Bugtraq: by thread
121 messages
starting Jan 02 18 and
ending Jan 31 18
Date index |
Thread index |
Author index
- Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 Atlassian (Jan 02)
- b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Anti Räis (Jan 02)
- CVE-2017-6094 - Genexis GAPS Access Control Vulnerability Antoine Neuenschwander (Jan 03)
- [security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities cyber-psrt (Jan 03)
- [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code security-alert (Jan 03)
- Re "Intel responds to security research findings" Ed Maste (Jan 03)
- Intel CPU bug forcing page table switch during syscalls? Pavel Machek (Jan 03)
- [SECURITY] [DSA 4078-1] linux security update Yves-Alexis Perez (Jan 04)
- Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Jan 04)
- iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities Vulnerability Lab (Jan 04)
- SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability Vulnerability Lab (Jan 04)
- Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) apparitionsec (Jan 08)
- CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) apparitionsec (Jan 08)
- SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities Vulnerability Lab (Jan 08)
- Social Media Widget by Acurax [CSRF] Panagiotis Vagenas (Jan 08)
- Admin Menu Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas (Jan 08)
- CMS Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas (Jan 08)
- WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Jan 08)
- Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty Vulnerability Lab (Jan 08)
- CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) apparitionsec (Jan 08)
- [SECURITY] [DSA 4079-1] poppler security update Moritz Muehlenhoff (Jan 08)
- APPLE-SA-2018-1-8-1 iOS 11.2.2 Apple Product Security (Jan 08)
- APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update Apple Product Security (Jan 08)
- APPLE-SA-2018-1-8-3 Safari 11.0.2 Apple Product Security (Jan 08)
- Response to Meltdown and Spectre Gordon Tetlow (Jan 09)
- [SECURITY] [DSA 4081-1] php5 security update Moritz Muehlenhoff (Jan 09)
- [slackware-security] irssi (SSA:2018-008-01) Slackware Security Team (Jan 09)
- [SECURITY] [DSA 4080-1] php7.0 security update Moritz Muehlenhoff (Jan 09)
- CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used Imre Rad (Jan 09)
- [SECURITY] [DSA 4082-1] linux security update Salvatore Bonaccorso (Jan 09)
- [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert (Jan 09)
- Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) chunibalon (Jan 10)
- DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities DefenseCode (Jan 10)
- DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability DefenseCode (Jan 10)
- DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability DefenseCode (Jan 10)
- WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez (Jan 10)
- [SECURITY] [DSA 4083-1] poco security update Sebastien Delafond (Jan 11)
- CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting Advisories (Jan 11)
- Flash Operator Panel v2.31.03 - Command Execution Vulnerability Vulnerability Lab (Jan 12)
- SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jan 12)
- Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Jan 12)
- Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities Vulnerability Lab (Jan 12)
- MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab (Jan 12)
- <Possible follow-ups>
- MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab (Jan 16)
- [SECURITY] [DSA 4084-1] gifsicle security update Sebastien Delafond (Jan 12)
- Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Lab (Jan 12)
- Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability Vulnerability Lab (Jan 12)
- Magento Connect T1 - (Claim) Persistent Vulnerability Vulnerability Lab (Jan 12)
- [security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass security-alert (Jan 15)
- [security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege security-alert (Jan 15)
- [SECURITY] [DSA 4085-1] xmltooling security update Moritz Muehlenhoff (Jan 15)
- Code execution in Kaseya VSA Securify B.V. (Jan 15)
- Broken TLS certificate validation in VTech DigiGo browser Summer of Pwnage (Jan 15)
- Arbitrary file read in Kaseya VSA Securify B.V. (Jan 15)
- Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Summer of Pwnage (Jan 15)
- [SECURITY] [DSA 4087-1] transmission security update Moritz Muehlenhoff (Jan 15)
- [SECURITY] [DSA 4086-1] libxml2 security update Salvatore Bonaccorso (Jan 15)
- Seagate Media Server allows deleting of arbitrary files and folders Summer of Pwnage (Jan 15)
- Authentication bypass in Kaseya VSA Securify B.V. (Jan 15)
- Adminer <= v4.3.1 Server Side Request Forgery apparitionsec (Jan 15)
- Broken TLS certificate pinning in VTech DigiGo Kid Connect app Summer of Pwnage (Jan 15)
