FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30
FreeBSD Security Advisories (security-advisories freebsd org)

[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access 2016-01-29
security-alert hpe com

Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network 2016-01-29
kingkaustubh me com

[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification 2016-01-29
security-alert hpe com

ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation 2016-01-29
graphx sigaint org

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-01-29
Vulnerability Lab (research vulnerability-lab com)

ProjectSend multiple vulnerabilities 2016-01-29
Filippo Cavallarin (filippo cavallarin wearesegment com)

[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) 2016-01-28
security-alert hpe com

[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-28
security-alert hpe com

CVE-2015-7521: Apache Hive authorization bug disclosure 2016-01-28
khorgath apache org (Sushanth Sowmyan)

[SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28
Salvatore Bonaccorso (carnil debian org)

New Era Company CMS - (id) SQL Injection Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase 2016-01-28
Hacking Corporation Sàrl (releases hackingcorp ch)

[SECURITY] [DSA 3458-1] openjdk-7 security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3457-1] iceweasel security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

Log2Space Central v 6.2 Multiple XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28
Salvatore Bonaccorso (carnil debian org)

New Era Company CMS - (id) SQL Injection Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase 2016-01-28
Hacking Corporation Sàrl (releases hackingcorp ch)

[SECURITY] [DSA 3458-1] openjdk-7 security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3457-1] iceweasel security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

Log2Space Central v 6.2 Multiple XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)

Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability 2016-01-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability 2016-01-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Netgear GS105Ev2 - Multiple Vulnerabilities 2016-01-27
benedikt westermann i-sec tuv com

los818 CMS 2016 Q1 - SQL Injection Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Kleefa v1.7 (IR) - Multiple Web Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

los818 CMS 2016 Q1 - SQL Injection Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Kleefa v1.7 (IR) - Multiple Web Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Classic Infomedia (Login) - Auth Bypass Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Telegram (API) - Cross Site Request Forgery Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Apple WatchOS v2.1 - Denial of Service Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

BK Mobile CMS SQLi and XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3456-1] chromium-browser security update 2016-01-27
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3455-1] curl security update 2016-01-27
Alessandro Ghedini (ghedo debian org)

[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption 2016-01-27
ERPScan inc (erpscan online gmail com)

FreeBSD Security Advisory FreeBSD-SA-16:10.linux 2016-01-27
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:09.ntp 2016-01-27
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:08.bind 2016-01-27
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3454-1] virtualbox security update 2016-01-26
Moritz Muehlenhoff (jmm debian org)

WP-Ultimate CSV Importer XSS Vulnerability 2016-01-26
Rahul Pratap Singh (techno rps gmail com)

PHP LiteSpeed SAPI out of boundaries read due to missing input validation 2016-01-25
Imre RAD (imre rad search-lab hu)

[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities 2016-01-25
CORE Advisories Team (advisories coresecurity com)

Authentication bypass in PHP File Manager 0.9.8 2016-01-25
Imre Rad (imre rad search-lab hu)

APPLE-SA-2016-01-25-1 tvOS 9.1.1 2016-01-25
Apple Product Security (product-security-noreply lists apple com)

Magento 1.9.x Multiple Man-In The Middle 2016-01-25
cxsecurity protonmail com

glibc catopen() Multiple unbounded stack allocations 2016-01-25
cxsecurity protonmail com

[SECURITY] [DSA 3453-1] mariadb-10.0 security update 2016-01-25
Salvatore Bonaccorso (carnil debian org)

WP Easy Gallery v4.1.4 Stored XSS Vulnerability 2016-01-26
Rahul Pratap Singh (techno rps gmail com)

PHP LiteSpeed SAPI secret key improper disposal 2016-01-25
Imre RAD (imre rad search-lab hu)

PHP-FPM fpm_log.c memory leak and buffer overflow 2016-01-25
Imre RAD (imre rad search-lab hu)

Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) 2016-01-24
zemnmez googlemail com

ZyXel WAP3205 v1 Multiple XSS 2016-01-23
graphx sigaint org

HP ToComMsg DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)

PHP LiteSpeed SAPI secret key improper disposal 2016-01-25
Imre RAD (imre rad search-lab hu)

PHP-FPM fpm_log.c memory leak and buffer overflow 2016-01-25
Imre RAD (imre rad search-lab hu)

Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) 2016-01-24
zemnmez googlemail com

