Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
149 messages
starting Jul 17 15 and
ending Jul 27 15
Date index |
Thread index |
Author index
adrian . vollmer
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks adrian . vollmer (Jul 17)
Alessandro Ghedini
[SECURITY] [DSA 3303-1] cups-filters security update Alessandro Ghedini (Jul 07)
[SECURITY] [DSA 3309-1] tidy security update Alessandro Ghedini (Jul 20)
[SECURITY] [DSA 3312-1] cacti security update Alessandro Ghedini (Jul 22)
[SECURITY] [DSA 3306-1] pdns security update Alessandro Ghedini (Jul 10)
[SECURITY] [DSA 3321-1] xmltooling security update Alessandro Ghedini (Jul 31)
[SECURITY] [DSA 3307-1] pdns-recursor security update Alessandro Ghedini (Jul 10)
[SECURITY] [DSA 3305-1] python-django security update Alessandro Ghedini (Jul 10)
Alessandro Zala
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 Alessandro Zala (Jul 06)
andrew
Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution andrew (Jul 10)
Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects andrew (Jul 01)
apparitionsec
phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities apparitionsec (Jul 06)
Symantec EP 12.1.4013 Disabling Vulnerability apparitionsec (Jul 08)
Hawkeye-G v3.0.1 Persistent XSS & Information Leakage apparitionsec (Jul 27)
phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability apparitionsec (Jul 29)
Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878 apparitionsec (Jul 24)
Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED] apparitionsec (Jul 24)
phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS apparitionsec (Jul 13)
Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities apparitionsec (Jul 22)
Apple Product Security
APPLE-SA-2015-06-30-5 QuickTime 7.7.7 Apple Product Security (Jul 01)
APPLE-SA-2015-06-30-6 iTunes 12.2 Apple Product Security (Jul 01)
Brian Cardinale
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal Brian Cardinale (Jul 13)
Cédric Champeau
[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure Cédric Champeau (Jul 16)
cfp
Ruxcon 2015 Final Call For Presentations cfp (Jul 06)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Jul 10)
Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jul 30)
Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jul 22)
Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability Cisco Systems Product Security Incident Response Team (Jul 22)
Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability Cisco Systems Product Security Incident Response Team (Jul 22)
Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jul 15)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Cisco Systems Product Security Incident Response Team (Jul 10)
CORE Advisories Team
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection CORE Advisories Team (Jul 08)
[CORE-2015-0012] - AirLive Multiple Products OS Command Injection CORE Advisories Team (Jul 06)
David Leo
Google Chrome Address Spoofing - Google's Opinion David Leo (Jul 06)
disclosure
[SYSS-2015-031] sysPass - SQL Injection disclosure (Jul 13)
epoide
Dell Netvault Backup Remote Denial of Service epoide (Jul 30)
Federico Fazzi
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 06)
Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 28)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:12.openssl FreeBSD Security Advisories (Jul 10)
FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch FreeBSD Security Advisories (Jul 29)
FreeBSD Security Advisory FreeBSD-SA-15:13.tcp FreeBSD Security Advisories (Jul 22)
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED] FreeBSD Security Advisories (Jul 30)
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh FreeBSD Security Advisories (Jul 29)
FreeBSD Security Advisory FreeBSD-SA-15:15.tcp FreeBSD Security Advisories (Jul 29)
FreeBSD Security Advisory FreeBSD-SA-15:17.bind FreeBSD Security Advisories (Jul 29)
FreeBSD Security Advisory FreeBSD-SA-15:11.bind FreeBSD Security Advisories (Jul 08)
h1kari
ToorCon 17 Call For Papers! h1kari (Jul 06)
hdau
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution hdau (Jul 08)
High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in qTranslate WordPress Plugin High-Tech Bridge Security Research (Jul 29)
SQL Injection in Count Per Day WordPress Plugin High-Tech Bridge Security Research (Jul 22)
Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin High-Tech Bridge Security Research (Jul 22)
Path Traversal in BlackCat CMS High-Tech Bridge Security Research (Jul 01)
hyp3rlinx
phpFileManager 0.9.8 Remote Command Execution hyp3rlinx (Jul 31)
Imre RAD
CVE-2014-7952, Android ADB backup APK injection vulnerability Imre RAD (Jul 10)
info
viagra generic singapore info (Jul 30)
Ioan Indreias
CVE-2015-5379: Axigen XSS vulnerability for html attachments Ioan Indreias (Jul 21)
Joshua Wright
Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs Joshua Wright (Jul 16)
jychia . sec
NetCracker Resource Management 8.0 - XSS Vulnerability jychia . sec (Jul 22)
NetCracker Resource Management 8.0 - SQL Injection Vulnerability jychia . sec (Jul 22)
Kevin Beaumont
Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled Kevin Beaumont (Jul 06)
Kevin Kluge
Logstash vulnerability CVE-2015-5378 Kevin Kluge (Jul 22)
Elasticsearch CVE-2015-5377 Kevin Kluge (Jul 16)
Elasticsearch CVE-2015-5531 Kevin Kluge (Jul 16)
Larry W. Cashdollar
SQL Injection in easy2map wordpress plugin v1.24 Larry W. Cashdollar (Jul 06)
SQL Injection in easy2map-photos wordpress plugin v1.09 Larry W. Cashdollar (Jul 08)
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar (Jul 08)
Laszlo Boszormenyi
[SECURITY] [DSA 3318-1] expat security update Laszlo Boszormenyi (Jul 27)
lilian_iatco
XSS vulnerability in OFBiz forms lilian_iatco (Jul 15)
Maria Lemos
WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals Maria Lemos (Jul 21)
Michael Gilbert
[SECURITY] [DSA 3315-1] chromium-browser security update Michael Gilbert (Jul 24)
modzero
Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] modzero (Jul 22)
Moritz Muehlenhoff
[SECURITY] [DSA 3300-1] iceweasel security update Moritz Muehlenhoff (Jul 06)
[SECURITY] [DSA 3316-1] openjdk-7 security update Moritz Muehlenhoff (Jul 27)
[SECURITY] [DSA 3310-1] freexl security update Moritz Muehlenhoff (Jul 20)
[SECURITY] [DSA 3302-1] libwmf security update Moritz Muehlenhoff (Jul 07)
