Bugtraq
[Prev Page][Next Page]
- [SECURITY] [DSA 3150-1] vlc security update
- [security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution
- Fork CMS 3.8.3 - XSS Vulnerability
- Microweber 0.95 - SQL Injection Vulnerability
- Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities
- Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384
- [SECURITY] [DSA 3148-1] chromium-browser end of life
- Major Internet Explorer Vulnerability - NOT Patched
- Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
- [security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3147-1] openjdk-6 security update
- [SECURITY] [DSA 3146-1] requests security update
- ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability
- [SECURITY] [DSA 3145-1] privoxy security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3144-1] openjdk-7 security update
- NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability
- From: VMware Security Response Center
- Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection
- Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router
- Reflected XSS vulnarbility in Asus RT-N10 Plus Router
- ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
- Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385
- CVE-2014-8779: SSH Host keys on Pexip Infinity
- [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)
- Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- AST-2015-001: File descriptor leak when incompatible codecs are offered
- From: Asterisk Security Team
- [slackware-security] glibc (SSA:2015-028-01)
- From: Slackware Security Team
- KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation
- From: KoreLogic Disclosures
- [SECURITY] [DSA 3143-1] virtualbox security update
- Multiple vulnerabilities in MantisBT
- From: High-Tech Bridge Security Research
- Two XSS Vulnerabilities in SupportCenter Plus
- From: High-Tech Bridge Security Research
- [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8
- [CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8
- [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability
- From: Amplia Security Advisories
- NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues
- From: VMware Security Response Center
- [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities
- From: CORE Advisories Team
- FreeBSD Security Advisory FreeBSD-SA-15:03.sctp
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:02.kmem
- From: FreeBSD Security Advisories
- APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
- From: Apple Product Security
- APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
- From: Apple Product Security
- Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- From: Qualys Security Advisory
- APPLE-SA-2015-01-27-2 iOS 8.1.3
- From: Apple Product Security
- APPLE-SA-2015-01-27-1 Apple TV 7.0.3
- From: Apple Product Security
- [SECURITY] [DSA 3142-1] eglibc security update
- [SYSS-2014-012] FancyFon FAMOC - Session Fixation
- [SECURITY] [DSA 3141-1] wireshark security update
- [SYSS-2014-010] FancyFon FAMOC - SQL Injection
- [SECURITY] [DSA 3140-1] xen security update
- [SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt
- [SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting
- CVE-2015-0223: anonymous access to qpidd cannot be prevented
- CVE-2015-0224: qpidd can be crashed by unauthenticated user
- [CORE-2015-0002] - Android WiFi-Direct Denial of Service
- From: CORE Advisories Team
- WebKitGTK+ Security Advisory WSA-2015-0001
- From: Carlos Alberto Lopez Perez
- REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability
- From: Rewterz - Research Group
- Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
- From: Rewterz - Research Group
- REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability
- From: Rewterz - Research Group
- [HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days
- PhotoSync 1.1.3 Android - Command Inject Vulnerability
- Program-O v2.4.6 - Multiple Web Vulnerabilities
- CVE-2015-1180-xss-eventsentry
- CVE-2015-1179-xss-mango-automation-scada
- CVE-2015-1178-xss-x-cart-ecommerce
- CVE-2015-1177-xss-exponent
- SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP
- From: SEC Consult Vulnerability Lab
- CVE-2015-1176-xss-osticket
- [slackware-security] samba (SSA:2015-020-01)
- From: Slackware Security Team
- Remote Desktop v0.9.4 Android - Multiple Vulnerabilities
- [oCERT-2015-001] JasPer input sanitization errors
- iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll
- [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass
- From: RedTeam Pentesting GmbH
- PhotoSync v1.1.3 Android - Command Inject Vulnerability
