Bugtraq: by author
76 messages
starting Feb 13 18 and
ending Feb 22 18
Date index |
Thread index |
Author index
Advisories
CSNC-2017-027 Microsoft Intune - App PIN Bypass Advisories (Feb 13)
apparitionsec
NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) apparitionsec (Feb 14)
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) apparitionsec (Feb 12)
Apple Product Security
APPLE-SA-2018-02-19-1 iOS 11.2.6 Apple Product Security (Feb 19)
APPLE-SA-2018-02-19-3 tvOS 11.2.6 Apple Product Security (Feb 19)
APPLE-SA-2018-02-19-4 watchOS 4.2.3 Apple Product Security (Feb 19)
APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update Apple Product Security (Feb 19)
Arvind Vishwakarma
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload Arvind Vishwakarma (Feb 15)
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF Arvind Vishwakarma (Feb 15)
Core Security Advisories Team
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities Core Security Advisories Team (Feb 05)
[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities Core Security Advisories Team (Feb 21)
cyber-psrt
[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities cyber-psrt (Feb 28)
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification cyber-psrt (Feb 14)
[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection cyber-psrt (Feb 01)
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance cyber-psrt (Feb 22)
David Black
Advisory - Fisheye and Crucible - CVE-2017-16861 David Black (Feb 08)
Defense Code
DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability Defense Code (Feb 21)
displaymyname
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) displaymyname (Feb 19)
Kentico CMS version 9 through 11 - Arbitrary Code Execution displaymyname (Feb 19)
CMS Made Simple 2.1.6 - Remote Code Execution displaymyname (Feb 26)
dkl
Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 dkl (Feb 19)
Jeffrey Walton
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM Jeffrey Walton (Feb 14)
Justin Bull
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull (Feb 22)
KoreLogic Disclosures
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass KoreLogic Disclosures (Feb 12)
KL-001-2018-002 : NetEx HyperIP Authentication Bypass KoreLogic Disclosures (Feb 12)
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution KoreLogic Disclosures (Feb 12)
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability KoreLogic Disclosures (Feb 12)
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability KoreLogic Disclosures (Feb 12)
Luciano Bello
[SECURITY] [DSA 4109-1] ruby-omniauth security update Luciano Bello (Feb 12)
[SECURITY] [DSA 4105-1] mpv security update Luciano Bello (Feb 07)
Luciaon Bello
[SECURITY] [DSA 4105-2] mpv security update Luciaon Bello (Feb 08)
Moritz Muehlenhoff
[SECURITY] [DSA 4111-2] libreoffice security update Moritz Muehlenhoff (Feb 13)
[SECURITY] [DSA 4124-1] lucene-solr security update Moritz Muehlenhoff (Feb 27)
[SECURITY] [DSA 4116-1] plasma-workspace security update Moritz Muehlenhoff (Feb 19)
[SECURITY] [DSA 4113-1] libvorbis security update Moritz Muehlenhoff (Feb 14)
[SECURITY] [DSA 4119-1] libav security update Moritz Muehlenhoff (Feb 19)
[SECURITY] [DSA 4111-1] libreoffice security update Moritz Muehlenhoff (Feb 12)
[SECURITY] [DSA 4121-1] gcc-6 security update Moritz Muehlenhoff (Feb 22)
[SECURITY] [DSA 4123-1] drupal7 security update Moritz Muehlenhoff (Feb 26)
[SECURITY] [DSA 4112-1] xen security update Moritz Muehlenhoff (Feb 14)
[SECURITY] [DSA 4117-1] gcc-4.9 security update Moritz Muehlenhoff (Feb 19)
nafiez
Sharutils 4.15.2 Heap-Buffer-Overflow nafiez (Feb 21)
Sharutils 4.15.2 Heap-Buffer-Overflow nafiez (Feb 21)
preethiknambiar
Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS preethiknambiar (Feb 20)
Salvatore Bonaccorso
[SECURITY] [DSA 4106-1] libtasn1-6 security update Salvatore Bonaccorso (Feb 07)
[SECURITY] [DSA 4115-1] quagga security update Salvatore Bonaccorso (Feb 15)
[SECURITY] [DSA 4107-1] django-anymail security update Salvatore Bonaccorso (Feb 07)
[SECURITY] [DSA 4104-1] p7zip security update Salvatore Bonaccorso (Feb 05)
[SECURITY] [DSA 4110-1] exim4 security update Salvatore Bonaccorso (Feb 12)
[SECURITY] [DSA 4122-1] squid3 security update Salvatore Bonaccorso (Feb 22)
[SECURITY] [DSA 4118-1] tomcat-native security update Salvatore Bonaccorso (Feb 19)
Sandro Gauci
ES2018-01 Asterisk pjsip subscribe stack corruption Sandro Gauci (Feb 26)
ES2018-02 Asterisk pjsip sdp invalid fmtp segfault Sandro Gauci (Feb 26)
ES2018-04 Asterisk pjsip tcp segfault Sandro Gauci (Feb 26)
ES2018-03 Asterisk pjsip sdp invalid media format description segfault Sandro Gauci (Feb 26)
Sebastien Delafond
[SECURITY] [DSA 4114-1] jackson-databind security update Sebastien Delafond (Feb 14)
SEC Consult Vulnerability Lab
SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management SEC Consult Vulnerability Lab (Feb 28)
SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range SEC Consult Vulnerability Lab (Feb 01)
SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors SEC Consult Vulnerability Lab (Feb 21)
SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro SEC Consult Vulnerability Lab (Feb 08)
SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket SEC Consult Vulnerability Lab (Feb 27)
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip SEC Consult Vulnerability Lab (Feb 07)
Secunia Research
Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability Secunia Research (Feb 28)
security-alert
[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) security-alert (Feb 07)
[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass security-alert (Feb 13)
[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service security-alert (Feb 27)
Security Explorations
[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform Security Explorations (Feb 07)
Slackware Security Team
[slackware-security] php (SSA:2018-034-01) Slackware Security Team (Feb 05)
[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) Slackware Security Team (Feb 07)
[slackware-security] irssi (SSA:2018-046-01) Slackware Security Team (Feb 16)
Stefan Kanthak
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM Stefan Kanthak (Feb 15)
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS Stefan Kanthak (Feb 14)
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM Stefan Kanthak (Feb 12)
suparna . kachru
Multiple Persistent XSS vulnerabilities in Radiant Content Management System suparna . kachru (Feb 20)
Thijs Kinkhorst
[SECURITY] [DSA 4108-1] mailman security update Thijs Kinkhorst (Feb 09)
Yves-Alexis Perez
[SECURITY] [DSA 4120-1] linux security update Yves-Alexis Perez (Feb 22)