- [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting GmbH (Jan 16)
- [SECURITY] [DSA 4088-1] gdk-pixbuf security update Moritz Muehlenhoff (Jan 16)
- Zenario v7.6 CMS - SQL Injection Web Vulnerability Vulnerability Lab (Jan 16)
- ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 tim . kretschmann (Jan 16)
- [SECURITY] [DSA 4089-1] bind9 security update Salvatore Bonaccorso (Jan 16)
- [SECURITY] [DSA 4090-1] wordpress security update Sebastien Delafond (Jan 18)
- [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities security-alert (Jan 18)
- [slackware-security] bind (SSA:2018-017-01) Slackware Security Team (Jan 18)
- [security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert (Jan 18)
- [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation security-alert (Jan 18)
- [SECURITY] [DSA 4092-1] awstats security update Sebastien Delafond (Jan 19)
- CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe (Jan 22)
- Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jan 22)
- Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) apparitionsec (Jan 22)
- CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities Vulnerability Lab (Jan 22)
- CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities Vulnerability Lab (Jan 22)
- Photo Vault v1.2 iOS - Insecure Authentication Vulnerability Vulnerability Lab (Jan 22)
- Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability Vulnerability Lab (Jan 22)
- [SECURITY] [DSA 4093-1] openocd security update luciano (Jan 22)
- CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities Vulnerability Lab (Jan 22)
- [SECURITY] [DSA 4094-1] smarty3 security update Luciano Bello (Jan 22)
- [security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert (Jan 22)
- SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications SEC Consult Vulnerability Lab (Jan 22)
- DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities DefenseCode (Jan 23)
- APPLE-SA-2018-1-23-1 iOS 11.2.5 Apple Product Security (Jan 23)
- APPLE-SA-2018-1-23-3 watchOS 4.2.2 Apple Product Security (Jan 23)
- APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Product Security (Jan 23)
- APPLE-SA-2018-1-23-4 tvOS 11.2.5 Apple Product Security (Jan 23)
- APPLE-SA-2018-1-23-5 Safari 11.0.3 Apple Product Security (Jan 23)
- APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 Apple Product Security (Jan 23)
- APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows Apple Product Security (Jan 23)
- CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka (Jan 24)
- WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez (Jan 24)
- [SECURITY] [DSA 4095-1] gcab security update Salvatore Bonaccorso (Jan 24)
- [SECURITY] [DSA 4096-1] firefox-esr security update Moritz Muehlenhoff (Jan 24)
- [slackware-security] curl (SSA:2018-024-01) Slackware Security Team (Jan 25)
- [SECURITY] [DSA 4097-1] poppler security update Moritz Muehlenhoff (Jan 29)
- [security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass security-alert (Jan 29)
- [security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Jan 29)
- [security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Jan 29)
- [security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Jan 29)
- [security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information security-alert (Jan 29)
- KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability KoreLogic Disclosures (Jan 29)
- [SECURITY] [DSA 4101-1] wireshark security update Moritz Muehlenhoff (Jan 29)
- [SECURITY] [DSA 4100-1] tiff security update Moritz Muehlenhoff (Jan 29)
- [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks matthias . deeg (Jan 29)
- [security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification security-alert (Jan 29)
- [security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert (Jan 29)
- [SECURITY] [DSA 4099-1] ffmpeg security update Moritz Muehlenhoff (Jan 29)
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities Secunia Research (Jan 29)
- [slackware-security] mozilla-thunderbird (SSA:2018-025-01) Slackware Security Team (Jan 29)
- [security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert (Jan 29)
- [SECURITY] [DSA 4098-1] curl security update Alessandro Ghedini (Jan 29)
- Defense in depth -- the Microsoft way (part 49): fun with application manifests Stefan Kanthak (Jan 30)
- [SECURITY] [DSA 4094-2] smarty3 security update Luciano Bello (Jan 30)
- SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 SEC Consult Vulnerability Lab (Jan 30)
- Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key cfpmontreal2018 (Jan 31)
- KonaKart Path Traversal Vulnerability ajcraggs (Jan 31)
- Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 Atlassian (Jan 31)
- [SECURITY] [DSA 4103-1] chromium-browser security update Michael Gilbert (Jan 31)