Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

124 messages starting Jun 03 16 and ending Jun 07 16
Date index | Thread index | Author index

alex_haynes

Notilus v2012 R3 - SQL injection alex_haynes (Jun 03)

Apple Product Security

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 Apple Product Security (Jun 20)

Berend-Jan Wever

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion Berend-Jan Wever (Jun 17)
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever (Jun 22)

Blue Frost Security Research Lab

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs Blue Frost Security Research Lab (Jun 30)

Brian Demers

[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability Brian Demers (Jun 03)

Cantor, Scott

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD Cantor, Scott (Jun 29)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability Cisco Systems Product Security Incident Response Team (Jun 29)
Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jun 01)
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability Cisco Systems Product Security Incident Response Team (Jun 29)
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jun 01)
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Jun 29)
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jun 15)

d_fens

Zoho OpManager < v12 d_fens (Jun 02)

Egidio Romano

[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities Egidio Romano (Jun 24)
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability Egidio Romano (Jun 24)
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities Egidio Romano (Jun 28)
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities Egidio Romano (Jun 28)
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability Egidio Romano (Jun 28)
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities Egidio Romano (Jun 24)
[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability Egidio Romano (Jun 24)

Elliott Mitchell

OpenWRT: swconfig infrastructure fails to check permissions Elliott Mitchell (Jun 13)

ERPScan inc

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability ERPScan inc (Jun 21)
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability ERPScan inc (Jun 17)
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities ERPScan inc (Jun 21)
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability ERPScan inc (Jun 17)
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability ERPScan inc (Jun 17)
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability ERPScan inc (Jun 22)
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability ERPScan inc (Jun 22)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-16:24.ntp FreeBSD Security Advisories (Jun 06)

hamedizadi

Joomla com_enmasse - SQL Injection hamedizadi (Jun 15)

HP Security Alert

[security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER HP Security Alert (Jun 06)

hyp3rlinx

SimpleSAMLphp Link Injection hyp3rlinx (Jun 09)
MyLittleForum v2.3.5 PHP Command Injection hyp3rlinx (Jun 27)
Symphony CMS v2.6.7 Session Fixation hyp3rlinx (Jun 20)
Oracle Orakill.exe Buffer Overflow hyp3rlinx (Jun 14)
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS hyp3rlinx (Jun 20)
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS hyp3rlinx (Jun 01)
Symantec SEPM v12.1 Multiple Vulnerabilities hyp3rlinx (Jun 28)

iancling

Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) iancling (Jun 15)

john . fitzpatrick

[MWR-2016-0001] DDN Insecure Update Mechanism john . fitzpatrick (Jun 15)
[CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection john . fitzpatrick (Jun 07)
[MWR-2016-0002] DDN Default SSH Keys john . fitzpatrick (Jun 15)

John Kinsella

CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability John Kinsella (Jun 09)

KoreLogic Disclosures

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution KoreLogic Disclosures (Jun 28)

Luciano Bello

[SECURITY] [DSA 3591-1] imagemagick security update Luciano Bello (Jun 01)
[SECURITY] [DSA 3597-1] expat security update Luciano Bello (Jun 07)

Martin Heiland

Open-Xchange Security Advisory 2016-06-22 Martin Heiland (Jun 22)

Matt Bush

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection Matt Bush (Jun 27)

mehmet

BookingWizz < 5.5 Multiple Vulnerability mehmet (Jun 15)
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability mehmet (Jun 27)

Michael Gilbert

[SECURITY] [DSA 3590-1] chromium-browser security update Michael Gilbert (Jun 01)
[SECURITY] [DSA 3594-1] chromium-browser security update Michael Gilbert (Jun 06)

Moritz Muehlenhoff

[SECURITY] [DSA 3592-1] nginx security update Moritz Muehlenhoff (Jun 01)
[SECURITY] [DSA 3608-1] libreoffice security update Moritz Muehlenhoff (Jun 29)
[SECURITY] [DSA 3603-1] libav security update Moritz Muehlenhoff (Jun 15)
[SECURITY] [DSA 3598-1] vlc security update Moritz Muehlenhoff (Jun 08)
[SECURITY] [DSA 3601-1] icedove security update Moritz Muehlenhoff (Jun 14)
[SECURITY] [DSA 3606-1] libpdfbox security update Moritz Muehlenhoff (Jun 27)
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update Moritz Muehlenhoff (Jun 09)
[SECURITY] [DSA 3609-1] tomcat8 security update Moritz Muehlenhoff (Jun 29)
[SECURITY] [DSA 3604-1] drupal7 security update Moritz Muehlenhoff (Jun 16)

nyxgeek

User enumeration in Skype for Business 2013 nyxgeek (Jun 16)

patryk . bogdan

Cisco EPC 3928 Multiple Vulnerabilities patryk . bogdan (Jun 08)

redrain root

#146416 Ruby:HTTP Header injection in 'net/http' redrain root (Jun 24)

