Bugtraq: by thread
165 messages
starting Apr 01 16 and
ending Apr 29 16
Date index |
Thread index |
Author index
- Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 01)
- WebKitGTK+ Security Advisory WSA-2016-0003 Carlos Alberto Lopez Perez (Apr 01)
- APPLE-SA-2016-03-31-1 iBooks Author 2.4.1 Apple Product Security (Apr 01)
- [security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files HP Security Alert (Apr 03)
- [security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Apr 03)
- [security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files security-alert (Apr 03)
- [security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert (Apr 03)
- [slackware-security] php (SSA:2016-092-02) Slackware Security Team (Apr 03)
- [slackware-security] mercurial (SSA:2016-092-01) Slackware Security Team (Apr 03)
- [security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS) security-alert (Apr 03)
- Open-Xchange Security Advisory 2016-04-02 Martin Heiland (Apr 03)
- [SECURITY] [DSA 3539-1] srtp security update Salvatore Bonaccorso (Apr 03)
- [SECURITY] [DSA 3540-1] lhasa security update Moritz Muehlenhoff (Apr 04)
- Bugcrowd CSV injection vulnerability Hack Ex (Apr 04)
- Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Apr 04)
- Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability Vulnerability Lab (Apr 04)
- FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability Vulnerability Lab (Apr 04)
- ManageEngine Password Manager Pro Multiple Vulnerabilities Sebastian Perez (Apr 04)
- CVE-2016-2191: optipng: invalid write Hans Jerry Illikainen (Apr 04)
- [SE-2012-01] Broken security fix in IBM Java 7/8 Security Explorations (Apr 04)
- Re: [SE-2012-01] Broken security fix in IBM Java 7/8 Security Explorations (Apr 05)
- ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability Security Alert (Apr 04)
- Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit lists () exploits4coins com (Apr 04)
- [slackware-security] mozilla-thunderbird (SSA:2016-095-01) Slackware Security Team (Apr 04)
- [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information security-alert (Apr 04)
- [SECURITY] [DSA 3541-1] roundcube security update Sebastien Delafond (Apr 05)
- Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability Vulnerability Lab (Apr 05)
- [SECURITY] [DSA 3542-1] mercurial security update Salvatore Bonaccorso (Apr 05)
- [SECURITY] [DSA 3543-1] oar security update Moritz Muehlenhoff (Apr 05)
- CA20160405-01: Security Notice for CA API Gateway Kotas, Kevin J (Apr 05)
- op5 v7.1.9 Remote Command Execution apparitionsec (Apr 05)
- [slackware-security] subversion (SSA:2016-097-01) Slackware Security Team (Apr 06)
- SQL Injection in SocialEngine High-Tech Bridge Security Research (Apr 06)
- CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert (Apr 06)
- Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
- Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
- Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
- Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
- [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information security-alert (Apr 06)
- [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) security-alert (Apr 06)
- Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability Vulnerability Lab (Apr 07)
- Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Apr 07)
- Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities Vulnerability Lab (Apr 07)
- Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability Vulnerability Lab (Apr 07)
- Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 07)
- [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection security-alert (Apr 07)
- [SECURITY] [DSA 3544-1] python-django security update Salvatore Bonaccorso (Apr 07)
- [SECURITY] [DSA 3545-1] cgit security update Salvatore Bonaccorso (Apr 07)
- [SECURITY] [DSA 3546-1] optipng security update Moritz Muehlenhoff (Apr 08)
- AccelSite Content Manager v1.0 - SQL Injection Vulnerability Vulnerability Lab (Apr 08)
- JAWS Weak Service Permissions leads to Privilege Escalation Heimbuecher003 (Apr 08)
- CVE-2015-3268: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 10)
- CVE-2016-2170: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 10)