[SECURITY] [DSA 3314-1] typo3-src end of life Moritz Muehlenhoff (Jul 24)
[SECURITY] [DSA 3298-1] jackrabbit security update Moritz Muehlenhoff (Jul 01)
owais . md . khan
Oracle E-Business Suite Servlet URL Redirection Vulnerability owais . md . khan (Jul 17)
Patterson, Derrick A CTR (US)
RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED) Patterson, Derrick A CTR (US) (Jul 07)
Pedro Ribeiro
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect Pedro Ribeiro (Jul 14)
Per Thorsheim
CFP: Passwords 2015, Dec 7-9, Cambridge, UK Per Thorsheim (Jul 13)
Pierre Kim
Backdoor credentials found in 4 TOTOLINK router models Pierre Kim (Jul 15)
Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim (Jul 16)
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim (Jul 06)
4 TOTOLINK router models vulnerable to CSRF and XSS attacks Pierre Kim (Jul 15)
ipTIME n104r3 vulnerable to CSRF and XSS attacks Pierre Kim (Jul 06)
15 TOTOLINK router models vulnerable to multiple RCEs Pierre Kim (Jul 15)
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) Pierre Kim (Jul 01)
Qualys Security Advisory
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 23)
Reindl Harald
Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Reindl Harald (Jul 06)
roberto
HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators roberto (Jul 31)
Salvatore Bonaccorso
[SECURITY] [DSA 3317-1] lxc security update Salvatore Bonaccorso (Jul 27)
[SECURITY] [DSA 3308-1] mysql-5.5 security update Salvatore Bonaccorso (Jul 20)
[SECURITY] [DSA 3311-1] mariadb-10.0 security update Salvatore Bonaccorso (Jul 20)
[SECURITY] [DSA 3301-1] haproxy security update Salvatore Bonaccorso (Jul 06)
[SECURITY] [DSA 3319-1] bind9 security update Salvatore Bonaccorso (Jul 28)
[SECURITY] [DSA 3299-1] stunnel4 security update Salvatore Bonaccorso (Jul 06)
[SECURITY] [DSA 3313-1] linux security update Salvatore Bonaccorso (Jul 23)
Samuel Lavitt - CVE-2015-0942
Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne Samuel Lavitt - CVE-2015-0942 (Jul 28)
Sebastien Delafond
[SECURITY] [DSA 3320-1] openafs security update Sebastien Delafond (Jul 30)
SEC Consult Vulnerability Lab
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express SEC Consult Vulnerability Lab (Jul 16)
SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities SEC Consult Vulnerability Lab (Jul 28)
Securify B.V.
Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Jul 27)
Security Alert
ESA-2015-118: EMC Avamar Directory Traversal Vulnerability Security Alert (Jul 22)
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability Security Alert (Jul 01)
ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability Security Alert (Jul 16)
ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities Security Alert (Jul 01)
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities Security Alert (Jul 01)
ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability Security Alert (Jul 16)
ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability Security Alert (Jul 10)
security-alert
[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information security-alert (Jul 10)
[security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Jul 20)
[security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information security-alert (Jul 07)
[security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information security-alert (Jul 07)
[security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS) security-alert (Jul 10)
[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information security-alert (Jul 10)
[security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information security-alert (Jul 07)
[security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information security-alert (Jul 08)
[security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information security-alert (Jul 29)
[security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information security-alert (Jul 29)
[security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information security-alert (Jul 07)
[security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information security-alert (Jul 29)
[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities security-alert (Jul 21)
[security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information security-alert (Jul 20)
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-192-01) Slackware Security Team (Jul 13)
[slackware-security] cups (SSA:2015-188-01) Slackware Security Team (Jul 08)
[slackware-security] bind (SSA:2015-188-04) Slackware Security Team (Jul 08)
[slackware-security] php (SSA:2015-198-02) Slackware Security Team (Jul 20)
[slackware-security] bind (SSA:2015-209-01) Slackware Security Team (Jul 29)
[slackware-security] httpd (SSA:2015-198-01) Slackware Security Team (Jul 20)
[slackware-security] ntp (SSA:2015-188-03) Slackware Security Team (Jul 08)
[slackware-security] mozilla-firefox (SSA:2015-188-02) Slackware Security Team (Jul 08)
[slackware-security] openssl (SSA:2015-190-01) Slackware Security Team (Jul 10)
Stefan Kanthak
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Jul 01)
Tim Coen
XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5 Tim Coen (Jul 15)
SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8 Tim Coen (Jul 10)
VMware Security Response Center
NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability VMware Security Response Center (Jul 10)
Vulnerability Lab
WK UDID v1.0.1 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 06)
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability Vulnerability Lab (Jul 06)
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability Vulnerability Lab (Jul 01)
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability Vulnerability Lab (Jul 01)
AirDroid ID - Client Side JSONP Callback Vulnerability Vulnerability Lab (Jul 20)
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jul 20)
UDID+ v2.5 iOS - Mail Command Inject Vulnerability Vulnerability Lab (Jul 20)
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 06)
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability Vulnerability Lab (Jul 23)
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability Vulnerability Lab (Jul 01)
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability Vulnerability Lab (Jul 01)
Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability Vulnerability Lab (Jul 27)