ZyXel WAP3205 v1 Multiple XSS 2016-01-23
graphx sigaint org

HP ToComMsg DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)

LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities 2016-01-23
Securify B.V. (lists securify nl)

HP LaserJet Fax Preview DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)

XMB - eXtreme Message Board v1.9.11.13 Weak Crypto 2016-01-23
hyp3rlinx lycos com

imageone Cms Multiple vulnerabilities 2016-01-23
iedb team gmail com

[SECURITY] [DSA 3452-1] claws-mail security update 2016-01-23
Ben Hutchings (benh debian org)

January 2016 - Bamboo - Critical Security Advisory 2016-01-22
David Black (dblack atlassian com)

[SECURITY] [DSA 3451-1] fuse security update 2016-01-21
Yves-Alexis Perez (corsac debian org)

Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" 2016-01-21
Stefan Kanthak (stefan kanthak nexgo de)

SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices 2016-01-21
SEC Consult Vulnerability Lab (research sec-consult com)

Oracle HtmlConverter.exe Buffer Overflow 2016-01-21
hyp3rlinx lycos com

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20
Onur Yilmaz (onur netsparker com)

APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" 2016-01-21
Stefan Kanthak (stefan kanthak nexgo de)

SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices 2016-01-21
SEC Consult Vulnerability Lab (research sec-consult com)

Oracle HtmlConverter.exe Buffer Overflow 2016-01-21
hyp3rlinx lycos com

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20
Onur Yilmaz (onur netsparker com)

APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-1 iOS 9.2.1 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3449-1] bind9 security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) 2016-01-19
security-alert hpe com

Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe 2016-01-19
Stefan Kanthak (stefan kanthak nexgo de)

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20
Onur Yilmaz (onur netsparker com)

APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-1 iOS 9.2.1 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3449-1] bind9 security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) 2016-01-19
security-alert hpe com

Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe 2016-01-19
Stefan Kanthak (stefan kanthak nexgo de)

[CORE-2016-0001] - Intel Driver Update Utility MiTM 2016-01-19
CORE Advisories Team (advisories coresecurity com)

Quick Cart v6.6 XSS Vulnerability 2016-01-19
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3448-1] linux security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)

Quick CMS v 6.1 XSS Vulnerability 2016-01-19
Rahul Pratap Singh (techno rps gmail com)

Advanced Electron Forum v1.0.9 RFI / CSRF 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 Persistent XSS 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 CSRF 2016-01-18
hyp3rlinx lycos com

[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)

Advanced Electron Forum v1.0.9 RFI / CSRF 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 Persistent XSS 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 CSRF 2016-01-18
hyp3rlinx lycos com

[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)

[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)

Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)

[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)

Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)

Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

FreeBSD Security Advisory FreeBSD-SA-16:07.openssh 2016-01-15
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD bsnmpd information disclosure 2016-01-15
Pierre Kim (pierre kim sec gmail com)

Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

FreeBSD Security Advisory FreeBSD-SA-16:05.tcp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:01.sctp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[slackware-security] dhcp (SSA:2016-012-01) 2016-01-13
Slackware Security Team (security slackware com)

Remote Code Execution in Roundcube 2016-01-13
High-Tech Bridge Security Research (advisory htbridge ch)

FreeBSD Security Advisory FreeBSD-SA-16:04.linux 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege 2016-01-13
security-alert hpe com

[SECURITY] [DSA 3444-1] wordpress security update 2016-01-13
Salvatore Bonaccorso (carnil debian org)

SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems 2016-01-12
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 3441-1] perl security update 2016-01-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3440-1] sudo security update 2016-01-11
Ben Hutchings (benh debian org)

Exploiting XXE vulnerabilities in AMF libraries 2016-01-11
Nicolas Grégoire (nicolas gregoire agarri fr)

Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
Reed Loden (reed reedloden com)

Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) 2016-01-10
fgghy dodo com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

OpenBravo Hibernate HQL Injection 2016-01-11
Ng, Sam \(Fortify\) (samn hpe com)

[SECURITY] [DSA 3439-1] prosody security update 2016-01-10
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3437-1] gnutls26 security update 2016-01-09
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3441-1] perl security update 2016-01-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3440-1] sudo security update 2016-01-11
Ben Hutchings (benh debian org)

