Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
139 messages
starting Oct 05 15 and
ending Oct 21 15
Date index |
Thread index |
Author index
adrian . vollmer
[SYSS-2015-039] CSRF in OpenText Secure MFT adrian . vollmer (Oct 05)
Alessandro Ghedini
[SECURITY] [DSA 3369-1] zendframework security update Alessandro Ghedini (Oct 07)
[SECURITY] [DSA 3370-1] freetype security update Alessandro Ghedini (Oct 07)
Alexandre Herzog
Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img Alexandre Herzog (Oct 06)
RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img Alexandre Herzog (Oct 07)
Amit Klein
Advisory: web-based VM detection and coarse-grained fingerprinting Amit Klein (Oct 06)
apparitionsec
PHP Server Monitor 3.1.1 CSRF apparitionsec (Oct 29)
Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow apparitionsec (Oct 15)
FTGate 2009 Build 6.4.00 CSRF Vulnerabilities apparitionsec (Oct 05)
LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow apparitionsec (Oct 06)
PHP Server Monitor 3.1.1 Privilege Escalation apparitionsec (Oct 29)
AdobeWorkgroupHelper Stack Based Buffer Overflow apparitionsec (Oct 13)
LanSpy 2.0.0.155 Buffer Overflow apparitionsec (Oct 05)
Zope Management Interface CSRF vulnerabilities apparitionsec (Oct 07)
Apple Product Security
APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Apple Product Security (Oct 22)
APPLE-SA-2015-10-21-1 iOS 9.1 Apple Product Security (Oct 21)
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Apple Product Security (Oct 16)
APPLE-SA-2015-10-21-5 iTunes 12.3.1 Apple Product Security (Oct 22)
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 Apple Product Security (Oct 21)
APPLE-SA-2015-10-21-3 Safari 9.0.1 Apple Product Security (Oct 21)
APPLE-SA-2015-10-21-8 OS X Server 5.0.15 Apple Product Security (Oct 22)
APPLE-SA-2015-10-21-2 watchOS 2.0.1 Apple Product Security (Oct 21)
APPLE-SA-2015-10-21-7 Xcode 7.1 Apple Product Security (Oct 22)
appsec
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting appsec (Oct 05)
Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting appsec (Oct 05)
ascii
Veeam Backup & Replication Local Privilege Escalation Vulnerability ascii (Oct 09)
Ben Hutchings
[SECURITY] [DSA 3372-1] linux security update Ben Hutchings (Oct 13)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Oct 21)
Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Oct 21)
Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Oct 21)
Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Oct 21)
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 Cisco Systems Product Security Incident Response Team (Oct 22)
David Black
CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution David Black (Oct 23)
David Sopas
Events Made Easy WordPress plugin CSRF + Persistent XSS David Sopas (Oct 16)
ERPScan inc
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability ERPScan inc (Oct 29)
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability ERPScan inc (Oct 27)
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability ERPScan inc (Oct 29)
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access ERPScan inc (Oct 16)
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability ERPScan inc (Oct 27)
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability ERPScan inc (Oct 29)
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability ERPScan inc (Oct 27)
Florian Weimer
[SECURITY] [DSA 3380-1] php5 security update Florian Weimer (Oct 28)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED] FreeBSD Security Advisories (Oct 05)
FreeBSD Security Advisory FreeBSD-SA-15:25.ntp FreeBSD Security Advisories (Oct 26)
grajalerts
CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin grajalerts (Oct 12)
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin grajalerts (Oct 12)
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin grajalerts (Oct 12)
High-Tech Bridge Security Research
Cross-Site Request Forgery on Oxwall High-Tech Bridge Security Research (Oct 29)
Reflected Cross-Site Scripting (XSS) in SourceBans High-Tech Bridge Security Research (Oct 05)
ibemed
A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin ibemed (Oct 05)
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin ibemed (Oct 05)
Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin ibemed (Oct 05)
Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin ibemed (Oct 05)
ibeptaz
[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin ibeptaz (Oct 07)
ISecAuditors Security Advisories
[ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD ISecAuditors Security Advisories (Oct 16)
jerzy . patraszewski
ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage jerzy . patraszewski (Oct 05)
lem . nikolas
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) lem . nikolas (Oct 07)
lyon . yang . s
Multiple Remote Code Execution found in ZHONE lyon . yang . s (Oct 12)
Multiple Vulnerabilities found in ZHONE lyon . yang . s (Oct 12)
Matteo Beccati
[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati (Oct 07)
matthias . deeg
[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass matthias . deeg (Oct 01)
[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass matthias . deeg (Oct 01)
[SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt matthias . deeg (Oct 01)
[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass matthias . deeg (Oct 01)
[SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt matthias . deeg (Oct 01)
[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass matthias . deeg (Oct 01)
[SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt matthias . deeg (Oct 01)
[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt matthias . deeg (Oct 01)
[SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection matthias . deeg (Oct 12)
[SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials matthias . deeg (Oct 12)
[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass matthias . deeg (Oct 01)
[SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt matthias . deeg (Oct 01)
Michael Gilbert
[SECURITY] [DSA 3376-1] chromium-browser security update Michael Gilbert (Oct 21)
mohammadreza . mohajerani
AlienVault OSSIM 4.3 CSRF mohammadreza . mohajerani (Oct 26)
AlienVault OSSIM 4.3 CSRF vulnerability report mohammadreza . mohajerani (Oct 25)
Moritz Muehlenhoff
[SECURITY] [DSA 3381-1] openjdk-7 security update Moritz Muehlenhoff (Oct 28)
[SECURITY] [DSA 3384-1] virtualbox security update Moritz Muehlenhoff (Oct 29)
Myria
[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability Myria (Oct 14)
Nicholas Lemonias.
