Bugtraq: by date

PreviousPrevious period
Next periodNext

214 messages starting Apr 01 15 and ending Apr 30 15
Date index | Thread index | Author index

Wednesday, 01 April

[SECURITY ANNOUNCEMENT] CVE-2015-0225 Jake Luciani
ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability Security Alert
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3211-1] iceweasel security update Salvatore Bonaccorso
[security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information security-alert
[security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information security-alert
[security bulletin] HPSBST03298 rev.2 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities security-alert
SECUREDROP >= 0.3 - Possible Backdoor & Privileges Escalation by Unauth User ~~~ Elliptic TAO Team ~~~

Thursday, 02 April

[ MDVSA-2015:187 ] graphviz security
Wordpress plugin Simple Ads Manager - SQL Injection ITAS Team
[ MDVSA-2015:188 ] flac security
Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation Nicholas Lemonias.
Wordpress plugin Simple Ads Manager - Multiple SQL Injection ITAS Team
Wordpress plugin Simple Ads Manager - Arbitrary File Upload ITAS Team
Wordpress plugin Simple Ads Manager - Information Disclosure ITAS Team
[ MDVSA-2015:189 ] tor security
[ MDVSA-2015:190 ] owncloud security
[ MDVSA-2015:191 ] owncloud security
[ MDVSA-2015:161-1 ] icu security
Security Audit Notes - OpenSSH 6.8 - Advanced Information Security Corp Nicholas Lemonias.
[security bulletin] HPSBGN03302 rev.1 - HP IceWall Federation Agent, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information security-alert

Friday, 03 April

[SECURITY] [DSA 3212-1] icedove security update Yves-Alexis Perez
[security bulletin] HPSBST03195 rev.1 - HP 3PAR Service Processor (SP) running OpenSSL and Bash, Remote Code Execution, Unauthorized Access, Disclosure of Information security-alert
NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE VMware Security Response Center
Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Larry W. Cashdollar
[ MDVSA-2015:192 ] subversion security

Monday, 06 April

HotExBilling Manager Cross-site scripting (XSS) vulnerability bhadresh . patel
Security Audit Notes - Kerberos Security Issues (krb5-1.13 stable) - Advanced Information Security Corp. lem . nikolas
Security Audit Notes = Kerberos (krb5-1.13) issues - Advanced Information Security Corp Nicholas Lemonias.
[SECURITY] [DSA 3213-1] arj security update Salvatore Bonaccorso
[SECURITY] [DSA 3214-1] mailman security update Thijs Kinkhorst
[SECURITY] [DSA 3215-1] libgd2 security update Alessandro Ghedini
[security bulletin] HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS) security-alert

Tuesday, 07 April

[SECURITY] [DSA 3216-1] tor security update Moritz Muehlenhoff
[security bulletin] HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS) security-alert
[ MDVSA-2015:193 ] libtasn1 security
[ MDVSA-2015:195 ] python-django security
[ MDVSA-2015:196 ] cups-filters security
[CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution Pedro Ribeiro
CVE-2015-1773 Apache Flex reflected XSS vulnerability Tom Chiverton
[SECURITY] [DSA 3057-2] libxml2 regression update Salvatore Bonaccorso

Wednesday, 08 April

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation Securify B.V.
CA20150407-01: Security Notice for CA Spectrum Kotas, Kevin J
FreeBSD Security Advisory FreeBSD-SA-15:08.bsdinstall FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:09.ipv6 FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:07.ntp FreeBSD Security Advisories
FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415) Pierre Kim
[security bulletin] HPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code security-alert
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp [REVISED] FreeBSD Security Advisories
[CVE-2015-2926] XSS vuln in phpTrafficA Daniël Geerts
[HITB-Announce] HITB GSEC 2015 Singapore - Call for Papers Hafez Kamal
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 Apple Product Security
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 Apple Product Security
APPLE-SA-2015-04-08-4 Apple TV 7.2 Apple Product Security
APPLE-SA-2015-04-08-3 iOS 8.3 Apple Product Security
[security bulletin] HPSBUX03240 SSRT101872 rev.2 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilities security-alert
AST-2015-003: TLS Certificate Common name NULL byte exploit Asterisk Security Team
APPLE-SA-2015-04-08-5 Xcode 6.3 Apple Product Security

Thursday, 09 April

[ MDVSA-2015:198 ] java-1.8.0-openjdk security
SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows SEC Consult Vulnerability Lab
[SECURITY] [DSA 3217-1] dpkg security update Salvatore Bonaccorso

