Mail Thread Index

• Date Index

• Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key, cfpmontreal2018
• KonaKart Path Traversal Vulnerability, ajcraggs
• Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831, Atlassian
• [SECURITY] [DSA 4103-1] chromium-browser security update, Michael Gilbert
• SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range, SEC Consult Vulnerability Lab
• [security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection, cyber-psrt
• [slackware-security] php (SSA:2018-034-01), Slackware Security Team
• [SECURITY] [DSA 4104-1] p7zip security update, Salvatore Bonaccorso
• [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities, Core Security Advisories Team
• [SECURITY] [DSA 4105-1] mpv security update, Luciano Bello
• [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform, Security Explorations
• [slackware-security] Slackware 14.2 kernel (SSA:2018-037-01), Slackware Security Team
• SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4106-1] libtasn1-6 security update, Salvatore Bonaccorso
• [security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP), security-alert
• [SECURITY] [DSA 4107-1] django-anymail security update, Salvatore Bonaccorso
• SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 4105-2] mpv security update, Luciaon Bello
• Advisory - Fisheye and Crucible - CVE-2017-16861, David Black
• [SECURITY] [DSA 4108-1] mailman security update, Thijs Kinkhorst
• KL-001-2018-002 : NetEx HyperIP Authentication Bypass, KoreLogic Disclosures
• KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass, KoreLogic Disclosures
• KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution, KoreLogic Disclosures
• KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability, KoreLogic Disclosures
• Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM, Stefan Kanthak
  • Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM, Jeffrey Walton
    • Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM, Stefan Kanthak
• [SECURITY] [DSA 4110-1] exim4 security update, Salvatore Bonaccorso
• KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability, KoreLogic Disclosures
• [SECURITY] [DSA 4109-1] ruby-omniauth security update, Luciano Bello
• [SECURITY] [DSA 4111-1] libreoffice security update, Moritz Muehlenhoff
• CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security), apparitionsec
• [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass, security-alert
• [SECURITY] [DSA 4111-2] libreoffice security update, Moritz Muehlenhoff
• CSNC-2017-027 Microsoft Intune - App PIN Bypass, Advisories
• [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification, cyber-psrt
• Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS, Stefan Kanthak
• NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security), apparitionsec
• [SECURITY] [DSA 4113-1] libvorbis security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4112-1] xen security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4114-1] jackson-databind security update, Sebastien Delafond
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF, Arvind Vishwakarma
• [SECURITY] [DSA 4115-1] quagga security update, Salvatore Bonaccorso
• Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload, Arvind Vishwakarma
• [slackware-security] irssi (SSA:2018-046-01), Slackware Security Team
• Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12, dkl
• [SECURITY] [DSA 4116-1] plasma-workspace security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4117-1] gcc-4.9 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4118-1] tomcat-native security update, Salvatore Bonaccorso
• Kentico CMS version 9 through 11 - Arbitrary Code Execution, displaymyname
• Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect), displaymyname
• [SECURITY] [DSA 4119-1] libav security update, Moritz Muehlenhoff
• APPLE-SA-2018-02-19-4 watchOS 4.2.3, Apple Product Security
• APPLE-SA-2018-02-19-1 iOS 11.2.6, Apple Product Security
• APPLE-SA-2018-02-19-3 tvOS 11.2.6, Apple Product Security
• APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update, Apple Product Security
• Multiple Persistent XSS vulnerabilities in Radiant Content Management System, suparna . kachru
• Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS, preethiknambiar
• Sharutils 4.15.2 Heap-Buffer-Overflow, nafiez
  • Sharutils 4.15.2 Heap-Buffer-Overflow, nafiez
• SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors, SEC Consult Vulnerability Lab
• DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability, Defense Code
• [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities, Core Security Advisories Team
• [SECURITY] [DSA 4121-1] gcc-6 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 4120-1] linux security update, Yves-Alexis Perez
• [SECURITY] [DSA 4122-1] squid3 security update, Salvatore Bonaccorso
• Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5, Justin Bull
• [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance, cyber-psrt
• [SECURITY] [DSA 4123-1] drupal7 security update, Moritz Muehlenhoff
• CMS Made Simple 2.1.6 - Remote Code Execution, displaymyname
• ES2018-01 Asterisk pjsip subscribe stack corruption, Sandro Gauci
• ES2018-02 Asterisk pjsip sdp invalid fmtp segfault, Sandro Gauci
• ES2018-04 Asterisk pjsip tcp segfault, Sandro Gauci
• ES2018-03 Asterisk pjsip sdp invalid media format description segfault, Sandro Gauci
• SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket, SEC Consult Vulnerability Lab
• [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service, security-alert
• [SECURITY] [DSA 4124-1] lucene-solr security update, Moritz Muehlenhoff
• SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management, SEC Consult Vulnerability Lab