Bugtraq: by date

PreviousPrevious period
Next periodNext

99 messages starting Mar 01 17 and ending Mar 31 17
Date index | Thread index | Author index

Wednesday, 01 March

Cross-Site Request Forgery in Global Content Blocks WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in the WordPress NewStatPress plugin Summer of Pwnage
Cross-Site Request Forgery in WordPress Download Manager Plugin Summer of Pwnage
Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery Summer of Pwnage
Cross-Site Request Forgery in Atahualpa WordPress Theme Summer of Pwnage
Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin Summer of Pwnage
[SECURITY] [DSA 3798-1] tnef security update Sebastien Delafond
Joomla com_webgrouper Component - 'Itemid' Parameter Sql Injection Vulnerability iedb . team
Joomla com_jdownloads Component - 'cid' Parameter Sql Injection Vulnerability iedb . team
Joomla com_phocadownload Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_frontpage Component - 'Itemid' Parameter Sql Injection Vulnerability iedb . team
Joomla com_filecabinet Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_news Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_publication Component - 'sid' Parameter Sql Injection Vulnerability iedb . team
[SECURITY] [DSA 3794-2] munin regression update Salvatore Bonaccorso

Thursday, 02 March

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Larry W. Cashdollar

Monday, 06 March

[SECURITY] [DSA 3801-1] ruby-zip security update Salvatore Bonaccorso
EasyCom SQL iPlug Denial Of Service hyp3rlinx
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility ddos2me
OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445) Wolfgang
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility ddos2me
CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass Peter Lapp
Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass hyp3rlinx
EasyCom PHP API Stack Buffer Overflow hyp3rlinx
WordPress audio playlist functionality is affected by Cross-Site Scripting Summer of Pwnage

Tuesday, 07 March

SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud SEC Consult Vulnerability Lab
Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution Securify B.V.
[security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities security-alert

Wednesday, 08 March

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead Pierre Kim
[slackware-security] mozilla-firefox (SSA:2017-066-01) Slackware Security Team
SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint SEC Consult Vulnerability Lab
[security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution security-alert
[security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution security-alert
[SECURITY] [DSA 3804-1] linux security update Salvatore Bonaccorso
[security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download security-alert
RE: CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS Melissa Mayer

Thursday, 09 March

[SECURITY] [DSA 3805-1] firefox-esr security update Moritz Muehlenhoff

Friday, 10 March

CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki" Leon . Zhao . 7
[security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass security-alert
[security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege security-alert
[security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF) security-alert
[security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities security-alert

Sunday, 12 March

Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability iedb . team
Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability iedb . team

Tuesday, 14 March

[SECURITY] [DSA 3808-1] imagemagick security update Moritz Muehlenhoff
Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory David Black
Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability iedb . team
Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability iedb . team
Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability iedb . team
Microsoft Edge Fetch API allows setting of arbitrary request headers Securify B.V.

Wednesday, 15 March

Cisco Security Advisory: Cisco StarOS SSH Privilege Escalation Vulnerability psirt
Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability psirt
Cisco Security Advisory: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability psirt
CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure hyp3rlinx
Path Traversal Remote File Disclosure hyp3rlinx
[slackware-security] pidgin (SSA:2017-074-01) Slackware Security Team

Thursday, 16 March

CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability wsachin092
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab
CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure hyp3rlinx
MS Internet Information Services XSS / HTML Injection vulnerability David FM

Monday, 20 March

Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability psirt
[SECURITY] [DSA 3811-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 3812-1] ioquake3 security update Moritz Muehlenhoff
[SECURITY] [DSA 3813-1] r-base security update Moritz Muehlenhoff
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service hyp3rlinx
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access security-alert
[SECURITY] [DSA 3796-2] sitesummary regression update Sebastien Delafond
ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability EMC Product Security Response Center

Tuesday, 21 March

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM ERPScan inc
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" Stefan Kanthak

Wednesday, 22 March

SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices SEC Consult Vulnerability Lab
Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability psirt
Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability psirt
Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability psirt
Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability psirt
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 Apple Product Security

Thursday, 23 March

[SECURITY] [DSA 3816-1] samba security update Salvatore Bonaccorso

Sunday, 26 March

[SECURITY] [DSA 3817-1] jbig2dec security update Moritz Muehlenhoff

Monday, 27 March

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS Apple Product Security
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update Moritz Muehlenhoff
APPLE-SA-2017-03-27-7 macOS Server 5.3 Apple Product Security

Tuesday, 28 March

[SECURITY] [DSA 3823-1] eject security update Salvatore Bonaccorso
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 Apple Product Security
[slackware-security] mariadb (SSA:2017-087-01) Slackware Security Team

Wednesday, 29 March

[SECURITY] [DSA 3798-2] tnef regression update Sebastien Delafond
[SECURITY] [DSA 3824-1] firebird2.5 security update Sebastien Delafond
ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability EMC Product Security Response Center
ESA-2017-013: RSA ArcherĀ® GRC Security Operations Management Sensitive Information Disclosure Vulnerability EMC Product Security Response Center
[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities security-alert
[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution security-alert

Friday, 31 March

[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege security-alert
PreviousPrevious period
Next periodNext