Bugtraq: by date

PreviousPrevious period
Next periodNext

163 messages starting Dec 31 14 and ending Jan 30 15
Date index | Thread index | Author index

Wednesday, 31 December

[SECURITY] [DSA 3117-1] php5 security update Salvatore Bonaccorso
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability Egidio Romano
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability Egidio Romano
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability Egidio Romano
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability Egidio Romano
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability Egidio Romano

Sunday, 04 January

[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro

Monday, 05 January

[ MDVSA-2015:004 ] php security
[ MDVSA-2015:003 ] ntp security
[SECURITY] [DSA 3118-1] strongswan security update Yves-Alexis Perez
Open-Xchange Security Advisory 2015-01-05 Martin Heiland
[ MDVSA-2015:002 ] pcre security
[ MDVSA-2015:001 ] c-icap security
[SECURITY] [DSA 3119-1] libevent security update Salvatore Bonaccorso
ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities Security Alert

Tuesday, 06 January

Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro
[ MDVSA-2015:005 ] subversion security
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities Vulnerability Lab

Wednesday, 07 January

Self-XSS in Microsoft Dynamics CRM 2013 SP1 High-Tech Bridge Security Research
Brother MFC Administration Reflected Cross-Site Scripting vulns
[SECURITY] [DSA 3120-1] mantis security update Moritz Muehlenhoff
[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities security-alert

Thursday, 08 January

[ MDVSA-2015:006 ] mediawiki security
[ MDVSA-2015:007 ] unrtf security
[ MDVSA-2015:008 ] pwgen security
[ MDVSA-2015:009 ] krb5 security
[ MDVSA-2015:010 ] file security
[ MDVSA-2015:011 ] nail security
[ MDVSA-2015:012 ] jasper security
[ MDVSA-2015:013 ] znc security
[ MDVSA-2015:014 ] libjpeg security
[ MDVSA-2015:015 ] sox security
[ MDVSA-2015:016 ] unzip security
[ MDVSA-2015:017 ] libevent security
[ MDVSA-2015:018 ] asterisk security
Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada root
[SECURITY] [DSA 3121-1] file security update Moritz Muehlenhoff

Friday, 09 January

[SECURITY] [DSA 3122-1] curl security update Salvatore Bonaccorso
Re: [SECURITY] [DSA 3122-1] curl security update U2ME236
Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities dan
[ MDVSA-2015:019 ] openssl security

Sunday, 11 January

[security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities security-alert
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities Pietro Oliva
[SECURITY] [DSA 3124-1] otrs2 security update Salvatore Bonaccorso
[SECURITY] [DSA 3125-1] openssl security update Salvatore Bonaccorso

Monday, 12 January

Blitz CMS Community - SQL Injection Web Vulnerability Vulnerability Lab
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability Vulnerability Lab
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability Vulnerability Lab
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities Vulnerability Lab
[ MDVSA-2015:020 ] libssh security
[ MDVSA-2015:021 ] curl security
[ MDVSA-2015:022 ] wireshark security
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH
Corel Software DLL Hijacking CORE Advisories Team
[SECURITY] [DSA 3126-1] php5 security update Thijs Kinkhorst
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp
[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution security-alert
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" Diéyǔ

Tuesday, 13 January

SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones SEC Consult Vulnerability Lab
CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user Gordon Sim
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower SEC Consult Vulnerability Lab
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi SEC Consult Vulnerability Lab
[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information security-alert
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability Vulnerability Lab
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update Thijs Kinkhorst
[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information security-alert

Wednesday, 14 January

AusCERT2015 Call for Papers: closes 18th January AusCERT
MS14-080 CVE-2014-6365 Code Diéyǔ
Two XSS vulnerabilities in Simple Security WordPress Plugin High-Tech Bridge Security Research
[SECURITY] [DSA 3127-1] iceweasel security update Moritz Muehlenhoff

Thursday, 15 January

FreeBSD Security Advisory FreeBSD-SA-15:01.openssl FreeBSD Security Advisories
[SECURITY] [DSA 3128-1] linux security update Salvatore Bonaccorso
[ MDVSA-2015:023 ] libvirt security
[ MDVSA-2015:024 ] libsndfile security
[ MDVSA-2015:026 ] untrf security
[ MDVSA-2015:025 ] mpfr security
Alienvault OSSIM/USM Command Execution Vulnerability Peter Lapp

Friday, 16 January

[SECURITY] [DSA 3129-1] rpm security update Moritz Muehlenhoff
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability Vulnerability Lab
VeryPhoto v3.0 iOS - Command Injection Vulnerability Vulnerability Lab
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability Vulnerability Lab
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability admin () evolution-sec com
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability Vulnerability Lab
[ MDVSA-2015:027 ] kernel security

