Bugtraq: by date

PreviousPrevious period
Next periodNext

178 messages starting Jan 01 16 and ending Jan 31 16
Date index | Thread index | Author index

Friday, 01 January

[SECURITY] [DSA 3432-1] icedove security update Moritz Muehlenhoff
OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders Ralf Spenneberg
[SECURITY] [DSA 3431-1] ganeti security update Moritz Muehlenhoff
OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S Ralf Spenneberg
OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag Ralf Spenneberg

Sunday, 03 January

[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability Stefan Seelmann
Open Audit SQL Injection Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3433-1] samba security update Salvatore Bonaccorso

Monday, 04 January

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities Stefan Kanthak
Confluence Vulnerabilities Sebastian Perez
CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Pierre Kim

Tuesday, 05 January

[SECURITY] [DSA 3435-1] git security update Laszlo Boszormenyi (GCS)
[SECURITY] [DSA 3434-1] linux security update Ben Hutchings

Thursday, 07 January

[security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access security-alert
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
[SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499) erlijn . vangenuchten
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images RedTeam Pentesting GmbH
[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting GmbH
Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 Onur Yilmaz
[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability Daniel Schliebner
Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through Eitan Caspi
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 Apple Product Security
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 Apple Product Security
[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) security-alert
Symantec EP DOS hyp3rphp
WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability Rahul Pratap Singh
[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials RedTeam Pentesting GmbH

Friday, 08 January

MobaXTerm before version 8.5 vulnerability in "jump host" functionality Thomas Bleier
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak

Sunday, 10 January

[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) security-alert
[SECURITY] [DSA 3436-1] openssl security update Salvatore Bonaccorso

Monday, 11 January

CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas
[SECURITY] [DSA 3438-1] xscreensaver security update Michael Gilbert
[SECURITY] [DSA 3437-1] gnutls26 security update Salvatore Bonaccorso
[SECURITY] [DSA 3439-1] prosody security update Salvatore Bonaccorso
OpenBravo Hibernate HQL Injection Ng, Sam (Fortify)
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability iedb . team
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability iedb . team
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Sarah Allen
Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) fgghy
Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability Reed Loden
Exploiting XXE vulnerabilities in AMF libraries Nicolas Grégoire
[SECURITY] [DSA 3440-1] sudo security update Ben Hutchings
[SECURITY] [DSA 3441-1] perl security update Salvatore Bonaccorso

Tuesday, 12 January

SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems SEC Consult Vulnerability Lab
WP Symposium Pro Social Network Plugin XSS Vulnerability Rahul Pratap Singh

Thursday, 14 January

[SECURITY] [DSA 3442-1] isc-dhcp security update Michael Gilbert
Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3445-1] pygments security update Salvatore Bonaccorso
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Commentator Wordpress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3444-1] wordpress security update Salvatore Bonaccorso
Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities security-alert
Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module High-Tech Bridge Security Research
[security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities security-alert
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ... Stefan Kanthak
Remote Code Execution in Roundcube High-Tech Bridge Security Research
[slackware-security] dhcp (SSA:2016-012-01) Slackware Security Team
[SECURITY] [DSA 3443-1] libpng security update Salvatore Bonaccorso
[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege security-alert
FreeBSD Security Advisory FreeBSD-SA-16:03.linux FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:05.tcp FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:02.ntp FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:01.sctp FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:04.linux FreeBSD Security Advisories
[SECURITY] [DSA 3446-1] openssh security update Yves-Alexis Perez
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory
[SECURITY] [DSA 3431-2] ganeti regression update Salvatore Bonaccorso
FreeBSD bsnmpd information disclosure Pierre Kim
FreeBSD Security Advisory FreeBSD-SA-16:07.openssh FreeBSD Security Advisories
[slackware-security] openssh (SSA:2016-014-01) Slackware Security Team

Friday, 15 January

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution Stefan Kanthak
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? Stefan Kanthak
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability Egidio Romano

Sunday, 17 January

[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 urikanonov
[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 urikanonov
[SECURITY] [DSA 3447-1] tomcat7 security update Salvatore Bonaccorso
Advanced Electron Forum v1.0.9 CSRF hyp3rlinx
Advanced Electron Forum v1.0.9 Persistent XSS hyp3rlinx
Advanced Electron Forum v1.0.9 RFI / CSRF hyp3rlinx

Tuesday, 19 January

Quick CMS v 6.1 XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3448-1] linux security update Salvatore Bonaccorso
Quick Cart v6.6 XSS Vulnerability Rahul Pratap Singh
[CORE-2016-0001] - Intel Driver Update Utility MiTM CORE Advisories Team
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe Stefan Kanthak
[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) security-alert
[SECURITY] [DSA 3449-1] bind9 security update Salvatore Bonaccorso
APPLE-SA-2016-01-19-1 iOS 9.2.1 Apple Product Security
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 Apple Product Security
APPLE-SA-2016-01-19-3 Safari 9.0.3 Apple Product Security

