Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
108 messages
starting Nov 01 16 and
ending Nov 30 16
Date index |
Thread index |
Author index
Tuesday, 01 November
[HITB-Announce] HITB2017AMS CFP Hafez Kamal
OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) Ralf Spenneberg
CfP and Special Session :: CyberSec2017 Jackie Blanco
[slackware-security] x11 (SSA:2016-305-02) Slackware Security Team
[slackware-security] mariadb (SSA:2016-305-03) Slackware Security Team
[slackware-security] php (SSA:2016-305-04) Slackware Security Team
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details Berend-Jan Wever
Wednesday, 02 November
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) security-alert
Monday, 07 November
Axessh 4.2.2 Denial Of Service apparitionsec
[security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection security-alert
MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) Dawid Golunski
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation KoreLogic Disclosures
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution KoreLogic Disclosures
Tuesday, 08 November
[security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution security-alert
[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting security-alert
Rapid PHP Editor CSRF Remote Command Execution apparitionsec
Axessh 4.2.2 Denial Of Service apparitionsec
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow apparitionsec
Faraznet Cms Cross-Site Scripting Vulnerability iedb . team
Faraznet Cms Cross-Site Scripting Vulnerability iedb . team
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability Vulnerability Lab
[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution security-alert
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow Pedro Ribeiro
[SECURITY] [DSA 3707-1] openjdk-7 security update Moritz Muehlenhoff
Cross Site Scripting Vulnerability In Verint Impact 360 sanehsingh
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Calendar WordPress Plugin Summer of Pwnage
Wednesday, 09 November
URL Redirection Vulnerability In Verint Impact 360 sanehsingh
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution security-alert
[SECURITY] [DSA 3709-1] libxslt security update Salvatore Bonaccorso
Thursday, 10 November
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details Berend-Jan Wever
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 nickyccwu
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever
Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability Secunia Research
Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability Secunia Research
CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser tallison
Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability Secunia Research
Monday, 14 November
[SECURITY] [DSA 3711-1] mariadb-10.0 security update Salvatore Bonaccorso
CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart unlimitsec
WHM Panel Mail Delivery Reports crash database Vulnerability iedb . team
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE Maxim Solodovnik
WHM Panel Mail Delivery Reports crash database Vulnerability iedb . team
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details Berend-Jan Wever
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 SEC Consult Vulnerability Lab
Multiple vulnerabilities in Barco Clickshare vincent.ruijter
[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery security-alert
[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection security-alert
CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset Andrew Klaus
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari
Tuesday, 15 November
[security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information security-alert
Wednesday, 16 November
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details Berend-Jan Wever
Thursday, 17 November
[security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS) security-alert
[SECURITY] [DSA 3716-1] firefox-esr security update Moritz Muehlenhoff
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody Stefan Kanthak
Friday, 18 November
[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc
[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability Vulnerability Lab
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details Berend-Jan Wever
Monday, 21 November
[slackware-security] mozilla-firefox (SSA:2016-323-01) Slackware Security Team
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Check Email WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage
Putty Cleartext Password Storage apparitionsec
[security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) security-alert
Multiple issues in OpManager 12100 & 12200 Michael Heydon
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure Julien Ahrens
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting Julien Ahrens
Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) Dawid Golunski
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc
[SECURITY] [DSA 3719-1] wireshark security update Sebastien Delafond
Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1 Andrea Barisani
Tuesday, 22 November
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details Berend-Jan Wever
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities CORE Advisories Team
Wednesday, 23 November
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks matthias . deeg
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks matthias . deeg
CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details Berend-Jan Wever
[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities security-alert
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition Dawid Golunski
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks gerhard . klostermeier
Thursday, 24 November
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) gerhard . klostermeier
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks matthias . deeg
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) gerhard . klostermeier
WorldCIST'17 - Submission deadline: November 27 ML
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update Salvatore Bonaccorso
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update Salvatore Bonaccorso
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic Jackie Blanco
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic Jackie Blanco
Monday, 28 November
CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability Apache OpenOffice Security
WorldCIST'2017 - Submission deadline: November 30 ML
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow apparitionsec
[SECURITY] [DSA 3725-1] icu security update Luciano Bello
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic SEC Consult Vulnerability Lab
Tuesday, 29 November
Google Chrome Accessibility blink::Node corruption details Berend-Jan Wever
XSS in tooltip plugin of Zurb Foundation 5 Winni Neessen
Wednesday, 30 November
[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting GmbH
[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access security-alert
[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues FOXMOLE Advisories
[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution security-alert
[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege security-alert
[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection security-alert