Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
166 messages
starting Jul 26 16 and
ending Jul 21 16
Date index |
Thread index |
Author index
ak47464659484
Silurus Classifieds XSS Vulnerability ak47464659484 (Jul 26)
Huawei ISM Professional XSS Vulnerability ak47464659484 (Jul 26)
alex_haynes
Neoscreen v4.5 Authentication bypass alex_haynes (Jul 25)
Neoscreen v4.5 Blind SQL injection alex_haynes (Jul 25)
Neoscreen v4.5 Cross-site scripting alex_haynes (Jul 25)
Andrey B. Panfilov
HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation Andrey B. Panfilov (Jul 04)
Apple Product Security
APPLE-SA-2016-07-18-5 Safari 9.1.2 Apple Product Security (Jul 19)
APPLE-SA-2016-07-18-6 iTunes 12.4.2 Apple Product Security (Jul 19)
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 Apple Product Security (Jul 19)
APPLE-SA-2016-07-18-3 watchOS 2.2.2 Apple Product Security (Jul 19)
APPLE-SA-2016-07-18-4 tvOS 9.2.2 Apple Product Security (Jul 19)
APPLE-SA-2016-07-18-2 iOS 9.3.3 Apple Product Security (Jul 19)
bashis
[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon bashis (Jul 18)
chaoyi . huang
Syslog Server "npriority" field remote Denial of Service vulnerability chaoyi . huang (Jul 04)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jul 13)
Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Jul 21)
Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability Cisco Systems Product Security Incident Response Team (Jul 20)
David Black
July 2016 - Bamboo Server - Critical Security Advisory David Black (Jul 25)
David Coomber
Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) David Coomber (Jul 06)
Dirk-Willem van Gulik
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 05)
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 07)
Egidio Romano
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability Egidio Romano (Jul 07)
ERPScan inc
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc (Jul 14)
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc (Jul 14)
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc (Jul 14)
Filippo Cavallarin
Apple Safari for Mac OS X SVG local XXE Filippo Cavallarin (Jul 05)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch FreeBSD Security Advisories (Jul 25)
Gergely Eberhardt
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities Gergely Eberhardt (Jul 20)
[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 20)
[SEARCH-LAB advisory] UPC Hungary network problems Gergely Eberhardt (Jul 20)
Grebovich, Dragan (Dragan)
CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal Grebovich, Dragan (Dragan) (Jul 27)
Hans Jerry Illikainen
CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen (Jul 20)
hyp3rlinx
Microsoft WinDbg logviewer.exe Buffer Overflow DOS hyp3rlinx (Jul 07)
WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
Microsoft Process Kill Utility "kill.exe" Buffer Overflow hyp3rlinx (Jul 07)
WebCalendar v1.2.7 PHP Code Injection hyp3rlinx (Jul 04)
WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
WebCalendar v1.2.7 CSRF Protection Bypass hyp3rlinx (Jul 04)
Imre RAD
missing input validation in pmount: arbitrary mount as non-root Imre RAD (Jul 13)
Info
Logic security flaw in TP-LINK - tplinklogin.net Info (Jul 01)
Julien Ahrens
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries Julien Ahrens (Jul 12)
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting Julien Ahrens (Jul 12)
KoreLogic Disclosures
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability KoreLogic Disclosures (Jul 01)
Kotas, Kevin J
CA20160721-01: Security Notice for CA eHealth Kotas, Kevin J (Jul 25)
CA20160627-01: Security Notice for Release Automation Kotas, Kevin J (Jul 01)
Larry W. Cashdollar
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Jul 25)
lem . nikolas
MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas (Jul 25)
MySQL 0days followup (CVE-2016-3477) CVSS 8.1 lem . nikolas (Jul 25)
MySQL zero-day vulnerabilities (July 2016 CPU) lem . nikolas (Jul 21)
Martin Heiland
Open-Xchange Security Advisory 2016-07-13 Martin Heiland (Jul 13)
matthias . deeg
[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg (Jul 29)
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks matthias . deeg (Jul 29)
[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) matthias . deeg (Jul 29)
