Bugtraq: by date

124 messages starting Jun 01 16 and ending Jun 30 16
Date index | Thread index | Author index

Wednesday, 01 June

[SECURITY] [DSA 3590-1] chromium-browser security update Michael Gilbert
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS hyp3rlinx
[SECURITY] [DSA 3591-1] imagemagick security update Luciano Bello
[security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) security-alert
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3592-1] nginx security update Moritz Muehlenhoff
[security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities security-alert
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities security-alert

Thursday, 02 June

XML External Entity XXE vulnerability in OpenID component of Liferay Sandro Gauci
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway SEC Consult Vulnerability Lab
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) security-alert
Zoho OpManager < v12 d_fens
ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability Security Alert
[SECURITY] [DSA 3593-1] libxml2 security update Salvatore Bonaccorso

Friday, 03 June

Notilus v2012 R3 - SQL injection alex_haynes
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability Brian Demers

Monday, 06 June

[security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access security-alert
[security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER HP Security Alert
[slackware-security] ntp (SSA:2016-155-01) Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-16:24.ntp FreeBSD Security Advisories
[SECURITY] [DSA 3594-1] chromium-browser security update Michael Gilbert
[SECURITY] [DSA 3548-3] samba regression update Salvatore Bonaccorso
[SECURITY] [DSA 3595-1] mariadb-10.0 security update Salvatore Bonaccorso
[SECURITY] [DSA 3596-1] spice security update Salvatore Bonaccorso

Tuesday, 07 June

[security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution security-alert
[security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution security-alert
[security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access security-alert
Mapbox (API) - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability Vulnerability Lab
Microsoft Education - Code Execution Vulnerability Vulnerability Lab
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability Vulnerability Lab
[SECURITY] [DSA 3597-1] expat security update Luciano Bello
[CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection john . fitzpatrick
[security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information security-alert
[security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon security-alert
[security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information security-alert

Wednesday, 08 June

[SECURITY] [DSA 3598-1] vlc security update Moritz Muehlenhoff
Cisco EPC 3928 Multiple Vulnerabilities patryk . bogdan
[security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands security-alert
[security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery security-alert

Thursday, 09 June

[security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities security-alert
[security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities security-alert
ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability Security Alert
ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability Security Alert
CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability John Kinsella
[SECURITY] [DSA 3599-1] p7zip security update Salvatore Bonaccorso
SimpleSAMLphp Link Injection hyp3rlinx
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update Moritz Muehlenhoff
[security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) security-alert

Friday, 10 June

ESA-2016-062: EMC Data Domain Multiple Vulnerabilities Security Alert

Monday, 13 June

OpenWRT: swconfig infrastructure fails to check permissions Elliott Mitchell
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability Vulnerability Lab
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability Vulnerability Lab
ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability Security Alert

Tuesday, 14 June

Oracle Orakill.exe Buffer Overflow hyp3rlinx
[SECURITY] [DSA 3601-1] icedove security update Moritz Muehlenhoff
[SECURITY] [DSA 3602-1] php5 security update Salvatore Bonaccorso
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability Vulnerability Lab

Wednesday, 15 June

[SECURITY] [DSA 3603-1] libav security update Moritz Muehlenhoff
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers Stefan Kanthak
NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue VMware Security Response Center
Joomla com_enmasse - SQL Injection hamedizadi
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab
BookingWizz < 5.5 Multiple Vulnerability mehmet
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
Microsoft Visio multiple DLL side loading vulnerabilities Securify B.V.
[MWR-2016-0001] DDN Insecure Update Mechanism john . fitzpatrick
[MWR-2016-0002] DDN Default SSH Keys john . fitzpatrick
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) iancling

Thursday, 16 June

[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties security-alert
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information security-alert
[SECURITY] [DSA 3604-1] drupal7 security update Moritz Muehlenhoff
User enumeration in Skype for Business 2013 nyxgeek
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense Remco Sprooten
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player Stefan Kanthak

Friday, 17 June

[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability ERPScan inc
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability ERPScan inc
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability ERPScan inc
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion Berend-Jan Wever

Monday, 20 June

sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS hyp3rlinx
[SECURITY] [DSA 3605-1] libxslt security update Salvatore Bonaccorso
Symphony CMS v2.6.7 Session Fixation hyp3rlinx
APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 Apple Product Security
[slackware-security] libarchive (SSA:2016-172-01) Slackware Security Team
[slackware-security] pcre (SSA:2016-172-02) Slackware Security Team

Tuesday, 21 June

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability ERPScan inc
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities ERPScan inc

Wednesday, 22 June

[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability ERPScan inc
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability ERPScan inc
Open-Xchange Security Advisory 2016-06-22 Martin Heiland
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability Security Alert

Friday, 24 June

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability Egidio Romano
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities Egidio Romano
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities Egidio Romano
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability Egidio Romano
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure SEC Consult Vulnerability Lab
#146416 Ruby:HTTP Header injection in 'net/http' redrain root

Monday, 27 June

[SECURITY] [DSA 3606-1] libpdfbox security update Moritz Muehlenhoff
[slackware-security] php (SSA:2016-176-01) Slackware Security Team
MyLittleForum v2.3.5 PHP Command Injection hyp3rlinx
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection Matt Bush
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability mehmet
Craft CMS affected by server side template injection Securify B.V.

Tuesday, 28 June

[SECURITY] [DSA 3607-1] linux security update Salvatore Bonaccorso
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability Vulnerability Lab
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability Vulnerability Lab
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability Vulnerability Lab
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities Vulnerability Lab
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities Egidio Romano
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities Egidio Romano
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability Egidio Romano
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution KoreLogic Disclosures
Symantec SEPM v12.1 Multiple Vulnerabilities hyp3rlinx

Wednesday, 29 June

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD Cantor, Scott
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3609-1] tomcat8 security update Moritz Muehlenhoff
[SECURITY] [DSA 3608-1] libreoffice security update Moritz Muehlenhoff

Thursday, 30 June

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs Blue Frost Security Research Lab
[SECURITY] [DSA 3610-1] xerces-c security update Salvatore Bonaccorso
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update Salvatore Bonaccorso

Previous period

Next period