bugtraq  

Messages by Thread

• FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED] FreeBSD Security Advisories
• [SECURITY] [DSA 4133-1] isc-dhcp security update Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec FreeBSD Security Advisories
• DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Downloadable Products Defense Code
• DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities Defense Code
• DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Product Attributes Defense Code
• DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery Defense Code
  • DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery Defense Code
• KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service KoreLogic Disclosures
  • KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service KoreLogic Disclosures
• [SECURITY] [DSA 4129-1] freexl security update Moritz Muehlenhoff
  • [SECURITY] [DSA 4129-1] freexl security update Moritz Muehlenhoff
• [SECURITY] [DSA 4130-1] dovecot security update Salvatore Bonaccorso
• [SECURITY] [DSA 4132-1] libvpx security update Moritz Muehlenhoff
• [SECURITY] [DSA 4120-2] linux regression update Salvatore Bonaccorso
• [SECURITY] [DSA 4131-1] xen security update Moritz Muehlenhoff
  • [SECURITY] [DSA 4131-1] xen security update Moritz Muehlenhoff
• [SECURITY] [DSA 4128-1] trafficserver security update Sebastien Delafond
  • [SECURITY] [DSA 4128-1] trafficserver security update Sebastien Delafond
• [Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) Slackware Security Team
• [security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) cyber-psrt
• [SECURITY] [DSA 4127-1] simplesamlphp security update Thijs Kinkhorst
  • [SECURITY] [DSA 4127-1] simplesamlphp security update Thijs Kinkhorst
• [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) Slackware Security Team
• CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor spinfoo
  • CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor spinfoo
• [security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities cyber-psrt
• Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability Secunia Research
• SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4124-1] lucene-solr security update Moritz Muehlenhoff
• [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service security-alert
• SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket SEC Consult Vulnerability Lab
• ES2018-03 Asterisk pjsip sdp invalid media format description segfault Sandro Gauci
• ES2018-04 Asterisk pjsip tcp segfault Sandro Gauci
• ES2018-02 Asterisk pjsip sdp invalid fmtp segfault Sandro Gauci
• ES2018-01 Asterisk pjsip subscribe stack corruption Sandro Gauci
• CMS Made Simple 2.1.6 - Remote Code Execution displaymyname
• [SECURITY] [DSA 4123-1] drupal7 security update Moritz Muehlenhoff
• [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance cyber-psrt
• Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull
• [SECURITY] [DSA 4122-1] squid3 security update Salvatore Bonaccorso
• [SECURITY] [DSA 4120-1] linux security update Yves-Alexis Perez
• [SECURITY] [DSA 4121-1] gcc-6 security update Moritz Muehlenhoff
• [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities Core Security Advisories Team
• DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability Defense Code
• SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors SEC Consult Vulnerability Lab
• Sharutils 4.15.2 Heap-Buffer-Overflow nafiez
• Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS preethiknambiar
• Multiple Persistent XSS vulnerabilities in Radiant Content Management System suparna . kachru
• APPLE-SA-2018-02-19-3 tvOS 11.2.6 Apple Product Security
• APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update Apple Product Security
• APPLE-SA-2018-02-19-1 iOS 11.2.6 Apple Product Security
• APPLE-SA-2018-02-19-4 watchOS 4.2.3 Apple Product Security
• [SECURITY] [DSA 4119-1] libav security update Moritz Muehlenhoff
• Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) displaymyname
• Kentico CMS version 9 through 11 - Arbitrary Code Execution displaymyname
• [SECURITY] [DSA 4118-1] tomcat-native security update Salvatore Bonaccorso
• [SECURITY] [DSA 4117-1] gcc-4.9 security update Moritz Muehlenhoff
• [SECURITY] [DSA 4116-1] plasma-workspace security update Moritz Muehlenhoff
• Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 dkl
• [slackware-security] irssi (SSA:2018-046-01) Slackware Security Team
• [SECURITY] [DSA 4115-1] quagga security update Salvatore Bonaccorso
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload Arvind Vishwakarma
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF Arvind Vishwakarma
• [SECURITY] [DSA 4114-1] jackson-databind security update Sebastien Delafond
• [SECURITY] [DSA 4113-1] libvorbis security update Moritz Muehlenhoff
• [SECURITY] [DSA 4112-1] xen security update Moritz Muehlenhoff
• NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) apparitionsec
• Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS Stefan Kanthak
• [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification cyber-psrt
• CSNC-2017-027 Microsoft Intune - App PIN Bypass Advisories
• [SECURITY] [DSA 4111-2] libreoffice security update Moritz Muehlenhoff
• [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass security-alert
• CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) apparitionsec
• [SECURITY] [DSA 4110-1] exim4 security update Salvatore Bonaccorso
• [SECURITY] [DSA 4109-1] ruby-omniauth security update Luciano Bello
• KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability KoreLogic Disclosures
• [SECURITY] [DSA 4111-1] libreoffice security update Moritz Muehlenhoff
• Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM Stefan Kanthak
  • Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM Jeffrey Walton
  • Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM Stefan Kanthak
• KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability KoreLogic Disclosures
• KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution KoreLogic Disclosures
• KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass KoreLogic Disclosures
• KL-001-2018-002 : NetEx HyperIP Authentication Bypass KoreLogic Disclosures
• [SECURITY] [DSA 4108-1] mailman security update Thijs Kinkhorst
• SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro SEC Consult Vulnerability Lab
• Advisory - Fisheye and Crucible - CVE-2017-16861 David Black
• [SECURITY] [DSA 4105-2] mpv security update Luciaon Bello
• [SECURITY] [DSA 4107-1] django-anymail security update Salvatore Bonaccorso
• [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) security-alert
• [SECURITY] [DSA 4106-1] libtasn1-6 security update Salvatore Bonaccorso
• SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip SEC Consult Vulnerability Lab
• [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) Slackware Security Team
• [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform Security Explorations
• [SECURITY] [DSA 4105-1] mpv security update Luciano Bello
• [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities Core Security Advisories Team
