Messages by Thread
-
[SECURITY] [DSA 3956-1] connman security update
Luciano Bello
-
Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference
Patrick Webster
-
[security bulletin] HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities
security-alert
-
[SECURITY] [DSA 3953-1] aodh security update
Luciano Bello
-
[SECURITY] [DSA 3951-1] smb4k security update
Moritz Muehlenhoff
-
[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs
RedTeam Pentesting GmbH
-
[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates
RedTeam Pentesting GmbH
-
[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification
RedTeam Pentesting GmbH
-
[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates
RedTeam Pentesting GmbH
-
[SECURITY] [DSA 3950-1] libraw security update
Luciano Bello
-
[SECURITY] [DSA 3948-1] ioquake3 security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3946-1] libmspack security update
Sebastien Delafond
-
[SECURITY] [DSA 3928-2] firefox-esr security update
Moritz Muehlenhoff
-
Microsoft Resnet - DNS Configuration Web Vulnerability
Vulnerability Lab
-
FreeBSD <= 10.3 jail SHM hole
WhiteWinterWolf
-
[SECURITY] [DSA 3943-1] gajim security update
Salvatore Bonaccorso
-
CVE-2017-9802: Apache Sling XSS vulnerability
Robert Munteanu
-
[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability
x62x65x6e
-
[SECURITY] [DSA 3940-1] iortcw security update
Moritz Muehlenhoff
-
[slackware-security] mercurial (SSA:2017-223-03)
Slackware Security Team
-
[SECURITY] [DSA 3937-1] zabbix security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3936-1] postgresql-9.6 security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3935-1] postgresql-9.4 security update
Moritz Muehlenhoff
-
[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution
security-alert
-
[ANN] Apache Struts: S2-049 Security Bulletin update
Lukasz Lenart
-
[SECURITY] [DSA 3932-1] subversion security update
Sebastien Delafond
-
[SECURITY] [DSA 3933-1] pjproject security update
Moritz Muehlenhoff
-
[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
Daniel Shahaf
-
[SECURITY] [DSA 3929-1] libsoup2.4 security update
Salvatore Bonaccorso
-
[slackware-security] curl (SSA:2017-221-01)
Slackware Security Team
-
[slackware-security] mozilla-firefox (SSA:2017-221-02)
Slackware Security Team
-
[SECURITY] [DSA 3927-1] linux security update
Salvatore Bonaccorso
-
Re: [oss-security] [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename()
Brad Spengler
-
[SECURITY] [DSA 3926-1] chromium-browser security update
Michael Gilbert
-
[SECURITY] [DSA 3925-1] qemu security update
Moritz Muehlenhoff
-
SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability
SEC Consult Vulnerability Lab
-
SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection
SEC Consult Vulnerability Lab
-
[security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem
security-alert
-
[SECURITY] [DSA 3924-1] varnish security update
Salvatore Bonaccorso
-
[slackware-security] gnupg (SSA:2017-213-01)
Slackware Security Team
-
CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api
gabriele . gristina
-
[security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)
security-alert
-
[security bulletin] HPESBGN03766 rev.1 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting
security-alert
-
[CVE-2017-11494] SOL.Connect ISET-mpp meter 1.2.4.2 Authentication Bypass SQL Injection Vulnerability
andys3c
-
[SECURITY] [DSA 3923-1] freerdp security update
Sebastien Delafond
-
FortiOS <= 5.6.0 Multiple XSS Vulnerabilities
msg
-
[security bulletin] HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information
HPE Product Security Response Team
-
[SECURITY] [DSA 3919-1] openjdk-8 security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3920-1] qemu security update
Moritz Muehlenhoff
-
[slackware-security] tcpdump (SSA:2017-205-01)
Slackware Security Team
-
SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products
SEC Consult Vulnerability Lab
-
SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products
SEC Consult Vulnerability Lab
-
[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
RedTeam Pentesting GmbH
-
[SECURITY] [DSA 3917-1] catdoc security update
Salvatore Bonaccorso
-
[slackware-security] seamonkey (SSA:2017-202-01)
Slackware Security Team
-
[security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
security-alert
-
[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS)
security-alert
-
File Upload in Integration Gateway (PSIGW)
ERPScan inc
-
Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
ERPScan inc
-
Directory Traversal vulnerability in Integration Gateway (PSIGW)
ERPScan inc
-
APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2
Apple Product Security
-
APPLE-SA-2017-07-19-5 Safari 10.1.2
Apple Product Security
-
APPLE-SA-2017-07-19-2 macOS 10.12.6
Apple Product Security
-
APPLE-SA-2017-07-19-3 watchOS 3.2.2
Apple Product Security
-
APPLE-SA-2017-07-19-1 iOS 10.3.3
