Bugtraq: by thread
144 messages
starting Dec 01 15 and
ending Dec 31 15
Date index |
Thread index |
Author index
- [SECURITY] [DSA 3408-1] gnutls26 security update Salvatore Bonaccorso (Dec 01)
- Zenphoto 1.4.10 XSS Vulnerability apparitionsec (Dec 01)
- Zenphoto 1.4.10 Local File Inclusion apparitionsec (Dec 01)
- [SECURITY] [DSA 3410-1] icedove security update Moritz Muehlenhoff (Dec 01)
- [SECURITY] [DSA 3409-1] putty security update Salvatore Bonaccorso (Dec 01)
- Reflected Cross-Site Scripting (XSS) in SourceBans High-Tech Bridge Security Research (Dec 02)
- Reflected XSS in Role Scoper WordPress Plugin High-Tech Bridge Security Research (Dec 02)
- Reflected XSS in Ultimate Member WordPress Plugin High-Tech Bridge Security Research (Dec 02)
- Remote File Inclusion in Gwolle Guestbook WordPress Plugin High-Tech Bridge Security Research (Dec 02)
- Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin High-Tech Bridge Security Research (Dec 02)
- SQLi Vulnerability in ATuter management system sirus . shahini (Dec 02)
- Gnome Nautilus [Denial of Service] pan . vagenas (Dec 02)
- WordPress Users Ultra Plugin [Blind SQL injection] pan . vagenas (Dec 02)
- WordPress Users Ultra Plugin [Persistence XSS] pan . vagenas (Dec 02)
- Ellucian Banner Student Vulnerability Disclosure sean . dillon (Dec 02)
- [SECURITY] [DSA 3411-1] cups-filters security update Moritz Muehlenhoff (Dec 02)
- [slackware-security] libpng (SSA:2015-337-01) Slackware Security Team (Dec 03)
- [slackware-security] mozilla-thunderbird (SSA:2015-337-02) Slackware Security Team (Dec 03)
- ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability Security Alert (Dec 03)
- [SECURITY] [DSA 3412-1] redis security update Salvatore Bonaccorso (Dec 03)
- [security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution security-alert (Dec 03)
- [SECURITY] [DSA 3413-1] openssl security update Salvatore Bonaccorso (Dec 04)
- KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass KoreLogic Disclosures (Dec 06)
- FreeBSD Security Advisory FreeBSD-SA-15:26.openssl FreeBSD Security Advisories (Dec 06)
- Edimax BR-6478AC & Others Multiple Vulnerabilites mwinstead3790 (Dec 06)
- [SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932) disclosure (Dec 07)
- [SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79) disclosure (Dec 07)
- Command Injection in cool-video-gallery v1.9 Wordpress plugin Larry Cashdollar (Dec 07)
- Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 07)
- WebBoutiques Cms Cross-Site Scripting Vulnerability iedb . team (Dec 07)
- iScripts Multicart Cms Multiple Vulnerability iedb . team (Dec 07)
- Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege Stefan Kanthak (Dec 07)
- Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 07)
- Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup Stefan Kanthak (Dec 08)
- [SECURITY] [DSA 3415-1] chromium-browser security update Michael Gilbert (Dec 10)
- MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow submit (Dec 10)
- WordPress Users Ultra Plugin [Blind SQL injection] - Update Panagiotis Vagenas (Dec 10)
- PHP File Inclusion in bitrix.mpbuilder Bitrix Module High-Tech Bridge Security Research (Dec 10)
- XSS vulnerability in Intellect Core banking software - Polaris msahu (Dec 10)
- [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Vogt, Thomas (Dec 10)
- APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security (Dec 10)
- <Possible follow-ups>
- APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security (Dec 10)
- Path Traversal via CSRF in bitrix.xscan Bitrix Module High-Tech Bridge Security Research (Dec 10)
- [security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information security-alert (Dec 10)
- Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege Stefan Kanthak (Dec 10)
- Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) securityresearch (Dec 10)
- APPLE-SA-2015-12-08-1 iOS 9.2 Apple Product Security (Dec 10)
- APPLE-SA-2015-12-08-5 Safari 9.0.2 Apple Product Security (Dec 10)
- [security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information security-alert (Dec 10)
- [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference CORE Advisories Team (Dec 10)
- Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability Cisco Systems Product Security Incident Response Team (Dec 10)
- APPLE-SA-2015-12-08-2 tvOS 9.1 Apple Product Security (Dec 10)
- [security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution security-alert (Dec 10)
- [SECURITY] [DSA 3414-1] xen security update Moritz Muehlenhoff (Dec 10)
- APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 Apple Product Security (Dec 10)
- Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability Secunia Research (Dec 10)
- APPLE-SA-2015-12-08-6 Xcode 7.2 Apple Product Security (Dec 10)
- Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Dec 10)
- SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities SEC Consult Vulnerability Lab (Dec 10)
- BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability Blue Frost Security Research Lab (Dec 10)
- WordPress <=v4.4 Username Exists Information Disclosure John SECURELI.com (Dec 11)
- Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 11)
- ORGIN STUDIOS Cms Multiple Vulnerability iedb . team (Dec 11)
- APPLE-SA-2015-12-11-1 iTunes 12.3.2 Apple Product Security (Dec 11)
- [security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert (Dec 11)
- XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 Aravind (Dec 12)
- Windows Authentication UI DLL side loading vulnerability Securify B.V. (Dec 12)
- COM+ Services DLL side loading vulnerability Securify B.V. (Dec 12)
- [SECURITY] [DSA 3416-1] libphp-phpmailer security update Luciano Bello (Dec 13)
- ECommerceMajor SQL Injection Vulnerability Rahul Pratap Singh (Dec 13)
- [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ERPScan inc (Dec 14)
