Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
165 messages
starting Apr 24 16 and
ending Apr 27 16
Date index |
Thread index |
Author index
Alessandro Ghedini
[SECURITY] [DSA 3555-1] imlib2 security update Alessandro Ghedini (Apr 24)
apparitionsec
op5 v7.1.9 Remote Command Execution apparitionsec (Apr 05)
PHPBack v1.3.0 SQL Injection apparitionsec (Apr 19)
Apple Product Security
APPLE-SA-2016-03-31-1 iBooks Author 2.4.1 Apple Product Security (Apr 01)
Asterisk Security Team
AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk Asterisk Security Team (Apr 14)
AST-2016-005: TCP denial of service in PJProject Asterisk Security Team (Apr 14)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2016-0003 Carlos Alberto Lopez Perez (Apr 01)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Apr 13)
Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Apr 20)
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability Cisco Systems Product Security Incident Response Team (Apr 06)
david . vieira-kurz
Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109) david . vieira-kurz (Apr 24)
displaymyname
Webutler CMS 3.2 - Cross-Site Request Forgery displaymyname (Apr 20)
ERPScan inc
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction ERPScan inc (Apr 15)
[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability ERPScan inc (Apr 19)
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues ERPScan inc (Apr 15)
[ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability ERPScan inc (Apr 19)
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability ERPScan inc (Apr 15)
Florian Weimer
[SECURITY] [DSA 3551-1] fuseiso security update Florian Weimer (Apr 17)
gsoc
OpenTSDB RCE gsoc (Apr 21)
Hack Ex
Bugcrowd CSV injection vulnerability Hack Ex (Apr 04)
Hans Jerry Illikainen
CVE-2016-3074: libgd: signedness vulnerability Hans Jerry Illikainen (Apr 21)
CVE-2016-2191: optipng: invalid write Hans Jerry Illikainen (Apr 04)
CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* Hans Jerry Illikainen (Apr 28)
Hector Marco-Gisbert
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert (Apr 06)
Heimbuecher003
JAWS Weak Service Permissions leads to Privilege Escalation Heimbuecher003 (Apr 08)
High-Tech Bridge Security Research
SQL Injection in SocialEngine High-Tech Bridge Security Research (Apr 06)
RCE via CSRF in phpMyFAQ High-Tech Bridge Security Research (Apr 20)
SQL Injection in GLPI High-Tech Bridge Security Research (Apr 29)
HP Security Alert
[security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files HP Security Alert (Apr 03)
hyp3rlinx
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking hyp3rlinx (Apr 10)
CSRF - MySQL / PHP.INI Hijacking hyp3rlinx (Apr 10)
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking hyp3rlinx (Apr 10)
CAM UnZip v5.1 Archive Directory Traversal hyp3rlinx (Apr 12)
WPN-XM Serverstack v0.8.6 XSS hyp3rlinx (Apr 10)
iedb . team
Mybb Cms (private.php Page) Denial Of Service Vulnerability iedb . team (Apr 14)
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability iedb . team (Apr 10)
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability iedb . team (Apr 10)
Vbulletin Cms (Sendmessage.php Page) 0Day Exploit iedb . team (Apr 13)
Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability iedb . team (Apr 10)
Mybb Cms (create forum and edit) Cross-Site Script Vulnerability iedb . team (Apr 13)
iesb . team
Ahrare Andeysheh Cms Multiple Vulnerabilities iesb . team (Apr 17)
Jacques GRILLOT
RE: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability Jacques GRILLOT (Apr 06)
jleroux () apache org
CVE-2016-2170: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 10)
CVE-2015-3268: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 10)
karim reda Fakhir
exploit CVE-2016-2203 karim reda Fakhir (Apr 21)
