Bugtraq: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

148 messages starting Nov 02 15 and ending Nov 30 15
Date index | Thread index | Author index

Monday, 02 November

[SECURITY] [DSA 3385-1] mariadb-10.0 security update Salvatore Bonaccorso
[SECURITY] [DSA 3386-1] unzip security update Laszlo Boszormenyi (GCS)
TCPing 2.1.0 Buffer Overflow apparitionsec
[SECURITY] [DSA 3387-1] openafs security update Florian Weimer
[SECURITY] [DSA 3388-1] ntp security update Moritz Muehlenhoff
[SECURITY] [DSA 3381-2] openjdk-7 security update Moritz Muehlenhoff
[SECURITY] [DSA 3389-1] elasticsearch end-of-life Moritz Muehlenhoff
Cross-Site Scripting | Zeuscart V4 ITAS Team
Accentis Content Resource Management System - SQL GalaxyCVEcollector
Accentis Content Resource Management System - XSS GalaxyCVEcollector
CVE-2015-7326 (XXE vulnerability in Milton Webdav) 0ang3el
[SECURITY] [DSA 3390-1] xen security update Salvatore Bonaccorso
[security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution security-alert
[SECURITY] [DSA 3355-2] libvdpau regression update Alessandro Ghedini
[security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code security-alert

Wednesday, 04 November

[security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information security-alert
[SECURITY] [DSA 3391-1] php-horde security update Florian Weimer
[security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege security-alert
[security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege security-alert
[security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information security-alert
[SECURITY] [DSA 3392-1] freeimage security update Sebastien Delafond
FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] FreeBSD Security Advisories

Thursday, 05 November

[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability Egidio Romano
[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability Egidio Romano
[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability Egidio Romano
[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability Egidio Romano
[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability Egidio Romano
[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability Egidio Romano
Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3393-1] iceweasel security update Moritz Muehlenhoff
[security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information security-alert
SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products SEC Consult Vulnerability Lab
Elasticsearch vulnerability CVE-2015-5377 Kevin Kluge
[SECURITY] [DSA 3394-1] libreoffice security update Moritz Muehlenhoff

Friday, 06 November

Elasticsearch vulnerability CVE-2015-4165 Kevin Kluge
NXFilter v3.0.3 CSRF apparitionsec
NXFilter v3.0.3 Persistent / Reflected XSS apparitionsec
CVE-2015-5619 Suyog Rao
CVE-2015-5378 Suyog Rao
[slackware-security] mozilla-nss (SSA:2015-310-02) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-310-01) Slackware Security Team
[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities Timothy Bish
[SECURITY] [DSA 3395-1] krb5 security update Salvatore Bonaccorso

Monday, 09 November

TestLink 1.9.14 Persistent XSS Aravind
TestLink 1.9.14 CSRF Vulnerability Aravind
[SECURITY] [DSA 3386-2] unzip regression update Salvatore Bonaccorso

Tuesday, 10 November

[SECURITY] [DSA 3396-1] linux security update Salvatore Bonaccorso

Wednesday, 11 November

Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099 apparitionsec
[SECURITY] [DSA 3397-1] wpa security update Salvatore Bonaccorso
[security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) security-alert
Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability Secunia Research

Friday, 13 November

[SECURITY] [DSA 3395-2] krb5 security update Salvatore Bonaccorso
OpenBSD package 'net-snmp' information disclosure Pierre Kim

Saturday, 14 November

[slackware-security] seamonkey (SSA:2015-318-01) Slackware Security Team
D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability bhadresh . patel
/tmp race condition in IBM Installation Manager V1.8.1 install script larry0
[SECURITY] [DSA 3208-2] freexl regression update Salvatore Bonaccorso
PHP Address Book SQL Injection Vulnerability Rahul Pratap Singh
CF Image Host PHP Command Injection apparitionsec
CF Image Host CSRF apparitionsec
CF Image Host XSS apparitionsec
Dlink DIR-866L Buffer overflows in HNAP and send email functionalities samhuntley84
Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L samhuntley84

