Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
92 messages
starting Apr 03 17 and
ending Apr 30 17
Date index |
Thread index |
Author index
Monday, 03 April
Splunk Enterprise Information Theft CVE-2017-5607 hyp3rlinx
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function SEC Consult Vulnerability Lab
[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) security-alert
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Patrick Webster
Tuesday, 04 April
Lotus Protector for Mail Security remote code execution Patrick Webster
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection Patrick Webster
AirWatch Self Service Portal Username Parameter LDAP Injection Patrick Webster
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure Patrick Webster
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS Patrick Webster
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service Advisories
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities Patrick Webster
Tweek!DM Document Management Authentication bypass, SQL injection Patrick Webster
SilverStripe CMS - Path Disclosure Patrick Webster
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package Patrick Webster
AcoraCMS browser redirect and Cross-site scripting vulnerabilities Patrick Webster
Kaseya information disclosure vulnerability Patrick Webster
iPlatinum iOneView Multiple Parameter Reflected XSS Patrick Webster
Moodle URL Manipulation Remote Account Information Disclosure Patrick Webster
OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. Ralf Spenneberg
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. Ralf Spenneberg
AST-2017-001: Buffer overflow in CDR's set user Asterisk Security Team
[SECURITY] [DSA 3826-1] tryton-server security update Salvatore Bonaccorso
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal DefenseCode
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data security-alert
Wednesday, 05 April
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload hyp3rlinx
Thursday, 06 April
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) David Coomber
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) David Coomber
Friday, 07 April
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum SEC Consult Vulnerability Lab
Monday, 10 April
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download patrykgnt
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution security-alert
[SECURITY] [DSA 3827-1] jasper security update Moritz Muehlenhoff
[slackware-security] libtiff (SSA:2017-098-01) Slackware Security Team
Foscam All networked devices, multiple Design Errors. SSL bypass. nick . m . mckenna
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode Nightwatch Cybersecurity Research
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities DefenseCode
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas
Tuesday, 11 April
Multiple local privilege escalation vulnerabilities in Proxifier for Mac Securify B.V.
Microsoft Office OneNote 2007 DLL side loading vulnerability Securify B.V.
[SECURITY] [DSA 3829-1] bouncycastle security update Moritz Muehlenhoff
Wednesday, 12 April
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp FreeBSD Security Advisories
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection hyp3rlinx
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure hyp3rlinx
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service hyp3rlinx
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) DefenseCode
Thursday, 13 April
April 2017 - HipChat Server Advisory Matthew Hart
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting erlijn . vangenuchten
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference erlijn . vangenuchten
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting erlijn . vangenuchten
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery erlijn . vangenuchten
[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') erlijn . vangenuchten
[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data security-alert
[slackware-security] bind (SSA:2017-103-01) Slackware Security Team
concrete5 v8.1.0 Host Header Injection hyp3rlinx
Monday, 17 April
Watchguard Fireware XXE DoS & User Enumeration David Fernandez
Tuesday, 18 April
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner
CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset hyp3rlinx
Wednesday, 19 April
[slackware-security] minicom (SSA:2017-108-01) Slackware Security Team
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. Andrey B. Panfilov
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability DefenseCode
Thursday, 20 April
October CMS v1.0.412 several vulnerabilities Anti Räis
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th Hafez Kamal
[SECURITY] [DSA 3831-1] firefox-esr security update Moritz Muehlenhoff
Friday, 21 April
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass Security Advisories
Tuesday, 25 April
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake Security Advisories
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Securify B.V.
[slackware-security] proftpd (SSA:2017-112-03) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2017-112-01) Slackware Security Team
[slackware-security] ntp (SSA:2017-112-02) Slackware Security Team
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method Andrey B. Panfilov
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path KoreLogic Disclosures
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse KoreLogic Disclosures
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection KoreLogic Disclosures
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read KoreLogic Disclosures
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials KoreLogic Disclosures
[SECURITY] [DSA 3833-1] libav security update Moritz Muehlenhoff
[slackware-security] mozilla-firefox (SSA:2017-114-01) Slackware Security Team
Wednesday, 26 April
[SECURITY] [DSA 3834-1] mysql-5.5 security update Salvatore Bonaccorso
April 2017 - Confluence - Security Advisory David Black
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas
Thursday, 27 April
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter FreeBSD Security Advisories
[SECURITY] [DSA 3836-1] weechat security update Salvatore Bonaccorso
Friday, 28 April
Live Helper Chat - Cross-Site Scripting Advisories
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab
[SECURITY] [DSA 3838-1] ghostscript security update Salvatore Bonaccorso
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
Sunday, 30 April
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Securify B.V.
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V.