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability matthias . deeg (Jul 29)
[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Jul 29)
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks matthias . deeg (Jul 29)
mehta . himanshu21
Dropbox 6.4.14 DLL Hijacking Vulnerability mehta . himanshu21 (Jul 26)
mgill
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 mgill (Jul 25)
Moritz Muehlenhoff
[SECURITY] [DSA 3615-1] wireshark security update Moritz Muehlenhoff (Jul 04)
[SECURITY] [DSA 3631-1] php5 security update Moritz Muehlenhoff (Jul 26)
[SECURITY] [DSA 3617-1] horizon security update Moritz Muehlenhoff (Jul 06)
[SECURITY] [DSA 3633-1] xen security update Moritz Muehlenhoff (Jul 27)
[SECURITY] [DSA 3629-1] ntp security update Moritz Muehlenhoff (Jul 25)
Programa STIC
CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] Programa STIC (Jul 19)
rahullraz
[FD]CVE ID request : SQL injection in 24Online Client rahullraz (Jul 04)
reggie . dodd30
Vicon Network Cameras - Authentication Bypass reggie . dodd30 (Jul 28)
research
Crashing Browsers Remotely via Insecure Search Suggestions research (Jul 26)
CVE-2016-5672: Intel Crosswalk SSL Prompt Issue research (Jul 29)
Robbie Gemmell
[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell (Jul 04)
S21sec Vulnerability Research
[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting S21sec Vulnerability Research (Jul 29)
Salvatore Bonaccorso
[SECURITY] [DSA 3632-1] mariadb-10.0 security update Salvatore Bonaccorso (Jul 27)
[SECURITY] [DSA 3612-1] gimp security update Salvatore Bonaccorso (Jul 04)
[SECURITY] [DSA 3630-1] libgd2 security update Salvatore Bonaccorso (Jul 26)
[SECURITY] [DSA 3619-1] libgd2 security update Salvatore Bonaccorso (Jul 15)
[SECURITY] [DSA 3623-1] apache2 security update Salvatore Bonaccorso (Jul 20)
[SECURITY] [DSA 3622-1] python-django security update Salvatore Bonaccorso (Jul 19)
[SECURITY] [DSA 3620-1] pidgin security update Salvatore Bonaccorso (Jul 17)
[SECURITY] [DSA 3621-1] mysql-connector-java security update Salvatore Bonaccorso (Jul 18)
[SECURITY] [DSA 3613-1] libvirt security update Salvatore Bonaccorso (Jul 04)
[SECURITY] [DSA 3628-1] perl security update Salvatore Bonaccorso (Jul 25)
[SECURITY] [DSA 3624-1] mysql-5.5 security update Salvatore Bonaccorso (Jul 21)
[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update Salvatore Bonaccorso (Jul 29)
[SECURITY] [DSA 3614-1] tomcat7 security update Salvatore Bonaccorso (Jul 04)
[SECURITY] [DSA 3626-1] openssh security update Salvatore Bonaccorso (Jul 25)
[SECURITY] [DSA 3616-1] linux security update Salvatore Bonaccorso (Jul 04)
Sebastien Delafond
[SECURITY] [DSA 3625-1] squid3 security update Sebastien Delafond (Jul 22)
SEC Consult Vulnerability Lab
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr SEC Consult Vulnerability Lab (Jul 25)
Secunia Research
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability Secunia Research (Jul 25)
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability Secunia Research (Jul 25)
Security Alert
ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability Security Alert (Jul 06)
security-alert
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam security-alert (Jul 01)
[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) security-alert (Jul 21)
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code security-alert (Jul 12)
[security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert (Jul 05)
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution security-alert (Jul 25)
[security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information security-alert (Jul 07)
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution security-alert (Jul 15)
[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) security-alert (Jul 26)
[security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information security-alert (Jul 04)
Slackware Security Team
[slackware-security] bind (SSA:2016-204-01) Slackware Security Team (Jul 25)
[slackware-security] samba (SSA:2016-189-01) Slackware Security Team (Jul 07)
[slackware-security] gimp (SSA:2016-203-01) Slackware Security Team (Jul 21)
[slackware-security] php (SSA:2016-203-02) Slackware Security Team (Jul 21)
