Buffer overflow in CDR's set user Asterisk Security Team (Apr 04)
- [SECURITY] [DSA 3826-1] tryton-server security update Salvatore Bonaccorso (Apr 04)
- DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal DefenseCode (Apr 04)
- [security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data security-alert (Apr 04)
- Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload hyp3rlinx (Apr 05)
- Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) David Coomber (Apr 06)
- Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) David Coomber (Apr 06)
- SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum SEC Consult Vulnerability Lab (Apr 07)
- D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download patrykgnt (Apr 10)
- [CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda (Apr 10)
- [security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution security-alert (Apr 10)
- [SECURITY] [DSA 3827-1] jasper security update Moritz Muehlenhoff (Apr 10)
- [slackware-security] libtiff (SSA:2017-098-01) Slackware Security Team (Apr 10)
- Foscam All networked devices, multiple Design Errors. SSL bypass. nick . m . mckenna (Apr 10)
- ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode Nightwatch Cybersecurity Research (Apr 10)
- DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities DefenseCode (Apr 10)
- [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
- [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
- Multiple local privilege escalation vulnerabilities in Proxifier for Mac Securify B.V. (Apr 11)
- Microsoft Office OneNote 2007 DLL side loading vulnerability Securify B.V. (Apr 11)
- [SECURITY] [DSA 3829-1] bouncycastle security update Moritz Muehlenhoff (Apr 11)
- FreeBSD Security Advisory FreeBSD-SA-17:03.ntp FreeBSD Security Advisories (Apr 12)
- CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection hyp3rlinx (Apr 12)
- CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure hyp3rlinx (Apr 12)
- CVE-2017-7456 Moxa MXview v2.8 Denial Of Service hyp3rlinx (Apr 12)
- DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) DefenseCode (Apr 12)
- April 2017 - HipChat Server Advisory Matthew Hart (Apr 13)
- [SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting erlijn . vangenuchten (Apr 13)
- [SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference erlijn . vangenuchten (Apr 13)
- [SYSS-2017-007] agorum core Pro - Cross-Site Scripting erlijn . vangenuchten (Apr 13)
- [SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery erlijn . vangenuchten (Apr 13)
- [SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') erlijn . vangenuchten (Apr 13)
- [security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data security-alert (Apr 13)
- [slackware-security] bind (SSA:2017-103-01) Slackware Security Team (Apr 13)
- concrete5 v8.1.0 Host Header Injection hyp3rlinx (Apr 13)
- Watchguard Fireware XXE DoS & User Enumeration David Fernandez (Apr 17)
- [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call (Apr 18)
- [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner (Apr 18)
- CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset hyp3rlinx (Apr 18)
- [slackware-security] minicom (SSA:2017-108-01) Slackware Security Team (Apr 19)
- CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 19)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 25)
- Message not available
- Message not available