Wednesday, 20 January

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability Onur Yilmaz
[CVE-2016-1926] XSS in Greenbone Security Assistant &#8805; 6.0.0 and < 6.0.8 bugtraq
Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3450-1] ecryptfs-utils security update Salvatore Bonaccorso
Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team
Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 urikanonov
Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 urikanonov
QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys issues
Oracle HtmlConverter.exe Buffer Overflow hyp3rlinx

Thursday, 21 January

SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices SEC Consult Vulnerability Lab
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" Stefan Kanthak
[SECURITY] [DSA 3451-1] fuse security update Yves-Alexis Perez
January 2016 - Bamboo - Critical Security Advisory David Black

Monday, 25 January

imageone Cms Multiple vulnerabilities iedb . team
[SECURITY] [DSA 3452-1] claws-mail security update Ben Hutchings
imageone Cms Multiple vulnerabilities iedb . team
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto hyp3rlinx
HP LaserJet Fax Preview DLL side loading vulnerability Securify B.V.
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities Securify B.V.
HP ToComMsg DLL side loading vulnerability Securify B.V.
ZyXel WAP3205 v1 Multiple XSS graphx
Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) zemnmez
PHP-FPM fpm_log.c memory leak and buffer overflow Imre RAD
PHP LiteSpeed SAPI secret key improper disposal Imre RAD

Tuesday, 26 January

WP Easy Gallery v4.1.4 Stored XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3453-1] mariadb-10.0 security update Salvatore Bonaccorso
glibc catopen() Multiple unbounded stack allocations cxsecurity
Magento 1.9.x Multiple Man-In The Middle cxsecurity
APPLE-SA-2016-01-25-1 tvOS 9.1.1 Apple Product Security
Authentication bypass in PHP File Manager 0.9.8 Imre Rad
[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities CORE Advisories Team
PHP LiteSpeed SAPI out of boundaries read due to missing input validation Imre RAD
[security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS) security-alert
[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS) security-alert
WP-Ultimate CSV Importer XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3454-1] virtualbox security update Moritz Muehlenhoff

Wednesday, 27 January

FreeBSD Security Advisory FreeBSD-SA-16:08.bind FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:09.ntp FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:10.linux FreeBSD Security Advisories
[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption ERPScan inc
[SECURITY] [DSA 3455-1] curl security update Alessandro Ghedini
[SECURITY] [DSA 3456-1] chromium-browser security update Michael Gilbert
BK Mobile CMS SQLi and XSS Vulnerability Rahul Pratap Singh
Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Apple WatchOS v2.1 - Denial of Service Vulnerability Vulnerability Lab
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities Vulnerability Lab
Telegram (API) - Cross Site Request Forgery Vulnerabilities Vulnerability Lab
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability Vulnerability Lab
Kleefa v1.7 (IR) - Multiple Web Vulnerabilities Vulnerability Lab
Classic Infomedia (Login) - Auth Bypass Web Vulnerability Vulnerability Lab
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability Vulnerability Lab
los818 CMS 2016 Q1 - SQL Injection Web Vulnerability Vulnerability Lab
Netgear GS105Ev2 - Multiple Vulnerabilities benedikt . westermann
Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team
Log2Space Central v 6.2 Multiple XSS Vulnerability Rahul Pratap Singh
[SECURITY] [DSA 3457-1] iceweasel security update Moritz Muehlenhoff
[SECURITY] [DSA 3458-1] openjdk-7 security update Moritz Muehlenhoff

Thursday, 28 January

HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase Hacking Corporation Sàrl
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab
New Era Company CMS - (id) SQL Injection Vulnerability Vulnerability Lab
[SECURITY] [DSA 3459-1] mysql-5.5 security update Salvatore Bonaccorso
CVE-2015-7521: Apache Hive authorization bug disclosure Sushanth Sowmyan
[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities security-alert
[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) security-alert

Friday, 29 January

ProjectSend multiple vulnerabilities Filippo Cavallarin
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution security-alert
[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification security-alert
[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS) security-alert
ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation graphx
[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification security-alert
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network kingkaustubh
[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access security-alert

Saturday, 30 January

FreeBSD Security Advisory FreeBSD-SA-16:11.openssl FreeBSD Security Advisories

Sunday, 31 January

CVE-2015-5344 - Apache Camel medium disclosure vulnerability Claus Ibsen
[SECURITY] [DSA 3460-1] privoxy security update Sebastien Delafond
VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability t . schughart
OpenXchange | Information Disclosure t . schughart
WP-Comment-Rating XSS Vulnerability Rahul Pratap Singh
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
eClinicalWorks (CCMR) - Multiple Vulnerabilities jerold
PreviousPrevious period
Next periodNext