Monday, 13 April

[ MDVSA-2015:199 ] less security
[ MDVSA-2015:200 ] mediawiki security
[ MDVSA-2015:202 ] ntp security
[ MDVSA-2015:201 ] arj security
SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) SEC Consult Vulnerability Lab
Hidden backdoor API to root privileges in Apple OS X Jeffrey Walton
[SECURITY] [DSA 3218-1] wesnoth-1.10 security update Moritz Muehlenhoff
[security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information security-alert
[ MDVSA-2015:203 ] batik security
OrangeHRM Blind SQL Injection & XSS Vulnerabilities Rehan Ahmed
[SECURITY] [DSA 3219-1] libdbd-firebird-perl security update Alessandro Ghedini
Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability] huehuehuehue10
[SECURITY] [DSA 3220-1] libtasn1-3 security update Salvatore Bonaccorso
Safari iOS/OS X/Windows cookie access vulnerability Jouko Pynnonen
[SECURITY] [DSA 3221-1] das-watchdog security update Salvatore Bonaccorso
[SECURITY] [DSA 3222-1] chrony security update Alessandro Ghedini
[SECURITY] [DSA 3223-1] ntp security update Alessandro Ghedini
[SECURITY] [DSA 3224-1] libx11 security update Moritz Muehlenhoff
Ruxcon 2015 Call For Presentations cfp
Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp Nicholas Lemonias.
Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp lem . nikolas
[security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code security-alert
[security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities security-alert

Tuesday, 14 April

[CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document Daniel Regalado
Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c Nicholas Lemonias.
Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c lem . nikolas
[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass matthias . deeg
[SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass matthias . deeg
[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass matthias . deeg
[SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass matthias . deeg
whitepaper: Identifier based XSSI attacks Takeshi Terada
several issues in SQLite (+ catching up on several other bugs) Michal Zalewski

Wednesday, 15 April

Wordpress WP Statistics persistent cross site scripting kingkaustubh
Secunia Research: Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption Vulnerability Secunia Research
Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c Nicholas Lemonias.
[IMF2015] Call for Participation Oliver Goebel
[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update Moritz Muehlenhoff
ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability Security Alert
[SECURITY] [DSA 3226-1] inspircd security update Sebastien Delafond
Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3227-1] movabletype-opensource security update Salvatore Bonaccorso

Thursday, 16 April

[security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities security-alert
Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability Secunia Research
[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities alex_haynes
[SECURITY] [DSA 3228-1] ppp security update Sebastien Delafond
Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability prathan . ptr
Lychee 2.7.1 remote code execution Filippo Cavallarin

Friday, 17 April

112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges Pierre Kim
CVE-2014-7954 MTP path traversal vulnerability in Android Imre RAD
CVE-2014-7951 adb backup archive path traversal file overwrite Imre RAD
CVE-2014-7953 Android backup agent code execution Imre RAD

Monday, 20 April

Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation lem . nikolas
[SECURITY] [DSA 3229-1] mysql-5.5 security update Salvatore Bonaccorso
[SECURITY] [DSA 3230-1] django-markupfield security update Alessandro Ghedini

Tuesday, 21 April

[security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code security-alert
Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability Vulnerability Lab
Mobile Drive HD v1.8 - File Include Web Vulnerability Vulnerability Lab
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability Vulnerability Lab
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability Vulnerability Lab
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability Vulnerability Lab
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability Vulnerability Lab
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities Vulnerability Lab
Google Analytics by Yoast stored XSS #2 Jouko Pynnonen
GoAutoDial 3.3 multiple vulnerabilities root
[security bulletin] HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information security-alert
Linux ASLR mmap weakness: Reducing entropy by half Hector Marco-Gisbert
AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% Hector Marco-Gisbert
[SECURITY] [DSA 3231-1] subversion security update Salvatore Bonaccorso
Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin kumarrohit2255
Reflected XSS Vulnerability In Manage Engine Firewall Analyzer kkulkarni
Reflected XSS Vulnerability In Manage Engine Event Log Analyzer kkulkarni