• [SECURITY] [DSA 4104-1] p7zip security update Salvatore Bonaccorso
• [slackware-security] php (SSA:2018-034-01) Slackware Security Team
• [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection cyber-psrt
• SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4103-1] chromium-browser security update Michael Gilbert
• Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 Atlassian
• KonaKart Path Traversal Vulnerability ajcraggs
• Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key cfpmontreal2018
• SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4094-2] smarty3 security update Luciano Bello
• Defense in depth -- the Microsoft way (part 49): fun with application manifests Stefan Kanthak
• [SECURITY] [DSA 4099-1] ffmpeg security update Moritz Muehlenhoff
• [SECURITY] [DSA 4098-1] curl security update Alessandro Ghedini
• [security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert
• [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks matthias . deeg
• [SECURITY] [DSA 4101-1] wireshark security update Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2018-025-01) Slackware Security Team
• [SECURITY] [DSA 4100-1] tiff security update Moritz Muehlenhoff
• [security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification security-alert
• [security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities security-alert
• KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability KoreLogic Disclosures
• [security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
• [security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
• [security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert
• [security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information security-alert
• [security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass security-alert
• [SECURITY] [DSA 4097-1] poppler security update Moritz Muehlenhoff
• [slackware-security] curl (SSA:2018-024-01) Slackware Security Team
• [SECURITY] [DSA 4096-1] firefox-esr security update Moritz Muehlenhoff
• [SECURITY] [DSA 4095-1] gcab security update Salvatore Bonaccorso
• WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez
• CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka
• APPLE-SA-2018-1-23-1 iOS 11.2.5 Apple Product Security
• APPLE-SA-2018-1-23-4 tvOS 11.2.5 Apple Product Security
• APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 Apple Product Security
• APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows Apple Product Security
• APPLE-SA-2018-1-23-3 watchOS 4.2.2 Apple Product Security
• APPLE-SA-2018-1-23-5 Safari 11.0.3 Apple Product Security
• APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Product Security
• DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities DefenseCode
• SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications SEC Consult Vulnerability Lab
• [security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert
• [SECURITY] [DSA 4094-1] smarty3 security update Luciano Bello
• CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities Vulnerability Lab
• Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) apparitionsec
• Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability Vulnerability Lab
• [SECURITY] [DSA 4093-1] openocd security update luciano
• Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities Vulnerability Lab
• CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities Vulnerability Lab
• CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities Vulnerability Lab
• Photo Vault v1.2 iOS - Insecure Authentication Vulnerability Vulnerability Lab
• CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe
• [SECURITY] [DSA 4092-1] awstats security update Sebastien Delafond
• [security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert
• [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation security-alert
• [slackware-security] bind (SSA:2018-017-01) Slackware Security Team
• [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities security-alert
• [SECURITY] [DSA 4090-1] wordpress security update Sebastien Delafond
• [SECURITY] [DSA 4089-1] bind9 security update Salvatore Bonaccorso
• ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 tim . kretschmann
• [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting GmbH
• [SECURITY] [DSA 4088-1] gdk-pixbuf security update Moritz Muehlenhoff
• Zenario v7.6 CMS - SQL Injection Web Vulnerability Vulnerability Lab
• Adminer <= v4.3.1 Server Side Request Forgery apparitionsec
• Authentication bypass in Kaseya VSA Securify B.V.
• [SECURITY] [DSA 4087-1] transmission security update Moritz Muehlenhoff
• Seagate Media Server allows deleting of arbitrary files and folders Summer of Pwnage
• Broken TLS certificate validation in VTech DigiGo browser Summer of Pwnage
• Arbitrary file read in Kaseya VSA Securify B.V.
• Broken TLS certificate pinning in VTech DigiGo Kid Connect app Summer of Pwnage
• [SECURITY] [DSA 4086-1] libxml2 security update Salvatore Bonaccorso
• Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Summer of Pwnage
• Code execution in Kaseya VSA Securify B.V.
• [security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege security-alert
• [SECURITY] [DSA 4085-1] xmltooling security update Moritz Muehlenhoff
• [security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass security-alert
• Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab
• [SECURITY] [DSA 4084-1] gifsicle security update Sebastien Delafond
• MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab
  • MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab
• Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Lab
• SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
• Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability Vulnerability Lab
• Magento Connect T1 - (Claim) Persistent Vulnerability Vulnerability Lab
• Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities Vulnerability Lab
• Flash Operator Panel v2.31.03 - Command Execution Vulnerability Vulnerability Lab
• CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting Advisories
• [SECURITY] [DSA 4083-1] poco security update Sebastien Delafond
• WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez
• DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability DefenseCode
• Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) chunibalon
• [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. security-alert
• [SECURITY] [DSA 4082-1] linux security update Salvatore Bonaccorso
• CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used Imre Rad
• [SECURITY] [DSA 4080-1] php7.0 security update Moritz Muehlenhoff
• [slackware-security] irssi (SSA:2018-008-01) Slackware Security Team
• [SECURITY] [DSA 4081-1] php5 security update Moritz Muehlenhoff
• Response to Meltdown and Spectre Gordon Tetlow
• APPLE-SA-2018-1-8-3 Safari 11.0.2 Apple Product Security
• APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update Apple Product Security
• APPLE-SA-2018-1-8-1 iOS 11.2.2 Apple Product Security

• Earlier messages
• Later messages