Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
144 messages
starting Dec 01 15 and
ending Dec 22 15
Date index |
Thread index |
Author index
apparitionsec
Zenphoto 1.4.10 XSS Vulnerability apparitionsec (Dec 01)
AccessDiver V4.301 Buffer Overflow apparitionsec (Dec 27)
FTPShell Client v5.24 Buffer Overflow apparitionsec (Dec 30)
phpback v1.1 XSS vulnerability apparitionsec (Dec 15)
Zenphoto 1.4.10 Local File Inclusion apparitionsec (Dec 01)
Apple Product Security
APPLE-SA-2015-12-11-1 iTunes 12.3.2 Apple Product Security (Dec 11)
APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security (Dec 10)
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 Apple Product Security (Dec 10)
APPLE-SA-2015-12-08-5 Safari 9.0.2 Apple Product Security (Dec 10)
APPLE-SA-2015-12-08-1 iOS 9.2 Apple Product Security (Dec 10)
APPLE-SA-2015-12-08-2 tvOS 9.1 Apple Product Security (Dec 10)
APPLE-SA-2015-12-08-6 Xcode 7.2 Apple Product Security (Dec 10)
APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security (Dec 10)
Aravind
XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 Aravind (Dec 12)
Blue Frost Security Research Lab
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability Blue Frost Security Research Lab (Dec 10)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2015-0002 Carlos Alberto Lopez Perez (Dec 28)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Dec 10)
Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability Cisco Systems Product Security Incident Response Team (Dec 10)
Claus Ibsen
CVE-2015-5348 - Apache Camel medium disclosure vulnerability Claus Ibsen (Dec 17)
CORE Advisories Team
[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference CORE Advisories Team (Dec 10)
Daniele Bianco
[oCERT 2015-012] Ganeti multiple issues Daniele Bianco (Dec 30)
[oCERT 2015-011] PyAMF input sanitization errors (XXE) Daniele Bianco (Dec 17)
disclosure
[SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79) disclosure (Dec 07)
[SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932) disclosure (Dec 07)
ERPScan inc
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ERPScan inc (Dec 14)
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ERPScan inc (Dec 14)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:27.bind FreeBSD Security Advisories (Dec 16)
FreeBSD Security Advisory FreeBSD-SA-15:26.openssl FreeBSD Security Advisories (Dec 06)
Hans Jerry Illikainen
giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen (Dec 21)
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen (Dec 16)
libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen (Dec 27)
libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen (Dec 16)
Hector Marco-Gisbert
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert (Dec 15)
High-Tech Bridge Security Research
Path Traversal via CSRF in bitrix.xscan Bitrix Module High-Tech Bridge Security Research (Dec 10)
Reflected Cross-Site Scripting (XSS) in SourceBans High-Tech Bridge Security Research (Dec 02)
RCE in Zen Cart via Arbitrary File Inclusion High-Tech Bridge Security Research (Dec 16)
Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin High-Tech Bridge Security Research (Dec 02)
Remote File Inclusion in Gwolle Guestbook WordPress Plugin High-Tech Bridge Security Research (Dec 02)
PHP File Inclusion in bitrix.mpbuilder Bitrix Module High-Tech Bridge Security Research (Dec 10)
Reflected XSS in Ultimate Member WordPress Plugin High-Tech Bridge Security Research (Dec 02)
Reflected XSS in Role Scoper WordPress Plugin High-Tech Bridge Security Research (Dec 02)
SQL Injection in orion.extfeedbackform Bitrix Module High-Tech Bridge Security Research (Dec 16)
iedb . team
WebBoutiques Cms Cross-Site Scripting Vulnerability iedb . team (Dec 07)
iScripts Multicart Cms Multiple Vulnerability iedb . team (Dec 07)
