Messages by Thread
-
[slackware-security] openssh (SSA:2016-358-02)
Slackware Security Team
-
[slackware-security] httpd (SSA:2016-358-01)
Slackware Security Team
-
XAMPP Control Panel Memory Corruption Denial Of Service
HYP3RLINX
-
[SECURITY] [DSA 3744-1] libxml2 security update
Salvatore Bonaccorso
-
FreeBSD Security Advisory FreeBSD-SA-16:39.ntp
FreeBSD Security Advisories
-
CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow
Berend-Jan Wever
-
[SECURITY] [DSA 3732-2] php-ssh2 regression update
Sebastien Delafond
-
ASP.NET Core 5-RC1 HTTP Header Injection
Advisories
-
[SECURITY] [DSA 3743-1] python-bottle security update
Sebastien Delafond
-
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
Berend-Jan Wever
-
[SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20)
Micha Borrmann
-
[SECURITY] [DSA 3738-1] tomcat7 security update
Sebastien Delafond
-
Samsung DVR credentials encoded in base64 in cookie header
Jacobo Avariento
-
[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities
security-alert
-
[SECURITY] [DSA 3736-1] libupnp security update
Sebastien Delafond
-
CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom
unlimitsec
-
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free
Berend-Jan Wever
-
MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free
Berend-Jan Wever
-
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]
Dawid Golunski
-
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability
hyp3rlinx
-
Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability
Secunia Research
-
CVE-2013-3143: MSIE 9 IEFRAME CMarkup..RemovePointerPos use-after-free
Berend-Jan Wever
-
[slackware-security] mozilla-firefox (SSA:2016-348-01)
Slackware Security Team
-
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free
Berend-Jan Wever
-
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1
Apple Product Security
-
APPLE-SA-2016-12-13-8 Transporter 1.9.2
Apple Product Security
-
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2
Apple Product Security
-
APPLE-SA-2016-12-13-2 Safari 10.0.2
Apple Product Security
-
APPLE-SA-2016-12-13-3 iTunes 12.5.4
Apple Product Security
-
[slackware-security] kernel (SSA:2016-347-01)
Slackware Security Team
-
[slackware-security] php (SSA:2016-347-03)
Slackware Security Team
-
Apple iOS/tvOS/watchOS Remote memory corruption through certificate
submit
-
APPLE-SA-2016-12-12-2 watchOS 3.1.1
Apple Product Security
-
APPLE-SA-2016-12-12-3 tvOS 10.1
Apple Product Security
-
APPLE-SA-2016-12-12-1 iOS 10.2
Apple Product Security
-
[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure
Mark Thomas
-
[SECURITY] [DSA 3730-1] icedove security update
Salvatore Bonaccorso
-
MSIE 9 MSHTML CElement::HasFlag memory corruption
Berend-Jan Wever
-
Symantec VIP Access Desktop Arbitrary DLL Execution
apparitionsec
-
AST-2016-009: <br>
Asterisk Security Team
-
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
Asterisk Security Team
-
CVE-2013-1306: MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free details
Berend-Jan Wever
-
[security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information
security-alert
-
Microsoft Remote Desktop Client for Mac Remote Code Execution
Filippo Cavallarin
-
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security
ESNC Security
-
CVE-2015-1730: MSIE jscript9 JavaScriptStackWalker memory corruption details and PoC
Berend-Jan Wever
-
Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption
Berend-Jan Wever
-
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
Eissing Stefan
-
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
apparitionsec
-
Microsoft Windows Media Center "ehshell.exe" XML External Entity
apparitionsec
-
[slackware-security] mozilla-firefox (SSA:2016-336-01)
Slackware Security Team
-
[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection
security-alert
-
[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege
security-alert
-
[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution
security-alert
-
[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access
security-alert
-
[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler
RedTeam Pentesting GmbH
-
XSS in tooltip plugin of Zurb Foundation 5
Winni Neessen
-
Google Chrome Accessibility blink::Node corruption details
Berend-Jan Wever
-
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic
SEC Consult Vulnerability Lab
-
[SECURITY] [DSA 3725-1] icu security update
Luciano Bello
-
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow
apparitionsec
-
WorldCIST'2017 - Submission deadline: November 30
ML
-
CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability
Apache OpenOffice Security
-
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic
Jackie Blanco
-
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update
Salvatore Bonaccorso
-
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update
Salvatore Bonaccorso
-
WorldCIST'17 - Submission deadline: November 27
ML
-
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
gerhard . klostermeier
-
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
matthias . deeg
-
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
gerhard . klostermeier
-
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
gerhard . klostermeier
-
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
Dawid Golunski
-
[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
security-alert
-
CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details
Berend-Jan Wever
-
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
matthias . deeg
-
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks
matthias . deeg
-
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities
CORE Advisories Team
-
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details
Berend-Jan Wever
-
Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1
Andrea Barisani
-
[SECURITY] [DSA 3719-1] wireshark security update
Sebastien Delafond
-
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component
ERPScan inc
-
Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)
Dawid Golunski
-
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting
Julien Ahrens
-
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure
Julien Ahrens
-
Multiple issues in OpManager 12100 & 12200
Michael Heydon
-
[security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS)
security-alert
-
Putty Cleartext Password Storage
apparitionsec
-
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
Summer of Pwnage
-
Cross-Site Scripting in Check Email WordPress Plugin
Summer of Pwnage
-
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
Summer of Pwnage
-
[slackware-security] mozilla-firefox (SSA:2016-323-01)
Slackware Security Team
-
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details
Berend-Jan Wever
-
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability
Vulnerability Lab
-
[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET
ERPScan inc
-
[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability
ERPScan inc
-
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
Stefan Kanthak
-
[SECURITY] [DSA 3716-1] firefox-esr security update