Apple Product Security
-
APPLE-SA-2017-07-19-6 iTunes 12.6.2
Apple Product Security
-
APPLE-SA-2017-07-19-4 tvOS 10.2.2
Apple Product Security
-
[SECURITY] [DSA 3914-1] imagemagick security update
Moritz Muehlenhoff
-
[CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm
ilia . shnaidman
-
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update
Maxim Solodovnik
-
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload
Maxim Solodovnik
-
CVE-2017-7663 - Apache OpenMeetings - XSS in chat
Maxim Solodovnik
-
CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation
Maxim Solodovnik
-
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest
William A Rowe Jr
-
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
William A Rowe Jr
-
[SECURITY] [DSA 3908-1] nginx security update
Moritz Muehlenhoff
-
SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products
SEC Consult Vulnerability Lab
-
CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client
Florian Bogner
-
[CVE request]linux kernel xfrm migrate out-of-bound access
bo Zhang
-
[RT-SA-2017-011] Remote Command Execution in PDNS Manager
RedTeam Pentesting GmbH
-
[security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution
HPE Product Security Response Team
-
[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection
HPE Product Security Response Team
-
[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
HPE Product Security Response Team
-
[security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities
HPE Product Security Response Team
-
CVE-2017-5640 Apache Impala (incubating) Information Disclosure
Sailesh Mukil
-
[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure
Sailesh Mukil
-
ToorCon 19 Call For Papers Closing This Week!
h1kari
-
[slackware-security] irssi (SSA:2017-190-01)
Slackware Security Team
-
[SECURITY] [DSA 3905-1] xorg-server security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3904-1] bind9 security update
Yves-Alexis Perez
-
[slackware-security] php (SSA:2017-188-01)
Slackware Security Team
-
CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure
hyp3rlinx
-
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr
Shalin Shekhar Mangar
-
[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613)
Micha Borrmann
-
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack
KoreLogic Disclosures
-
Firefox v54.0.1 Denial Of Service
apparitionsec
-
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials
KoreLogic Disclosures
-
KL-001-2017-012 : Barracuda WAF Grub Password Complexity
KoreLogic Disclosures
-
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure
KoreLogic Disclosures
-
[SECURITY] [DSA 3903-1] tiff security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3902-1] jabberd2 security update
Salvatore Bonaccorso
-
[security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
HPE Product Security Response Team
-
[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)
Slackware Security Team
-
[SECURITY] [DSA 3901-1] libgcrypt20 security update
Salvatore Bonaccorso
-
[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities
andys3c
-
InsomniaX loader allows loading of arbitrary Kernel Extensions
Securify B.V.
-
[slackware-security] glibc (SSA:2017-181-01)
Slackware Security Team
-
[slackware-security] kernel (SSA:2017-181-02)
Slackware Security Team
-
Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability
gregory draperi
-
SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government
SEC Consult Vulnerability Lab
-
ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability
EMC Product Security Response Center
-
[SECURITY] [DSA 3900-1] openvpn security update
Sebastien Delafond
-
[SECURITY] [DSA 3886-2] linux regression update
Salvatore Bonaccorso
-
[SECURITY] [DSA 3899-1] vlc security update
Salvatore Bonaccorso
-
[slackware-security] kernel (SSA:2017-177-01)
Slackware Security Team
-
DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow
DefenseCode
-
Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability
Vulnerability Lab
-
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
wpengfeinudt
-
[CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
wpengfeinudt
-
[SECURITY] [DSA 3893-1] jython security update
Salvatore Bonaccorso
-
[slackware-security] openvpn (SSA:2017-172-01)
Slackware Security Team
-
Sitecore 7.1-7.2 Cross Site Scripting Vulnerability
hamedizadi
-
[SECURITY] [DSA 3890-1] spip security update
Salvatore Bonaccorso
-
ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability
EMC Product Security Response Center
-
ESA-2017-054: EMC Avamar Multiple Vulnerabilities
EMC Product Security Response Center
-
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass
Jacob Champion
-
CVE-2017-7659: mod_http2 null pointer dereference
Jim Jagielski
-
[SECURITY] [DSA 3886-1] linux security update
Salvatore Bonaccorso
-
[SECURITY] [DSA 3887-1] glibc security update
Moritz Muehlenhoff
