Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
148 messages
starting Sep 14 15 and
ending Sep 28 15
Date index |
Thread index |
Author index
Ahrens, Julien
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting Ahrens, Julien (Sep 14)
Alessandro Ghedini
[SECURITY] [DSA 3355-1] libvdpau security update Alessandro Ghedini (Sep 10)
[SECURITY] [DSA 3353-1] openslp-dfsg security update Alessandro Ghedini (Sep 07)
alex_haynes
[CVE-2015-3623] Qlikview blind XXE Security Vulnerability alex_haynes (Sep 08)
Amit Klein
Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912) Amit Klein (Sep 17)
Antoine Neuenschwander
CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth Antoine Neuenschwander (Sep 21)
Antoni Klajn
Jasig CAS server vulnerabilities Antoni Klajn (Sep 21)
apparitionsec
Openfire 3.10.2 CSRF Vulnerabilities apparitionsec (Sep 15)
Git-1.9.5 ssh-agent.exe Buffer Overflow apparitionsec (Sep 28)
IKEView.exe Fox beta 1 Stack Buffer Overflow apparitionsec (Sep 11)
FortiManager v5.2.2 Multiple XSS Vulnerabilities apparitionsec (Sep 25)
JSPMySQL Administrador CSRF & XSS Vulnerabilities apparitionsec (Sep 07)
IKEView.exe R60 Stack Buffer Overflow apparitionsec (Sep 14)
Microsoft Exchange Information Disclosure apparitionsec (Sep 16)
Git-1.9.5 ssh-agent.exe Buffer Overflow apparitionsec (Sep 28)
Apple Product Security
APPLE-SA-2015-09-16-3 iTunes 12.3 Apple Product Security (Sep 16)
APPLE-SA-2015-09-16-4 OS X Server 5.0.3 Apple Product Security (Sep 17)
APPLE-SA-2015-09-30-2 Safari 9 Apple Product Security (Sep 30)
APPLE-SA-2015-09-21-1 watchOS 2 Apple Product Security (Sep 21)
APPLE-SA-2015-09-16-1 iOS 9 Apple Product Security (Sep 16)
APPLE-SA-2015-09-16-2 Xcode 7.0 Apple Product Security (Sep 16)
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 Apple Product Security (Sep 30)
APPLE-SA-2015-09-30-01 iOS 9.0.2 Apple Product Security (Sep 30)
appsec
BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting appsec (Sep 24)
BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting appsec (Sep 24)
Ben Hutchings
[SECURITY] [DSA 3364-1] linux security update Ben Hutchings (Sep 22)
Benjamin Daniel Mussler
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000) Benjamin Daniel Mussler (Sep 28)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability Cisco Systems Product Security Incident Response Team (Sep 02)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance Cisco Systems Product Security Incident Response Team (Sep 16)
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Sep 16)
Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 23)
Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Sep 23)
Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 16)
Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 23)
CORE Advisories Team
[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities CORE Advisories Team (Sep 01)
David Black
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection David Black (Sep 02)
David Coomber
Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability David Coomber (Sep 04)
Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability David Coomber (Sep 04)
dev
Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability dev (Sep 30)
dkl
Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14 dkl (Sep 11)
Egidio Romano
[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability Egidio Romano (Sep 11)
Elliott Lewis
NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. Elliott Lewis (Sep 07)
Eric Charles
Apache James Server 2.3.2 security vulnerability fixed Eric Charles (Sep 30)
ERPScan inc
[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials ERPScan inc (Sep 09)
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials ERPScan inc (Sep 09)
[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository ERPScan inc (Sep 09)
Eugene Roshal
Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Eugene Roshal (Sep 30)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind FreeBSD Security Advisories (Sep 29)
FreeBSD Security Advisory FreeBSD-SA-15:23.bind FreeBSD Security Advisories (Sep 03)
GCS
[SECURITY] [DSA 3360-1] icu security update GCS (Sep 15)
gregory draperi
Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files gregory draperi (Sep 16)
hdau
Checkmarx CxQL Sandbox bypass (CVE-2014-8778) hdau (Sep 03)
High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in iTop High-Tech Bridge Security Research (Sep 23)
Cross-Site Request Forgery in Cerb High-Tech Bridge Security Research (Sep 02)
ibemed
CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed (Sep 28)
Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed (Sep 28)
CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed (Sep 28)
jeff . kayser
Re: Oracle Hyperion password disclosure... jeff . kayser (Sep 09)
Jeff Kayser
Oracle Hyperion password disclosure... Jeff Kayser (Sep 04)
Julien Ahrens
[CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow Julien Ahrens (Sep 03)
KoreLogic Disclosures
KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 02)
KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 17)
KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation KoreLogic Disclosures (Sep 01)
Laszlo Boszormenyi
[SECURITY] [DSA 3352-1] screen security update Laszlo Boszormenyi (Sep 04)
LpSolit
Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15 LpSolit (Sep 11)
Luciano Bello
[SECURITY] [DSA 3363-1] owncloud-client security update Luciano Bello (Sep 21)
Lukasz Miedzinski
SAP Netwaver - XML External Entity Injection Lukasz Miedzinski (Sep 21)
Marcello Duarte
CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23 Marcello Duarte (Sep 29)
Martin Heiland
Open-Xchange Security Advisory 2015-09-23 Martin Heiland (Sep 23)
Michael Gilbert
[SECURITY] [DSA 3351-1] chromium-browser security update Michael Gilbert (Sep 04)
modzero
Insecure application-coupling in Good Authentication Delegation [MZ-15-03] modzero (Sep 25)
Moritz Muehlenhoff
[SECURITY] [DSA 3359-1] virtualbox security update Moritz Muehlenhoff (Sep 14)
[SECURITY] [DSA 3365-1] iceweasel security update Moritz Muehlenhoff (Sep 23)