Moritz Muehlenhoff
-
[security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS)
security-alert
-
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details
Berend-Jan Wever
-
[security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information
security-alert
-
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset
Andrew Klaus
-
CVE-2016-4484: - Cryptsetup Initrd root Shell
Hector Marco
-
[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
security-alert
-
[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
security-alert
-
Multiple vulnerabilities in Barco Clickshare
vincent.ruijter
-
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2
SEC Consult Vulnerability Lab
-
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details
Berend-Jan Wever
-
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE
Maxim Solodovnik
-
WHM Panel Mail Delivery Reports crash database Vulnerability
iedb . team
-
CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart
unlimitsec
-
[SECURITY] [DSA 3711-1] mariadb-10.0 security update
Salvatore Bonaccorso
-
Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability
Secunia Research
-
CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser
tallison
-
Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability
Secunia Research
-
Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability
Secunia Research
-
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
Berend-Jan Wever
-
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0
nickyccwu
-
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details
Berend-Jan Wever
-
[SECURITY] [DSA 3709-1] libxslt security update
Salvatore Bonaccorso
-
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution
security-alert
-
URL Redirection Vulnerability In Verint Impact 360
sanehsingh
-
Cross-Site Scripting in Calendar WordPress Plugin
Summer of Pwnage
-
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin
Summer of Pwnage
-
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
Summer of Pwnage
-
Cross Site Scripting Vulnerability In Verint Impact 360
sanehsingh
-
[SECURITY] [DSA 3707-1] openjdk-7 security update
Moritz Muehlenhoff
-
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
Pedro Ribeiro
-
[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution
security-alert
-
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability
Vulnerability Lab
-
Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability
Vulnerability Lab
-
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability
Vulnerability Lab
-
Faraznet Cms Cross-Site Scripting Vulnerability
iedb . team
-
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
apparitionsec
-
Rapid PHP Editor CSRF Remote Command Execution
apparitionsec
-
[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting
security-alert
-
[security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution
security-alert
-
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution
KoreLogic Disclosures
-
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation
KoreLogic Disclosures
-
MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
Dawid Golunski
-
[security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
security-alert
-
Axessh 4.2.2 Denial Of Service
apparitionsec
-
[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS)
security-alert
-
Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
Cisco Systems Product Security Incident Response Team
-
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
Cisco Systems Product Security Incident Response Team
-
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
Berend-Jan Wever
-
[slackware-security] php (SSA:2016-305-04)
Slackware Security Team
-
[slackware-security] mariadb (SSA:2016-305-03)
Slackware Security Team
-
[slackware-security] x11 (SSA:2016-305-02)
Slackware Security Team
-
CfP and Special Session :: CyberSec2017
Jackie Blanco
-
OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())
Ralf Spenneberg
-
[HITB-Announce] HITB2017AMS CFP
Hafez Kamal
-
October 2016 - Crowd - Critical Security Advisory
David Black
-
[SECURITY] [DSA 3691-2] ghostscript regression update
Salvatore Bonaccorso
-
[SECURITY] [DSA 3701-2] nginx regression update
Salvatore Bonaccorso
-
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
Apple Product Security
-
[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
security-alert
-
[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
HP Security Alert
-
[SECURITY] [DSA 3700-1] asterisk security update
Moritz Muehlenhoff
-
[SECURITY] [DSA 3701-1] nginx security update
Florian Weimer
-
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
FreeBSD Security Advisories
-
CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path
Dennis E. Hamilton
-
wincvs-2.0.2.4 Privilege Escalation
apparitionsec
-
APPLE-SA-2016-10-24-3 Safari 10.0.1
Apple Product Security
-
[SECURITY] [DSA 3698-1] php5 security update
Salvatore Bonaccorso
-
Puppet Enterprise Web Interface User Enumeration
apparitionsec
-
Puppet Enterprise Web Interface Authentication Redirect
apparitionsec
-
Oracle Netbeans IDE v8.1 Import Directory Traversal
apparitionsec
-
ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability
EMC Product Security Response Center
-
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
Stefan Kanthak
-
[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
dirtycow
-
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Stefan Kanthak
-
[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution
security-alert
-
Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability
Cisco Systems Product Security Incident Response Team
-
[SECURITY] [DSA 3695-1] quagga security update
Florian Weimer
-
[SECURITY] [DSA 3694-1] tor security update
Moritz Muehlenhoff
-
[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability
ERPScan inc
-
[SECURITY] [DSA 3693-1] libgd2 security update
Moritz Muehlenhoff
-
Evernote for Windows DLL Loading Remote Code Execution Vulnerability
mehta . himanshu21
-
[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information
security-alert
-
Snort v2.9.7.0-WIN32 DLL Hijack
apparitionsec
-
ZendStudio IDE v13.5.1 Privilege Escalation
apparitionsec
-
Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability
Cisco Systems Product Security Incident Response Team
-
Multiple Vulnerabilities in Plone CMS
Sebastian Perez
-
[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities
security-alert
-
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
Vulnerability Lab
-
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities
ad...@evolution-sec.com
-
[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities
Gergely Eberhardt
-
SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)
SEC Consult Vulnerability Lab
-
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
matthias . deeg
-
Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]
Nightwatch Cybersecurity Research
-
[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks
matthias . deeg
-
[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
matthias . deeg
-
KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
KoreLogic Disclosures