Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
165 messages
starting Jun 01 15 and
ending Jun 30 15
Date index |
Thread index |
Author index
Monday, 01 June
[SECURITY] [DSA 3275-1] fusionforge security update Salvatore Bonaccorso
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update Salvatore Bonaccorso
[SECURITY] [DSA 3276-1] symfony security update Moritz Muehlenhoff
Ektron CMS 9.10 SP1 - CSRF Vulnerability jerold
Ektron CMS 9.10 SP1 - XSS Vulnerability jerold
WebDrive Buffer OverFlow PoC banana88
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] pan . vagenas
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] pan . vagenas
Tuesday, 02 June
t2'15: Call for Papers 2015 (Helsinki / Finland) Tomi Tuominen
Freebox OS Web interface 3.0.2 XSS, CSRF huyngocbk
Enhanced SQL Portal 5.0.7961 XSS Vulnerability apparitionsec
vfront-0.99.2 CSRF & Persistent XSS apparitionsec
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability Vulnerability Lab
[SECURITY] [DSA 3277-1] wireshark security update Moritz Muehlenhoff
Wednesday, 03 June
[SECURITY] [DSA 3249-2] jqueryui security update Sebastien Delafond
Safari Address Spoofing - Impact, Code, How It Works, History David Leo
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability banana88
Local PHP File Inclusion in ResourceSpace High-Tech Bridge Security Research
ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability Security Alert
Friday, 05 June
[SECURITY] [DSA 3278-1] libapache-mod-jk security update Markus Koschany
[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) Pedro Ribeiro
IBM Watson (Cognea) - XSS and Redirect Vulnerabilities jerold
CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] pan . vagenas
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access security-alert
CA20150604-01: Security Notice for CA Common Services Kotas, Kevin J
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability alex_haynes
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities alex_haynes
Wing FTP Server Remote Code Execution vulnerability alex_haynes
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow Vulnerability Lab
CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] pan . vagenas
Monday, 08 June
Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure Mike Sheward
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Larry W. Cashdollar
CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 venkatesh . nitin
Symphony CMS 2.6.2 apparitionsec
[SECURITY] [DSA 3279-1] redis security update Alessandro Ghedini
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App Payatu Research
[SECURITY] [DSA 3280-1] php5 security update Moritz Muehlenhoff
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice Thijs Kinkhorst
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability d4rkr0id
Symphony CMS XSS Vulnerability apparitionsec
[SECURITY] [DSA 3282-1] strongswan security update Yves-Alexis Perez
Tuesday, 09 June
Symphony CMS XSS Vulnerability [Corrected Post] apparitionsec
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities apparitionsec
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities apparitionsec
CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016 icissp . secretariat
NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues VMware Security Response Center
[security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution security-alert
Wednesday, 10 June
[SECURITY] [DSA 3283-1] cups security update Salvatore Bonaccorso
Logstash vulnerability CVE-2015-4152 Kevin Kluge
Kibana vulnerability CVE-2015-4093 Kevin Kluge
Elasticsearch vulnerability CVE-2015-4165 Kevin Kluge
[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID RedTeam Pentesting GmbH
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery RedTeam Pentesting GmbH
Arbitrary File Disclosure and Open Redirect in Bonita BPM High-Tech Bridge Security Research
Multiple Vulnerabilities in ISPConfig High-Tech Bridge Security Research
Use-After-Free in PHP High-Tech Bridge Security Research
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability Vulnerability Lab
Thursday, 11 June
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) stasvolfus
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Larry W. Cashdollar
[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert
D-Link DSP-W110 - multiple vulnerabilities Peter Adkins
Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Larry W. Cashdollar
[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability Egidio Romano
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability Egidio Romano
Friday, 12 June
Nakid-CMS CSRF, Persistent XSS & LFI apparitionsec
[slackware-security] php (SSA:2015-162-02) Slackware Security Team
ZCMS SQL Injection & Persistent XSS apparitionsec
[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting ludwig . stage
FreeBSD Security Advisory FreeBSD-SA-15:10.openssl FreeBSD Security Advisories
[slackware-security] openssl (SSA:2015-162-01) Slackware Security Team
Monday, 15 June
[SECURITY] [DSA 3285-1] qemu-kvm security update Salvatore Bonaccorso
[SECURITY] [DSA 3286-1] xen security update Moritz Muehlenhoff
Buffer Overflow in My Wifi Router Software sudson08
[SECURITY] [DSA 3287-1] openssl security update Alessandro Ghedini
[SECURITY] [DSA 3288-1] libav security update Moritz Muehlenhoff
[SECURITY] [DSA 3252-2] sqlite3 security update Alessandro Ghedini
Productsurf Cms Sql Injection Vulnerability iedb . team
WebdesignJiNi Cms Sql Injection Vulnerability iedb . team
[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager RedTeam Pentesting GmbH