Wednesday, 22 April

Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability Vulnerability Lab
iPassword Manager v2.6 iOS - Persistent Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 3232-1] curl security update Alessandro Ghedini
Netgear WNR2000v4 Multiple Vulnerabilities endeavor
Multiple Cross-Site Scripting (XSS) in FreePBX High-Tech Bridge Security Research
[security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution security-alert
[slackware-security] mozilla-firefox (SSA:2015-111-05) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-111-06) Slackware Security Team
[slackware-security] qt (SSA:2015-111-13) Slackware Security Team
[slackware-security] libssh (SSA:2015-111-04) Slackware Security Team
[slackware-security] mutt (SSA:2015-111-07) Slackware Security Team
[slackware-security] php (SSA:2015-111-10) Slackware Security Team
[slackware-security] ppp (SSA:2015-111-11) Slackware Security Team
[slackware-security] seamonkey (SSA:2015-111-14) Slackware Security Team
[slackware-security] proftpd (SSA:2015-111-12) Slackware Security Team
[slackware-security] gnupg (SSA:2015-111-02) Slackware Security Team
[slackware-security] ntp (SSA:2015-111-08) Slackware Security Team
[slackware-security] httpd (SSA:2015-111-03) Slackware Security Team
[slackware-security] bind (SSA:2015-111-01) Slackware Security Team
[slackware-security] openssl (SSA:2015-111-09) Slackware Security Team

Thursday, 23 April

[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow 朱东海
Dnsmasq 2.72 Unchecked returned value Nick Sampanis
Socrata Bug Bounty #1 - Persistent Encoding Vulnerability Vulnerability Lab
[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow xing_fang
Pligg CMS 2.0.2 - Stored XSS joelvarghese7
Avsarsoft Matbaa Script - Multiple Vulnerabilities ZoRLu Bugrahan
4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes Nicholas Lemonias.

Friday, 24 April

Zeppelin - SSH script - Advanced Information Security Corporation lem . nikolas
SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=- lem . nikolas
Incorrect handling of self signed certificates in OpenFire XMPP Server Simon Waters

Monday, 27 April

Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit ZoRLu Bugrahan
4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes - Advanced Information Security Corporation Nicholas Lemonias.
[SECURITY] [DSA 3233-1] wpa security update Salvatore Bonaccorso
[security bulletin] HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information Disclosure security-alert
[security bulletin] HPSBHF03272 rev.1 - HP Servers with NVidia GPU Computing Driver running Windows Server 2008, Elevation of Privilege security-alert
[SECURITY] [DSA 3234-1] openjdk-6 security update Moritz Muehlenhoff
[SECURITY] [DSA 3235-1] openjdk-7 security update Moritz Muehlenhoff
[SECURITY] [DSA 3236-1] libreoffice security update Moritz Muehlenhoff
[SECURITY] [DSA 3237-1] linux security update Ben Hutchings
WordPress 4.2 stored XSS Jouko Pynnonen
[SECURITY] [DSA 3238-1] chromium-browser security update Michael Gilbert
[ MDVSA-2015:204 ] librsync security
[ MDVSA-2015:205 ] tor security
[ MDVSA-2015:206 ] asterisk security
[ MDVSA-2015:207 ] perl-Module-Signature security
[ MDVSA-2015:208 ] setup security
[ MDVSA-2015:209 ] php security
[ MDVSA-2015:210 ] qemu security
Elasticsearch vulnerability CVE-2015-3337 Kevin Kluge
[ MDVSA-2015:211 ] glusterfs security
Open-Xchange Security Advisory 2015-04-27 Martin Heiland
[ MDVSA-2015:212 ] java-1.7.0-openjdk security
[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities CORE Advisories Team

Tuesday, 28 April

SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability Vulnerability Lab
CSRF & XSS Wing FTP Server Admin <= v4.4.5 apparitionsec

Wednesday, 29 April

Multiple Vulnerabilities in TheCartPress WordPress plugin High-Tech Bridge Security Research
[oCERT-2015-003] MySQL SSL/TLS downgrade Andrea Barisani
[ MDVSA-2015:213 ] lftp security
[ MDVSA-2015:215 ] t1utils security
[ MDVSA-2015:214 ] libksba security
[ MDVSA-2015:216 ] ntop security

Thursday, 30 April

[security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access security-alert
[security bulletin] HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information security-alert
ESA-2015-078: RSA® Identity Management and Governance (IMG) Insecure Password Reset Vulnerability Security Alert
[SECURITY] [DSA 3240-1] curl security update Alessandro Ghedini
[SECURITY] [DSA 3239-1] icecast2 security update Alessandro Ghedini
[security bulletin] HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information security-alert
[security bulletin] HPSBGN03324 rev.1 - HP Business Service Automation Essentials Core, Remote Disclosure of Information security-alert
[SECURITY] [DSA 3241-1] elasticsearch security update Moritz Muehlenhoff
[ MDVSA-2015:217 ] sqlite3 security
[ MDVSA-2015:218 ] glibc security
[SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities matthias . deeg
SevDesk v1.1 iOS - Persistent Dashboard Vulnerability Vulnerability Lab
PreviousPrevious period
Next periodNext