Sunday, 15 November

Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities. samhuntley84
Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists samhuntley84
Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities. samhuntley84
Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality samhuntley84
Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities samhuntley84
Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities samhuntley84
Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities samhuntley84
Dlink DIR-645 UPNP Buffer Overflow samhuntley84
Dlink DIR-601 Command injection in ping functionality samhuntley84
Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities. samhuntley84
Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality samhuntley84
[security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information security-alert
SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value martin . sturm

Monday, 16 November

CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability Matthew Flanagan
[SECURITY] [DSA 3398-1] strongswan security update Yves-Alexis Perez

Tuesday, 17 November

LAN Scan HD v1.20 iOS - Command Inject Vulnerability Vulnerability Lab
Port Scan v2.0 iOS - Command Inject Vulnerability Vulnerability Lab
Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities Vulnerability Lab
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability Vulnerability Lab
Murgent CMS - SQL Injection Vulnerability Vulnerability Lab
Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) Vulnerability Lab
Open-Xchange Security Advisory 2015-11-17 Martin Heiland
ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability Security Alert
WordPress Users Ultra Plugin [Unrestricted File Upload] pan . vagenas
[security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) security-alert

Wednesday, 18 November

Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability Vulnerability Lab
RCE and SQL injection via CSRF in Horde Groupware High-Tech Bridge Security Research

Thursday, 19 November

[SECURITY] [DSA 3399-1] libpng security update Salvatore Bonaccorso
[security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) security-alert
IBM i Access Buffer Overflow Code Exec CVE-2015-2023 apparitionsec
IBM i Access Buffer Overflow Code DOS CVE-2015-7422 apparitionsec
CVE-2015-8131: Kibana CSRF vulnerability Kevin Kluge
NEW VMSA-2015-0008 - VMware product updates address information disclosure issue VMware Security Response Center
[security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS) security-alert
[SECURITY] [DSA 3400-1] lxc security update Salvatore Bonaccorso

Saturday, 21 November

Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions Shazron
Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Shazron

Monday, 23 November

Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias.
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias.
Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation Nicholas Lemonias.
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias.
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias.
Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation Nicholas Lemonias.
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation Nicholas Lemonias.
[ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import ERPScan inc
[FD] Celoxis <= 9.5 - Cross Site Scripting (XSS) Manuel Mancera
[ERPSCAN-15-019] SAP Afaria - Stored XSS ERPScan inc
[ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE ERPScan inc
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Christofer Dutz
Steam Weak File Permissions Privilege Escalation ajs

Tuesday, 24 November

[SECURITY] [DSA 3402-1] symfony security update Salvatore Bonaccorso
ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability Security Alert
[SECURITY] [DSA 3403-1] libcommons-collections3-java security update Moritz Muehlenhoff

Wednesday, 25 November

[slackware-security] pcre (SSA:2015-328-01) Slackware Security Team
[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution security-alert
[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution security-alert
CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability Vulnerability Lab
[SECURITY] [DSA 3404-1] python-django security update Salvatore Bonaccorso
[SECURITY] [DSA 3406-1] nspr security update Moritz Muehlenhoff
[SECURITY] [DSA 3405-1] smokeping security update Florian Weimer

Thursday, 26 November

[SECURITY] [DSA 3407-1] dpkg security update Salvatore Bonaccorso

Friday, 27 November

[FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS) Manuel Mancera

Sunday, 29 November

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation aiscorp
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation lem . nikolas
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report. Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.

Monday, 30 November

Belkin N150 Wireless Home Router Multiple Vulnerabilities Rahul Pratap Singh
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Nicholas Lemonias.
LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection advisories
[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7) Security Explorations
Huawei Wimax routers vulnerable to multiple threats Pierre Kim

Previous period

Next period