Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
163 messages
starting Jan 16 15 and
ending Jan 05 15
Date index |
Thread index |
Author index
admin () evolution-sec com
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability admin () evolution-sec com (Jan 16)
Advisories
MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Advisories (Jan 19)
Amplia Security Advisories
[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability Amplia Security Advisories (Jan 28)
Andrea Barisani
[oCERT-2015-001] JasPer input sanitization errors Andrea Barisani (Jan 22)
Apple Product Security
APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Apple Product Security (Jan 27)
APPLE-SA-2015-01-27-2 iOS 8.1.3 Apple Product Security (Jan 27)
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 Apple Product Security (Jan 27)
APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple Product Security (Jan 27)
Asterisk Security Team
AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk Security Team (Jan 29)
AusCERT
AusCERT2015 Call for Papers: closes 18th January AusCERT (Jan 14)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2015-0001 Carlos Alberto Lopez Perez (Jan 27)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Jan 29)
CORE Advisories Team
[CORE-2015-0002] - Android WiFi-Direct Denial of Service CORE Advisories Team (Jan 27)
Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities CORE Advisories Team (Jan 28)
dan
Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities dan (Jan 09)
Diéyǔ
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" Diéyǔ (Jan 12)
MS14-080 CVE-2014-6365 Code Diéyǔ (Jan 14)
Egidio Romano
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability Egidio Romano (Dec 31)
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability Egidio Romano (Dec 31)
Florian Weimer
[SECURITY] [DSA 3142-1] eglibc security update Florian Weimer (Jan 27)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:01.openssl FreeBSD Security Advisories (Jan 15)
FreeBSD Security Advisory FreeBSD-SA-15:03.sctp FreeBSD Security Advisories (Jan 28)
FreeBSD Security Advisory FreeBSD-SA-15:02.kmem FreeBSD Security Advisories (Jan 28)
giles
CVE-2014-8779: SSH Host keys on Pexip Infinity giles (Jan 29)
Gordon Sim
CVE-2015-0224: qpidd can be crashed by unauthenticated user Gordon Sim (Jan 27)
CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user Gordon Sim (Jan 13)
CVE-2015-0223: anonymous access to qpidd cannot be prevented Gordon Sim (Jan 27)
Hafez Kamal
[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days Hafez Kamal (Jan 23)
High-Tech Bridge Security Research
Multiple vulnerabilities in MantisBT High-Tech Bridge Security Research (Jan 28)
Self-XSS in Microsoft Dynamics CRM 2013 SP1 High-Tech Bridge Security Research (Jan 07)
Two XSS vulnerabilities in Simple Security WordPress Plugin High-Tech Bridge Security Research (Jan 14)
Two XSS Vulnerabilities in SupportCenter Plus High-Tech Bridge Security Research (Jan 28)
kingkaustubh
Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router kingkaustubh (Jan 29)
Reflected XSS vulnarbility in Asus RT-N10 Plus Router kingkaustubh (Jan 29)
KoreLogic Disclosures
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation KoreLogic Disclosures (Jan 29)
Martin Heiland
Open-Xchange Security Advisory 2015-01-05 Martin Heiland (Jan 05)
matthias . deeg
[SYSS-2014-010] FancyFon FAMOC - SQL Injection matthias . deeg (Jan 27)
[SYSS-2014-012] FancyFon FAMOC - Session Fixation matthias . deeg (Jan 27)
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting matthias . deeg (Jan 27)
[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt matthias . deeg (Jan 27)
Michael Gilbert
[SECURITY] [DSA 3131-1] xdg-utils security update Michael Gilbert (Jan 19)
Moritz Muehlenhoff
[SECURITY] [DSA 3147-1] openjdk-6 security update Moritz Muehlenhoff (Jan 30)
[SECURITY] [DSA 3132-1] icedove security update Moritz Muehlenhoff (Jan 19)
[SECURITY] [DSA 3120-1] mantis security update Moritz Muehlenhoff (Jan 07)
[SECURITY] [DSA 3127-1] iceweasel security update Moritz Muehlenhoff (Jan 14)
