Bugtraq: by date

PreviousPrevious period
Next periodNext

160 messages starting May 04 15 and ending May 29 15
Date index | Thread index | Author index

Monday, 04 May

[SECURITY] [DSA 3242-1] chromium-browser security update Michael Gilbert
[SECURITY] [DSA 3243-1] libxml-libxml-perl security update Salvatore Bonaccorso
Code Injection in Epicor Retail Store 3.2.03.01.008 webmaster
[SECURITY] [DSA 3244-1] owncloud security update Salvatore Bonaccorso
[SECURITY] [DSA 3245-1] ruby1.8 security update Alessandro Ghedini
[SECURITY] [DSA 3246-1] ruby1.9.1 security update Alessandro Ghedini
[SECURITY] [DSA 3247-1] ruby2.1 security update Alessandro Ghedini
[SECURITY] [DSA 3248-1] libphp-snoopy security update Moritz Muehlenhoff
PhotoWebsite v3.1 iOS - File Include Web Vulnerability Vulnerability Lab
Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability Vulnerability Lab
Grindr v2.1.1 iOS - (eMail) Session Vulnerability Vulnerability Lab
Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities Vulnerability Lab
Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability Vulnerability Lab
[ MDVSA-2015:220 ] curl security
[ MDVSA-2015:219 ] curl security
[SECURITY] [DSA 3249-1] jqueryui security update Sebastien Delafond
[ MDVSA-2015:221 ] clamav security
[ MDVSA-2015:222 ] ppp security
[ MDVSA-2015:223 ] directfb security
[ MDVSA-2015:224 ] ruby security
[ MDVSA-2015:225 ] cherokee security
ESA-2015-077: EMC SourceOne Email Management Account Lockout Security Alert
[ MDVSA-2015:226 ] fcgi security
European Cyber Security Challenge 2015 Ivan Buetler
ESA-2015-084: EMC AutoStart Packet Injection Vulnerability Security Alert
[SECURITY] [DSA 3250-1] wordpress security update Alessandro Ghedini

Tuesday, 05 May

[CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL Pedro Ribeiro
vPhoto-Album v4.2 iOS - File Include Web Vulnerability Vulnerability Lab
Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
[ MDVSA-2015:227 ] mariadb security
[SECURITY] [DSA 3251-1] dnsmasq security update Salvatore Bonaccorso

Wednesday, 06 May

F5 BIG-IQ Enumeration of users and Information Disclosure jplopezy
[SECURITY] CVE-2014-0230: Apache Tomcat DoS Mark Thomas
Arbitrary Variable Overwrite in eShop WordPress Plugin High-Tech Bridge Security Research
[ MDVSA-2015:228 ] nodejs security
[ MDVSA-2015:229 ] net-snmp security
[ MDVSA-2015:230 ] squid security
PDF Converter & Editor 2.1 iOS - File Include Vulnerability Vulnerability Lab
TORNADO Computer Trading CMS - SQL Injection Vulnerability Vulnerability Lab
Advisory: Filezilla FTP server is vulnerable to FTP PORT bounce Amit Klein
Cisco Security Advisory: Cisco UCS Central Software Arbitrary Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
CSRF/XSS In Embed ArticlesWordpress Plugin kingkaustubh
CSRF/XSSIn Ad_InSerter Wordpress kingkaustubh
CSRF/XSS In Manage Engine Asset Explorer kingkaustubh
CSRF/XSS In ClickBank ads Wordpress Plugin kingkaustubh
CSRF/XSS In Ultimate Profile Builder by CMSLive Wordpress Plugin kingkaustubh

Thursday, 07 May

[SECURITY] [DSA 3252-1] sqlite3 security update Moritz Muehlenhoff
Alienvault OSSIM/USM Multiple Vulnerabilities Peter Lapp
[SE-2014-02] Some additional GAE Java security sandbox bypasses Security Explorations
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 Apple Product Security
F5 ASM JSON Profile Bypass Peter Lapp
[SYSS-2015-017] BullGuard Internet Security - Authentication Bypass matthias . deeg
[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass matthias . deeg
[SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass matthias . deeg
[ MDVSA-2015:231 ] perl-XML-LibXML security
Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 Onur Yilmaz
Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability Vulnerability Lab
Album Streamer v2.0 iOS - Directory Traversal Vulnerability Vulnerability Lab
Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability Vulnerability Lab
[security bulletin] HPSBUX03194 rev.1 - HP-UX running sendmail(1M), Remote Disclosure of Information security-alert
CSRF/XSS in embed-articles Wordpress Plugin kingkaustubh
CSRF/XSS In Ad_Button Wordpress kingkaustubh

Friday, 08 May

[SECURITY] [DSA 3253-1] pound security update Thijs Kinkhorst
[SECURITY] [DSA 3251-2] dnsmasq regression update Salvatore Bonaccorso
[ MDVSA-2015:232 ] libtasn1 security
Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities Vulnerability Lab

Monday, 11 May

[security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure security-alert
Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability apparitionsec
Sqlbuddy Path Traversal Vulnerability hyp3rlinx
[SECURITY] [DSA 3254-1] suricata security update Salvatore Bonaccorso
[SECURITY] [DSA 3255-1] zeromq3 security update Alessandro Ghedini
[SECURITY] [DSA 3256-1] libtasn1-6 security update Salvatore Bonaccorso
[oCERT-2015-006] dcraw input sanitization errors Andrea Barisani
[security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS) security-alert