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) Nicholas Lemonias. (Oct 07)
Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost Nicholas Lemonias. (Oct 07)
US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research Nicholas Lemonias. (Oct 14)
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) Nicholas Lemonias. (Oct 09)
Onur Yilmaz
TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391 Onur Yilmaz (Oct 07)
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390 Onur Yilmaz (Oct 07)
Pedro Ribeiro
[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution Pedro Ribeiro (Oct 05)
Pierre Kim
A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE Pierre Kim (Oct 07)
Portcullis Advisories
CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver Portcullis Advisories (Oct 29)
CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver Portcullis Advisories (Oct 29)
Qualys Security Advisory
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Qualys Security Advisory (Oct 16)
Qualys Security Advisory - OpenSMTPD Audit Report Qualys Security Advisory (Oct 05)
Ralf Spenneberg
Local RedHat Enterprise Linux DoS – RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver) Ralf Spenneberg (Oct 07)
Re: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver) Ralf Spenneberg (Oct 07)
RedTeam Pentesting GmbH
[RT-SA-2015-006] Buffalo LinkStation Authentication Bypass RedTeam Pentesting GmbH (Oct 08)
rotem kerner
Fwd: Timing attack vulnerability in most Zeus server-sides rotem kerner (Oct 25)
Salvatore Bonaccorso
[SECURITY] [DSA 3379-1] miniupnpc security update Salvatore Bonaccorso (Oct 25)
[SECURITY] [DSA 3371-1] spice security update Salvatore Bonaccorso (Oct 09)
[SECURITY] [DSA 3383-1] wordpress security update Salvatore Bonaccorso (Oct 29)
[SECURITY] [DSA 3377-1] mysql-5.5 security update Salvatore Bonaccorso (Oct 25)
[SECURITY] [DSA 3373-1] owncloud security update Salvatore Bonaccorso (Oct 19)
[SECURITY] [DSA 3374-1] postgresql-9.4 security update Salvatore Bonaccorso (Oct 19)
[SECURITY] [DSA 3332-2] wordpress regression update Salvatore Bonaccorso (Oct 29)
scurippio
TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE scurippio (Oct 22)
Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE scurippio (Oct 23)
Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE scurippio (Oct 23)
SEC Consult Vulnerability Lab
SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities SEC Consult Vulnerability Lab (Oct 23)
Secunia Research
Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities Secunia Research (Oct 26)
Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability Secunia Research (Oct 26)
Security Alert
ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities Security Alert (Oct 12)
security-alert
[security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information security-alert (Oct 14)
[security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege security-alert (Oct 05)
[security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities security-alert (Oct 01)
[security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities security-alert (Oct 16)
[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert (Oct 15)
[security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass security-alert (Oct 01)
[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information security-alert (Oct 24)
[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information security-alert (Oct 24)
[security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information security-alert (Oct 05)
Security Explorations
[SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42) Security Explorations (Oct 21)
securityresearch
Potential vulnerabilites in PayPal Beacons securityresearch (Oct 08)
Slackware Security Team
[slackware-security] seamonkey (SSA:2015-274-03) Slackware Security Team (Oct 05)
[slackware-security] curl (SSA:2015-302-01) Slackware Security Team (Oct 29)
[slackware-security] mozilla-thunderbird (SSA:2015-274-01) Slackware Security Team (Oct 05)
[slackware-security] jasper (SSA:2015-302-02) Slackware Security Team (Oct 30)
[slackware-security] ntp (SSA:2015-302-03) Slackware Security Team (Oct 29)
[slackware-security] php (SSA:2015-274-02) Slackware Security Team (Oct 05)
Specto
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Specto (Oct 05)
Stefan Kanthak
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE Stefan Kanthak (Oct 28)
submit
MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow submit (Oct 26)
MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) submit (Oct 26)
Thijs Kinkhorst
[SECURITY] [DSA 3382-1] phpmyadmin security update Thijs Kinkhorst (Oct 29)
Vulnerability Lab
Freemake Video Downloader 3.7.1 - Code Execution Vulnerability Vulnerability Lab (Oct 15)
PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability Vulnerability Lab (Oct 15)
FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability Vulnerability Lab (Oct 09)
W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability Vulnerability Lab (Oct 09)
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability Vulnerability Lab (Oct 09)
PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability Vulnerability Lab (Oct 09)
wissam . bashour
Boolean-based SQL injection Vulnerability in K2 Platforms wissam . bashour (Oct 13)
Yves-Alexis Perez
[SECURITY] [DSA 3375-1] wordpress security update Yves-Alexis Perez (Oct 20)
ZoRLu Bugrahan
SiteWIX - (edit_photo2.php id) SQL Injection Exploit ZoRLu Bugrahan (Oct 21)