- [SECURITY] [DSA 3417-1] bouncycastle security update Luciano Bello (Dec 14)
- ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ERPScan inc (Dec 14)
- phpback v1.1 XSS vulnerability apparitionsec (Dec 15)
- Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert (Dec 15)
- [security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) security-alert (Dec 15)
- [SECURITY] [DSA 3418-1] chromium-browser security update Michael Gilbert (Dec 15)
- Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) Stefan Kanthak (Dec 15)
- [SECURITY] [DSA 3419-1] cups-filters security update Salvatore Bonaccorso (Dec 15)
- [SECURITY] [DSA 3420-1] bind9 security update Salvatore Bonaccorso (Dec 15)
- [slackware-security] libpng (SSA:2015-349-02) Slackware Security Team (Dec 16)
- [slackware-security] bind (SSA:2015-349-01) Slackware Security Team (Dec 16)
- [slackware-security] openssl (SSA:2015-349-04) Slackware Security Team (Dec 16)
- libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen (Dec 16)
- RCE in Zen Cart via Arbitrary File Inclusion High-Tech Bridge Security Research (Dec 16)
- SQL Injection in orion.extfeedbackform Bitrix Module High-Tech Bridge Security Research (Dec 16)
- FreeBSD Security Advisory FreeBSD-SA-15:27.bind FreeBSD Security Advisories (Dec 16)
- libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen (Dec 16)
- Event Viewer Snapin multiple DLL side loading vulnerabilities Securify B.V. (Dec 16)
- [security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) security-alert (Dec 16)
- Shutdown UX DLL side loading vulnerability Securify B.V. (Dec 16)
- Shockwave Flash Object DLL side loading vulnerability Securify B.V. (Dec 16)
- [SECURITY] [DSA 3422-1] iceweasel security update Moritz Muehlenhoff (Dec 16)
- [SECURITY] [DSA 3421-1] grub2 security update Luciano Bello (Dec 16)
- [SECURITY] [DSA 3423-1] cacti security update Luciano Bello (Dec 16)
- [security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification security-alert (Dec 16)
- [SECURITY] [DSA 3424-1] subversion security update Moritz Muehlenhoff (Dec 16)
- [slackware-security] mozilla-firefox (SSA:2015-349-03) Slackware Security Team (Dec 16)
- [SECURITY] [DSA 3337-2] gdk-pixbuf security update Salvatore Bonaccorso (Dec 16)
- CVE-2015-5348 - Apache Camel medium disclosure vulnerability Claus Ibsen (Dec 17)
- [SECURITY] [DSA 3425-1] tryton-server security update Luciano Bello (Dec 17)
- <Possible follow-ups>
- [SECURITY] [DSA 3425-1] tryton-server security update Luciano Bello (Dec 17)
- [oCERT 2015-011] PyAMF input sanitization errors (XXE) Daniele Bianco (Dec 17)
- ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability Security Alert (Dec 17)
- [SECURITY] [DSA 3426-1] linux security update Salvatore Bonaccorso (Dec 17)
- Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege Stefan Kanthak (Dec 17)
- [slackware-security] libpng (SSA:2015-351-02) Slackware Security Team (Dec 18)
- [slackware-security] grub (SSA:2015-351-01) Slackware Security Team (Dec 18)
- KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures (Dec 19)
- [SECURITY] [DSA 3428-1] tomcat8 security update Moritz Muehlenhoff (Dec 19)
- [SECURITY] [DSA 3427-1] blueman security update Moritz Muehlenhoff (Dec 21)
- KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password KoreLogic Disclosures (Dec 21)
- Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies Stefan Kanthak (Dec 21)
- Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege Stefan Kanthak (Dec 21)
- giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen (Dec 21)
- ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability Security Alert (Dec 21)
- [SECURITY] [DSA 3429-1] foomatic-filters security update Salvatore Bonaccorso (Dec 21)
- [security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass security-alert (Dec 21)
- [security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification security-alert (Dec 21)
- [security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. security-alert (Dec 22)
- Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution Stefan Kanthak (Dec 22)
- [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality RedTeam Pentesting GmbH (Dec 22)
- DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability Vulnerability Lab (Dec 22)
- Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Dec 22)
- Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab (Dec 22)
- Lithium Forum - (previewImages) Persistent Vulnerability Vulnerability Lab (Dec 22)
- Switch v4.68 - Code Execution Vulnerability Vulnerability Lab (Dec 22)
- POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Vulnerability Lab (Dec 22)
- Aeris Calandar v2.1 - Buffer Overflow Vulnerability Vulnerability Lab (Dec 22)
- ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability Security Alert (Dec 22)
- ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability Security Alert (Dec 23)
- Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 LpSolit (Dec 23)
- [slackware-security] blueman (SSA:2015-356-01) Slackware Security Team (Dec 23)
- Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Dec 23)
- [SECURITY] [DSA 3430-1] libxml2 security update Salvatore Bonaccorso (Dec 23)
- [slackware-security] mozilla-thunderbird (SSA:2015-357-01) Slackware Security Team (Dec 24)
- AccessDiver V4.301 Buffer Overflow apparitionsec (Dec 27)
- libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen (Dec 27)
- libtiff bmp file Heap Overflow (CVE-2015-8668) riusksk (Dec 27)
- WebKitGTK+ Security Advisory WSA-2015-0002 Carlos Alberto Lopez Perez (Dec 28)
- [oCERT 2015-012] Ganeti multiple issues Daniele Bianco (Dec 30)
- FTPShell Client v5.24 Buffer Overflow apparitionsec (Dec 30)
- Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak (Dec 31)
- Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang) irancrash (Dec 31)