-
[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution
HPE Product Security Response Team
-
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
ghasseminia
-
ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station
EMC Product Security Response Center
-
June 2017 - Bamboo - Critical Security Advisory
Atlassian
-
[security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
security-alert
-
[SECURITY] [DSA 3882-1] request-tracker4 security update
Salvatore Bonaccorso
-
CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors
dunstan . pinto
-
[slackware-security] mozilla-firefox (SSA:2017-165-02)
Slackware Security Team
-
[slackware-security] bind (SSA:2017-165-01)
Slackware Security Team
-
[SECURITY] [DSA 3881-1] firefox-esr security update
Moritz Muehlenhoff
-
ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability
EMC Product Security Response Center
-
ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability
EMC Product Security Response Center
-
[SECURITY] [DSA 3880-1] libgcrypt20 security update
Salvatore Bonaccorso
-
Secunia Research: libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability
Secunia Research
-
SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence
SEC Consult Vulnerability Lab
-
Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities
Vulnerability Lab
-
Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability
Vulnerability Lab
-
[SECURITY] [DSA 3877-1] tor security update
Salvatore Bonaccorso
-
[security bulletin] HPESBHF03730 rev.2 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
security-alert
-
[SECURITY] [DSA 3876-1] otrs2 security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3875-1] libmwaw security update
Moritz Muehlenhoff
-
[security bulletin] HPESBUX03759 rev.1 - HP-UX CIFS Sever using Samba, Multiple Remote Vulnerabilities
security-alert
-
[security bulletin] HPESBUX03747 rev.1 - HP-UX running BIND, Remote Denial of Service
security-alert
-
ESA-2017-064: RSA Identity Governance and Lifecycle Multiple Vulnerabilities
EMC Product Security Response Center
-
[SYSS-2017-018] OTRS - Access to Installation Dialog
sebastian . auwaerter
-
[security bulletin] HPESBGN03758 rev.1 - HPE UCMDB, Remote Code Execution
security-alert
-
CVE update - fixed in Apache Ranger 0.7.1
Velmurugan Periasamy
-
[security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)
security-alert
-
Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities
Vulnerability Lab
-
Sophos Cyberoam Cross-site scripting (XSS) vulnerability
bhdresh
-
[security bulletin] HPESBGN03752 rev.1 - HPE IceWall using OpenSSL, remote Denial of Service (DoS)
security-alert
-
[security bulletin] HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
security-alert
-
X41-2017-005 - Multiple Vulnerabilities in peplink balance routers
X41 D-Sec GmbH Advisories
-
[SECURITY] [DSA 3873-1] perl security update
Salvatore Bonaccorso
-
[SECURITY] [DSA 3870-1] wordpress security update
Sebastien Delafond
-
[SECURITY] [DSA 3869-1] tnef security update
Sebastien Delafond
-
[CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
Stefan Kanthak
-
DefenseCode ThunderScan SAST Advisory: WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities
DefenseCode
-
[SECURITY] [DSA 3867-1] sudo security update
Salvatore Bonaccorso
-
[SECURITY] [DSA 3866-1] strongswan security update
Yves-Alexis Perez
-
[SECURITY] [DSA 3865-1] mosquitto security update
Moritz Muehlenhoff
-
Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11
Florian Bogner
-
Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token
kyle Lovett
-
[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
security-alert
-
[security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass
security-alert
-
[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)
security-alert
-
[SECURITY] [DSA 3863-1] imagemagick security update
Moritz Muehlenhoff
-
[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
HPE Product Security Response Team
-
WebKitGTK+ Security Advisory WSA-2017-0004
Carlos Alberto Lopez Perez
-
[slackware-security] samba (SSA:2017-144-01)
Slackware Security Team
-
[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution
security-alert
-
DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability
DefenseCode
-
DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability
DefenseCode
-
[SECURITY] [DSA 3861-1] libtasn1-6 security update
Sebastien Delafond
-
Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities
Secunia Research
-
HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)
HPE Product Security Response Team
-
CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution
hyp3rlinx
-
CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection
hyp3rlinx
-
May 2017 - SourceTree - Critical Security Advisory
Atlassian
-
CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
hyp3rlinx
-
[SECURITY] [DSA 3858-1] openjdk-7 security update
Moritz Muehlenhoff