Bugtraq: by date

PreviousPrevious period
Next periodNext

144 messages starting Dec 01 15 and ending Dec 31 15
Date index | Thread index | Author index

Tuesday, 01 December

[SECURITY] [DSA 3408-1] gnutls26 security update Salvatore Bonaccorso
Zenphoto 1.4.10 XSS Vulnerability apparitionsec
Zenphoto 1.4.10 Local File Inclusion apparitionsec
[SECURITY] [DSA 3410-1] icedove security update Moritz Muehlenhoff
[SECURITY] [DSA 3409-1] putty security update Salvatore Bonaccorso

Wednesday, 02 December

Reflected Cross-Site Scripting (XSS) in SourceBans High-Tech Bridge Security Research
Reflected XSS in Role Scoper WordPress Plugin High-Tech Bridge Security Research
Reflected XSS in Ultimate Member WordPress Plugin High-Tech Bridge Security Research
Remote File Inclusion in Gwolle Guestbook WordPress Plugin High-Tech Bridge Security Research
Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin High-Tech Bridge Security Research
SQLi Vulnerability in ATuter management system sirus . shahini
Gnome Nautilus [Denial of Service] pan . vagenas
WordPress Users Ultra Plugin [Blind SQL injection] pan . vagenas
WordPress Users Ultra Plugin [Persistence XSS] pan . vagenas
Ellucian Banner Student Vulnerability Disclosure sean . dillon
[SECURITY] [DSA 3411-1] cups-filters security update Moritz Muehlenhoff

Thursday, 03 December

[slackware-security] libpng (SSA:2015-337-01) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-337-02) Slackware Security Team
ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability Security Alert
[SECURITY] [DSA 3412-1] redis security update Salvatore Bonaccorso
[security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution security-alert

Friday, 04 December

[SECURITY] [DSA 3413-1] openssl security update Salvatore Bonaccorso

Sunday, 06 December

KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass KoreLogic Disclosures
FreeBSD Security Advisory FreeBSD-SA-15:26.openssl FreeBSD Security Advisories
Edimax BR-6478AC & Others Multiple Vulnerabilites mwinstead3790

Monday, 07 December

[SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932) disclosure
[SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79) disclosure
Command Injection in cool-video-gallery v1.9 Wordpress plugin Larry Cashdollar
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege Stefan Kanthak
WebBoutiques Cms Cross-Site Scripting Vulnerability iedb . team
iScripts Multicart Cms Multiple Vulnerability iedb . team
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege Stefan Kanthak

Tuesday, 08 December

Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup Stefan Kanthak

Thursday, 10 December

[SECURITY] [DSA 3415-1] chromium-browser security update Michael Gilbert
MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow submit
WordPress Users Ultra Plugin [Blind SQL injection] - Update Panagiotis Vagenas
PHP File Inclusion in bitrix.mpbuilder Bitrix Module High-Tech Bridge Security Research
XSS vulnerability in Intellect Core banking software - Polaris msahu
[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Vogt, Thomas
APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security
Path Traversal via CSRF in bitrix.xscan Bitrix Module High-Tech Bridge Security Research
[security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information security-alert
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege Stefan Kanthak
Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) securityresearch
APPLE-SA-2015-12-08-1 iOS 9.2 Apple Product Security
APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security
APPLE-SA-2015-12-08-5 Safari 9.0.2 Apple Product Security
[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information security-alert
[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference CORE Advisories Team
Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability Cisco Systems Product Security Incident Response Team
APPLE-SA-2015-12-08-2 tvOS 9.1 Apple Product Security
[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution security-alert
[SECURITY] [DSA 3414-1] xen security update Moritz Muehlenhoff
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 Apple Product Security
Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability Secunia Research
APPLE-SA-2015-12-08-6 Xcode 7.2 Apple Product Security
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products Cisco Systems Product Security Incident Response Team
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities SEC Consult Vulnerability Lab
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability Blue Frost Security Research Lab

Friday, 11 December

WordPress <=v4.4 Username Exists Information Disclosure John SECURELI.com
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege Stefan Kanthak
ORGIN STUDIOS Cms Multiple Vulnerability iedb . team
APPLE-SA-2015-12-11-1 iTunes 12.3.2 Apple Product Security
[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities security-alert

Saturday, 12 December

XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 Aravind
Windows Authentication UI DLL side loading vulnerability Securify B.V.
COM+ Services DLL side loading vulnerability Securify B.V.

