Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

209 messages starting Feb 01 16 and ending Feb 29 16
Date index | Thread index | Author index

• [SECURITY] [DSA 3464-1] rails security update Moritz Muehlenhoff (Feb 01)
• [SECURITY] [DSA 3463-1] prosody security update Moritz Muehlenhoff (Feb 01)
• [SECURITY] [DSA 3462-1] radicale security update Yves-Alexis Perez (Feb 01)
• [SECURITY] [DSA 3461-1] freetype security update Sebastien Delafond (Feb 01)
• Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Feb 01)
• File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities Vulnerability Lab (Feb 01)
• WebKitGTK+ Security Advisory WSA-2016-0001 Carlos Alberto Lopez Perez (Feb 01)
• A tale of openssl_seal(), PHP and Apache2handle s3810 (Feb 02)
• Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability Phil Pearl (Feb 02)
• MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS Onur Yilmaz (Feb 02)
• [SECURITY] [DSA 3465-1] openjdk-6 security update Moritz Muehlenhoff (Feb 03)
• TimeClock - Multiple SQL Injections marcelabx (Feb 03)
• ASUS RT-N56U Persistent XSS graphx (Feb 03)
• Mezzanine CMS 4.1.0 Arbitrary File Upload hyp3rlinx (Feb 03)
• Mezzanine CMS 4.1.0 XSS hyp3rlinx (Feb 03)
• Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability Vulnerability Lab (Feb 03)
• Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability Vulnerability Lab (Feb 03)
• SimpleView CRM - Client Side Open Redirect Vulnerability Vulnerability Lab (Feb 03)
• File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 03)
• Soso Transfer v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab (Feb 03)
• Security Advisories Portcullis Advisories (Feb 03)
• Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability Cisco Systems Product Security Incident Response Team (Feb 03)
• Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Feb 03)
• Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability Cisco Systems Product Security Incident Response Team (Feb 03)
• Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability David Coomber (Feb 03)
• [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 Pedro Ribeiro (Feb 03)
• AST-2016-001: BEAST vulnerability in HTTP server Asterisk Security Team (Feb 03)
• AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. Asterisk Security Team (Feb 03)
• AST-2016-002: File descriptor exhaustion in chan_sip Asterisk Security Team (Feb 03)
• [slackware-security] MPlayer (SSA:2016-034-02) Slackware Security Team (Feb 03)
• [slackware-security] php (SSA:2016-034-04) Slackware Security Team (Feb 03)
• [slackware-security] openssl (SSA:2016-034-03) Slackware Security Team (Feb 03)
• [slackware-security] mozilla-firefox (SSA:2016-034-01) Slackware Security Team (Feb 04)
• Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass Vulnerability Lab (Feb 04)
• WordPress User Meta Manager Plugin [Privilege Escalation] pan . vagenas (Feb 04)
• WordPress User Meta Manager Plugin [Blind SQLI] pan . vagenas (Feb 04)
• [SECURITY] [DSA 3466-1] krb5 security update Salvatore Bonaccorso (Feb 04)
• CVE-2015-3251: Apache CloudStack VM Credential Exposure John Kinsella (Feb 04)
• CVE-2015-3252: Apache CloudStack VNC authentication issue John Kinsella (Feb 05)
• [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert (Feb 07)
• [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution security-alert (Feb 07)
• [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox Stefan Kanthak (Feb 07)
  • Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox Jason Hellenthal (Feb 10)
• [security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege security-alert (Feb 07)
• Multiple vulnerabilities in Open Real Estate v 1.15.1 Simon Waters (Surevine) (Feb 07)
• [SECURITY] [DSA 3467-1] tiff security update Salvatore Bonaccorso (Feb 07)
• [SECURITY] [DSA 3468-1] polarssl security update Sebastien Delafond (Feb 07)
• CFP: SIN 2016 - 9th International Conference on Security of Information and Networks Hossain Shahriar (Feb 07)
• Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Feb 07)
• WordPress User Meta Manager Plugin [Information Disclosure] Panagiotis Vagenas (Feb 07)
• Symphony CMS multiple vulnerabilities Filippo Cavallarin (Feb 08)
• Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) Ralf Spenneberg (Feb 08)
• JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability Vulnerability Lab (Feb 08)
• Getdpd BB #5 - Persistent Filename Vulnerability Vulnerability Lab (Feb 08)
• Getdpd BB #4 - (name) Persistent Validation Vulnerability Vulnerability Lab (Feb 08)
• Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability Vulnerability Lab (Feb 08)
• Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab (Feb 08)
• PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities Vulnerability Lab (Feb 08)
• WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] Panagiotis Vagenas (Feb 08)
• WordPress WP User Frontend Plugin [Unrestricted File Upload] Panagiotis Vagenas (Feb 08)
• [SECURITY] [DSA 3471-1] qemu security update Sebastien Delafond (Feb 09)
• [SECURITY] [DSA 3469-1] qemu security update Sebastien Delafond (Feb 09)
• [SECURITY] [DSA 3470-1] qemu-kvm security update Sebastien Delafond (Feb 09)
• [SECURITY] [DSA 3472-1] wordpress security update Salvatore Bonaccorso (Feb 09)
• [slackware-security] libsndfile (SSA:2016-039-02) Slackware Security Team (Feb 09)
• [slackware-security] curl (SSA:2016-039-01) Slackware Security Team (Feb 09)
• Privilege escalation Vulnerability in ManageEngine Network Configuration Management kingkaustubh (Feb 09)
• ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities Security Alert (Feb 09)
• Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) Amit Klein (Feb 09)
• dotDefender Firewall CSRF hyp3rlinx (Feb 09)
• ManageEngine Eventlog Analyzer Privilege Escalation v10.8 graphx (Feb 09)
• SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities SEC Consult Vulnerability Lab (Feb 10)
• VP2016-001: Remote Command Execution in File Replication Pro Vantage Point Security (Feb 10)
• Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability Vulnerability Lab (Feb 10)
• File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 10)
• MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability Vulnerability Lab (Feb 10)
• Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability Vulnerability Lab (Feb 10)
• Remote Code Execution in Exponent High-Tech Bridge Security Research (Feb 10)
• Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Feb 10)
• NPS Datastore server DLL side loading vulnerability Securify B.V. (Feb 10)
• BDA MPEG2 Transport Information Filter DLL side loading vulnerability Securify B.V. (Feb 10)
• MapsUpdateTask Task DLL side loading vulnerability Securify B.V. (Feb 10)
• Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V. (Feb 10)
  • Message not available
    • Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V. (Feb 11)
• Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability Ratio Sec (Feb 10)
• Re: [oss-security] HTTPS Only (Open Source, Python) P J P (Feb 11)
• [SECURITY] [DSA 3473-1] nginx security update Salvatore Bonaccorso (Feb 11)
• [slackware-security] mozilla-firefox (SSA:2016-042-01) Slackware Security Team (Feb 11)
• CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011) Berend-Jan Wever (Feb 12)
• HD Video Player v2.5 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 12)
• [SECURITY] [DSA 3474-1] libgcrypt20 security update Salvatore Bonaccorso (Feb 13)
• [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability ERPScan inc (Feb 13)
• [ERPSCAN-15-032] SAP PCo agent – DoS vulnerability ERPScan inc (Feb 13)
• KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution KoreLogic Disclosures (Feb 13)
• [SECURITY] [DSA 3475-1] postgresql-9.1 security update Salvatore Bonaccorso (Feb 13)
• [SECURITY] [DSA 3476-1] postgresql-9.4 security update Salvatore Bonaccorso (Feb 14)
• [SECURITY] [DSA 3477-1] iceweasel security update Moritz Muehlenhoff (Feb 14)
• Xymon: Critical security issues in all versions prior to 4.3.25 Xymon Software (Feb 14)
• BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware Blue Frost Security Research Lab (Feb 15)
• phpMyBackupPro v.2.5 XSS hyp3rlinx (Feb 16)
• phpMyBackupPro v.2.5 Arbitrary File Upload hyp3rlinx (Feb 16)
• phpMyBackupPro v.2.5 Remote Command Execution / CSRF hyp3rlinx (Feb 16)
• CyberCop Scanner Smbgrind v5.5 Buffer Overflow hyp3rlinx (Feb 16)
• [SECURITY] [DSA 3479-1] graphite2 security update Moritz Muehlenhoff (Feb 16)
