Bugtraq: by date

PreviousPrevious period
Next periodNext

165 messages starting Apr 01 16 and ending Apr 29 16
Date index | Thread index | Author index

Friday, 01 April

Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability Vulnerability Lab
WebKitGTK+ Security Advisory WSA-2016-0003 Carlos Alberto Lopez Perez
APPLE-SA-2016-03-31-1 iBooks Author 2.4.1 Apple Product Security

Sunday, 03 April

[security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files HP Security Alert
[security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert
[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files security-alert
[security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert
[slackware-security] php (SSA:2016-092-02) Slackware Security Team
[slackware-security] mercurial (SSA:2016-092-01) Slackware Security Team
[security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS) security-alert
Open-Xchange Security Advisory 2016-04-02 Martin Heiland
[SECURITY] [DSA 3539-1] srtp security update Salvatore Bonaccorso

Monday, 04 April

[SECURITY] [DSA 3540-1] lhasa security update Moritz Muehlenhoff
Bugcrowd CSV injection vulnerability Hack Ex
Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability Vulnerability Lab
FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability Vulnerability Lab
ManageEngine Password Manager Pro Multiple Vulnerabilities Sebastian Perez
CVE-2016-2191: optipng: invalid write Hans Jerry Illikainen
[SE-2012-01] Broken security fix in IBM Java 7/8 Security Explorations
ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability Security Alert
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit lists () exploits4coins com
[slackware-security] mozilla-thunderbird (SSA:2016-095-01) Slackware Security Team
[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information security-alert

Tuesday, 05 April

[SECURITY] [DSA 3541-1] roundcube security update Sebastien Delafond
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability Vulnerability Lab
[SECURITY] [DSA 3542-1] mercurial security update Salvatore Bonaccorso
[SECURITY] [DSA 3543-1] oar security update Moritz Muehlenhoff
Re: [SE-2012-01] Broken security fix in IBM Java 7/8 Security Explorations
CA20160405-01: Security Notice for CA API Gateway Kotas, Kevin J
op5 v7.1.9 Remote Command Execution apparitionsec

Wednesday, 06 April

[slackware-security] subversion (SSA:2016-097-01) Slackware Security Team
RE: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability Jacques GRILLOT
SQL Injection in SocialEngine High-Tech Bridge Security Research
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert
Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information security-alert
[security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) security-alert

Thursday, 07 April

Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability Vulnerability Lab
Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities Vulnerability Lab
Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability Vulnerability Lab
Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability Vulnerability Lab
[security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection security-alert
[SECURITY] [DSA 3544-1] python-django security update Salvatore Bonaccorso
[SECURITY] [DSA 3545-1] cgit security update Salvatore Bonaccorso

Friday, 08 April

[SECURITY] [DSA 3546-1] optipng security update Moritz Muehlenhoff
AccelSite Content Manager v1.0 - SQL Injection Vulnerability Vulnerability Lab
JAWS Weak Service Permissions leads to Privilege Escalation Heimbuecher003

Sunday, 10 April

CVE-2015-3268: Apache OFBiz information disclosure vulnerability jleroux () apache org
CVE-2016-2170: Apache OFBiz information disclosure vulnerability jleroux () apache org
WPN-XM Serverstack v0.8.6 XSS hyp3rlinx
CSRF - MySQL / PHP.INI Hijacking hyp3rlinx
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking hyp3rlinx
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking hyp3rlinx
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability iedb . team
OpenCart json_decode function Remote PHP Code Execution r3s34rch3r
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability iedb . team
Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability iedb . team
[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 Pedro Ribeiro

Monday, 11 April

Blind SQL injections in CivicRM Simon Waters (Surevine)
ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability Security Alert
[SECURITY] [DSA 3547-1] imagemagick security update Luciano Bello

Tuesday, 12 April

[SECURITY] [DSA 3485-2] didiwiki security update Sebastien Delafond
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability Vulnerability Lab
Open redirect on Google.com research
.NET Framework 4.6 allows side loading of Windows API Set DLL Securify B.V.
CAM UnZip v5.1 Archive Directory Traversal hyp3rlinx

Wednesday, 13 April

[SE-2012-01] Yet another broken security fix in IBM Java 7/8 Security Explorations
Vbulletin Cms (Sendmessage.php Page) 0Day Exploit iedb . team
Webline CMS (2016Q2) - SQL Injection Vulnerability Vulnerability Lab
Mybb Cms (create forum and edit) Cross-Site Script Vulnerability iedb . team
Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3548-1] samba security update Salvatore Bonaccorso

