Bugtraq: by date

PreviousPrevious period
Next periodNext

139 messages starting Oct 01 15 and ending Oct 30 15
Date index | Thread index | Author index

Thursday, 01 October

[SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt matthias . deeg
[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass matthias . deeg
[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass matthias . deeg
[SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt matthias . deeg
[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass matthias . deeg
[SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt matthias . deeg
[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt matthias . deeg
[SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt matthias . deeg
[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass matthias . deeg
[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass matthias . deeg
[security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass security-alert
[security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities security-alert

Monday, 05 October

LanSpy 2.0.0.155 Buffer Overflow apparitionsec
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin ibemed
A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin ibemed
Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin ibemed
Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin ibemed
Reflected Cross-Site Scripting (XSS) in SourceBans High-Tech Bridge Security Research
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting appsec
Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting appsec
ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage jerzy . patraszewski
FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED] FreeBSD Security Advisories
Qualys Security Advisory - OpenSMTPD Audit Report Qualys Security Advisory
[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution Pedro Ribeiro
[SYSS-2015-039] CSRF in OpenText Secure MFT adrian . vollmer
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Specto
FTGate 2009 Build 6.4.00 CSRF Vulnerabilities apparitionsec
[security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information security-alert
[slackware-security] php (SSA:2015-274-02) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-274-01) Slackware Security Team
[slackware-security] seamonkey (SSA:2015-274-03) Slackware Security Team
[security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege security-alert

Tuesday, 06 October

LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow apparitionsec
Advisory: web-based VM detection and coarse-grained fingerprinting Amit Klein
Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img Alexandre Herzog

Wednesday, 07 October

Local RedHat Enterprise Linux DoS – RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver) Ralf Spenneberg
TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391 Onur Yilmaz
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390 Onur Yilmaz
Zope Management Interface CSRF vulnerabilities apparitionsec
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) Nicholas Lemonias.
[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin ibeptaz
[SECURITY] [DSA 3370-1] freetype security update Alessandro Ghedini
[SECURITY] [DSA 3369-1] zendframework security update Alessandro Ghedini
Re: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver) Ralf Spenneberg
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) lem . nikolas
RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img Alexandre Herzog
A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE Pierre Kim
[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati
Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost Nicholas Lemonias.

Thursday, 08 October

Potential vulnerabilites in PayPal Beacons securityresearch
[RT-SA-2015-006] Buffalo LinkStation Authentication Bypass RedTeam Pentesting GmbH

Friday, 09 October

Veeam Backup & Replication Local Privilege Escalation Vulnerability ascii
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability Vulnerability Lab
W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability Vulnerability Lab
FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability Vulnerability Lab
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) Nicholas Lemonias.
[SECURITY] [DSA 3371-1] spice security update Salvatore Bonaccorso

Monday, 12 October

ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities Security Alert
Multiple Vulnerabilities found in ZHONE lyon . yang . s
[SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials matthias . deeg
[SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection matthias . deeg
Multiple Remote Code Execution found in ZHONE lyon . yang . s
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin grajalerts
CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin grajalerts
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin grajalerts

Tuesday, 13 October

AdobeWorkgroupHelper Stack Based Buffer Overflow apparitionsec
[SECURITY] [DSA 3372-1] linux security update Ben Hutchings
Boolean-based SQL injection Vulnerability in K2 Platforms wissam . bashour

Wednesday, 14 October

[security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information security-alert
[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability Myria
US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research Nicholas Lemonias.

Thursday, 15 October

Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow apparitionsec
PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability Vulnerability Lab
Freemake Video Downloader 3.7.1 - Code Execution Vulnerability Vulnerability Lab
[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert

Friday, 16 October

[security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities security-alert
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Apple Product Security
[ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD ISecAuditors Security Advisories
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Qualys Security Advisory
Events Made Easy WordPress plugin CSRF + Persistent XSS David Sopas
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access ERPScan inc

Monday, 19 October

[SECURITY] [DSA 3373-1] owncloud security update Salvatore Bonaccorso
[SECURITY] [DSA 3374-1] postgresql-9.4 security update Salvatore Bonaccorso

Tuesday, 20 October

[SECURITY] [DSA 3375-1] wordpress security update Yves-Alexis Perez

Wednesday, 21 October

[SECURITY] [DSA 3376-1] chromium-browser security update Michael Gilbert
[SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42) Security Explorations
SiteWIX - (edit_photo2.php id) SQL Injection Exploit ZoRLu Bugrahan
Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
APPLE-SA-2015-10-21-1 iOS 9.1 Apple Product Security
APPLE-SA-2015-10-21-2 watchOS 2.0.1 Apple Product Security
APPLE-SA-2015-10-21-3 Safari 9.0.1 Apple Product Security
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 Apple Product Security

Thursday, 22 October

APPLE-SA-2015-10-21-5 iTunes 12.3.1 Apple Product Security
APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Apple Product Security
APPLE-SA-2015-10-21-7 Xcode 7.1 Apple Product Security
APPLE-SA-2015-10-21-8 OS X Server 5.0.15 Apple Product Security
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 Cisco Systems Product Security Incident Response Team
TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE scurippio

Friday, 23 October

Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE scurippio
SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities SEC Consult Vulnerability Lab
Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE scurippio
CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution David Black

Saturday, 24 October

[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information security-alert
[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information security-alert

Sunday, 25 October

[SECURITY] [DSA 3377-1] mysql-5.5 security update Salvatore Bonaccorso
Fwd: Timing attack vulnerability in most Zeus server-sides rotem kerner
[SECURITY] [DSA 3379-1] miniupnpc security update Salvatore Bonaccorso
AlienVault OSSIM 4.3 CSRF vulnerability report mohammadreza . mohajerani

Monday, 26 October

AlienVault OSSIM 4.3 CSRF mohammadreza . mohajerani
FreeBSD Security Advisory FreeBSD-SA-15:25.ntp FreeBSD Security Advisories
Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities Secunia Research
Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability Secunia Research
MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow submit
MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) submit

Tuesday, 27 October

[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability ERPScan inc
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability ERPScan inc
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability ERPScan inc

Wednesday, 28 October

[SECURITY] [DSA 3380-1] php5 security update Florian Weimer
[SECURITY] [DSA 3381-1] openjdk-7 security update Moritz Muehlenhoff
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE Stefan Kanthak

Thursday, 29 October

[SECURITY] [DSA 3382-1] phpmyadmin security update Thijs Kinkhorst
CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver Portcullis Advisories
CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver Portcullis Advisories
Cross-Site Request Forgery on Oxwall High-Tech Bridge Security Research
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability ERPScan inc
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability ERPScan inc
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability ERPScan inc
[SECURITY] [DSA 3332-2] wordpress regression update Salvatore Bonaccorso
[SECURITY] [DSA 3383-1] wordpress security update Salvatore Bonaccorso
[SECURITY] [DSA 3384-1] virtualbox security update Moritz Muehlenhoff
[slackware-security] ntp (SSA:2015-302-03) Slackware Security Team
[slackware-security] curl (SSA:2015-302-01) Slackware Security Team
PHP Server Monitor 3.1.1 CSRF apparitionsec
PHP Server Monitor 3.1.1 Privilege Escalation apparitionsec

Friday, 30 October

[slackware-security] jasper (SSA:2015-302-02) Slackware Security Team
PreviousPrevious period
Next periodNext