Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
92 messages
starting Apr 28 17 and
ending Apr 28 17
Date index |
Thread index |
Author index
Advisories
Live Helper Chat - Cross-Site Scripting Advisories (Apr 28)
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service Advisories (Apr 04)
Andrey B. Panfilov
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. Andrey B. Panfilov (Apr 19)
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method Andrey B. Panfilov (Apr 25)
Anti Räis
October CMS v1.0.412 several vulnerabilities Anti Räis (Apr 20)
Asterisk Security Team
AST-2017-001: Buffer overflow in CDR's set user Asterisk Security Team (Apr 04)
Bryan Call
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call (Apr 18)
Chris Douglas
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas (Apr 26)
David Black
April 2017 - Confluence - Security Advisory David Black (Apr 26)
David Coomber
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) David Coomber (Apr 06)
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) David Coomber (Apr 06)
David Fernandez
Watchguard Fireware XXE DoS & User Enumeration David Fernandez (Apr 17)
Dawid Golunski
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 25)
DefenseCode
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability DefenseCode (Apr 19)
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal DefenseCode (Apr 04)
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities DefenseCode (Apr 10)
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) DefenseCode (Apr 12)
Denis Magda
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda (Apr 10)
erlijn . vangenuchten
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting erlijn . vangenuchten (Apr 13)
[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') erlijn . vangenuchten (Apr 13)
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting erlijn . vangenuchten (Apr 13)
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference erlijn . vangenuchten (Apr 13)
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery erlijn . vangenuchten (Apr 13)
Filippo Cavallarin
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 19)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter FreeBSD Security Advisories (Apr 27)
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp FreeBSD Security Advisories (Apr 12)
Hafez Kamal
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th Hafez Kamal (Apr 20)
hyp3rlinx
Splunk Enterprise Information Theft CVE-2017-5607 hyp3rlinx (Apr 03)
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service hyp3rlinx (Apr 12)
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload hyp3rlinx (Apr 05)
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure hyp3rlinx (Apr 12)
CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset hyp3rlinx (Apr 18)
concrete5 v8.1.0 Host Header Injection hyp3rlinx (Apr 13)
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection hyp3rlinx (Apr 12)
KoreLogic Disclosures
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse KoreLogic Disclosures (Apr 25)
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read KoreLogic Disclosures (Apr 25)
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection KoreLogic Disclosures (Apr 25)
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials KoreLogic Disclosures (Apr 25)
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path KoreLogic Disclosures (Apr 25)
Mark Thomas
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
Matthew Hart
April 2017 - HipChat Server Advisory Matthew Hart (Apr 13)
Moritz Muehlenhoff
[SECURITY] [DSA 3831-1] firefox-esr security update Moritz Muehlenhoff (Apr 20)
[SECURITY] [DSA 3833-1] libav security update Moritz Muehlenhoff (Apr 25)
[SECURITY] [DSA 3827-1] jasper security update Moritz Muehlenhoff (Apr 10)
[SECURITY] [DSA 3829-1] bouncycastle security update Moritz Muehlenhoff (Apr 11)
nick . m . mckenna
Foscam All networked devices, multiple Design Errors. SSL bypass. nick . m . mckenna (Apr 10)
Nightwatch Cybersecurity Research
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode Nightwatch Cybersecurity Research (Apr 10)
Patrick Webster
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure Patrick Webster (Apr 04)
Lotus Protector for Mail Security remote code execution Patrick Webster (Apr 04)
SilverStripe CMS - Path Disclosure Patrick Webster (Apr 04)
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Patrick Webster (Apr 03)
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection Patrick Webster (Apr 04)
Moodle URL Manipulation Remote Account Information Disclosure Patrick Webster (Apr 04)
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities Patrick Webster (Apr 04)
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package Patrick Webster (Apr 04)
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS Patrick Webster (Apr 04)
Kaseya information disclosure vulnerability Patrick Webster (Apr 04)
AcoraCMS browser redirect and Cross-site scripting vulnerabilities Patrick Webster (Apr 04)
iPlatinum iOneView Multiple Parameter Reflected XSS Patrick Webster (Apr 04)
Tweek!DM Document Management Authentication bypass, SQL injection Patrick Webster (Apr 04)
AirWatch Self Service Portal Username Parameter LDAP Injection Patrick Webster (Apr 04)
patrykgnt
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download patrykgnt (Apr 10)
Ralf Spenneberg
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. Ralf Spenneberg (Apr 04)
OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. Ralf Spenneberg (Apr 04)
Salvatore Bonaccorso
[SECURITY] [DSA 3826-1] tryton-server security update Salvatore Bonaccorso (Apr 04)
[SECURITY] [DSA 3838-1] ghostscript security update Salvatore Bonaccorso (Apr 28)
[SECURITY] [DSA 3836-1] weechat security update Salvatore Bonaccorso (Apr 27)
[SECURITY] [DSA 3834-1] mysql-5.5 security update Salvatore Bonaccorso (Apr 26)
SEC Consult Vulnerability Lab
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function SEC Consult Vulnerability Lab (Apr 03)
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum SEC Consult Vulnerability Lab (Apr 07)
Securify B.V.
Multiple local privilege escalation vulnerabilities in Proxifier for Mac Securify B.V. (Apr 11)
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Securify B.V. (Apr 25)
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Securify B.V. (Apr 30)
Microsoft Office OneNote 2007 DLL side loading vulnerability Securify B.V. (Apr 11)
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 30)
Security Advisories
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass Security Advisories (Apr 21)
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake Security Advisories (Apr 25)
security-alert
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution security-alert (Apr 10)
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Apr 28)
[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data security-alert (Apr 13)
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data security-alert (Apr 04)
[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) security-alert (Apr 03)
Simon Steiner
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner (Apr 18)
Slackware Security Team
[slackware-security] minicom (SSA:2017-108-01) Slackware Security Team (Apr 19)
[slackware-security] ntp (SSA:2017-112-02) Slackware Security Team (Apr 25)
[slackware-security] mozilla-firefox (SSA:2017-112-01) Slackware Security Team (Apr 25)
[slackware-security] proftpd (SSA:2017-112-03) Slackware Security Team (Apr 25)
[slackware-security] mozilla-firefox (SSA:2017-114-01) Slackware Security Team (Apr 25)
[slackware-security] libtiff (SSA:2017-098-01) Slackware Security Team (Apr 10)
[slackware-security] bind (SSA:2017-103-01) Slackware Security Team (Apr 13)
Vulnerability Lab
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab (Apr 28)