• [SECURITY] [DSA 3478-1] libgcrypt11 security update Salvatore Bonaccorso (Feb 16)
• Missing Function Level Access control Vulnerability in OPutils kingkaustubh (Feb 16)
• Privilege escalation Vulnerability in ManageEngine oputils kingkaustubh (Feb 16)
• CSRF and XsS In Manage Engine oputils kingkaustubh (Feb 16)
• [SECURITY] [DSA 3480-1] eglibc security update Salvatore Bonaccorso (Feb 16)
• [SECURITY] [DSA 3481-1] glibc security update Salvatore Bonaccorso (Feb 16)
• Redaxo CMS contains multiple vulnerabilities LSE-Advisories (Feb 16)
• RCE via CSRF in osCmax High-Tech Bridge Security Research (Feb 18)
• SQL Injection in Osclass High-Tech Bridge Security Research (Feb 18)
• SQL Injection in WeBid High-Tech Bridge Security Research (Feb 18)
• SQL Injection in TestLink High-Tech Bridge Security Research (Feb 18)
• SQL Injection in webSPELL High-Tech Bridge Security Research (Feb 18)
• SSO Authentication Bypass and Website Takeover in DOKEOS High-Tech Bridge Security Research (Feb 18)
• RCE via CSRF in osCommerce High-Tech Bridge Security Research (Feb 18)
• [SECURITY] [DSA 3482-1] libreoffice security update Sebastien Delafond (Feb 18)
• [security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) security-alert (Feb 18)
• CVE-2015-7521: Apache Hive authorization bug disclosure (update) Sushanth Sowmyan (Feb 18)
• [SECURITY] [DSA 3484-1] xdelta3 security update Salvatore Bonaccorso (Feb 19)
• [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) erlijn . vangenuchten (Feb 19)
• [SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79) erlijn . vangenuchten (Feb 19)
• [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) erlijn . vangenuchten (Feb 19)
• [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) erlijn . vangenuchten (Feb 19)
• [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358) erlijn . vangenuchten (Feb 19)
• [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) erlijn . vangenuchten (Feb 19)
• [SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting erlijn . vangenuchten (Feb 19)
• [SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection erlijn . vangenuchten (Feb 20)
• ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability Vulnerability Lab (Feb 20)
• Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Feb 20)
• Chamilo LMS - Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Feb 20)
• Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability Vulnerability Lab (Feb 20)
• Investors Application - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Feb 20)
• Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability Vulnerability Lab (Feb 20)
• ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability Vulnerability Lab (Feb 20)
• [SECURITY] [DSA 3483-1] cpio security update Salvatore Bonaccorso (Feb 20)
• [security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution security-alert (Feb 20)
• Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 Cisco Systems Product Security Incident Response Team (Feb 20)
• [SECURITY] [DSA 3485-1] didiwiki security update Sebastien Delafond (Feb 21)
• [security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access security-alert (Feb 21)
• [SECURITY] [DSA 3486-1] chromium-browser security update Michael Gilbert (Feb 21)
• [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation Mark Thomas (Feb 22)
• [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass Mark Thomas (Feb 22)
• [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass Mark Thomas (Feb 22)
• [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure Mark Thomas (Feb 22)
• [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass Mark Thomas (Feb 22)
• [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak Mark Thomas (Feb 22)
• [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal Mark Thomas (Feb 22)
• InstantCoder v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 22)
  • <Possible follow-ups>
  • InstantCoder v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 23)
• Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities Vulnerability Lab (Feb 22)
• [SYSS-2015-063] OpenCms - Cross Site Scripting rainer . boie (Feb 22)
• Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Feb 22)
