Bugtraq: by thread
168 messages
starting Aug 01 16 and
ending Aug 31 16
Date index |
Thread index |
Author index
- Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492) unlimitsec (Aug 01)
- [SECURITY] [DSA 3636-1] collectd security update Sebastien Delafond (Aug 01)
- [SECURITY] [DSA 3634-1] redis security update Sebastien Delafond (Aug 01)
- Huawei eSpace IAD Remote Information Disclosure Vulnerability ak47464659484 (Aug 01)
- Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP Summer of Pwnage (Aug 01)
- Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin Summer of Pwnage (Aug 01)
- Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA Summer of Pwnage (Aug 01)
- [SECURITY] [DSA 3637-1] chromium-browser security update Michael Gilbert (Aug 01)
- Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
- SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
- Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage (Aug 01)
- Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab (Aug 01)
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 01)
- <Possible follow-ups>
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 02)
- Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) David Coomber (Aug 01)
- Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage (Aug 01)
- [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c wpengfeinudt (Aug 01)
- [security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information security-alert (Aug 01)
- [security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution security-alert (Aug 01)
- FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab (Aug 02)
- Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 02)
- Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 02)
- Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab (Aug 02)
- WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab (Aug 02)
- Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage (Aug 02)
- Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage (Aug 02)
- Arbitrary File Content Disclosure in Atutor High-Tech Bridge Security Research (Aug 03)
- WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5 Maria Lemos (Aug 03)
- [SECURITY] [DSA 3638-1] curl security update Alessandro Ghedini (Aug 03)
- [SECURITY] [DSA 3639-1] wordpress security update Salvatore Bonaccorso (Aug 03)
- Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 03)
- Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability Cisco Systems Product Security Incident Response Team (Aug 03)
- Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team (Aug 03)
- Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Aug 03)
- [security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF) security-alert (Aug 03)
- Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability Secunia Research (Aug 03)
- [SECURITY] [DSA 3640-1] firefox-esr security update Moritz Muehlenhoff (Aug 04)
- Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin Summer of Pwnage (Aug 04)
- Cross-Site Scripting in Activity Log WordPress Plugin Summer of Pwnage (Aug 04)
- Cross-Site Scripting in WordPress Landing Pages Plugin Summer of Pwnage (Aug 04)
- FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 04)
- FortiManager (Series) - (Bookmark) Persistent Vulnerability Vulnerability Lab (Aug 04)
- [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection klaus . eisentraut (Aug 04)
- [SECURITY] [DSA 3641-1] openjdk-7 security update Moritz Muehlenhoff (Aug 04)
- Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 04)
- Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro (Aug 04)
- Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro (Aug 04)
- Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage (Aug 04)
- Cross-Site Scripting in FormBuilder WordPress Plugin Summer of Pwnage (Aug 04)
- Cross-Site Scripting in Count per Day WordPress Plugin Summer of Pwnage (Aug 04)
- Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Summer of Pwnage (Aug 04)
- [0day] net2ftp multiple XSS on unauthenticated users Jacobo Avariento (Aug 05)
- Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability Vulnerability Lab (Aug 05)
- Subrion v4.0.5 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 05)
- FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 05)
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) Tim Kretschmann (Aug 05)
- <Possible follow-ups>
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) Tim Kretschmann (Aug 05)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) matthias . deeg (Aug 05)
- <Possible follow-ups>
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) matthias . deeg (Aug 05)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) matthias . deeg (Aug 05)
- DLL side loading vulnerability in VMware Host Guest Client Redirector Securify B.V. (Aug 05)
- Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Aug 05)
- [SECURITY] [DSA 3642-1] lighttpd security update Sebastien Delafond (Aug 08)
- [SECURITY] [DSA 3643-1] kde4libs security update Salvatore Bonaccorso (Aug 08)
- [slackware-security] mozilla-firefox (SSA:2016-219-02) Slackware Security Team (Aug 08)
- [slackware-security] stunnel (SSA:2016-219-04) Slackware Security Team (Aug 08)
- [slackware-security] curl (SSA:2016-219-01) Slackware Security Team (Aug 08)
- [slackware-security] openssh (SSA:2016-219-03) Slackware Security Team (Aug 08)
- vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski (Aug 08)
- phpCollab v2.5 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 08)
- [SECURITY] [DSA 3644-1] fontconfig security update Salvatore Bonaccorso (Aug 08)
- ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability Security Alert (Aug 08)
- [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 Pedro Ribeiro (Aug 09)
- [SECURITY] [DSA 3645-1] chromium-browser security update Michael Gilbert (Aug 09)
- Nagios Network Analyzer v2.2.1 Multiple CSRF hyp3rlinx (Aug 09)
- Any Video Converter DLL Hijack hyp3rlinx (Aug 09)
- AirSnort v0.2.7 Stack Corruption DOS hyp3rlinx (Aug 09)
- Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability Vulnerability Lab (Aug 09)
- FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability Vulnerability Lab (Aug 09)
- Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab (Aug 09)
- Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Summer of Pwnage (Aug 09)
- Notepad++6.9.2 DLL Hijacking Vulnerability mehta . himanshu21 (Aug 09)
- Nagios NA v2.2.1 XSS hyp3rlinx (Aug 09)
