Messages by Thread
-
[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints
Martin
-
[security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information
security-alert
-
[SECURITY] [DSA 3856-1] deluge security update
Moritz Muehlenhoff
-
PingID (MFA) - Reflected Cross-Site Scripting
Advisories
-
[slackware-security] kdelibs (SSA:2017-136-02)
Slackware Security Team
-
[SYSS-2017-010] HP Wireless Mouse: Spoofing Attack (CWE-345)
Micha Borrmann
-
Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages
Manuel Mancera
-
APPLE-SA-2017-05-15-6 iTunes 12.6.1
Apple Product Security
-
APPLE-SA-2017-05-15-4 watchOS 3.2.1
Apple Product Security
-
[SECURITY] [DSA 3853-1] bitlbee security update
Sebastien Delafond
-
Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability
Secunia Research
-
Secunia Research: LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability
Secunia Research
-
[security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
security-alert
-
SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager
SEC Consult Vulnerability Lab
-
DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities
DefenseCode
-
DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability
DefenseCode
-
DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities
DefenseCode
-
ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability
EMC Product Security Response Center
-
ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability
EMC Product Security Response Center
-
[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability
Core Security Advisories Team
-
SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App
SEC Consult Vulnerability Lab
-
[SECURITY] [DSA 3848-1] git security update
Salvatore Bonaccorso
-
Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]
Nightwatch Cybersecurity Research
-
[SECURITY] [DSA 3847-1] xen security update
Moritz Muehlenhoff
-
[security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege
security-alert
-
CVE-2016-6799: Internal system information leak
Simon MacDonald
-
SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager
SEC Consult Vulnerability Lab
-
[SECURITY] [DSA 3846-1] libytnef security update
Sebastien Delafond
-
[SECURITY] [DSA 3845-1] libtirpc security update
Moritz Muehlenhoff
-
ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability
EMC Product Security Response Center
-
CA20170504-01: Security Notice for CA Client Automation OS Installation Management
Kotas, Kevin J
-
[security bulletin] HPESBHF03736 rev.1 - HPE Aruba and HPE ProVision network switches using Diffie Hellman Group1 Sha1 Exchange Algorithm, Remote Disclosure of Information
security-alert
-
[security bulletin] HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities
security-alert
-
WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) [CVE-2017-8295]
Dawid Golunski
-
ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability
EMC Product Security Response Center
-
Zenario CMS v7.6 - (Delete) Persistent Cross Site Vulnerability
Vulnerability Lab
-
Zenario v7.6 - Persistent Cross Site Scripting Vulnerability
Vulnerability Lab
-
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability
Vulnerability Lab
-
Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability
Vulnerability Lab
-
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability
Vulnerability Lab
-
Hola VPN v1.34 - Privilege Escalation Vulnerability
Vulnerability Lab
-
Mura CMS Cross-Site Scripting (XSS) Vulnerability
Leon . Zhao . 7
-
[SECURITY] [DSA 3843-1] tomcat8 security update
Sebastien Delafond
-
[SECURITY] [DSA 3842-1] tomcat7 security update
Sebastien Delafond
-
MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi
Anti Räis
-
[security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
security-alert
-
IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom
IML 2017 Conference
-
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
Securify B.V.
-
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X
Securify B.V.
-
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
security-alert
-
[SECURITY] [DSA 3838-1] ghostscript security update
Salvatore Bonaccorso
-
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability
Vulnerability Lab
-
Live Helper Chat - Cross-Site Scripting
Advisories
-
[SECURITY] [DSA 3836-1] weechat security update
Salvatore Bonaccorso
-
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter
FreeBSD Security Advisories
-
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability
Chris Douglas
-
April 2017 - Confluence - Security Advisory
David Black
-
[SECURITY] [DSA 3834-1] mysql-5.5 security update
Salvatore Bonaccorso
-
[slackware-security] mozilla-firefox (SSA:2017-114-01)
Slackware Security Team
-
[SECURITY] [DSA 3833-1] libav security update
Moritz Muehlenhoff
-
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials
KoreLogic Disclosures
-
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read
KoreLogic Disclosures
-
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection
KoreLogic Disclosures
-
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse
KoreLogic Disclosures
-
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path
KoreLogic Disclosures
-
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method
Andrey B. Panfilov
-
[slackware-security] ntp (SSA:2017-112-02)
Slackware Security Team
-
[slackware-security] mozilla-firefox (SSA:2017-112-01)
Slackware Security Team
-
[slackware-security] proftpd (SSA:2017-112-03)
Slackware Security Team
-
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
Securify B.V.
-
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake
Security Advisories
-
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass
Security Advisories
-
[SECURITY] [DSA 3831-1] firefox-esr security update
Moritz Muehlenhoff
-
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th
Hafez Kamal
-
October CMS v1.0.412 several vulnerabilities
Anti Räis
-
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability
DefenseCode
-
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands.
