Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
121 messages
starting Jan 11 18 and
ending Jan 04 18
Date index |
Thread index |
Author index
Advisories
CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting Advisories (Jan 11)
ajcraggs
KonaKart Path Traversal Vulnerability ajcraggs (Jan 31)
Akira Ajisaka
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka (Jan 24)
Alessandro Ghedini
[SECURITY] [DSA 4098-1] curl security update Alessandro Ghedini (Jan 29)
Anti Räis
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Anti Räis (Jan 02)
Antoine Neuenschwander
CVE-2017-6094 - Genexis GAPS Access Control Vulnerability Antoine Neuenschwander (Jan 03)
apparitionsec
CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) apparitionsec (Jan 08)
CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) apparitionsec (Jan 08)
Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) apparitionsec (Jan 22)
Adminer <= v4.3.1 Server Side Request Forgery apparitionsec (Jan 15)
Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) apparitionsec (Jan 08)
Apple Product Security
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Product Security (Jan 23)
APPLE-SA-2018-1-23-5 Safari 11.0.3 Apple Product Security (Jan 23)
APPLE-SA-2018-1-8-3 Safari 11.0.2 Apple Product Security (Jan 08)
APPLE-SA-2018-1-23-3 watchOS 4.2.2 Apple Product Security (Jan 23)
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows Apple Product Security (Jan 23)
APPLE-SA-2018-1-8-1 iOS 11.2.2 Apple Product Security (Jan 08)
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update Apple Product Security (Jan 08)
APPLE-SA-2018-1-23-1 iOS 11.2.5 Apple Product Security (Jan 23)
APPLE-SA-2018-1-23-4 tvOS 11.2.5 Apple Product Security (Jan 23)
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 Apple Product Security (Jan 23)
Atlassian
Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 Atlassian (Jan 02)
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 Atlassian (Jan 31)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez (Jan 10)
WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez (Jan 24)
cfpmontreal2018
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key cfpmontreal2018 (Jan 31)
chunibalon
Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) chunibalon (Jan 10)
cyber-psrt
[security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities cyber-psrt (Jan 03)
DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability DefenseCode (Jan 10)
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities DefenseCode (Jan 23)
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability DefenseCode (Jan 10)
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities DefenseCode (Jan 10)
Ed Maste
Re "Intel responds to security research findings" Ed Maste (Jan 03)
Gordon Tetlow
Response to Meltdown and Spectre Gordon Tetlow (Jan 09)
Imre Rad
CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used Imre Rad (Jan 09)
Jason Lowe
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe (Jan 22)
KoreLogic Disclosures
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability KoreLogic Disclosures (Jan 29)
luciano
[SECURITY] [DSA 4093-1] openocd security update luciano (Jan 22)
Luciano Bello
[SECURITY] [DSA 4094-1] smarty3 security update Luciano Bello (Jan 22)
[SECURITY] [DSA 4094-2] smarty3 security update Luciano Bello (Jan 30)
matthias . deeg
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks matthias . deeg (Jan 29)
Michael Gilbert
[SECURITY] [DSA 4103-1] chromium-browser security update Michael Gilbert (Jan 31)
Moritz Muehlenhoff
[SECURITY] [DSA 4099-1] ffmpeg security update Moritz Muehlenhoff (Jan 29)
[SECURITY] [DSA 4100-1] tiff security update Moritz Muehlenhoff (Jan 29)
[SECURITY] [DSA 4088-1] gdk-pixbuf security update Moritz Muehlenhoff (Jan 16)
[SECURITY] [DSA 4096-1] firefox-esr security update Moritz Muehlenhoff (Jan 24)
[SECURITY] [DSA 4080-1] php7.0 security update Moritz Muehlenhoff (Jan 09)
[SECURITY] [DSA 4085-1] xmltooling security update Moritz Muehlenhoff (Jan 15)
[SECURITY] [DSA 4081-1] php5 security update Moritz Muehlenhoff (Jan 09)
[SECURITY] [DSA 4097-1] poppler security update Moritz Muehlenhoff (Jan 29)
[SECURITY] [DSA 4101-1] wireshark security update Moritz Muehlenhoff (Jan 29)
[SECURITY] [DSA 4079-1] poppler security update Moritz Muehlenhoff (Jan 08)
[SECURITY] [DSA 4087-1] transmission security update Moritz Muehlenhoff (Jan 15)
Panagiotis Vagenas
Social Media Widget by Acurax [CSRF] Panagiotis Vagenas (Jan 08)
Admin Menu Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas (Jan 08)
CMS Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas (Jan 08)
Pavel Machek
Intel CPU bug forcing page table switch during syscalls? Pavel Machek (Jan 03)
RedTeam Pentesting GmbH
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting GmbH (Jan 16)
Salvatore Bonaccorso
[SECURITY] [DSA 4095-1] gcab security update Salvatore Bonaccorso (Jan 24)
[SECURITY] [DSA 4089-1] bind9 security update Salvatore Bonaccorso (Jan 16)
