Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

99 messages starting Mar 22 17 and ending Mar 16 17
Date index | Thread index | Author index

Apple Product Security

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 Apple Product Security (Mar 22)
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS Apple Product Security (Mar 27)
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 Apple Product Security (Mar 28)
APPLE-SA-2017-03-27-7 macOS Server 5.3 Apple Product Security (Mar 27)

David Black

Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory David Black (Mar 14)

David FM

MS Internet Information Services XSS / HTML Injection vulnerability David FM (Mar 16)

ddos2me

CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility ddos2me (Mar 06)
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility ddos2me (Mar 06)

EMC Product Security Response Center

ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability EMC Product Security Response Center (Mar 29)
ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability EMC Product Security Response Center (Mar 20)
ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability EMC Product Security Response Center (Mar 29)

ERPScan inc

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM ERPScan inc (Mar 21)

hyp3rlinx

Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass hyp3rlinx (Mar 06)
CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure hyp3rlinx (Mar 15)
CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure hyp3rlinx (Mar 16)
Path Traversal Remote File Disclosure hyp3rlinx (Mar 15)
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service hyp3rlinx (Mar 20)
EasyCom PHP API Stack Buffer Overflow hyp3rlinx (Mar 06)
EasyCom SQL iPlug Denial Of Service hyp3rlinx (Mar 06)

iedb . team

Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability iedb . team (Mar 14)
Joomla com_phocadownload Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 01)
Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 14)
Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability iedb . team (Mar 12)
Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability iedb . team (Mar 12)
Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 12)
Joomla com_publication Component - 'sid' Parameter Sql Injection Vulnerability iedb . team (Mar 01)
Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 14)
Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 14)
Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 14)
Joomla com_webgrouper Component - 'Itemid' Parameter Sql Injection Vulnerability iedb . team (Mar 01)
Joomla com_frontpage Component - 'Itemid' Parameter Sql Injection Vulnerability iedb . team (Mar 01)
Joomla com_news Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 01)
Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability iedb . team (Mar 14)
Joomla com_jdownloads Component - 'cid' Parameter Sql Injection Vulnerability iedb . team (Mar 01)
Joomla com_filecabinet Component - 'id' Parameter Sql Injection Vulnerability iedb . team (Mar 01)

Larry W. Cashdollar

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Larry W. Cashdollar (Mar 02)

Leon . Zhao . 7

CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki" Leon . Zhao . 7 (Mar 10)

Melissa Mayer

RE: CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS Melissa Mayer (Mar 08)

Moritz Muehlenhoff

[SECURITY] [DSA 3813-1] r-base security update Moritz Muehlenhoff (Mar 20)
[SECURITY] [DSA 3805-1] firefox-esr security update Moritz Muehlenhoff (Mar 09)
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update Moritz Muehlenhoff (Mar 27)
[SECURITY] [DSA 3817-1] jbig2dec security update Moritz Muehlenhoff (Mar 26)
[SECURITY] [DSA 3808-1] imagemagick security update Moritz Muehlenhoff (Mar 14)
[SECURITY] [DSA 3811-1] wireshark security update Moritz Muehlenhoff (Mar 20)
[SECURITY] [DSA 3812-1] ioquake3 security update Moritz Muehlenhoff (Mar 20)

Peter Lapp

CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass Peter Lapp (Mar 06)

Pierre Kim

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead Pierre Kim (Mar 08)

psirt

Cisco Security Advisory: Cisco StarOS SSH Privilege Escalation Vulnerability psirt (Mar 15)
Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability psirt (Mar 22)
Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability psirt (Mar 20)
Cisco Security Advisory: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability psirt (Mar 15)
Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability psirt (Mar 15)
Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability psirt (Mar 22)
Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability psirt (Mar 22)
Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability psirt (Mar 22)

Salvatore Bonaccorso

[SECURITY] [DSA 3794-2] munin regression update Salvatore Bonaccorso (Mar 01)
[SECURITY] [DSA 3823-1] eject security update Salvatore Bonaccorso (Mar 28)
[SECURITY] [DSA 3816-1] samba security update Salvatore Bonaccorso (Mar 23)
[SECURITY] [DSA 3801-1] ruby-zip security update Salvatore Bonaccorso (Mar 06)
[SECURITY] [DSA 3804-1] linux security update Salvatore Bonaccorso (Mar 08)

Sebastien Delafond

[SECURITY] [DSA 3824-1] firebird2.5 security update Sebastien Delafond (Mar 29)
[SECURITY] [DSA 3798-1] tnef security update Sebastien Delafond (Mar 01)
[SECURITY] [DSA 3796-2] sitesummary regression update Sebastien Delafond (Mar 20)
[SECURITY] [DSA 3798-2] tnef regression update Sebastien Delafond (Mar 29)

SEC Consult Vulnerability Lab

SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud SEC Consult Vulnerability Lab (Mar 07)
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab (Mar 16)
SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint SEC Consult Vulnerability Lab (Mar 08)
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices SEC Consult Vulnerability Lab (Mar 22)

Securify B.V.

Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution Securify B.V. (Mar 07)
Microsoft Edge Fetch API allows setting of arbitrary request headers Securify B.V. (Mar 14)

security-alert

[security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution security-alert (Mar 08)
[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution security-alert (Mar 29)
[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege security-alert (Mar 31)
[security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution security-alert (Mar 08)
[security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF) security-alert (Mar 10)
[security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities security-alert (Mar 07)
[security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege security-alert (Mar 10)
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access security-alert (Mar 20)
[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities security-alert (Mar 29)
[security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download security-alert (Mar 08)
[security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities security-alert (Mar 10)
[security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass security-alert (Mar 10)

Slackware Security Team

[slackware-security] mariadb (SSA:2017-087-01) Slackware Security Team (Mar 28)
[slackware-security] mozilla-firefox (SSA:2017-066-01) Slackware Security Team (Mar 08)
[slackware-security] pidgin (SSA:2017-074-01) Slackware Security Team (Mar 15)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" Stefan Kanthak (Mar 21)

Summer of Pwnage

Persistent Cross-Site Scripting in the WordPress NewStatPress plugin Summer of Pwnage (Mar 01)
WordPress audio playlist functionality is affected by Cross-Site Scripting Summer of Pwnage (Mar 06)
Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage (Mar 01)
Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin Summer of Pwnage (Mar 01)
Cross-Site Request Forgery in WordPress Download Manager Plugin Summer of Pwnage (Mar 01)
Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin Summer of Pwnage (Mar 01)
Cross-Site Request Forgery in Atahualpa WordPress Theme Summer of Pwnage (Mar 01)
Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery Summer of Pwnage (Mar 01)
Cross-Site Request Forgery in Global Content Blocks WordPress Plugin Summer of Pwnage (Mar 01)
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin Summer of Pwnage (Mar 01)
Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin Summer of Pwnage (Mar 01)

Wolfgang

OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445) Wolfgang (Mar 06)

wsachin092

CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability wsachin092 (Mar 16)

Previous period

Next period