Telisca IPS Lock 2 Vulnerability karim reda Fakhir (Apr 25)
klaus . eisentraut
CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) klaus . eisentraut (Apr 18)
Kotas, Kevin J
CA20160405-01: Security Notice for CA API Gateway Kotas, Kevin J (Apr 05)
lists () exploits4coins com
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit lists () exploits4coins com (Apr 04)
Luciano Bello
[SECURITY] [DSA 3547-1] imagemagick security update Luciano Bello (Apr 11)
Mahmut Firuz Dumlupinar - Vendor
Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability Mahmut Firuz Dumlupinar - Vendor (Apr 27)
Martin Heiland
Open-Xchange Security Advisory 2016-04-02 Martin Heiland (Apr 03)
Michael Gilbert
[SECURITY] [DSA 3549-1] chromium-browser security update Michael Gilbert (Apr 15)
Moritz Muehlenhoff
[SECURITY] [DSA 3558-1] openjdk-7 security update Moritz Muehlenhoff (Apr 26)
[SECURITY] [DSA 3552-1] tomcat7 security update Moritz Muehlenhoff (Apr 17)
[SECURITY] [DSA 3559-1] iceweasel security update Moritz Muehlenhoff (Apr 27)
[SECURITY] [DSA 3546-1] optipng security update Moritz Muehlenhoff (Apr 08)
[SECURITY] [DSA 3550-1] openssh security update Moritz Muehlenhoff (Apr 15)
[SECURITY] [DSA 3543-1] oar security update Moritz Muehlenhoff (Apr 05)
[SECURITY] [DSA 3540-1] lhasa security update Moritz Muehlenhoff (Apr 04)
Pedro Ribeiro
[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 Pedro Ribeiro (Apr 10)
r3s34rch3r
OpenCart json_decode function Remote PHP Code Execution r3s34rch3r (Apr 10)
Rahul Pratap Singh
Easy Social Share Buttons for WordPress XSS Vulnerability Rahul Pratap Singh (Apr 24)
Unlimited Pop-Ups WordPress Plugin XSS Vulnerability Rahul Pratap Singh (Apr 24)
Echosign Plugin for WordPress XSS Vulnerability Rahul Pratap Singh (Apr 24)
Tweet-wheel XSS Vulnerability Rahul Pratap Singh (Apr 24)
Google SEO Pressor Snippet Plugin XSS Vulnerability Rahul Pratap Singh (Apr 24)
CM-AD-Changer XSS Vulnerability Rahul Pratap Singh (Apr 24)
Persian-woocommerce-sms XSS Vulnerability Rahul Pratap Singh (Apr 24)
research
Open redirect on Google.com research (Apr 12)
Securing Android Applications from Screen Capture research (Apr 14)
research () rv3lab org
Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 research () rv3lab org (Apr 19)
Salvatore Bonaccorso
[SECURITY] [DSA 3545-1] cgit security update Salvatore Bonaccorso (Apr 07)
[SECURITY] [DSA 3548-1] samba security update Salvatore Bonaccorso (Apr 13)
[SECURITY] [DSA 3539-1] srtp security update Salvatore Bonaccorso (Apr 03)
[SECURITY] [DSA 3554-1] xen security update Salvatore Bonaccorso (Apr 21)
[SECURITY] [DSA 3556-1] libgd2 security update Salvatore Bonaccorso (Apr 24)
[SECURITY] [DSA 3560-1] php5 security update Salvatore Bonaccorso (Apr 27)
[SECURITY] [DSA 3561-1] subversion security update Salvatore Bonaccorso (Apr 29)
[SECURITY] [DSA 3557-1] mysql-5.5 security update Salvatore Bonaccorso (Apr 26)
[SECURITY] [DSA 3544-1] python-django security update Salvatore Bonaccorso (Apr 07)
[SECURITY] [DSA 3542-1] mercurial security update Salvatore Bonaccorso (Apr 05)
[SECURITY] [DSA 3548-2] samba regression update Salvatore Bonaccorso (Apr 14)
Sandro Poppi
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability Sandro Poppi (Apr 15)
Sebastian Perez
ManageEngine Password Manager Pro Multiple Vulnerabilities Sebastian Perez (Apr 04)
Sebastien Delafond
[SECURITY] [DSA 3553-1] varnish security update Sebastien Delafond (Apr 22)
[SECURITY] [DSA 3485-2] didiwiki security update Sebastien Delafond (Apr 12)
[SECURITY] [DSA 3541-1] roundcube security update Sebastien Delafond (Apr 05)
SEC Consult Vulnerability Lab
SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator SEC Consult Vulnerability Lab (Apr 22)
SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app SEC Consult Vulnerability Lab (Apr 22)
Securify B.V.