[SECURITY] [DSA 3141-1] wireshark security update Moritz Muehlenhoff (Jan 27)
[SECURITY] [DSA 3129-1] rpm security update Moritz Muehlenhoff (Jan 16)
[SECURITY] [DSA 3140-1] xen security update Moritz Muehlenhoff (Jan 27)
[SECURITY] [DSA 3143-1] virtualbox security update Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 3144-1] openjdk-7 security update Moritz Muehlenhoff (Jan 29)
[SECURITY] [DSA 3121-1] file security update Moritz Muehlenhoff (Jan 08)
[SECURITY] [DSA 3133-1] privoxy security update Moritz Muehlenhoff (Jan 20)
Onur Yilmaz
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 Onur Yilmaz (Jan 29)
Paul Craig
Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection Paul Craig (Jan 29)
Pedro Ribeiro
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) Pedro Ribeiro (Jan 29)
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro (Jan 04)
Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Jan 06)
Peter Lapp
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
Alienvault OSSIM/USM Command Execution Vulnerability Peter Lapp (Jan 15)
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
Pietro Oliva
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities Pietro Oliva (Jan 11)
Qualys Security Advisory
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
RedTeam Pentesting GmbH
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass RedTeam Pentesting GmbH (Jan 22)
Rewterz - Research Group
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability Rewterz - Research Group (Jan 23)
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Rewterz - Research Group (Jan 23)
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability Rewterz - Research Group (Jan 23)
Riley Baird
CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability Riley Baird (Jan 19)
root
Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada root (Jan 08)
Salvatore Bonaccorso
[SECURITY] [DSA 3128-1] linux security update Salvatore Bonaccorso (Jan 15)
[SECURITY] [DSA 3125-1] openssl security update Salvatore Bonaccorso (Jan 11)
[SECURITY] [DSA 3119-1] libevent security update Salvatore Bonaccorso (Jan 05)
[SECURITY] [DSA 3145-1] privoxy security update Salvatore Bonaccorso (Jan 30)
[SECURITY] [DSA 3124-1] otrs2 security update Salvatore Bonaccorso (Jan 11)
[SECURITY] [DSA 3134-1] sympa security update Salvatore Bonaccorso (Jan 20)
[SECURITY] [DSA 3117-1] php5 security update Salvatore Bonaccorso (Dec 31)
[SECURITY] [DSA 3122-1] curl security update Salvatore Bonaccorso (Jan 09)
Sebastien Delafond
[SECURITY] [DSA 3146-1] requests security update Sebastien Delafond (Jan 30)
SEC Consult Vulnerability Lab
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower SEC Consult Vulnerability Lab (Jan 13)
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP SEC Consult Vulnerability Lab (Jan 22)
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones SEC Consult Vulnerability Lab (Jan 13)
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi SEC Consult Vulnerability Lab (Jan 13)
security
[ MDVSA-2015:010 ] file security (Jan 08)
[ MDVSA-2015:023 ] libvirt security (Jan 15)
[ MDVSA-2015:018 ] asterisk security (Jan 08)
[ MDVSA-2015:021 ] curl security (Jan 12)
[ MDVSA-2015:016 ] unzip security (Jan 08)
[ MDVSA-2015:012 ] jasper security (Jan 08)
[ MDVSA-2015:017 ] libevent security (Jan 08)
[ MDVSA-2015:019 ] openssl security (Jan 09)
[ MDVSA-2015:002 ] pcre security (Jan 05)
[ MDVSA-2015:011 ] nail security (Jan 08)
[ MDVSA-2015:007 ] unrtf security (Jan 08)
[ MDVSA-2015:003 ] ntp security (Jan 05)
[ MDVSA-2015:006 ] mediawiki security (Jan 08)
[ MDVSA-2015:022 ] wireshark security (Jan 12)
[ MDVSA-2015:015 ] sox security (Jan 08)
[ MDVSA-2015:027 ] kernel security (Jan 16)
[ MDVSA-2015:024 ] libsndfile security (Jan 15)
[ MDVSA-2015:005 ] subversion security (Jan 06)
[ MDVSA-2015:026 ] untrf security (Jan 15)
[ MDVSA-2015:001 ] c-icap security (Jan 05)
[ MDVSA-2015:008 ] pwgen security (Jan 08)
[ MDVSA-2015:013 ] znc security (Jan 08)
[ MDVSA-2015:020 ] libssh security (Jan 12)
[ MDVSA-2015:025 ] mpfr security (Jan 15)
[ MDVSA-2015:009 ] krb5 security (Jan 08)