Monday, 19 January

[slackware-security] mozilla-thunderbird (SSA:2015-016-03) Slackware Security Team
[slackware-security] freetype (SSA:2015-016-01) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-016-02) Slackware Security Team
[slackware-security] seamonkey (SSA:2015-016-04) Slackware Security Team
CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability Riley Baird
[SECURITY] [DSA 3131-1] xdg-utils security update Michael Gilbert
MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Advisories
[SECURITY] [DSA 3132-1] icedove security update Moritz Muehlenhoff

Tuesday, 20 January

CVE-2015-1175-xss-prestashop Sudhanshu Chauhan
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities Security Alert
[SECURITY] [DSA 3133-1] privoxy security update Moritz Muehlenhoff
[SECURITY] [DSA 3134-1] sympa security update Salvatore Bonaccorso
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert

Thursday, 22 January

[oCERT-2015-001] JasPer input sanitization errors Andrea Barisani
PhotoSync v1.1.3 Android - Command Inject Vulnerability Vulnerability Lab
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass RedTeam Pentesting GmbH
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll Vulnerability Lab
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities Vulnerability Lab
[slackware-security] samba (SSA:2015-020-01) Slackware Security Team
CVE-2015-1176-xss-osticket Sudhanshu Chauhan
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP SEC Consult Vulnerability Lab
CVE-2015-1177-xss-exponent Sudhanshu Chauhan
CVE-2015-1178-xss-x-cart-ecommerce Sudhanshu Chauhan
CVE-2015-1179-xss-mango-automation-scada Sudhanshu Chauhan
CVE-2015-1180-xss-eventsentry Sudhanshu Chauhan
Program-O v2.4.6 - Multiple Web Vulnerabilities Vulnerability Lab
PhotoSync 1.1.3 Android - Command Inject Vulnerability Vulnerability Lab

Friday, 23 January

[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days Hafez Kamal
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability Rewterz - Research Group
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability Rewterz - Research Group
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Rewterz - Research Group

Tuesday, 27 January

WebKitGTK+ Security Advisory WSA-2015-0001 Carlos Alberto Lopez Perez
[CORE-2015-0002] - Android WiFi-Direct Denial of Service CORE Advisories Team
CVE-2015-0224: qpidd can be crashed by unauthenticated user Gordon Sim
CVE-2015-0223: anonymous access to qpidd cannot be prevented Gordon Sim
[SYSS-2014-012] FancyFon FAMOC - Session Fixation matthias . deeg
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting matthias . deeg
[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt matthias . deeg
[SECURITY] [DSA 3140-1] xen security update Moritz Muehlenhoff
[SYSS-2014-010] FancyFon FAMOC - SQL Injection matthias . deeg
[SECURITY] [DSA 3141-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 3142-1] eglibc security update Florian Weimer
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory
APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple Product Security
APPLE-SA-2015-01-27-2 iOS 8.1.3 Apple Product Security
APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Apple Product Security
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 Apple Product Security

Wednesday, 28 January

FreeBSD Security Advisory FreeBSD-SA-15:02.kmem FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:03.sctp FreeBSD Security Advisories
[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities CORE Advisories Team
NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues VMware Security Response Center
[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability Amplia Security Advisories
[CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8 sven
[CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8 sven
Two XSS Vulnerabilities in SupportCenter Plus High-Tech Bridge Security Research
Multiple vulnerabilities in MantisBT High-Tech Bridge Security Research
[SECURITY] [DSA 3143-1] virtualbox security update Moritz Muehlenhoff

Thursday, 29 January

KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation KoreLogic Disclosures
[slackware-security] glibc (SSA:2015-028-01) Slackware Security Team
AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk Security Team
Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) Pedro Ribeiro
CVE-2014-8779: SSH Host keys on Pexip Infinity giles
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 Onur Yilmaz
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities Security Alert
Reflected XSS vulnarbility in Asus RT-N10 Plus Router kingkaustubh
Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router kingkaustubh
Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection Paul Craig
NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability VMware Security Response Center
[SECURITY] [DSA 3144-1] openjdk-7 security update Moritz Muehlenhoff

Friday, 30 January

[SECURITY] [DSA 3145-1] privoxy security update Salvatore Bonaccorso
ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability Security Alert
[SECURITY] [DSA 3146-1] requests security update Sebastien Delafond
[SECURITY] [DSA 3147-1] openjdk-6 security update Moritz Muehlenhoff
[security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities security-alert
PreviousPrevious period
Next periodNext