[SECURITY] [DSA 4082-1] linux security update Salvatore Bonaccorso (Jan 09)
[SECURITY] [DSA 4086-1] libxml2 security update Salvatore Bonaccorso (Jan 15)
Sebastien Delafond
[SECURITY] [DSA 4090-1] wordpress security update Sebastien Delafond (Jan 18)
[SECURITY] [DSA 4083-1] poco security update Sebastien Delafond (Jan 11)
[SECURITY] [DSA 4092-1] awstats security update Sebastien Delafond (Jan 19)
[SECURITY] [DSA 4084-1] gifsicle security update Sebastien Delafond (Jan 12)
SEC Consult Vulnerability Lab
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications SEC Consult Vulnerability Lab (Jan 22)
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 SEC Consult Vulnerability Lab (Jan 30)
Secunia Research
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities Secunia Research (Jan 29)
Securify B.V.
Code execution in Kaseya VSA Securify B.V. (Jan 15)
Authentication bypass in Kaseya VSA Securify B.V. (Jan 15)
Arbitrary file read in Kaseya VSA Securify B.V. (Jan 15)
security-alert
[security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Jan 29)
[security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Jan 29)
[security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert (Jan 29)
[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass security-alert (Jan 15)
[security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Jan 29)
[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege security-alert (Jan 15)
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert (Jan 18)
[security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information security-alert (Jan 29)
[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification security-alert (Jan 29)
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert (Jan 22)
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities security-alert (Jan 18)
[security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass security-alert (Jan 29)
[security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code security-alert (Jan 03)
[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert (Jan 09)
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation security-alert (Jan 18)
[security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert (Jan 29)
Slackware Security Team
[slackware-security] curl (SSA:2018-024-01) Slackware Security Team (Jan 25)
[slackware-security] bind (SSA:2018-017-01) Slackware Security Team (Jan 18)
[slackware-security] mozilla-thunderbird (SSA:2018-025-01) Slackware Security Team (Jan 29)
[slackware-security] irssi (SSA:2018-008-01) Slackware Security Team (Jan 09)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 49): fun with application manifests Stefan Kanthak (Jan 30)
Summer of Pwnage
Broken TLS certificate validation in VTech DigiGo browser Summer of Pwnage (Jan 15)
Seagate Media Server allows deleting of arbitrary files and folders Summer of Pwnage (Jan 15)
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Summer of Pwnage (Jan 15)
Broken TLS certificate pinning in VTech DigiGo Kid Connect app Summer of Pwnage (Jan 15)
tim . kretschmann
ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 tim . kretschmann (Jan 16)
Vulnerability Lab
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Jan 04)
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Jan 08)
Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Lab (Jan 12)
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability Vulnerability Lab (Jan 22)
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability Vulnerability Lab (Jan 12)
Zenario v7.6 CMS - SQL Injection Web Vulnerability Vulnerability Lab (Jan 16)
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab (Jan 12)
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities Vulnerability Lab (Jan 08)
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities Vulnerability Lab (Jan 22)
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability Vulnerability Lab (Jan 04)
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities Vulnerability Lab (Jan 22)
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jan 12)
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability Vulnerability Lab (Jan 22)
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities Vulnerability Lab (Jan 12)
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities Vulnerability Lab (Jan 22)
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jan 22)
Magento Connect T1 - (Claim) Persistent Vulnerability Vulnerability Lab (Jan 12)
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab (Jan 16)
Flash Operator Panel v2.31.03 - Command Execution Vulnerability Vulnerability Lab (Jan 12)
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities Vulnerability Lab (Jan 04)
Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty Vulnerability Lab (Jan 08)
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Jan 12)
Yves-Alexis Perez
[SECURITY] [DSA 4078-1] linux security update Yves-Alexis Perez (Jan 04)