Remco Sprooten

[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense Remco Sprooten (Jun 16)

Salvatore Bonaccorso

[SECURITY] [DSA 3610-1] xerces-c security update Salvatore Bonaccorso (Jun 30)
[SECURITY] [DSA 3593-1] libxml2 security update Salvatore Bonaccorso (Jun 02)
[SECURITY] [DSA 3607-1] linux security update Salvatore Bonaccorso (Jun 28)
[SECURITY] [DSA 3605-1] libxslt security update Salvatore Bonaccorso (Jun 20)
[SECURITY] [DSA 3595-1] mariadb-10.0 security update Salvatore Bonaccorso (Jun 06)
[SECURITY] [DSA 3548-3] samba regression update Salvatore Bonaccorso (Jun 06)
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update Salvatore Bonaccorso (Jun 30)
[SECURITY] [DSA 3599-1] p7zip security update Salvatore Bonaccorso (Jun 09)
[SECURITY] [DSA 3596-1] spice security update Salvatore Bonaccorso (Jun 06)
[SECURITY] [DSA 3602-1] php5 security update Salvatore Bonaccorso (Jun 14)

Sandro Gauci

XML External Entity XXE vulnerability in OpenID component of Liferay Sandro Gauci (Jun 02)

SEC Consult Vulnerability Lab

SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway SEC Consult Vulnerability Lab (Jun 02)
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure SEC Consult Vulnerability Lab (Jun 24)

Securify B.V.

Craft CMS affected by server side template injection Securify B.V. (Jun 27)
Microsoft Visio multiple DLL side loading vulnerabilities Securify B.V. (Jun 15)

Security Alert

ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability Security Alert (Jun 13)
ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability Security Alert (Jun 09)
ESA-2016-062: EMC Data Domain Multiple Vulnerabilities Security Alert (Jun 10)
ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability Security Alert (Jun 09)
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability Security Alert (Jun 22)
ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability Security Alert (Jun 02)

security-alert

[security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities security-alert (Jun 09)
[security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information security-alert (Jun 07)
[security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities security-alert (Jun 09)
[security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery security-alert (Jun 08)
[security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access security-alert (Jun 07)
[security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands security-alert (Jun 08)
[security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) security-alert (Jun 01)
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) security-alert (Jun 02)
[security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access security-alert (Jun 06)
[security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution security-alert (Jun 07)
[security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) security-alert (Jun 09)
[security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information security-alert (Jun 07)
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information security-alert (Jun 16)
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities security-alert (Jun 01)
[security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities security-alert (Jun 01)
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties security-alert (Jun 16)
[security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon security-alert (Jun 07)
[security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution security-alert (Jun 07)

Slackware Security Team

[slackware-security] php (SSA:2016-176-01) Slackware Security Team (Jun 27)
[slackware-security] pcre (SSA:2016-172-02) Slackware Security Team (Jun 20)
[slackware-security] libarchive (SSA:2016-172-01) Slackware Security Team (Jun 20)
[slackware-security] ntp (SSA:2016-155-01) Slackware Security Team (Jun 06)

Stefan Kanthak

[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player Stefan Kanthak (Jun 16)
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers Stefan Kanthak (Jun 15)

VMware Security Response Center

NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue VMware Security Response Center (Jun 15)

Vulnerability Lab

Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability Vulnerability Lab (Jun 28)
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability Vulnerability Lab (Jun 28)
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities Vulnerability Lab (Jun 28)
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability Vulnerability Lab (Jun 28)
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability Vulnerability Lab (Jun 13)
Microsoft Education - Code Execution Vulnerability Vulnerability Lab (Jun 07)
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab (Jun 15)
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability Vulnerability Lab (Jun 14)
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability Vulnerability Lab (Jun 07)
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability Vulnerability Lab (Jun 07)
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability Vulnerability Lab (Jun 13)
Mapbox (API) - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jun 07)

Previous period

Next period