Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
148 messages
starting Nov 02 15 and
ending Nov 16 15
Date index |
Thread index |
Author index
0ang3el
CVE-2015-7326 (XXE vulnerability in Milton Webdav) 0ang3el (Nov 02)
advisories
LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection advisories (Nov 30)
aiscorp
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation aiscorp (Nov 29)
ajs
Steam Weak File Permissions Privilege Escalation ajs (Nov 23)
Alessandro Ghedini
[SECURITY] [DSA 3355-2] libvdpau regression update Alessandro Ghedini (Nov 02)
apparitionsec
CF Image Host CSRF apparitionsec (Nov 14)
NXFilter v3.0.3 Persistent / Reflected XSS apparitionsec (Nov 06)
CF Image Host XSS apparitionsec (Nov 14)
NXFilter v3.0.3 CSRF apparitionsec (Nov 06)
IBM i Access Buffer Overflow Code DOS CVE-2015-7422 apparitionsec (Nov 19)
Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099 apparitionsec (Nov 11)
CF Image Host PHP Command Injection apparitionsec (Nov 14)
IBM i Access Buffer Overflow Code Exec CVE-2015-2023 apparitionsec (Nov 19)
TCPing 2.1.0 Buffer Overflow apparitionsec (Nov 02)
Aravind
TestLink 1.9.14 Persistent XSS Aravind (Nov 09)
TestLink 1.9.14 CSRF Vulnerability Aravind (Nov 09)
bhadresh . patel
D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability bhadresh . patel (Nov 14)
Christofer Dutz
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Christofer Dutz (Nov 23)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Nov 05)
Egidio Romano
[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability Egidio Romano (Nov 05)
[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability Egidio Romano (Nov 05)
[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability Egidio Romano (Nov 05)
[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability Egidio Romano (Nov 05)
[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability Egidio Romano (Nov 05)
[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability Egidio Romano (Nov 05)
ERPScan inc
[ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import ERPScan inc (Nov 23)
[ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE ERPScan inc (Nov 23)
[ERPSCAN-15-019] SAP Afaria - Stored XSS ERPScan inc (Nov 23)
Florian Weimer
[SECURITY] [DSA 3387-1] openafs security update Florian Weimer (Nov 02)
[SECURITY] [DSA 3391-1] php-horde security update Florian Weimer (Nov 04)
[SECURITY] [DSA 3405-1] smokeping security update Florian Weimer (Nov 25)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] FreeBSD Security Advisories (Nov 04)
GalaxyCVEcollector
Accentis Content Resource Management System - XSS GalaxyCVEcollector (Nov 02)
Accentis Content Resource Management System - SQL GalaxyCVEcollector (Nov 02)
High-Tech Bridge Security Research
RCE and SQL injection via CSRF in Horde Groupware High-Tech Bridge Security Research (Nov 18)
ITAS Team
Cross-Site Scripting | Zeuscart V4 ITAS Team (Nov 02)
Kevin Kluge
CVE-2015-8131: Kibana CSRF vulnerability Kevin Kluge (Nov 19)
Elasticsearch vulnerability CVE-2015-4165 Kevin Kluge (Nov 06)
Elasticsearch vulnerability CVE-2015-5377 Kevin Kluge (Nov 05)
larry0
/tmp race condition in IBM Installation Manager V1.8.1 install script larry0 (Nov 14)
Laszlo Boszormenyi (GCS)
[SECURITY] [DSA 3386-1] unzip security update Laszlo Boszormenyi (GCS) (Nov 02)
lem . nikolas
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation lem . nikolas (Nov 29)
Manuel Mancera
[FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS) Manuel Mancera (Nov 27)
[FD] Celoxis <= 9.5 - Cross Site Scripting (XSS) Manuel Mancera (Nov 23)
Martin Heiland
Open-Xchange Security Advisory 2015-11-17 Martin Heiland (Nov 17)
martin . sturm
SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value martin . sturm (Nov 15)
Matthew Flanagan
CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability Matthew Flanagan (Nov 16)
Moritz Muehlenhoff
[SECURITY] [DSA 3389-1] elasticsearch end-of-life Moritz Muehlenhoff (Nov 02)
[SECURITY] [DSA 3403-1] libcommons-collections3-java security update Moritz Muehlenhoff (Nov 24)
[SECURITY] [DSA 3394-1] libreoffice security update Moritz Muehlenhoff (Nov 05)
[SECURITY] [DSA 3381-2] openjdk-7 security update Moritz Muehlenhoff (Nov 02)
[SECURITY] [DSA 3388-1] ntp security update Moritz Muehlenhoff (Nov 02)
[SECURITY] [DSA 3406-1] nspr security update Moritz Muehlenhoff (Nov 25)
[SECURITY] [DSA 3393-1] iceweasel security update Moritz Muehlenhoff (Nov 05)
Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 30)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 30)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report. Nicholas Lemonias. (Nov 29)
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation Nicholas Lemonias. (Nov 23)
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias. (Nov 29)
pan . vagenas
WordPress Users Ultra Plugin [Unrestricted File Upload] pan . vagenas (Nov 17)
Pierre Kim
Huawei Wimax routers vulnerable to multiple threats Pierre Kim (Nov 30)
OpenBSD package 'net-snmp' information disclosure Pierre Kim (Nov 13)
Rahul Pratap Singh
PHP Address Book SQL Injection Vulnerability Rahul Pratap Singh (Nov 14)
Belkin N150 Wireless Home Router Multiple Vulnerabilities Rahul Pratap Singh (Nov 30)
Salvatore Bonaccorso
[SECURITY] [DSA 3390-1] xen security update Salvatore Bonaccorso (Nov 02)
[SECURITY] [DSA 3397-1] wpa security update Salvatore Bonaccorso (Nov 11)