- WPN-XM Serverstack v0.8.6 XSS hyp3rlinx (Apr 10)
- CSRF - MySQL / PHP.INI Hijacking hyp3rlinx (Apr 10)
- WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking hyp3rlinx (Apr 10)
- <Possible follow-ups>
- WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking hyp3rlinx (Apr 10)
- Directadmin ControlPanel 1.50.0 Version Xss Vulnerability iedb . team (Apr 10)
- <Possible follow-ups>
- Directadmin ControlPanel 1.50.0 Version Xss Vulnerability iedb . team (Apr 10)
- OpenCart json_decode function Remote PHP Code Execution r3s34rch3r (Apr 10)
- Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability iedb . team (Apr 10)
- [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 Pedro Ribeiro (Apr 10)
- Blind SQL injections in CivicRM Simon Waters (Surevine) (Apr 11)
- ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability Security Alert (Apr 11)
- [SECURITY] [DSA 3547-1] imagemagick security update Luciano Bello (Apr 11)
- [SECURITY] [DSA 3485-2] didiwiki security update Sebastien Delafond (Apr 12)
- Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability Vulnerability Lab (Apr 12)
- Open redirect on Google.com research (Apr 12)
- .NET Framework 4.6 allows side loading of Windows API Set DLL Securify B.V. (Apr 12)
- CAM UnZip v5.1 Archive Directory Traversal hyp3rlinx (Apr 12)
- [SE-2012-01] Yet another broken security fix in IBM Java 7/8 Security Explorations (Apr 13)
- Vbulletin Cms (Sendmessage.php Page) 0Day Exploit iedb . team (Apr 13)
- Webline CMS (2016Q2) - SQL Injection Vulnerability Vulnerability Lab (Apr 13)
- Mybb Cms (create forum and edit) Cross-Site Script Vulnerability iedb . team (Apr 13)
- Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Apr 13)
- [SECURITY] [DSA 3548-1] samba security update Salvatore Bonaccorso (Apr 13)
- [SECURITY] [DSA 3548-2] samba regression update Salvatore Bonaccorso (Apr 14)
- Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 14)
- <Possible follow-ups>
- Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 25)
- Mybb Cms (private.php Page) Denial Of Service Vulnerability iedb . team (Apr 14)
- Securing Android Applications from Screen Capture research (Apr 14)
- ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability Security Alert (Apr 14)
- NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin VMware Security Response Center (Apr 14)
- AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk Asterisk Security Team (Apr 14)
- AST-2016-005: TCP denial of service in PJProject Asterisk Security Team (Apr 14)
- [SECURITY] [DSA 3549-1] chromium-browser security update Michael Gilbert (Apr 15)
- [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability ERPScan inc (Apr 15)
- [ERPSCAN-16-002] SAP HANA - log injection and no size restriction ERPScan inc (Apr 15)
- [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues ERPScan inc (Apr 15)
- Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability Sandro Poppi (Apr 15)
- [SECURITY] [DSA 3550-1] openssh security update Moritz Muehlenhoff (Apr 15)
- [slackware-security] mozilla-thunderbird (SSA:2016-106-01) Slackware Security Team (Apr 17)
- [slackware-security] samba (SSA:2016-106-02) Slackware Security Team (Apr 17)
- [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android urikanonov (Apr 17)
- Ahrare Andeysheh Cms Multiple Vulnerabilities iesb . team (Apr 17)
- [SECURITY] [DSA 3551-1] fuseiso security update Florian Weimer (Apr 17)
- [SECURITY] [DSA 3552-1] tomcat7 security update Moritz Muehlenhoff (Apr 17)
- CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) klaus . eisentraut (Apr 18)
- [security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges security-alert (Apr 18)
- [security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Apr 18)
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege Stefan Kanthak (Apr 19)
- [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability ERPScan inc (Apr 19)
- Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability Mahmut Firuz Dumlupinar - Vendor (Apr 27)
- [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability ERPScan inc (Apr 19)
- Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 research () rv3lab org (Apr 19)
- ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities Security Alert (Apr 19)
- [security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information security-alert (Apr 19)
- PHPBack v1.3.0 SQL Injection apparitionsec (Apr 19)
- *.Shell.com Port 443 DROWN decryption attack shell (Apr 20)
- shell.com vulnerable TLS shell (Apr 20)
- RCE via CSRF in phpMyFAQ High-Tech Bridge Security Research (Apr 20)
- Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
- Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
- Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
- Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
- Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
- Webutler CMS 3.2 - Cross-Site Request Forgery displaymyname (Apr 20)
- OpenTSDB RCE gsoc (Apr 21)
- exploit CVE-2016-2203 karim reda Fakhir (Apr 21)
- CVE-2016-3074: libgd: signedness vulnerability Hans Jerry Illikainen (Apr 21)
- [SECURITY] [DSA 3554-1] xen security update Salvatore Bonaccorso (Apr 21)
- [SECURITY] [DSA 3553-1] varnish security update Sebastien Delafond (Apr 22)
- SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app SEC Consult Vulnerability Lab (Apr 22)
- SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator SEC Consult Vulnerability Lab (Apr 22)
- [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information security-alert (Apr 22)
- [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information security-alert (Apr 22)
- Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109) david . vieira-kurz (Apr 24)
- Persian-woocommerce-sms XSS Vulnerability Rahul Pratap Singh (Apr 24)
- Tweet-wheel XSS Vulnerability Rahul Pratap Singh (Apr 24)
- Echosign Plugin for WordPress XSS Vulnerability Rahul Pratap Singh (Apr 24)
- Google SEO Pressor Snippet Plugin XSS Vulnerability Rahul Pratap Singh (Apr 24)
- Easy Social Share Buttons for WordPress XSS Vulnerability Rahul Pratap Singh (Apr 24)
- CM-AD-Changer XSS Vulnerability Rahul Pratap Singh (Apr 24)
- Unlimited Pop-Ups WordPress Plugin XSS Vulnerability Rahul Pratap Singh (Apr 24)
- [SECURITY] [DSA 3555-1] imlib2 security update Alessandro Ghedini (Apr 24)
- [SECURITY] [DSA 3556-1] libgd2 security update Salvatore Bonaccorso (Apr 24)
- Telisca IPS Lock 2 Vulnerability karim reda Fakhir (Apr 25)
- C & C++ for OS - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 25)
- Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 25)
- UBNT Bug Bounty #2 - XML External Entity Vulnerability Vulnerability Lab (Apr 25)
- Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities Vulnerability Lab (Apr 25)
- Negin Group CMS - (v) Multiple Web Vulnerabilities Vulnerability Lab (Apr 25)
- [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS) security-alert (Apr 25)
- Trend Micro (Account) - Email Spoofing Web Vulnerability Vulnerability Lab (Apr 26)
- VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability Vulnerability Lab (Apr 26)
- Sophos XG Firewall (SF01V) - Persistent Web Vulnerability Vulnerability Lab (Apr 26)
- [SECURITY] [DSA 3557-1] mysql-5.5 security update Salvatore Bonaccorso (Apr 26)
- [SECURITY] [DSA 3558-1] openjdk-7 security update Moritz Muehlenhoff (Apr 26)
- [slackware-security] mozilla-firefox (SSA:2016-117-01) Slackware Security Team (Apr 27)
- Oracle Discoverer Viewer BI - Open Redirect Vulnerability Vulnerability Lab (Apr 27)
- EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection Securify B.V. (Apr 27)
- [SECURITY] [DSA 3559-1] iceweasel security update Moritz Muehlenhoff (Apr 27)
- CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Tony Homer (Apr 27)
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
- <Possible follow-ups>
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
- [SECURITY] [DSA 3560-1] php5 security update Salvatore Bonaccorso (Apr 27)
- CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* Hans Jerry Illikainen (Apr 28)
- [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) security-alert (Apr 28)
- Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream Stefan Kanthak (Apr 28)
- Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Apr 29)
- SQL Injection in GLPI High-Tech Bridge Security Research (Apr 29)
- [SECURITY] [DSA 3561-1] subversion security update Salvatore Bonaccorso (Apr 29)