[ MDVSA-2015:014 ] libjpeg security (Jan 08)
[ MDVSA-2015:004 ] php security (Jan 05)
Security Alert
ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities Security Alert (Jan 05)
ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability Security Alert (Jan 30)
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities Security Alert (Jan 20)
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities Security Alert (Jan 29)
security-alert
[security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities security-alert (Jan 30)
[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information security-alert (Jan 13)
[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities security-alert (Jan 07)
[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution security-alert (Jan 12)
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Jan 20)
[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information security-alert (Jan 13)
[security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities security-alert (Jan 11)
Slackware Security Team
[slackware-security] freetype (SSA:2015-016-01) Slackware Security Team (Jan 19)
[slackware-security] mozilla-firefox (SSA:2015-016-02) Slackware Security Team (Jan 19)
[slackware-security] glibc (SSA:2015-028-01) Slackware Security Team (Jan 29)
[slackware-security] mozilla-thunderbird (SSA:2015-016-03) Slackware Security Team (Jan 19)
[slackware-security] seamonkey (SSA:2015-016-04) Slackware Security Team (Jan 19)
[slackware-security] samba (SSA:2015-020-01) Slackware Security Team (Jan 22)
Sudhanshu Chauhan
CVE-2015-1175-xss-prestashop Sudhanshu Chauhan (Jan 20)
CVE-2015-1177-xss-exponent Sudhanshu Chauhan (Jan 22)
CVE-2015-1180-xss-eventsentry Sudhanshu Chauhan (Jan 22)
CVE-2015-1178-xss-x-cart-ecommerce Sudhanshu Chauhan (Jan 22)
CVE-2015-1179-xss-mango-automation-scada Sudhanshu Chauhan (Jan 22)
CVE-2015-1176-xss-osticket Sudhanshu Chauhan (Jan 22)
sven
[CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8 sven (Jan 28)
[CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8 sven (Jan 28)
Thijs Kinkhorst
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update Thijs Kinkhorst (Jan 13)
[SECURITY] [DSA 3126-1] php5 security update Thijs Kinkhorst (Jan 12)
U2ME236
Re: [SECURITY] [DSA 3122-1] curl security update U2ME236 (Jan 09)
VMware Security Response Center
NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues VMware Security Response Center (Jan 28)
NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability VMware Security Response Center (Jan 29)
Vulnerability Lab
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 16)
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll Vulnerability Lab (Jan 22)
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities Vulnerability Lab (Jan 06)
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability Vulnerability Lab (Jan 12)
VeryPhoto v3.0 iOS - Command Injection Vulnerability Vulnerability Lab (Jan 16)
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability Vulnerability Lab (Jan 13)
Program-O v2.4.6 - Multiple Web Vulnerabilities Vulnerability Lab (Jan 22)
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities Vulnerability Lab (Jan 12)
PhotoSync v1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 22)
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities Vulnerability Lab (Jan 22)
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability Vulnerability Lab (Jan 16)
PhotoSync 1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 22)
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability Vulnerability Lab (Jan 16)
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability Vulnerability Lab (Jan 12)
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability Vulnerability Lab (Jan 16)
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 13)
Blitz CMS Community - SQL Injection Web Vulnerability Vulnerability Lab (Jan 12)
vulns
Brother MFC Administration Reflected Cross-Site Scripting vulns (Jan 07)
Yves-Alexis Perez
[SECURITY] [DSA 3118-1] strongswan security update Yves-Alexis Perez (Jan 05)