[slackware-security] mozilla-thunderbird (SSA:2016-187-01) Slackware Security Team (Jul 05)
Stefan Kanthak
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak (Jul 18)
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Stefan Kanthak (Jul 13)
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Stefan Kanthak (Jul 01)
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design Stefan Kanthak (Jul 25)
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking Stefan Kanthak (Jul 25)
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking Stefan Kanthak (Jul 19)
Summer of Pwnage
Multiple SQL injection vulnerabilities in WordPress Video Player Summer of Pwnage (Jul 19)
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin Summer of Pwnage (Jul 14)
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin Summer of Pwnage (Jul 12)
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress Summer of Pwnage (Jul 14)
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin Summer of Pwnage (Jul 12)
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin Summer of Pwnage (Jul 14)
Persistent Cross-Site Scripting in WordPress Activity Log plugin Summer of Pwnage (Jul 12)
Cross-Site Scripting in Contact Form to Email WordPress Plugin Summer of Pwnage (Jul 25)
Cross-Site Scripting vulnerability in ColorWay WordPress Theme Summer of Pwnage (Jul 26)
Cross-Site Scripting in Code Snippets WordPress Plugin Summer of Pwnage (Jul 25)
Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) Summer of Pwnage (Jul 20)
Persistent Cross-Site Scripting in WP Live Chat Support plugin Summer of Pwnage (Jul 11)
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin Summer of Pwnage (Jul 20)
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin Summer of Pwnage (Jul 19)
Cross-Site Scripting vulnerability in Email Users WordPress Plugin Summer of Pwnage (Jul 12)
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin Summer of Pwnage (Jul 14)
Easy Forms for MailChimp Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin Summer of Pwnage (Jul 11)
Cross-Site Request Forgery in Icegram WordPress Plugin Summer of Pwnage (Jul 19)
WP Fastest Cache Member Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
Thijs Kinkhorst
[SECURITY] [DSA 3627-1] phpmyadmin security update Thijs Kinkhorst (Jul 25)
Tim Allison
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison (Jul 25)
Tim Schughart
Multiple vulns in Vodafone EasyBox 804 Tim Schughart (Jul 17)
Vulnerability Lab
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability Vulnerability Lab (Jul 28)
Saveya Bounty #1 - Bypass & Persistent Vulnerability Vulnerability Lab (Jul 28)
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability Vulnerability Lab (Jul 06)
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jul 29)
IBM BlueMix Cloud - (API) Persistent Web Vulnerability Vulnerability Lab (Jul 06)
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability Vulnerability Lab (Jul 04)
BMW - (Token) Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jul 08)
BMW ConnectedDrive - (Update) VIN Session Vulnerability Vulnerability Lab (Jul 08)
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Jul 27)
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability Vulnerability Lab (Jul 28)
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)
Teampass 2.1.26 - Authenticated File Upload Vulnerability Vulnerability Lab (Jul 06)
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) Vulnerability Lab (Jul 19)
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Jul 28)
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability Vulnerability Lab (Jul 27)
Wick, Ryan (US - Chicago)
RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Wick, Ryan (US - Chicago) (Jul 27)
wpengfeinudt
[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c wpengfeinudt (Jul 01)
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c wpengfeinudt (Jul 01)
[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c wpengfeinudt (Jul 04)
[CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c wpengfeinudt (Jul 04)
wsachin092
Re: Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092 (Jul 06)
Putty (beta 0.67) DLL Hijacking Vulnerability wsachin092 (Jul 05)
wwiinngd
Dreammail 5 mail client XSS Vulnerability wwiinngd (Jul 21)