[SECURITY] [DSA 3289-1] p7zip security update Ben Hutchings
Tuesday, 16 June
BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability d4rkr0id
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability Security Alert
ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities Security Alert
Wednesday, 17 June
OS Command Injection in Vesta Control Panel High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in SearchBlox High-Tech Bridge Security Research
VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities VCE - PSIRT
[security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information security-alert
[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information security-alert
Thursday, 18 June
[SECURITY] [DSA 3290-1] linux security update Ben Hutchings
[SECURITY] [DSA 3291-1] drupal7 security update Sebastien Delafond
Friday, 19 June
DUO Security push Timing Attack jpierini
[SECURITY] [DSA 3292-1] cinder security update Sebastien Delafond
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Vulnerability Lab
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability Vulnerability Lab
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability Vulnerability Lab
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability Vulnerability Lab
Tuesday, 23 June
[CVE-2015-3188] Apache Storm remote code execution vulnerability P. Taylor Goetz
[SECURITY] [DSA 3293-1] pyjwt security update Alessandro Ghedini
mysql-lite-administrator XSS vulnerabilities apparitionsec
mysql-lite-administrator XSS vulnerabilities apparitionsec
GeniXCMS XSS Vulnerabilities apparitionsec
[oCERT-2015-008] FreeRADIUS insufficent CRL application Andrea Barisani
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability Vulnerability Lab
The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address Amit Klein
[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information security-alert
KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) n4ser . farhadi
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Security Alert
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability Security Alert
Wednesday, 24 June
[SECURITY] [DSA 3294-1] wireshark security update Moritz Muehlenhoff
CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 Marco Delai
CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders Federick Joe P Fajardo
[SECURITY] [DSA 3295-1] cacti security update Salvatore Bonaccorso
Thursday, 25 June
[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Darya Maenkova
[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE Darya Maenkova
[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE Darya Maenkova
[ERPSCAN-15-005] SAP Mobile Platform - XXE Darya Maenkova
[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure Darya Maenkova
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check Darya Maenkova
[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS Darya Maenkova
[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll Darya Maenkova
[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE Darya Maenkova
Netgear Prosafe VPN Firewalls - Multiple vulnerabilities post
ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability Security Alert
Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA Cisco Systems Product Security Incident Response Team
Monday, 29 June
CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability Imre RAD
ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities Security Alert
SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences SEC Consult Vulnerability Lab
[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege security-alert
[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information security-alert
[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information security-alert
Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 Tim
CSRF Vulnerability in C2Box application CVE-2015-4460 wissam . bashour
CollabNet Subversion Edge Hook Script Privilege Escalation Oliver-Tobias Ripka
CollabNet Subversion Edge Password Hash Leak Oliver-Tobias Ripka
CollabNet Subversion Edge downloadHook local file inclusion Oliver-Tobias Ripka
CollabNet Subversion Edge tail local file inclusion Oliver-Tobias Ripka
CollabNet Subversion Edge insecure password change Oliver-Tobias Ripka
CollabNet Subversion Edge show local file inclusion Oliver-Tobias Ripka
CollabNet Subversion Edge missing brute force protection Oliver-Tobias Ripka
CollabNet Subversion Edge missing clickjacking protection Oliver-Tobias Ripka
CollabNet Subversion Edge autocomplete on Oliver-Tobias Ripka
CollabNet Subversion Edge weak password policy Oliver-Tobias Ripka
CollabNet Subversion Edge missing XSRF protection Oliver-Tobias Ripka
CollabNet Subversion Edge weak password storage mechanism Oliver-Tobias Ripka
CollabNet Subversion Edge missing single login restriction Oliver-Tobias Ripka
CollabNet Subversion Edge indes local file inclusion Oliver-Tobias Ripka
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities apparitionsec
[SECURITY] [DSA 3296-1] libcrypto++ security update Alessandro Ghedini
[SECURITY] [DSA 3297-1] unattended-upgrades security update Alessandro Ghedini
Tuesday, 30 June
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP Fernando Muñoz
Google Chrome Address Spoofing (Request For Comment) David Leo
APPLE-SA-2015-06-30-1 iOS 8.4 Apple Product Security
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 Apple Product Security
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Apple Product Security
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Apple Product Security