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection Securify B.V. (Apr 27)
.NET Framework 4.6 allows side loading of Windows API Set DLL Securify B.V. (Apr 12)
Security Alert
ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities Security Alert (Apr 19)
ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability Security Alert (Apr 04)
ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability Security Alert (Apr 14)
ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability Security Alert (Apr 11)
security-alert
[security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS) security-alert (Apr 25)
[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information security-alert (Apr 19)
[security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) security-alert (Apr 28)
[security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) security-alert (Apr 06)
[security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS) security-alert (Apr 03)
[security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges security-alert (Apr 18)
[security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Apr 03)
[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information security-alert (Apr 22)
[security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information security-alert (Apr 22)
[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files security-alert (Apr 03)
[security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection security-alert (Apr 07)
[security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert (Apr 03)
[security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Apr 18)
[security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information security-alert (Apr 06)
[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information security-alert (Apr 04)
Security Explorations
[SE-2012-01] Broken security fix in IBM Java 7/8 Security Explorations (Apr 04)
Re: [SE-2012-01] Broken security fix in IBM Java 7/8 Security Explorations (Apr 05)
[SE-2012-01] Yet another broken security fix in IBM Java 7/8 Security Explorations (Apr 13)
shell
*.Shell.com Port 443 DROWN decryption attack shell (Apr 20)
shell.com vulnerable TLS shell (Apr 20)
Simon Waters (Surevine)
Blind SQL injections in CivicRM Simon Waters (Surevine) (Apr 11)
Slackware Security Team
[slackware-security] samba (SSA:2016-106-02) Slackware Security Team (Apr 17)
[slackware-security] mozilla-thunderbird (SSA:2016-095-01) Slackware Security Team (Apr 04)
[slackware-security] php (SSA:2016-092-02) Slackware Security Team (Apr 03)
[slackware-security] subversion (SSA:2016-097-01) Slackware Security Team (Apr 06)
[slackware-security] mercurial (SSA:2016-092-01) Slackware Security Team (Apr 03)
[slackware-security] mozilla-firefox (SSA:2016-117-01) Slackware Security Team (Apr 27)
[slackware-security] mozilla-thunderbird (SSA:2016-106-01) Slackware Security Team (Apr 17)
Stefan Kanthak
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream Stefan Kanthak (Apr 28)
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege Stefan Kanthak (Apr 19)
Tony Homer
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Tony Homer (Apr 27)
urikanonov
[CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android urikanonov (Apr 17)
VMware Security Response Center
NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin VMware Security Response Center (Apr 14)
Vulnerability Lab
Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 01)
Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 25)
AccelSite Content Manager v1.0 - SQL Injection Vulnerability Vulnerability Lab (Apr 08)
C & C++ for OS - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 25)
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability Vulnerability Lab (Apr 05)
Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Apr 04)
Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Apr 29)
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 14)
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 25)
Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Apr 07)
Negin Group CMS - (v) Multiple Web Vulnerabilities Vulnerability Lab (Apr 25)
Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities Vulnerability Lab (Apr 07)
Trend Micro (Account) - Email Spoofing Web Vulnerability Vulnerability Lab (Apr 26)
UBNT Bug Bounty #2 - XML External Entity Vulnerability Vulnerability Lab (Apr 25)
Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability Vulnerability Lab (Apr 07)
VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability Vulnerability Lab (Apr 26)
FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability Vulnerability Lab (Apr 04)
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability Vulnerability Lab (Apr 26)
Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Apr 07)
Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities Vulnerability Lab (Apr 25)
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability Vulnerability Lab (Apr 12)
Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability Vulnerability Lab (Apr 07)
Webline CMS (2016Q2) - SQL Injection Vulnerability Vulnerability Lab (Apr 13)
Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability Vulnerability Lab (Apr 04)
Oracle Discoverer Viewer BI - Open Redirect Vulnerability Vulnerability Lab (Apr 27)