Exploiting XXE vulnerabilities in AMF libraries 2016-01-11
Nicolas Grégoire (nicolas gregoire agarri fr)

Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
Reed Loden (reed reedloden com)

Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) 2016-01-10
fgghy dodo com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

OpenBravo Hibernate HQL Injection 2016-01-11
Ng, Sam \(Fortify\) (samn hpe com)

[SECURITY] [DSA 3439-1] prosody security update 2016-01-10
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3437-1] gnutls26 security update 2016-01-09
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3438-1] xscreensaver security update 2016-01-10
Michael Gilbert (mgilbert debian org)

CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer 2016-01-11
Stelios Tsampas (stelios census-labs com)

CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent 2016-01-11
Stelios Tsampas (stelios census-labs com)

Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-08
Stefan Kanthak (stefan kanthak nexgo de)

MobaXTerm before version 8.5 vulnerability in "jump host" functionality 2016-01-08
Thomas Bleier (thomas bleier at)

[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials 2016-01-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability 2016-01-08
Rahul Pratap Singh (techno rps gmail com)

[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) 2016-01-07
security-alert hpe com

Symantec EP DOS 2016-01-08
hyp3rphp gmail com

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)

[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability 2016-01-07
Daniel Schliebner (mail ds-develop de)

Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-08
Stefan Kanthak (stefan kanthak nexgo de)

MobaXTerm before version 8.5 vulnerability in "jump host" functionality 2016-01-08
Thomas Bleier (thomas bleier at)

[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials 2016-01-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability 2016-01-08
Rahul Pratap Singh (techno rps gmail com)

[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) 2016-01-07
security-alert hpe com

Symantec EP DOS 2016-01-08
hyp3rphp gmail com

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)

[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability 2016-01-07
Daniel Schliebner (mail ds-develop de)

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)

[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability 2016-01-07
Daniel Schliebner (mail ds-develop de)

Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 2016-01-07
Onur Yilmaz (onur netsparker com)

[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow 2016-01-07
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images 2016-01-07
RedTeam Pentesting GmbH (release redteam-pentesting de)

Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-07
Stefan Kanthak (stefan kanthak nexgo de)

[SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499) 2016-01-07
erlijn vangenuchten syss de

Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-07
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access 2016-01-06
security-alert hpe com

[SECURITY] [DSA 3434-1] linux security update 2016-01-05
Ben Hutchings (benh debian org)

[SECURITY] [DSA 3435-1] git security update 2016-01-05
Laszlo Boszormenyi \(GCS\) (gcs debian org)

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) 2016-01-04
Pierre Kim (pierre kim sec gmail com)

Confluence Vulnerabilities 2016-01-04
Sebastian Perez (s3bap3 gmail com)

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities 2016-01-03
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3433-1] samba security update 2016-01-02
Salvatore Bonaccorso (carnil debian org)

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) 2016-01-04
Pierre Kim (pierre kim sec gmail com)

Confluence Vulnerabilities 2016-01-04
Sebastian Perez (s3bap3 gmail com)

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities 2016-01-03
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3433-1] samba security update 2016-01-02
Salvatore Bonaccorso (carnil debian org)

Open Audit SQL Injection Vulnerability 2016-01-02
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability 2016-01-02
Stefan Seelmann (seelmann apache org)

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag 2016-01-01
Ralf Spenneberg (info os-t de)

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) 2016-01-04
Pierre Kim (pierre kim sec gmail com)

Confluence Vulnerabilities 2016-01-04
Sebastian Perez (s3bap3 gmail com)

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities 2016-01-03
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3433-1] samba security update 2016-01-02
Salvatore Bonaccorso (carnil debian org)

Open Audit SQL Injection Vulnerability 2016-01-02
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability 2016-01-02
Stefan Seelmann (seelmann apache org)

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag 2016-01-01
Ralf Spenneberg (info os-t de)

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag 2016-01-01
Ralf Spenneberg (info os-t de)

OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S 2016-01-01
Ralf Spenneberg (info os-t de)

[SECURITY] [DSA 3431-1] ganeti security update 2016-01-01
Moritz Muehlenhoff (jmm debian org)

OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders 2016-01-01
Ralf Spenneberg (info os-t de)

[SECURITY] [DSA 3432-1] icedove security update 2016-01-01
Moritz Muehlenhoff (jmm debian org)