- Internet Explorer iframe sandbox local file name disclosure vulnerability Securify B.V. (Aug 09)
- Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 10)
- [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities CORE Advisories Team (Aug 10)
- Microsoft Education - Stored Cross Site Web Vulnerability Vulnerability Lab (Aug 11)
- QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability Vulnerability Lab (Aug 11)
- Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org (Aug 11)
- [SECURITY] [DSA 3646-1] postgresql-9.4 security update Salvatore Bonaccorso (Aug 11)
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Stefan Kanthak (Aug 11)
- [SECURITY] [DSA 3647-1] icedove security update Moritz Muehlenhoff (Aug 11)
- [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Maxim Solodovnik (Aug 12)
- [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) security-alert (Aug 12)
- [security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution security-alert (Aug 12)
- [SECURITY] [DSA 3648-1] wireshark security update Moritz Muehlenhoff (Aug 15)
- WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity hyp3rlinx (Aug 15)
- WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION apparitionsec (Aug 15)
- WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT hyp3rlinx (Aug 15)
- WSO2-CARBON v4.4.5 CSRF / DOS hyp3rlinx (Aug 15)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) hamedizadi (Aug 15)
- <Possible follow-ups>
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) hamedizadi (Aug 15)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) hamedizadi (Aug 15)
- Linksys E1200 and E2500 (Missing authorization on parental control) samhuntley84 (Aug 15)
- Linksys E2500 and E1200 (Unauth Command Injection) samhuntley84 (Aug 15)
- Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 tal argoni (Aug 15)
- Stash v1.0.3 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 15)
- PayPal Inc BB #127 - 2FA Bypass Vulnerability Vulnerability Lab (Aug 15)
- Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass reggie . dodd30 (Aug 15)
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries Summer of Pwnage (Aug 16)
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images Summer of Pwnage (Aug 16)
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images Summer of Pwnage (Aug 16)
- Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin Summer of Pwnage (Aug 16)
- Cross-Site Scripting vulnerability in Google Maps WordPress Plugin Summer of Pwnage (Aug 16)
- Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin Summer of Pwnage (Aug 16)
- Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin Summer of Pwnage (Aug 16)
- Ajax Load More Local File Inclusion vulnerability Summer of Pwnage (Aug 16)
- Cross-Site Scripting in Link Library WordPress Plugin Summer of Pwnage (Aug 16)
- Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin Summer of Pwnage (Aug 16)
- Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage (Aug 16)
- [security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information security-alert (Aug 16)
- [security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution security-alert (Aug 16)
- [security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities security-alert (Aug 16)
- Lepton CMS Archive Directory Traversal hyp3rlinx (Aug 16)
- Lepton CMS PHP Code Injection hyp3rlinx (Aug 16)
- [ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials ERPScan inc (Aug 16)
- [ERPSCAN-16-023] Potential backdoor via hardcoded system ID ERPScan inc (Aug 16)
- [SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) Micha Borrmann (Aug 17)
- Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Aug 17)
- Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Aug 17)
- Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Aug 17)
- Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Aug 18)
- [SECURITY] [DSA 3649-1] gnupg security update Salvatore Bonaccorso (Aug 18)
- [SECURITY] [DSA 3650-1] libgcrypt20 security update Salvatore Bonaccorso (Aug 18)
- Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access Andrew Klaus (Aug 18)
- [SYSS-2016-052] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- [SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite bugtraq (Aug 18)
- [SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- <Possible follow-ups>
- [SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- [SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
- <Possible follow-ups>
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
- [SYSS-2016-054] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- <Possible follow-ups>
- [SYSS-2016-054] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- [SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting bugtraq (Aug 18)
- [SYSS-2016-055] QNAP QTS - OS Command Injection bugtraq (Aug 18)
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
- <Possible follow-ups>
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
- [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 19)
- Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner (Aug 19)
- Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 22)
- [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities security-alert (Aug 22)
- [slackware-security] gnupg (SSA:2016-236-01) Slackware Security Team (Aug 23)
- nullcon 8-bit Call for Papers is open nullcon (Aug 24)
- WebKitGTK+ Security Advisory WSA-2016-0005 Carlos Alberto Lopez Perez (Aug 24)
- SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise SEC Consult Vulnerability Lab (Aug 25)
- APPLE-SA-2016-08-25-1 iOS 9.3.5 Apple Product Security (Aug 25)
- [SECURITY] [DSA 3652-1] imagemagick security update Moritz Muehlenhoff (Aug 25)
- Necroscan <= v0.9.1 Buffer Overflow hyp3rlinx (Aug 25)
- [SECURITY] [DSA 3654-1] quagga security update Sebastien Delafond (Aug 25)
- Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 submit (Aug 26)
- [security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information security-alert (Aug 29)
- [slackware-security] kernel (SSA:2016-242-01) Slackware Security Team (Aug 29)
- [security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information security-alert (Aug 30)
- [security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) security-alert (Aug 31)
- Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution Cisco Systems Product Security Incident Response Team (Aug 31)
- Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team (Aug 31)
- Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 31)