ORGIN STUDIOS Cms Multiple Vulnerability iedb . team (Dec 11)
irancrash
Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang) irancrash (Dec 31)
John SECURELI.com
WordPress <=v4.4 Username Exists Information Disclosure John SECURELI.com (Dec 11)
KoreLogic Disclosures
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password KoreLogic Disclosures (Dec 21)
KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures (Dec 19)
KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass KoreLogic Disclosures (Dec 06)
Larry Cashdollar
Command Injection in cool-video-gallery v1.9 Wordpress plugin Larry Cashdollar (Dec 07)
LpSolit
Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 LpSolit (Dec 23)
Luciano Bello
[SECURITY] [DSA 3421-1] grub2 security update Luciano Bello (Dec 16)
[SECURITY] [DSA 3425-1] tryton-server security update Luciano Bello (Dec 17)
[SECURITY] [DSA 3416-1] libphp-phpmailer security update Luciano Bello (Dec 13)
[SECURITY] [DSA 3423-1] cacti security update Luciano Bello (Dec 16)
[SECURITY] [DSA 3425-1] tryton-server security update Luciano Bello (Dec 17)
[SECURITY] [DSA 3417-1] bouncycastle security update Luciano Bello (Dec 14)
Michael Gilbert
[SECURITY] [DSA 3418-1] chromium-browser security update Michael Gilbert (Dec 15)
[SECURITY] [DSA 3415-1] chromium-browser security update Michael Gilbert (Dec 10)
Moritz Muehlenhoff
[SECURITY] [DSA 3411-1] cups-filters security update Moritz Muehlenhoff (Dec 02)
[SECURITY] [DSA 3427-1] blueman security update Moritz Muehlenhoff (Dec 21)
[SECURITY] [DSA 3414-1] xen security update Moritz Muehlenhoff (Dec 10)
[SECURITY] [DSA 3428-1] tomcat8 security update Moritz Muehlenhoff (Dec 19)
[SECURITY] [DSA 3422-1] iceweasel security update Moritz Muehlenhoff (Dec 16)
[SECURITY] [DSA 3424-1] subversion security update Moritz Muehlenhoff (Dec 16)
[SECURITY] [DSA 3410-1] icedove security update Moritz Muehlenhoff (Dec 01)
msahu
XSS vulnerability in Intellect Core banking software - Polaris msahu (Dec 10)
mwinstead3790
Edimax BR-6478AC & Others Multiple Vulnerabilites mwinstead3790 (Dec 06)
Panagiotis Vagenas
WordPress Users Ultra Plugin [Blind SQL injection] - Update Panagiotis Vagenas (Dec 10)
pan . vagenas
WordPress Users Ultra Plugin [Persistence XSS] pan . vagenas (Dec 02)
Gnome Nautilus [Denial of Service] pan . vagenas (Dec 02)
WordPress Users Ultra Plugin [Blind SQL injection] pan . vagenas (Dec 02)
Rahul Pratap Singh
ECommerceMajor SQL Injection Vulnerability Rahul Pratap Singh (Dec 13)
RedTeam Pentesting GmbH
[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality RedTeam Pentesting GmbH (Dec 22)
riusksk
libtiff bmp file Heap Overflow (CVE-2015-8668) riusksk (Dec 27)
Salvatore Bonaccorso
[SECURITY] [DSA 3409-1] putty security update Salvatore Bonaccorso (Dec 01)
[SECURITY] [DSA 3408-1] gnutls26 security update Salvatore Bonaccorso (Dec 01)
[SECURITY] [DSA 3420-1] bind9 security update Salvatore Bonaccorso (Dec 15)
[SECURITY] [DSA 3426-1] linux security update Salvatore Bonaccorso (Dec 17)
[SECURITY] [DSA 3337-2] gdk-pixbuf security update Salvatore Bonaccorso (Dec 16)
[SECURITY] [DSA 3412-1] redis security update Salvatore Bonaccorso (Dec 03)
[SECURITY] [DSA 3429-1] foomatic-filters security update Salvatore Bonaccorso (Dec 21)
[SECURITY] [DSA 3430-1] libxml2 security update Salvatore Bonaccorso (Dec 23)
[SECURITY] [DSA 3419-1] cups-filters security update Salvatore Bonaccorso (Dec 15)
[SECURITY] [DSA 3413-1] openssl security update Salvatore Bonaccorso (Dec 04)
sean . dillon
Ellucian Banner Student Vulnerability Disclosure sean . dillon (Dec 02)
SEC Consult Vulnerability Lab
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities SEC Consult Vulnerability Lab (Dec 10)
Secunia Research
Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability Secunia Research (Dec 10)
Securify B.V.