[SECURITY] [DSA 3367-1] wireshark security update Moritz Muehlenhoff (Sep 24)
[SECURITY] [DSA 3350-1] bind9 security update Moritz Muehlenhoff (Sep 03)
[SECURITY] [DSA 3357-1] vzctl security update Moritz Muehlenhoff (Sep 14)
Onur Yilmaz
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 Onur Yilmaz (Sep 10)
Pedro Ribeiro
Remote privesc and RCE in Kaseya Virtual System Administrator Pedro Ribeiro (Sep 29)
Popovici, Alejo (LATCO - Buenos Aires)
RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Popovici, Alejo (LATCO - Buenos Aires) (Sep 30)
Portcullis Advisories
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
Ralf Spenneberg
Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC Ralf Spenneberg (Sep 29)
Ralf Spenneberg (OpenSource Security)
CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC Ralf Spenneberg (OpenSource Security) (Sep 29)
Salvatore Bonaccorso
[SECURITY] [DSA 3368-1] cyrus-sasl2 security update Salvatore Bonaccorso (Sep 25)
[SECURITY] [DSA 3358-1] php5 security update Salvatore Bonaccorso (Sep 14)
[SECURITY] [DSA 3356-1] openldap security update Salvatore Bonaccorso (Sep 11)
[SECURITY] [DSA 3349-1] qemu-kvm security update Salvatore Bonaccorso (Sep 02)
[SECURITY] [DSA 3366-1] rpcbind security update Salvatore Bonaccorso (Sep 24)
[SECURITY] [DSA 3361-1] qemu security update Salvatore Bonaccorso (Sep 21)
[SECURITY] [DSA 3348-1] qemu security update Salvatore Bonaccorso (Sep 02)
[SECURITY] [DSA 3362-1] qemu-kvm security update Salvatore Bonaccorso (Sep 21)
[SECURITY] [DSA 3354-1] spice security update Salvatore Bonaccorso (Sep 09)
Sébastien Delafond
[SECURITY] [DSA 3347-1] pdns security update Sébastien Delafond (Sep 02)
Securify B.V.
Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V. (Sep 22)
Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 23)
Re: Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 30)
Synology Video Station command injection and multiple SQL injection vulnerabilities Securify B.V. (Sep 09)
Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Securify B.V. (Sep 09)
Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Sep 09)
Security Alert
ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability Security Alert (Sep 03)
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability Security Alert (Sep 09)
ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities Security Alert (Sep 09)
ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert (Sep 23)
ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability Security Alert (Sep 02)
ESA-2015-151: RSA® OneStep Path Traversal Vulnerability Security Alert (Sep 29)
ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities Security Alert (Sep 29)
security-alert
[security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution security-alert (Sep 16)
[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS) security-alert (Sep 09)
[security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information security-alert (Sep 17)
[security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code security-alert (Sep 11)
[security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) security-alert (Sep 22)
[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass security-alert (Sep 14)
[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information security-alert (Sep 09)
[security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code security-alert (Sep 01)
[security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege security-alert (Sep 28)
[security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information security-alert (Sep 22)
[security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data security-alert (Sep 15)
[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS) security-alert (Sep 09)
[security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information security-alert (Sep 30)
securityresearch
Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft) securityresearch (Sep 21)
Shazron
Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Shazron (Sep 25)
Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-265-01) Slackware Security Team (Sep 23)
[slackware-security] bind (SSA:2015-245-01) Slackware Security Team (Sep 03)
[slackware-security] seamonkey (SSA:2015-246-01) Slackware Security Team (Sep 04)
[slackware-security] gdk-pixbuf2 (SSA:2015-244-01) Slackware Security Team (Sep 02)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... Stefan Kanthak (Sep 21)
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation Stefan Kanthak (Sep 04)
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak (Sep 09)
Re: Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak (Sep 10)
sven . freund
[SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key sven . freund (Sep 03)
Vulnerability Lab
Paypal Inc - Open Redirect Web Vulnerability Vulnerability Lab (Sep 15)
UltraEdit v22.20 - Buffer Overflow Vulnerability Vulnerability Lab (Sep 23)
PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability Vulnerability Lab (Sep 11)
Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability Vulnerability Lab (Sep 11)
Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 28)
Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability Vulnerability Lab (Sep 23)
UDID v1.0 iOS - Persistent Mail Encode Vulnerability Vulnerability Lab (Sep 22)
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability Vulnerability Lab (Sep 28)
Magento Bug Bounty #19 - Persistent Filename Vulnerability Vulnerability Lab (Sep 11)
Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability Vulnerability Lab (Sep 28)
WinRAR SFX v5.21 - Remote Code Execution Vulnerability Vulnerability Lab (Sep 28)
Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 22)
Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability Vulnerability Lab (Sep 11)
WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability Vulnerability Lab (Sep 23)
IconLover v5.4.5 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Sep 28)
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities Vulnerability Lab (Sep 03)
My.WiFi USB Drive v1.0 iOS - File Include Vulnerability Vulnerability Lab (Sep 28)