Bugtraq: by date

PreviousPrevious period
Next periodNext

121 messages starting Jan 02 18 and ending Jan 31 18
Date index | Thread index | Author index

Tuesday, 02 January

Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 Atlassian
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Anti Räis

Wednesday, 03 January

CVE-2017-6094 - Genexis GAPS Access Control Vulnerability Antoine Neuenschwander
[security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities cyber-psrt
[security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code security-alert
Re "Intel responds to security research findings" Ed Maste
Intel CPU bug forcing page table switch during syscalls? Pavel Machek

Thursday, 04 January

[SECURITY] [DSA 4078-1] linux security update Yves-Alexis Perez
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Vulnerability Lab
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities Vulnerability Lab
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability Vulnerability Lab

Monday, 08 January

Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) apparitionsec
Admin Menu Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas
CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) apparitionsec
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities Vulnerability Lab
Social Media Widget by Acurax [CSRF] Panagiotis Vagenas
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Vulnerability Lab
Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty Vulnerability Lab
CMS Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas
CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) apparitionsec
[SECURITY] [DSA 4079-1] poppler security update Moritz Muehlenhoff
APPLE-SA-2018-1-8-1 iOS 11.2.2 Apple Product Security
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update Apple Product Security
APPLE-SA-2018-1-8-3 Safari 11.0.2 Apple Product Security

Tuesday, 09 January

Response to Meltdown and Spectre Gordon Tetlow
[SECURITY] [DSA 4081-1] php5 security update Moritz Muehlenhoff
[slackware-security] irssi (SSA:2018-008-01) Slackware Security Team
[SECURITY] [DSA 4080-1] php7.0 security update Moritz Muehlenhoff
CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used Imre Rad
[SECURITY] [DSA 4082-1] linux security update Salvatore Bonaccorso
[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert

Wednesday, 10 January

Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) chunibalon
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability DefenseCode
WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez

Thursday, 11 January

[SECURITY] [DSA 4083-1] poco security update Sebastien Delafond
CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting Advisories

Friday, 12 January

Flash Operator Panel v2.31.03 - Command Execution Vulnerability Vulnerability Lab
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities Vulnerability Lab
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab
[SECURITY] [DSA 4084-1] gifsicle security update Sebastien Delafond
Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Lab
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability Vulnerability Lab
Magento Connect T1 - (Claim) Persistent Vulnerability Vulnerability Lab

Monday, 15 January

[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass security-alert
[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege security-alert
[SECURITY] [DSA 4085-1] xmltooling security update Moritz Muehlenhoff
Code execution in Kaseya VSA Securify B.V.
Broken TLS certificate validation in VTech DigiGo browser Summer of Pwnage
Arbitrary file read in Kaseya VSA Securify B.V.
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Summer of Pwnage
[SECURITY] [DSA 4087-1] transmission security update Moritz Muehlenhoff
[SECURITY] [DSA 4086-1] libxml2 security update Salvatore Bonaccorso
Seagate Media Server allows deleting of arbitrary files and folders Summer of Pwnage
Authentication bypass in Kaseya VSA Securify B.V.
Adminer <= v4.3.1 Server Side Request Forgery apparitionsec
Broken TLS certificate pinning in VTech DigiGo Kid Connect app Summer of Pwnage

Tuesday, 16 January

[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting GmbH
[SECURITY] [DSA 4088-1] gdk-pixbuf security update Moritz Muehlenhoff
Zenario v7.6 CMS - SQL Injection Web Vulnerability Vulnerability Lab
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab
ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 tim . kretschmann
[SECURITY] [DSA 4089-1] bind9 security update Salvatore Bonaccorso

Thursday, 18 January

[SECURITY] [DSA 4090-1] wordpress security update Sebastien Delafond
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities security-alert
[slackware-security] bind (SSA:2018-017-01) Slackware Security Team
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation security-alert

Friday, 19 January

[SECURITY] [DSA 4092-1] awstats security update Sebastien Delafond

Monday, 22 January

CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities Vulnerability Lab
Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) apparitionsec
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities Vulnerability Lab
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities Vulnerability Lab
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability Vulnerability Lab
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability Vulnerability Lab
[SECURITY] [DSA 4093-1] openocd security update luciano
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 4094-1] smarty3 security update Luciano Bello
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications SEC Consult Vulnerability Lab

Tuesday, 23 January

DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities DefenseCode
APPLE-SA-2018-1-23-1 iOS 11.2.5 Apple Product Security
APPLE-SA-2018-1-23-3 watchOS 4.2.2 Apple Product Security
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Product Security
APPLE-SA-2018-1-23-4 tvOS 11.2.5 Apple Product Security
APPLE-SA-2018-1-23-5 Safari 11.0.3 Apple Product Security
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 Apple Product Security
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows Apple Product Security

Wednesday, 24 January

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka
WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez
[SECURITY] [DSA 4095-1] gcab security update Salvatore Bonaccorso
[SECURITY] [DSA 4096-1] firefox-esr security update Moritz Muehlenhoff

Thursday, 25 January

[slackware-security] curl (SSA:2018-024-01) Slackware Security Team

Monday, 29 January

[SECURITY] [DSA 4097-1] poppler security update Moritz Muehlenhoff
[security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass security-alert
[security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
[security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
[security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
[security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information security-alert
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability KoreLogic Disclosures
[SECURITY] [DSA 4101-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 4100-1] tiff security update Moritz Muehlenhoff
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks matthias . deeg
[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification security-alert
[security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert
[SECURITY] [DSA 4099-1] ffmpeg security update Moritz Muehlenhoff
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities Secunia Research
[slackware-security] mozilla-thunderbird (SSA:2018-025-01) Slackware Security Team
[security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert
[SECURITY] [DSA 4098-1] curl security update Alessandro Ghedini

Tuesday, 30 January

Defense in depth -- the Microsoft way (part 49): fun with application manifests Stefan Kanthak
[SECURITY] [DSA 4094-2] smarty3 security update Luciano Bello
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 SEC Consult Vulnerability Lab

Wednesday, 31 January

Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key cfpmontreal2018
KonaKart Path Traversal Vulnerability ajcraggs
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 Atlassian
[SECURITY] [DSA 4103-1] chromium-browser security update Michael Gilbert
PreviousPrevious period
Next periodNext