[SECURITY] [DSA 3396-1] linux security update Salvatore Bonaccorso (Nov 10)
[SECURITY] [DSA 3395-2] krb5 security update Salvatore Bonaccorso (Nov 13)
[SECURITY] [DSA 3407-1] dpkg security update Salvatore Bonaccorso (Nov 26)
[SECURITY] [DSA 3404-1] python-django security update Salvatore Bonaccorso (Nov 25)
[SECURITY] [DSA 3385-1] mariadb-10.0 security update Salvatore Bonaccorso (Nov 02)
[SECURITY] [DSA 3399-1] libpng security update Salvatore Bonaccorso (Nov 19)
[SECURITY] [DSA 3386-2] unzip regression update Salvatore Bonaccorso (Nov 09)
[SECURITY] [DSA 3395-1] krb5 security update Salvatore Bonaccorso (Nov 06)
[SECURITY] [DSA 3400-1] lxc security update Salvatore Bonaccorso (Nov 19)
[SECURITY] [DSA 3402-1] symfony security update Salvatore Bonaccorso (Nov 24)
[SECURITY] [DSA 3208-2] freexl regression update Salvatore Bonaccorso (Nov 14)
samhuntley84
Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities. samhuntley84 (Nov 15)
Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities samhuntley84 (Nov 15)
Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities samhuntley84 (Nov 15)
Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities. samhuntley84 (Nov 15)
Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities. samhuntley84 (Nov 15)
Dlink DIR-645 UPNP Buffer Overflow samhuntley84 (Nov 15)
Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists samhuntley84 (Nov 15)
Dlink DIR-601 Command injection in ping functionality samhuntley84 (Nov 15)
Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality samhuntley84 (Nov 15)
Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L samhuntley84 (Nov 14)
Dlink DIR-866L Buffer overflows in HNAP and send email functionalities samhuntley84 (Nov 14)
Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities samhuntley84 (Nov 15)
Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality samhuntley84 (Nov 15)
Sebastien Delafond
[SECURITY] [DSA 3392-1] freeimage security update Sebastien Delafond (Nov 04)
SEC Consult Vulnerability Lab
SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products SEC Consult Vulnerability Lab (Nov 05)
Secunia Research
Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability Secunia Research (Nov 11)
Security Alert
ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability Security Alert (Nov 17)
ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability Security Alert (Nov 24)
security-alert
[security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) security-alert (Nov 19)
[security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code security-alert (Nov 02)
[security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information security-alert (Nov 04)
[security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) security-alert (Nov 17)
[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution security-alert (Nov 25)
[security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege security-alert (Nov 04)
[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution security-alert (Nov 25)
[security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information security-alert (Nov 05)
[security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information security-alert (Nov 15)
[security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) security-alert (Nov 11)
[security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution security-alert (Nov 02)
[security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information security-alert (Nov 04)
[security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege security-alert (Nov 04)
[security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS) security-alert (Nov 19)
Security Explorations
[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7) Security Explorations (Nov 30)
Shazron
Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions Shazron (Nov 21)
Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Shazron (Nov 21)
Slackware Security Team
[slackware-security] seamonkey (SSA:2015-318-01) Slackware Security Team (Nov 14)
[slackware-security] pcre (SSA:2015-328-01) Slackware Security Team (Nov 25)
[slackware-security] mozilla-nss (SSA:2015-310-02) Slackware Security Team (Nov 06)
[slackware-security] mozilla-firefox (SSA:2015-310-01) Slackware Security Team (Nov 06)
Suyog Rao
CVE-2015-5619 Suyog Rao (Nov 06)
CVE-2015-5378 Suyog Rao (Nov 06)
Timothy Bish
[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities Timothy Bish (Nov 06)
VMware Security Response Center
NEW VMSA-2015-0008 - VMware product updates address information disclosure issue VMware Security Response Center (Nov 19)
Vulnerability Lab
CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability Vulnerability Lab (Nov 25)
LAN Scan HD v1.20 iOS - Command Inject Vulnerability Vulnerability Lab (Nov 17)
Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities Vulnerability Lab (Nov 17)
Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability Vulnerability Lab (Nov 18)
Port Scan v2.0 iOS - Command Inject Vulnerability Vulnerability Lab (Nov 17)
Murgent CMS - SQL Injection Vulnerability Vulnerability Lab (Nov 17)
Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) Vulnerability Lab (Nov 17)
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability Vulnerability Lab (Nov 17)
Yves-Alexis Perez
[SECURITY] [DSA 3398-1] strongswan security update Yves-Alexis Perez (Nov 16)