Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
168 messages
starting Aug 01 16 and
ending Aug 31 16
Date index |
Thread index |
Author index
Monday, 01 August
Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492) unlimitsec
[SECURITY] [DSA 3636-1] collectd security update Sebastien Delafond
[SECURITY] [DSA 3634-1] redis security update Sebastien Delafond
Huawei eSpace IAD Remote Information Disclosure Vulnerability ak47464659484
Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin Summer of Pwnage
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA Summer of Pwnage
[SECURITY] [DSA 3637-1] chromium-browser security update Michael Gilbert
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage
SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) David Coomber
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage
[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c wpengfeinudt
[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information security-alert
[security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution security-alert
Tuesday, 02 August
FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab
WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab
Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage
Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage
Wednesday, 03 August
Arbitrary File Content Disclosure in Atutor High-Tech Bridge Security Research
WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5 Maria Lemos
[SECURITY] [DSA 3638-1] curl security update Alessandro Ghedini
[SECURITY] [DSA 3639-1] wordpress security update Salvatore Bonaccorso
Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF) security-alert
Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability Secunia Research
Thursday, 04 August
[SECURITY] [DSA 3640-1] firefox-esr security update Moritz Muehlenhoff
Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Activity Log WordPress Plugin Summer of Pwnage
Cross-Site Scripting in WordPress Landing Pages Plugin Summer of Pwnage
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
FortiManager (Series) - (Bookmark) Persistent Vulnerability Vulnerability Lab
[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection klaus . eisentraut
[SECURITY] [DSA 3641-1] openjdk-7 security update Moritz Muehlenhoff
Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro
Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage
Cross-Site Scripting in FormBuilder WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Count per Day WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Summer of Pwnage
Friday, 05 August
[0day] net2ftp multiple XSS on unauthenticated users Jacobo Avariento
Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability Vulnerability Lab
Subrion v4.0.5 CMS - SQL Injection Vulnerability Vulnerability Lab
FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities Vulnerability Lab
Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) Tim Kretschmann
Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) Tim Kretschmann
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) matthias . deeg
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) matthias . deeg
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) matthias . deeg
DLL side loading vulnerability in VMware Host Guest Client Redirector Securify B.V.
Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Monday, 08 August
[SECURITY] [DSA 3642-1] lighttpd security update Sebastien Delafond
[SECURITY] [DSA 3643-1] kde4libs security update Salvatore Bonaccorso
[slackware-security] mozilla-firefox (SSA:2016-219-02) Slackware Security Team
[slackware-security] stunnel (SSA:2016-219-04) Slackware Security Team
[slackware-security] curl (SSA:2016-219-01) Slackware Security Team
[slackware-security] openssh (SSA:2016-219-03) Slackware Security Team
vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski
phpCollab v2.5 CMS - SQL Injection Vulnerability Vulnerability Lab
[SECURITY] [DSA 3644-1] fontconfig security update Salvatore Bonaccorso
ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability Security Alert
Tuesday, 09 August
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 Pedro Ribeiro
[SECURITY] [DSA 3645-1] chromium-browser security update Michael Gilbert
Nagios Network Analyzer v2.2.1 Multiple CSRF hyp3rlinx
Any Video Converter DLL Hijack hyp3rlinx
AirSnort v0.2.7 Stack Corruption DOS hyp3rlinx
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability Vulnerability Lab
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability Vulnerability Lab
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Summer of Pwnage
Notepad++6.9.2 DLL Hijacking Vulnerability mehta . himanshu21
Nagios NA v2.2.1 XSS hyp3rlinx
Internet Explorer iframe sandbox local file name disclosure vulnerability Securify B.V.
Wednesday, 10 August
Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities CORE Advisories Team
Thursday, 11 August
Microsoft Education - Stored Cross Site Web Vulnerability Vulnerability Lab
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability Vulnerability Lab
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org
[SECURITY] [DSA 3646-1] postgresql-9.4 security update Salvatore Bonaccorso
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Stefan Kanthak
[SECURITY] [DSA 3647-1] icedove security update Moritz Muehlenhoff
Friday, 12 August
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Maxim Solodovnik
[security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) security-alert
[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution security-alert
Monday, 15 August
[SECURITY] [DSA 3648-1] wireshark security update Moritz Muehlenhoff
WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity hyp3rlinx
WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION apparitionsec
WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT hyp3rlinx
WSO2-CARBON v4.4.5 CSRF / DOS hyp3rlinx
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) hamedizadi
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) hamedizadi
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) hamedizadi
Linksys E1200 and E2500 (Missing authorization on parental control) samhuntley84
Linksys E2500 and E1200 (Unauth Command Injection) samhuntley84
Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 tal argoni
Stash v1.0.3 CMS - SQL Injection Vulnerability Vulnerability Lab
PayPal Inc BB #127 - 2FA Bypass Vulnerability Vulnerability Lab
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass reggie . dodd30
Tuesday, 16 August
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin Summer of Pwnage
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin Summer of Pwnage
Ajax Load More Local File Inclusion vulnerability Summer of Pwnage
Cross-Site Scripting in Link Library WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage
[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information security-alert
[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution security-alert
[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities security-alert
Lepton CMS Archive Directory Traversal hyp3rlinx
Lepton CMS PHP Code Injection hyp3rlinx
[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials ERPScan inc
[ERPSCAN-16-023] Potential backdoor via hardcoded system ID ERPScan inc
Wednesday, 17 August
[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) Micha Borrmann
Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
Thursday, 18 August
Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3649-1] gnupg security update Salvatore Bonaccorso
[SECURITY] [DSA 3650-1] libgcrypt20 security update Salvatore Bonaccorso
Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access Andrew Klaus
[SYSS-2016-052] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite bugtraq
[SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting bugtraq
[SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-054] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting bugtraq
[SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-055] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting bugtraq
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting bugtraq
[SYSS-2016-054] QNAP QTS - OS Command Injection bugtraq
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting bugtraq
Friday, 19 August
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull
Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner
Monday, 22 August
Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage
[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities security-alert
Tuesday, 23 August
[slackware-security] gnupg (SSA:2016-236-01) Slackware Security Team
Wednesday, 24 August
nullcon 8-bit Call for Papers is open nullcon
WebKitGTK+ Security Advisory WSA-2016-0005 Carlos Alberto Lopez Perez
Thursday, 25 August
SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise SEC Consult Vulnerability Lab
APPLE-SA-2016-08-25-1 iOS 9.3.5 Apple Product Security
[SECURITY] [DSA 3652-1] imagemagick security update Moritz Muehlenhoff
Necroscan <= v0.9.1 Buffer Overflow hyp3rlinx
[SECURITY] [DSA 3654-1] quagga security update Sebastien Delafond
Friday, 26 August
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 submit
Monday, 29 August
[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information security-alert
[slackware-security] kernel (SSA:2016-242-01) Slackware Security Team
Tuesday, 30 August
[security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information security-alert
Wednesday, 31 August
[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) security-alert
Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team