Andrey B. Panfilov
-
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
Filippo Cavallarin
-
[slackware-security] minicom (SSA:2017-108-01)
Slackware Security Team
-
CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
hyp3rlinx
-
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability
Simon Steiner
-
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396
Bryan Call
-
Watchguard Fireware XXE DoS & User Enumeration
David Fernandez
-
concrete5 v8.1.0 Host Header Injection
hyp3rlinx
-
[slackware-security] bind (SSA:2017-103-01)
Slackware Security Team
-
[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data
security-alert
-
[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE')
erlijn . vangenuchten
-
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery
erlijn . vangenuchten
-
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting
erlijn . vangenuchten
-
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference
erlijn . vangenuchten
-
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting
erlijn . vangenuchten
-
April 2017 - HipChat Server Advisory
Matthew Hart
-
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)
DefenseCode
-
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service
hyp3rlinx
-
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure
hyp3rlinx
-
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection
hyp3rlinx
-
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp
FreeBSD Security Advisories
-
[SECURITY] [DSA 3829-1] bouncycastle security update
Moritz Muehlenhoff
-
Microsoft Office OneNote 2007 DLL side loading vulnerability
Securify B.V.
-
Multiple local privilege escalation vulnerabilities in Proxifier for Mac
Securify B.V.
-
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure
Mark Thomas
-
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure
Mark Thomas
-
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities
DefenseCode
-
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode
Nightwatch Cybersecurity Research
-
Foscam All networked devices, multiple Design Errors. SSL bypass.
nick . m . mckenna
-
[slackware-security] libtiff (SSA:2017-098-01)
Slackware Security Team
-
[SECURITY] [DSA 3827-1] jasper security update
Moritz Muehlenhoff
-
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution
security-alert
-
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite
Denis Magda
-
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download
patrykgnt
-
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum
SEC Consult Vulnerability Lab
-
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387)
David Coomber
-
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319)
David Coomber
-
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload
hyp3rlinx
-
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data
security-alert
-
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal
DefenseCode
-
[SECURITY] [DSA 3826-1] tryton-server security update
Salvatore Bonaccorso
-
AST-2017-001: Buffer overflow in CDR's set user
Asterisk Security Team
-
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.
Ralf Spenneberg
-
OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10.
Ralf Spenneberg
-
Moodle URL Manipulation Remote Account Information Disclosure
Patrick Webster
-
iPlatinum iOneView Multiple Parameter Reflected XSS
Patrick Webster
-
Kaseya information disclosure vulnerability
Patrick Webster
-
AcoraCMS browser redirect and Cross-site scripting vulnerabilities
Patrick Webster
-
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package
Patrick Webster
-
SilverStripe CMS - Path Disclosure
Patrick Webster
-
Tweek!DM Document Management Authentication bypass, SQL injection
Patrick Webster
-
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities
Patrick Webster
-
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service
Advisories
-
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS
Patrick Webster
-
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure
Patrick Webster
-
AirWatch Self Service Portal Username Parameter LDAP Injection
Patrick Webster
-
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
Patrick Webster
-
Lotus Protector for Mail Security remote code execution
Patrick Webster
-
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
Patrick Webster
-
[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS)
security-alert
-
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function
SEC Consult Vulnerability Lab
-
Splunk Enterprise Information Theft CVE-2017-5607
hyp3rlinx
-
[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
security-alert
-
[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution
security-alert
-
[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
security-alert
-
ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability
EMC Product Security Response Center
-
ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability
EMC Product Security Response Center
-
[SECURITY] [DSA 3824-1] firebird2.5 security update
Sebastien Delafond
-
[SECURITY] [DSA 3798-2] tnef regression update
Sebastien Delafond
-
[slackware-security] mariadb (SSA:2017-087-01)
Slackware Security Team
-
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2
Apple Product Security
-
[SECURITY] [DSA 3823-1] eject security update
Salvatore Bonaccorso
-
APPLE-SA-2017-03-27-7 macOS Server 5.3
Apple Product Security
-
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
Moritz Muehlenhoff
-
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
Apple Product Security
-
[SECURITY] [DSA 3817-1] jbig2dec security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3816-1] samba security update
Salvatore Bonaccorso
-
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
Apple Product Security
-
Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability
psirt
-
Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability
psirt
-
Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
psirt
-
Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
psirt
-
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices
SEC Consult Vulnerability Lab
-
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
Stefan Kanthak
-
[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
ERPScan inc
-
ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability
EMC Product Security Response Center
-
[SECURITY] [DSA 3796-2] sitesummary regression update
Sebastien Delafond
-
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
security-alert
-
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
hyp3rlinx
-
[SECURITY] [DSA 3813-1] r-base security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3812-1] ioquake3 security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3811-1] wireshark security update
Moritz Muehlenhoff
-
Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
psirt
-
MS Internet Information Services XSS / HTML Injection vulnerability
David FM
-
CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure
hyp3rlinx
-
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
SEC Consult Vulnerability Lab
-
CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
wsachin092
-
[slackware-security] pidgin (SSA:2017-074-01)
Slackware Security Team
-
Path Traversal Remote File Disclosure
hyp3rlinx
-
CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure
hyp3rlinx
-
Cisco Security Advisory: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability
psirt
-
Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
psirt
-
Cisco Security Advisory: Cisco StarOS SSH Privilege Escalation Vulnerability
psirt
-
Microsoft Edge Fetch API allows setting of arbitrary request headers
Securify B.V.
-
Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability
iedb . team
-
Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory
David Black
-
[SECURITY] [DSA 3808-1] imagemagick security update
Moritz Muehlenhoff
-
Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability
iedb . team
-
Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability
iedb . team
-
[security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities
security-alert
-
[security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF)
security-alert
-
[security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
security-alert
-
[security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass
security-alert
-
CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"
Leon . Zhao . 7
-
[SECURITY] [DSA 3805-1] firefox-esr security update
Moritz Muehlenhoff
-
[security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download
security-alert