Mail Index

• Thread Index

• Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key
  • From: cfpmontreal2018
• KonaKart Path Traversal Vulnerability
  • From: ajcraggs
• Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831
  • From: Atlassian
• [SECURITY] [DSA 4103-1] chromium-browser security update
  • From: Michael Gilbert
• SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range
  • From: SEC Consult Vulnerability Lab
• [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
  • From: cyber-psrt
• [slackware-security] php (SSA:2018-034-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 4104-1] p7zip security update
  • From: Salvatore Bonaccorso
• [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [SECURITY] [DSA 4105-1] mpv security update
  • From: Luciano Bello
• [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform
  • From: Security Explorations
• [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01)
  • From: Slackware Security Team
• SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4106-1] libtasn1-6 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
  • From: security-alert
• [SECURITY] [DSA 4107-1] django-anymail security update
  • From: Salvatore Bonaccorso
• SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4105-2] mpv security update
  • From: Luciaon Bello
• Advisory - Fisheye and Crucible - CVE-2017-16861
  • From: David Black
• [SECURITY] [DSA 4108-1] mailman security update
  • From: Thijs Kinkhorst
• KL-001-2018-002 : NetEx HyperIP Authentication Bypass
  • From: KoreLogic Disclosures
• KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass
  • From: KoreLogic Disclosures
• KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution
  • From: KoreLogic Disclosures
• KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability
  • From: KoreLogic Disclosures
• Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• [SECURITY] [DSA 4110-1] exim4 security update
  • From: Salvatore Bonaccorso
• KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 4109-1] ruby-omniauth security update
  • From: Luciano Bello
• [SECURITY] [DSA 4111-1] libreoffice security update
  • From: Moritz Muehlenhoff
• CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)
  • From: apparitionsec
• [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass
  • From: security-alert
• [SECURITY] [DSA 4111-2] libreoffice security update
  • From: Moritz Muehlenhoff
• CSNC-2017-027 Microsoft Intune - App PIN Bypass
  • From: Advisories
• [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification
  • From: cyber-psrt
• Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
  • From: Stefan Kanthak
• NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)
  • From: apparitionsec
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Jeffrey Walton
• [SECURITY] [DSA 4113-1] libvorbis security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4112-1] xen security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4114-1] jackson-databind security update
  • From: Sebastien Delafond
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF
  • From: Arvind Vishwakarma
• [SECURITY] [DSA 4115-1] quagga security update
  • From: Salvatore Bonaccorso
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload
  • From: Arvind Vishwakarma
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• [slackware-security] irssi (SSA:2018-046-01)
  • From: Slackware Security Team
• Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12
  • From: dkl
• [SECURITY] [DSA 4116-1] plasma-workspace security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4117-1] gcc-4.9 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4118-1] tomcat-native security update
  • From: Salvatore Bonaccorso
• Kentico CMS version 9 through 11 - Arbitrary Code Execution
  • From: displaymyname
• Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
  • From: displaymyname
• [SECURITY] [DSA 4119-1] libav security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2018-02-19-4 watchOS 4.2.3
  • From: Apple Product Security
• APPLE-SA-2018-02-19-1 iOS 11.2.6
  • From: Apple Product Security
• APPLE-SA-2018-02-19-3 tvOS 11.2.6
  • From: Apple Product Security
• APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update
  • From: Apple Product Security
• Multiple Persistent XSS vulnerabilities in Radiant Content Management System
  • From: suparna . kachru
• Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS
  • From: preethiknambiar
• Sharutils 4.15.2 Heap-Buffer-Overflow
  • From: nafiez
• Sharutils 4.15.2 Heap-Buffer-Overflow
  • From: nafiez
• SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors
  • From: SEC Consult Vulnerability Lab
• DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability
  • From: Defense Code
• [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [SECURITY] [DSA 4121-1] gcc-6 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 4120-1] linux security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 4122-1] squid3 security update
  • From: Salvatore Bonaccorso
• Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5
  • From: Justin Bull
• [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance
  • From: cyber-psrt
• [SECURITY] [DSA 4123-1] drupal7 security update
  • From: Moritz Muehlenhoff
• CMS Made Simple 2.1.6 - Remote Code Execution
  • From: displaymyname
• ES2018-01 Asterisk pjsip subscribe stack corruption
  • From: Sandro Gauci
• ES2018-02 Asterisk pjsip sdp invalid fmtp segfault
  • From: Sandro Gauci
• ES2018-04 Asterisk pjsip tcp segfault
  • From: Sandro Gauci
• ES2018-03 Asterisk pjsip sdp invalid media format description segfault
  • From: Sandro Gauci
• SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service
  • From: security-alert
• [SECURITY] [DSA 4124-1] lucene-solr security update
  • From: Moritz Muehlenhoff
• SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management
  • From: SEC Consult Vulnerability Lab