Event Viewer Snapin multiple DLL side loading vulnerabilities Securify B.V. (Dec 16)
Shockwave Flash Object DLL side loading vulnerability Securify B.V. (Dec 16)
Windows Authentication UI DLL side loading vulnerability Securify B.V. (Dec 12)
Shutdown UX DLL side loading vulnerability Securify B.V. (Dec 16)
COM+ Services DLL side loading vulnerability Securify B.V. (Dec 12)
Security Alert
ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability Security Alert (Dec 23)
ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability Security Alert (Dec 03)
ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability Security Alert (Dec 17)
ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability Security Alert (Dec 22)
ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability Security Alert (Dec 21)
security-alert
[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information security-alert (Dec 10)
[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. security-alert (Dec 22)
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification security-alert (Dec 21)
[security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information security-alert (Dec 10)
[security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution security-alert (Dec 03)
[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert (Dec 11)
[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) security-alert (Dec 15)
[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution security-alert (Dec 10)
[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass security-alert (Dec 21)
[security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification security-alert (Dec 16)
securityresearch
Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) securityresearch (Dec 10)
sirus . shahini
SQLi Vulnerability in ATuter management system sirus . shahini (Dec 02)
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-337-02) Slackware Security Team (Dec 03)
[slackware-security] mozilla-thunderbird (SSA:2015-357-01) Slackware Security Team (Dec 24)
[slackware-security] libpng (SSA:2015-351-02) Slackware Security Team (Dec 18)
[slackware-security] libpng (SSA:2015-337-01) Slackware Security Team (Dec 03)
[slackware-security] mozilla-firefox (SSA:2015-349-03) Slackware Security Team (Dec 16)
[slackware-security] blueman (SSA:2015-356-01) Slackware Security Team (Dec 23)
[slackware-security] libpng (SSA:2015-349-02) Slackware Security Team (Dec 16)
[slackware-security] openssl (SSA:2015-349-04) Slackware Security Team (Dec 16)
[slackware-security] bind (SSA:2015-349-01) Slackware Security Team (Dec 16)
[slackware-security] grub (SSA:2015-351-01) Slackware Security Team (Dec 18)
Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Dec 23)
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) Stefan Kanthak (Dec 15)
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 07)
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege Stefan Kanthak (Dec 21)
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup Stefan Kanthak (Dec 08)
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege Stefan Kanthak (Dec 17)
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 11)
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution Stefan Kanthak (Dec 22)
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies Stefan Kanthak (Dec 21)
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak (Dec 31)
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 07)
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege Stefan Kanthak (Dec 07)
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege Stefan Kanthak (Dec 10)
submit
MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow submit (Dec 10)
Vogt, Thomas
[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Vogt, Thomas (Dec 10)
Vulnerability Lab
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Vulnerability Lab (Dec 22)
Lithium Forum - (previewImages) Persistent Vulnerability Vulnerability Lab (Dec 22)
Aeris Calandar v2.1 - Buffer Overflow Vulnerability Vulnerability Lab (Dec 22)
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Dec 22)
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab (Dec 22)
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability Vulnerability Lab (Dec 22)
Switch v4.68 - Code Execution Vulnerability Vulnerability Lab (Dec 22)