Thursday, 14 April

[SECURITY] [DSA 3548-2] samba regression update Salvatore Bonaccorso
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Mybb Cms (private.php Page) Denial Of Service Vulnerability iedb . team
Securing Android Applications from Screen Capture research
ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability Security Alert
NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin VMware Security Response Center
AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk Asterisk Security Team
AST-2016-005: TCP denial of service in PJProject Asterisk Security Team

Friday, 15 April

[SECURITY] [DSA 3549-1] chromium-browser security update Michael Gilbert
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability ERPScan inc
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction ERPScan inc
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues ERPScan inc
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability Sandro Poppi
[SECURITY] [DSA 3550-1] openssh security update Moritz Muehlenhoff

Sunday, 17 April

[slackware-security] mozilla-thunderbird (SSA:2016-106-01) Slackware Security Team
[slackware-security] samba (SSA:2016-106-02) Slackware Security Team
[CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android urikanonov
Ahrare Andeysheh Cms Multiple Vulnerabilities iesb . team
[SECURITY] [DSA 3551-1] fuseiso security update Florian Weimer
[SECURITY] [DSA 3552-1] tomcat7 security update Moritz Muehlenhoff

Monday, 18 April

CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) klaus . eisentraut
[security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges security-alert
[security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert

Tuesday, 19 April

Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege Stefan Kanthak
[ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability ERPScan inc
[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability ERPScan inc
Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 research () rv3lab org
ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities Security Alert
[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information security-alert
PHPBack v1.3.0 SQL Injection apparitionsec

Wednesday, 20 April

*.Shell.com Port 443 DROWN decryption attack shell
shell.com vulnerable TLS shell
RCE via CSRF in phpMyFAQ High-Tech Bridge Security Research
Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Webutler CMS 3.2 - Cross-Site Request Forgery displaymyname

Thursday, 21 April

OpenTSDB RCE gsoc
exploit CVE-2016-2203 karim reda Fakhir
CVE-2016-3074: libgd: signedness vulnerability Hans Jerry Illikainen
[SECURITY] [DSA 3554-1] xen security update Salvatore Bonaccorso

Friday, 22 April

[SECURITY] [DSA 3553-1] varnish security update Sebastien Delafond
SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app SEC Consult Vulnerability Lab
SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator SEC Consult Vulnerability Lab
[security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information security-alert
[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information security-alert

Sunday, 24 April

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109) david . vieira-kurz
Persian-woocommerce-sms XSS Vulnerability Rahul Pratap Singh
Tweet-wheel XSS Vulnerability Rahul Pratap Singh
Echosign Plugin for WordPress XSS Vulnerability Rahul Pratap Singh
Google SEO Pressor Snippet Plugin XSS Vulnerability Rahul Pratap Singh
Easy Social Share Buttons for WordPress XSS Vulnerability Rahul Pratap Singh
CM-AD-Changer XSS Vulnerability Rahul Pratap Singh
Unlimited Pop-Ups WordPress Plugin XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3555-1] imlib2 security update Alessandro Ghedini
[SECURITY] [DSA 3556-1] libgd2 security update Salvatore Bonaccorso

Monday, 25 April

Telisca IPS Lock 2 Vulnerability karim reda Fakhir
C & C++ for OS - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability Vulnerability Lab
UBNT Bug Bounty #2 - XML External Entity Vulnerability Vulnerability Lab
Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities Vulnerability Lab
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Negin Group CMS - (v) Multiple Web Vulnerabilities Vulnerability Lab
[security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS) security-alert

Tuesday, 26 April

Trend Micro (Account) - Email Spoofing Web Vulnerability Vulnerability Lab
VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability Vulnerability Lab
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability Vulnerability Lab
[SECURITY] [DSA 3557-1] mysql-5.5 security update Salvatore Bonaccorso
[SECURITY] [DSA 3558-1] openjdk-7 security update Moritz Muehlenhoff

Wednesday, 27 April

[slackware-security] mozilla-firefox (SSA:2016-117-01) Slackware Security Team
Oracle Discoverer Viewer BI - Open Redirect Vulnerability Vulnerability Lab
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection Securify B.V.
[SECURITY] [DSA 3559-1] iceweasel security update Moritz Muehlenhoff
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Tony Homer
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer
Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability Mahmut Firuz Dumlupinar - Vendor
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer
[SECURITY] [DSA 3560-1] php5 security update Salvatore Bonaccorso

Thursday, 28 April

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* Hans Jerry Illikainen
[security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) security-alert
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream Stefan Kanthak

Friday, 29 April

Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
SQL Injection in GLPI High-Tech Bridge Security Research
[SECURITY] [DSA 3561-1] subversion security update Salvatore Bonaccorso
PreviousPrevious period
Next periodNext