Sunday, 13 December

[SECURITY] [DSA 3416-1] libphp-phpmailer security update Luciano Bello
ECommerceMajor SQL Injection Vulnerability Rahul Pratap Singh

Monday, 14 December

[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ERPScan inc
[SECURITY] [DSA 3417-1] bouncycastle security update Luciano Bello
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ERPScan inc

Tuesday, 15 December

phpback v1.1 XSS vulnerability apparitionsec
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert
[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) security-alert
[SECURITY] [DSA 3418-1] chromium-browser security update Michael Gilbert
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) Stefan Kanthak
[SECURITY] [DSA 3419-1] cups-filters security update Salvatore Bonaccorso
[SECURITY] [DSA 3420-1] bind9 security update Salvatore Bonaccorso

Wednesday, 16 December

[slackware-security] libpng (SSA:2015-349-02) Slackware Security Team
[slackware-security] bind (SSA:2015-349-01) Slackware Security Team
[slackware-security] openssl (SSA:2015-349-04) Slackware Security Team
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen
RCE in Zen Cart via Arbitrary File Inclusion High-Tech Bridge Security Research
SQL Injection in orion.extfeedbackform Bitrix Module High-Tech Bridge Security Research
FreeBSD Security Advisory FreeBSD-SA-15:27.bind FreeBSD Security Advisories
libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen
Event Viewer Snapin multiple DLL side loading vulnerabilities Securify B.V.
[security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) security-alert
Shutdown UX DLL side loading vulnerability Securify B.V.
Shockwave Flash Object DLL side loading vulnerability Securify B.V.
[SECURITY] [DSA 3422-1] iceweasel security update Moritz Muehlenhoff
[SECURITY] [DSA 3421-1] grub2 security update Luciano Bello
[SECURITY] [DSA 3423-1] cacti security update Luciano Bello
[security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification security-alert
[SECURITY] [DSA 3424-1] subversion security update Moritz Muehlenhoff
[slackware-security] mozilla-firefox (SSA:2015-349-03) Slackware Security Team
[SECURITY] [DSA 3337-2] gdk-pixbuf security update Salvatore Bonaccorso

Thursday, 17 December

CVE-2015-5348 - Apache Camel medium disclosure vulnerability Claus Ibsen
[SECURITY] [DSA 3425-1] tryton-server security update Luciano Bello
[SECURITY] [DSA 3425-1] tryton-server security update Luciano Bello
[oCERT 2015-011] PyAMF input sanitization errors (XXE) Daniele Bianco
ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability Security Alert
[SECURITY] [DSA 3426-1] linux security update Salvatore Bonaccorso
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege Stefan Kanthak

Friday, 18 December

[slackware-security] libpng (SSA:2015-351-02) Slackware Security Team
[slackware-security] grub (SSA:2015-351-01) Slackware Security Team

Saturday, 19 December

KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures
[SECURITY] [DSA 3428-1] tomcat8 security update Moritz Muehlenhoff

Monday, 21 December

[SECURITY] [DSA 3427-1] blueman security update Moritz Muehlenhoff
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password KoreLogic Disclosures
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege Stefan Kanthak
giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen
ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability Security Alert
[SECURITY] [DSA 3429-1] foomatic-filters security update Salvatore Bonaccorso
[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass security-alert
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification security-alert

Tuesday, 22 December

[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. security-alert
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution Stefan Kanthak
[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality RedTeam Pentesting GmbH
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability Vulnerability Lab
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab
Lithium Forum - (previewImages) Persistent Vulnerability Vulnerability Lab
Switch v4.68 - Code Execution Vulnerability Vulnerability Lab
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Vulnerability Lab
Aeris Calandar v2.1 - Buffer Overflow Vulnerability Vulnerability Lab
ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability Security Alert

Wednesday, 23 December

ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability Security Alert
Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 LpSolit
[slackware-security] blueman (SSA:2015-356-01) Slackware Security Team
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
[SECURITY] [DSA 3430-1] libxml2 security update Salvatore Bonaccorso

Thursday, 24 December

[slackware-security] mozilla-thunderbird (SSA:2015-357-01) Slackware Security Team

Sunday, 27 December

AccessDiver V4.301 Buffer Overflow apparitionsec
libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen
libtiff bmp file Heap Overflow (CVE-2015-8668) riusksk

Monday, 28 December

WebKitGTK+ Security Advisory WSA-2015-0002 Carlos Alberto Lopez Perez

Wednesday, 30 December

[oCERT 2015-012] Ganeti multiple issues Daniele Bianco
FTPShell Client v5.24 Buffer Overflow apparitionsec

Thursday, 31 December

Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak
Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang) irancrash
PreviousPrevious period
Next periodNext