• CSNC-2016-002 - Open Redirect in OpenAM Alexandre Herzog (Feb 23)
• CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM) Alexandre Herzog (Feb 23)
• CSNC-2016-001 - XSS in OpenAM Alexandre Herzog (Feb 23)
• [SECURITY] [DSA 3488-1] libssh security update Salvatore Bonaccorso (Feb 24)
• [SECURITY] [DSA 3489-1] lighttpd security update Sebastien Delafond (Feb 24)
• Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass Julien Ahrens (Feb 24)
• [slackware-security] bind (SSA:2016-054-01) Slackware Security Team (Feb 24)
• [slackware-security] glibc (SSA:2016-054-02) Slackware Security Team (Feb 24)
• [slackware-security] libgcrypt (SSA:2016-054-03) Slackware Security Team (Feb 24)
• [slackware-security] ntp (SSA:2016-054-04) Slackware Security Team (Feb 24)
• [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability Egidio Romano (Feb 24)
• Extra User Details [Privilege Escalation] Panagiotis Vagenas (Feb 24)
• Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege Stefan Kanthak (Feb 24)
• Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe Stefan Kanthak (Feb 24)
• eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Feb 24)
• CSV Import XSS Vulnerability Rahul Pratap Singh (Feb 24)
• WP Advanced Importer XSS Vulnerability Rahul Pratap Singh (Feb 24)
• WP Ultimate Exporter XSS Vulnerability Rahul Pratap Singh (Feb 24)
• Import Woocommerce XSS Vulnerability Rahul Pratap Singh (Feb 24)
• Belkin N150 Router Multiple XSS Vulnerability Rahul Pratap Singh (Feb 24)
• [SECURITY] [DSA 3490-1] websvn security update Sebastien Delafond (Feb 24)
• WordPress User Submitted Posts Plugin [Persistent XSS] Panagiotis Vagenas (Feb 24)
• JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities Ratio Sec (Feb 24)
• [SECURITY] [DSA 3491-1] icedove security update Moritz Muehlenhoff (Feb 24)
• CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Cantor, Scott (Feb 25)
  • RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Shivaprasad Sadashivappa (Feb 25)
• [SECURITY] [DSA 3493-1] xerces-c security update Salvatore Bonaccorso (Feb 25)
• [SECURITY] [DSA 3492-1] gajim security update Yves-Alexis Perez (Feb 25)
• APPLE-SA-2016-02-25-1 Apple TV 7.2.1 Apple Product Security (Feb 25)
• WordPress plugin wp-ultimate-exporter SQL injection vulnerability Henri Salo (Feb 25)
• Zimbra Cross-Site Scripting vulnerabilities pxli (Feb 25)
• Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege Stefan Kanthak (Feb 28)
• Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege Stefan Kanthak (Feb 28)
• [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution security-alert (Feb 28)
• [slackware-security] libssh (SSA:2016-057-01) Slackware Security Team (Feb 28)
• Re: Symantec EP DOS hyp3rlinx (Feb 28)
• [SECURITY] [DSA 3494-1] cacti security update Salvatore Bonaccorso (Feb 28)
• [SECURITY] [DSA 3497-1] php-horde security update Salvatore Bonaccorso (Feb 28)
• Call For Papers - CISTI 2016 Workshops - Deadline March 15 Maria Lemos (Feb 28)
• [SECURITY] [DSA 3496-1] php-horde-core security update Salvatore Bonaccorso (Feb 28)
• [SECURITY] [DSA 3499-1] pillow security update Moritz Muehlenhoff (Feb 28)
• [SECURITY] [DSA 3498-1] drupal7 security advisory Moritz Muehlenhoff (Feb 28)
• [SECURITY] [DSA 3495-1] xymon security update Sebastien Delafond (Feb 29)
• WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Feb 29)
• Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability Vulnerability Lab (Feb 29)
• [SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site matthias . deeg (Feb 29)
• [SYSS-2015-072] perfact::mpa - Insecure Direct Object References matthias . deeg (Feb 29)
• [SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery matthias . deeg (Feb 29)
• [SYSS-2015-070] perfact::mpa - Cross-Site Scripting matthias . deeg (Feb 29)
• [SYSS-2015-066] perfact::mpa - Cross-Site Scripting matthias . deeg (Feb 29)
• [SYSS-2015-067] perfact::mpa - Insecure Direct Object References matthias . deeg (Feb 29)
• [SYSS-2015-069] perfact::mpa - Insecure Direct Object References matthias . deeg (Feb 29)
• [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS) security-alert (Feb 29)
• Microsoft PowerPointViewer Code Execution hyp3rlinx (Feb 29)

Previous period

Next period