Bugtraq: by date

PreviousPrevious period
Next periodNext

148 messages starting Sep 01 15 and ending Sep 30 15
Date index | Thread index | Author index

Tuesday, 01 September

[security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code security-alert
[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities CORE Advisories Team
KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation KoreLogic Disclosures

Wednesday, 02 September

KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation KoreLogic Disclosures
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection David Black
[slackware-security] gdk-pixbuf2 (SSA:2015-244-01) Slackware Security Team
Cross-Site Request Forgery in Cerb High-Tech Bridge Security Research
ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability Security Alert
[SECURITY] [DSA 3347-1] pdns security update SĂ©bastien Delafond
Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3349-1] qemu-kvm security update Salvatore Bonaccorso
[SECURITY] [DSA 3348-1] qemu security update Salvatore Bonaccorso

Thursday, 03 September

FreeBSD Security Advisory FreeBSD-SA-15:23.bind FreeBSD Security Advisories
[SECURITY] [DSA 3350-1] bind9 security update Moritz Muehlenhoff
[slackware-security] bind (SSA:2015-245-01) Slackware Security Team
[SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key sven . freund
Checkmarx CxQL Sandbox bypass (CVE-2014-8778) hdau
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities Vulnerability Lab
ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability Security Alert
[CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow Julien Ahrens

Friday, 04 September

[SECURITY] [DSA 3351-1] chromium-browser security update Michael Gilbert
[slackware-security] seamonkey (SSA:2015-246-01) Slackware Security Team
[SECURITY] [DSA 3352-1] screen security update Laszlo Boszormenyi
Oracle Hyperion password disclosure... Jeff Kayser
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation Stefan Kanthak
Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability David Coomber
Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability David Coomber

Monday, 07 September

JSPMySQL Administrador CSRF & XSS Vulnerabilities apparitionsec
[SECURITY] [DSA 3353-1] openslp-dfsg security update Alessandro Ghedini
NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. Elliott Lewis

Tuesday, 08 September

[CVE-2015-3623] Qlikview blind XXE Security Vulnerability alex_haynes

Wednesday, 09 September

Re: Oracle Hyperion password disclosure... jeff . kayser
[SECURITY] [DSA 3354-1] spice security update Salvatore Bonaccorso
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak
Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V.
[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS) security-alert
ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities Security Alert
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability Security Alert
[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository ERPScan inc
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials ERPScan inc
[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials ERPScan inc
[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS) security-alert
[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information security-alert
Synology Video Station command injection and multiple SQL injection vulnerabilities Securify B.V.
Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Securify B.V.

Thursday, 10 September

[SECURITY] [DSA 3355-1] libvdpau security update Alessandro Ghedini
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 Onur Yilmaz
Re: Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak

Friday, 11 September

Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14 dkl
Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15 LpSolit
Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability Vulnerability Lab
Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability Vulnerability Lab
PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability Vulnerability Lab
Magento Bug Bounty #19 - Persistent Filename Vulnerability Vulnerability Lab
[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability Egidio Romano
[security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code security-alert
IKEView.exe Fox beta 1 Stack Buffer Overflow apparitionsec
[SECURITY] [DSA 3356-1] openldap security update Salvatore Bonaccorso

Monday, 14 September

[SECURITY] [DSA 3357-1] vzctl security update Moritz Muehlenhoff
[SECURITY] [DSA 3359-1] virtualbox security update Moritz Muehlenhoff
[SECURITY] [DSA 3358-1] php5 security update Salvatore Bonaccorso
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting Ahrens, Julien
[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass security-alert
IKEView.exe R60 Stack Buffer Overflow apparitionsec

Tuesday, 15 September

Openfire 3.10.2 CSRF Vulnerabilities apparitionsec
Paypal Inc - Open Redirect Web Vulnerability Vulnerability Lab
[security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data security-alert
[SECURITY] [DSA 3360-1] icu security update GCS

Wednesday, 16 September

Microsoft Exchange Information Disclosure apparitionsec
Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files gregory draperi
[security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution security-alert
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
APPLE-SA-2015-09-16-1 iOS 9 Apple Product Security
APPLE-SA-2015-09-16-2 Xcode 7.0 Apple Product Security
APPLE-SA-2015-09-16-3 iTunes 12.3 Apple Product Security