Tuesday, 12 May

[SECURITY] [DSA 3257-1] mercurial security update Salvatore Bonaccorso
[slackware-security] mariadb (SSA:2015-132-01) Slackware Security Team
[slackware-security] wpa_supplicant (SSA:2015-132-03) Slackware Security Team
[slackware-security] mysql (SSA:2015-132-02) Slackware Security Team
[security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information security-alert
[SECURITY] [DSA 3258-1] quassel security update Alessandro Ghedini

Wednesday, 13 May

[slackware-security] mozilla-firefox (SSA:2015-132-04) Slackware Security Team
SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server SEC Consult Vulnerability Lab
Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products Cisco Systems Product Security Incident Response Team
Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250 Onur Yilmaz
[SECURITY] [DSA 3259-1] qemu security update Moritz Muehlenhoff
Web India Solutions CMS 2015 - SQL Injection Vulnerability Vulnerability Lab
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Cisco Systems Product Security Incident Response Team
[CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities CORE Advisories Team
[SECURITY] [DSA 3260-1] iceweasel security update Moritz Muehlenhoff
Server buffer overflow in Pure Faction <= 3.0c soulsgetnothing

Thursday, 14 May

Certificate trust vulnerability in Websense Content Gateway Steve Shockley
Sidu 5.2 Admin XSS Vulnerability apparitionsec
SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2) SEC Consult Vulnerability Lab
[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass Mark Thomas

Friday, 15 May

phpMyAdmin 4.4.6 Man-In-the-Middle API Github submit
[SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine Security Explorations
[SECURITY] [DSA 3261-1] libmodule-signature-perl security update Salvatore Bonaccorso

Monday, 18 May

ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability Security Alert
[slackware-security] mozilla-thunderbird (SSA:2015-137-01) Slackware Security Team

Tuesday, 19 May

CRUCMS Crucial Networking - SQL Injection Vulnerability Vulnerability Lab
Wireless Photo Transfer v3.0 iOS - File Include Vulnerability Vulnerability Lab
iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability Vulnerability Lab
OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 3262-1] xen security update Moritz Muehlenhoff
[SECURITY] [DSA 3175-2] kfreebsd-9 security update Alessandro Ghedini
WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability metacom27
[security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access security-alert
APPLE-SA-2015-05-19-1 Watch OS 1.0.1 Apple Product Security

Wednesday, 20 May

[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow security-alert
[SECURITY] [DSA 3264-1] icedove security update Moritz Muehlenhoff
[SECURITY] [DSA 3263-1] proftpd-dfsg security update Sebastien Delafond
Staff FTP v3.04 Software - DLL Hijacking Vulnerability metacom27
ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability akashchavan0708
HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability Vulnerability Lab
Staff FTP v3.04 Software - DLL Hijacking Vulnerability Vulnerability Lab
[SECURITY] [DSA 3265-1] zendframework security update David Prévot
WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability Vulnerability Lab
Stored XSS in WP Photo Album Plus WordPress Plugin High-Tech Bridge Security Research
Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability Vulnerability Lab
[security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert
[security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities security-alert

Thursday, 21 May

[SECURITY] [DSA 3261-2] libmodule-signature-perl regression update Salvatore Bonaccorso
CVE for Apple's ECDHE-ECDSA SecureTransport bug? Jeffrey Walton
CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) Julian Reschke
Webgrind XSS vulnerability hyp3rlinx
[SECURITY] [DSA 3266-1] fuse security update Salvatore Bonaccorso

Friday, 22 May

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] pan . vagenas
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] pan . vagenas
[security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code security-alert
[SECURITY] [DSA 3267-1] chromium-browser security update Michael Gilbert
[SECURITY] [DSA 3268-1] ntfs-3g security update Salvatore Bonaccorso
[SECURITY] [DSA 3270-1] postgresql-9.4 security update Christoph Berg
[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability CORE Advisories Team

Monday, 25 May

[security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege security-alert
[SECURITY] [DSA 3271-1] nbd security update Alessandro Ghedini
[SECURITY] [DSA 3272-1] ipsec-tools security update Salvatore Bonaccorso
[SECURITY] [DSA 3265-2] zendframework regression update Alessandro Ghedini
Command injection vulnerability in Synology Photo Station Securify B.V.
Reflected Cross-Site Scripting in Synology DiskStation Manager Securify B.V.
Synology Photo Station multiple Cross-Site Scripting vulnerabilities Securify B.V.

Tuesday, 26 May

[SECURITY] [DSA 3273-1] tiff security update Moritz Muehlenhoff

Wednesday, 27 May

CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] pan . vagenas
[SECURITY] [DSA 3268-2] ntfs-3g security update Salvatore Bonaccorso
Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability David Coomber
[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability Onapsis Research Labs
[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement Onapsis Research Labs

Thursday, 28 May

DbNinja 3.2.6 Flash XSS Vulnerabilities apparitionsec
DbNinja 3.2.6 Flash XSS Vulnerabilities apparitionsec
[SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices Gergely Eberhardt
CVE-2015-1835: ... Dirk-Willem van Gulik on behalf of Apache Cordova
Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution mystyle_rahul
[security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege security-alert

Friday, 29 May

[SECURITY] [DSA 3274-1] virtualbox security update Moritz Muehlenhoff
JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities apparitionsec
[security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information security-alert
[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information security-alert
PreviousPrevious period
Next periodNext