Bugtraq: by thread
148 messages
starting Sep 01 15 and
ending Sep 30 15
Date index |
Thread index |
Author index
- [security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code security-alert (Sep 01)
- [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities CORE Advisories Team (Sep 01)
- KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation KoreLogic Disclosures (Sep 01)
- KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 02)
- CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection David Black (Sep 02)
- [slackware-security] gdk-pixbuf2 (SSA:2015-244-01) Slackware Security Team (Sep 02)
- Cross-Site Request Forgery in Cerb High-Tech Bridge Security Research (Sep 02)
- ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability Security Alert (Sep 02)
- [SECURITY] [DSA 3347-1] pdns security update SĂ©bastien Delafond (Sep 02)
- Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability Cisco Systems Product Security Incident Response Team (Sep 02)
- [SECURITY] [DSA 3349-1] qemu-kvm security update Salvatore Bonaccorso (Sep 02)
- [SECURITY] [DSA 3348-1] qemu security update Salvatore Bonaccorso (Sep 02)
- FreeBSD Security Advisory FreeBSD-SA-15:23.bind FreeBSD Security Advisories (Sep 03)
- [SECURITY] [DSA 3350-1] bind9 security update Moritz Muehlenhoff (Sep 03)
- [slackware-security] bind (SSA:2015-245-01) Slackware Security Team (Sep 03)
- [SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key sven . freund (Sep 03)
- Checkmarx CxQL Sandbox bypass (CVE-2014-8778) hdau (Sep 03)
- Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities Vulnerability Lab (Sep 03)
- ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability Security Alert (Sep 03)
- [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow Julien Ahrens (Sep 03)
- [SECURITY] [DSA 3351-1] chromium-browser security update Michael Gilbert (Sep 04)
- [slackware-security] seamonkey (SSA:2015-246-01) Slackware Security Team (Sep 04)
- [SECURITY] [DSA 3352-1] screen security update Laszlo Boszormenyi (Sep 04)
- Oracle Hyperion password disclosure... Jeff Kayser (Sep 04)
- <Possible follow-ups>
- Re: Oracle Hyperion password disclosure... jeff . kayser (Sep 09)
- Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation Stefan Kanthak (Sep 04)
- Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability David Coomber (Sep 04)
- Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability David Coomber (Sep 04)
- JSPMySQL Administrador CSRF & XSS Vulnerabilities apparitionsec (Sep 07)
- [SECURITY] [DSA 3353-1] openslp-dfsg security update Alessandro Ghedini (Sep 07)
- NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. Elliott Lewis (Sep 07)
- [CVE-2015-3623] Qlikview blind XXE Security Vulnerability alex_haynes (Sep 08)
- [SECURITY] [DSA 3354-1] spice security update Salvatore Bonaccorso (Sep 09)
- Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak (Sep 09)
- Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Sep 09)
- [security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS) security-alert (Sep 09)
- ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities Security Alert (Sep 09)
- ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability Security Alert (Sep 09)
- [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository ERPScan inc (Sep 09)
- [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials ERPScan inc (Sep 09)
- [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials ERPScan inc (Sep 09)
- [security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS) security-alert (Sep 09)
- [security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information security-alert (Sep 09)
- Synology Video Station command injection and multiple SQL injection vulnerabilities Securify B.V. (Sep 09)
- Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Securify B.V. (Sep 09)
- [SECURITY] [DSA 3355-1] libvdpau security update Alessandro Ghedini (Sep 10)
- DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 Onur Yilmaz (Sep 10)
- Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14 dkl (Sep 11)
- Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15 LpSolit (Sep 11)
- Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability Vulnerability Lab (Sep 11)
- Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability Vulnerability Lab (Sep 11)
- PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability Vulnerability Lab (Sep 11)
- Magento Bug Bounty #19 - Persistent Filename Vulnerability Vulnerability Lab (Sep 11)
- [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability Egidio Romano (Sep 11)
- [security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code security-alert (Sep 11)
- IKEView.exe Fox beta 1 Stack Buffer Overflow apparitionsec (Sep 11)
- [SECURITY] [DSA 3356-1] openldap security update Salvatore Bonaccorso (Sep 11)
- [SECURITY] [DSA 3357-1] vzctl security update Moritz Muehlenhoff (Sep 14)
- [SECURITY] [DSA 3359-1] virtualbox security update Moritz Muehlenhoff (Sep 14)
- [SECURITY] [DSA 3358-1] php5 security update Salvatore Bonaccorso (Sep 14)
- [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting Ahrens, Julien (Sep 14)
- [security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass security-alert (Sep 14)
- IKEView.exe R60 Stack Buffer Overflow apparitionsec (Sep 14)
- Openfire 3.10.2 CSRF Vulnerabilities apparitionsec (Sep 15)
- Paypal Inc - Open Redirect Web Vulnerability Vulnerability Lab (Sep 15)
- [security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data security-alert (Sep 15)
- [SECURITY] [DSA 3360-1] icu security update GCS (Sep 15)
- Microsoft Exchange Information Disclosure apparitionsec (Sep 16)
- Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files gregory draperi (Sep 16)
- [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution security-alert (Sep 16)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance Cisco Systems Product Security Incident Response Team (Sep 16)
- Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Sep 16)
- Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 16)
- APPLE-SA-2015-09-16-1 iOS 9 Apple Product Security (Sep 16)
- APPLE-SA-2015-09-16-2 Xcode 7.0 Apple Product Security (Sep 16)
- APPLE-SA-2015-09-16-3 iTunes 12.3 Apple Product Security (Sep 16)
- Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912) Amit Klein (Sep 17)
- APPLE-SA-2015-09-16-4 OS X Server 5.0.3 Apple Product Security (Sep 17)
- [security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information security-alert (Sep 17)
- KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 17)
- [SECURITY] [DSA 3361-1] qemu security update Salvatore Bonaccorso (Sep 21)
- [SECURITY] [DSA 3362-1] qemu-kvm security update Salvatore Bonaccorso (Sep 21)
- Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... Stefan Kanthak (Sep 21)
- [SECURITY] [DSA 3363-1] owncloud-client security update Luciano Bello (Sep 21)
- SAP Netwaver - XML External Entity Injection Lukasz Miedzinski (Sep 21)
- CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth Antoine Neuenschwander (Sep 21)
- Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft) securityresearch (Sep 21)
- Jasig CAS server vulnerabilities Antoni Klajn (Sep 21)
- APPLE-SA-2015-09-21-1 watchOS 2 Apple Product Security (Sep 21)
- [SECURITY] [DSA 3364-1] linux security update Ben Hutchings (Sep 22)
- Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 22)
- UDID v1.0 iOS - Persistent Mail Encode Vulnerability Vulnerability Lab (Sep 22)
- [security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) security-alert (Sep 22)
- [security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information security-alert (Sep 22)
- Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V. (Sep 22)
- [slackware-security] mozilla-firefox (SSA:2015-265-01) Slackware Security Team (Sep 23)
- Open-Xchange Security Advisory 2015-09-23 Martin Heiland (Sep 23)
- Reflected Cross-Site Scripting (XSS) in iTop High-Tech Bridge Security Research (Sep 23)
- Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability Vulnerability Lab (Sep 23)
- WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability Vulnerability Lab (Sep 23)
- UltraEdit v22.20 - Buffer Overflow Vulnerability Vulnerability Lab (Sep 23)
- Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 23)
- Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Sep 23)
- Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 23)
- ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert (Sep 23)
- [SECURITY] [DSA 3365-1] iceweasel security update Moritz Muehlenhoff (Sep 23)
- Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 23)
- Re: Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 30)
- [SECURITY] [DSA 3366-1] rpcbind security update Salvatore Bonaccorso (Sep 24)
- BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting appsec (Sep 24)
- BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting appsec (Sep 24)
- [SECURITY] [DSA 3367-1] wireshark security update Moritz Muehlenhoff (Sep 24)
- Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Shazron (Sep 25)
- FortiManager v5.2.2 Multiple XSS Vulnerabilities apparitionsec (Sep 25)
- Insecure application-coupling in Good Authentication Delegation [MZ-15-03] modzero (Sep 25)
- CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
- CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
- CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
- [SECURITY] [DSA 3368-1] cyrus-sasl2 security update Salvatore Bonaccorso (Sep 25)
- [security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege security-alert (Sep 28)
- Git-1.9.5 ssh-agent.exe Buffer Overflow apparitionsec (Sep 28)
- <Possible follow-ups>
- Git-1.9.5 ssh-agent.exe Buffer Overflow apparitionsec (Sep 28)
- CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed (Sep 28)
- CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed (Sep 28)
- Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed (Sep 28)
- My.WiFi USB Drive v1.0 iOS - File Include Vulnerability Vulnerability Lab (Sep 28)
- Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability Vulnerability Lab (Sep 28)
- WinRAR SFX v5.21 - Remote Code Execution Vulnerability Vulnerability Lab (Sep 28)
- <Possible follow-ups>
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability dev (Sep 30)
- RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Popovici, Alejo (LATCO - Buenos Aires) (Sep 30)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Eugene Roshal (Sep 30)
- RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Popovici, Alejo (LATCO - Buenos Aires) (Sep 30)
- NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability Vulnerability Lab (Sep 28)
- Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 28)
- IconLover v5.4.5 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Sep 28)
- Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000) Benjamin Daniel Mussler (Sep 28)
- Remote privesc and RCE in Kaseya Virtual System Administrator Pedro Ribeiro (Sep 29)
- CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC Ralf Spenneberg (OpenSource Security) (Sep 29)
- Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC Ralf Spenneberg (Sep 29)
- ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities Security Alert (Sep 29)
- ESA-2015-151: RSA® OneStep Path Traversal Vulnerability Security Alert (Sep 29)
- CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23 Marcello Duarte (Sep 29)
- FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind FreeBSD Security Advisories (Sep 29)
- Apache James Server 2.3.2 security vulnerability fixed Eric Charles (Sep 30)
- APPLE-SA-2015-09-30-01 iOS 9.0.2 Apple Product Security (Sep 30)
- [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information security-alert (Sep 30)
- APPLE-SA-2015-09-30-2 Safari 9 Apple Product Security (Sep 30)
- APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 Apple Product Security (Sep 30)