Thursday, 17 September

Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912) Amit Klein
APPLE-SA-2015-09-16-4 OS X Server 5.0.3 Apple Product Security
[security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information security-alert
KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation KoreLogic Disclosures

Monday, 21 September

[SECURITY] [DSA 3361-1] qemu security update Salvatore Bonaccorso
[SECURITY] [DSA 3362-1] qemu-kvm security update Salvatore Bonaccorso
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... Stefan Kanthak
[SECURITY] [DSA 3363-1] owncloud-client security update Luciano Bello
SAP Netwaver - XML External Entity Injection Lukasz Miedzinski
CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth Antoine Neuenschwander
Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft) securityresearch
Jasig CAS server vulnerabilities Antoni Klajn
APPLE-SA-2015-09-21-1 watchOS 2 Apple Product Security

Tuesday, 22 September

[SECURITY] [DSA 3364-1] linux security update Ben Hutchings
Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab
UDID v1.0 iOS - Persistent Mail Encode Vulnerability Vulnerability Lab
[security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information security-alert
Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V.

Wednesday, 23 September

[slackware-security] mozilla-firefox (SSA:2015-265-01) Slackware Security Team
Open-Xchange Security Advisory 2015-09-23 Martin Heiland
Reflected Cross-Site Scripting (XSS) in iTop High-Tech Bridge Security Research
Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability Vulnerability Lab
WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability Vulnerability Lab
UltraEdit v22.20 - Buffer Overflow Vulnerability Vulnerability Lab
Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert
[SECURITY] [DSA 3365-1] iceweasel security update Moritz Muehlenhoff
Cisco AnyConnect elevation of privileges via DMG install script Securify B.V.

Thursday, 24 September

[SECURITY] [DSA 3366-1] rpcbind security update Salvatore Bonaccorso
BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting appsec
BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting appsec
[SECURITY] [DSA 3367-1] wireshark security update Moritz Muehlenhoff

Friday, 25 September

Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Shazron
FortiManager v5.2.2 Multiple XSS Vulnerabilities apparitionsec
Insecure application-coupling in Good Authentication Delegation [MZ-15-03] modzero
CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine Portcullis Advisories
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine Portcullis Advisories
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine Portcullis Advisories
[SECURITY] [DSA 3368-1] cyrus-sasl2 security update Salvatore Bonaccorso

Monday, 28 September

[security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege security-alert
Git-1.9.5 ssh-agent.exe Buffer Overflow apparitionsec
CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed
CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed
Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin ibemed
Git-1.9.5 ssh-agent.exe Buffer Overflow apparitionsec
My.WiFi USB Drive v1.0 iOS - File Include Vulnerability Vulnerability Lab
Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability Vulnerability Lab
WinRAR SFX v5.21 - Remote Code Execution Vulnerability Vulnerability Lab
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability Vulnerability Lab
Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab
IconLover v5.4.5 - Stack Buffer Overflow Vulnerability Vulnerability Lab
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000) Benjamin Daniel Mussler

Tuesday, 29 September

Remote privesc and RCE in Kaseya Virtual System Administrator Pedro Ribeiro
CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC Ralf Spenneberg (OpenSource Security)
ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities Security Alert
ESA-2015-151: RSA® OneStep Path Traversal Vulnerability Security Alert
Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC Ralf Spenneberg
CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23 Marcello Duarte
FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind FreeBSD Security Advisories

Wednesday, 30 September

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability dev
RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Popovici, Alejo (LATCO - Buenos Aires)
Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Eugene Roshal
Apache James Server 2.3.2 security vulnerability fixed Eric Charles
Re: Cisco AnyConnect elevation of privileges via DMG install script Securify B.V.
APPLE-SA-2015-09-30-01 iOS 9.0.2 Apple Product Security
[security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information security-alert
APPLE-SA-2015-09-30-2 Safari 9 Apple Product Security
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 Apple Product Security
PreviousPrevious period
Next periodNext