- [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3134-1] sympa security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3133-1] privoxy security update
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
- CVE-2015-1175-xss-prestashop
- [SECURITY] [DSA 3132-1] icedove security update
- MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities
- [slackware-security] mozilla-firefox (SSA:2015-016-02)
- From: Slackware Security Team
- [SECURITY] [DSA 3131-1] xdg-utils security update
- CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability
- [slackware-security] seamonkey (SSA:2015-016-04)
- From: Slackware Security Team
- [slackware-security] freetype (SSA:2015-016-01)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2015-016-03)
- From: Slackware Security Team
- [ MDVSA-2015:027 ] kernel
- Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability
- File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities
- Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability
- From: admin@xxxxxxxxxxxxxxxxx
- WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability
- VeryPhoto v3.0 iOS - Command Injection Vulnerability
- CatBot v0.4.2 (PHP) - SQL Injection Vulnerability
- [SECURITY] [DSA 3129-1] rpm security update
- Alienvault OSSIM/USM Command Execution Vulnerability
- [ MDVSA-2015:025 ] mpfr
- [ MDVSA-2015:026 ] untrf
- [ MDVSA-2015:024 ] libsndfile
- [ MDVSA-2015:023 ] libvirt
- [SECURITY] [DSA 3128-1] linux security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-15:01.openssl
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3127-1] iceweasel security update
- Two XSS vulnerabilities in Simple Security WordPress Plugin
- From: High-Tech Bridge Security Research
- MS14-080 CVE-2014-6365 Code
- AusCERT2015 Call for Papers: closes 18th January
- [security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information
- [SECURITY] [DSA 3123-2] binutils-mingw-w64 security update
- Sitefinity Enterprise v7.2.53 - Persistent Vulnerability
- Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities
- [security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information
- SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
- From: SEC Consult Vulnerability Lab
- CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user
- SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones
- From: SEC Consult Vulnerability Lab
- MS14-080 CVE-2014-6365 Technical Details Without "Nonsense"
- [security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution
- [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
- Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
- [SECURITY] [DSA 3126-1] php5 security update
- Corel Software DLL Hijacking
- From: CORE Advisories Team
- CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
- From: RedTeam Pentesting GmbH
- [ MDVSA-2015:022 ] wireshark
- [ MDVSA-2015:021 ] curl
- [ MDVSA-2015:020 ] libssh
- ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities
- Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability
- Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability
- Blitz CMS Community - SQL Injection Web Vulnerability
- [SECURITY] [DSA 3125-1] openssl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3124-1] otrs2 security update
- From: Salvatore Bonaccorso
- Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
- [security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
- [ MDVSA-2015:019 ] openssl
- Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities
- Re: [SECURITY] [DSA 3122-1] curl security update
- [SECURITY] [DSA 3122-1] curl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3121-1] file security update
- Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada
- [ MDVSA-2015:018 ] asterisk
- [ MDVSA-2015:017 ] libevent
- [ MDVSA-2015:016 ] unzip
- [ MDVSA-2015:015 ] sox
- [ MDVSA-2015:014 ] libjpeg
- [ MDVSA-2015:013 ] znc
- [ MDVSA-2015:012 ] jasper
- [ MDVSA-2015:011 ] nail
- [ MDVSA-2015:010 ] file
- [ MDVSA-2015:009 ] krb5
- [ MDVSA-2015:008 ] pwgen
- [ MDVSA-2015:007 ] unrtf
- [ MDVSA-2015:006 ] mediawiki
- [security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3120-1] mantis security update
- Brother MFC Administration Reflected Cross-Site Scripting
- Self-XSS in Microsoft Dynamics CRM 2013 SP1
- From: High-Tech Bridge Security Research
- ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities
- [ MDVSA-2015:005 ] subversion
- Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
- ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities
- [SECURITY] [DSA 3119-1] libevent security update
- From: Salvatore Bonaccorso
- [ MDVSA-2015:001 ] c-icap
- [ MDVSA-2015:002 ] pcre
- Open-Xchange Security Advisory 2015-01-05
- [SECURITY] [DSA 3118-1] strongswan security update
- [ MDVSA-2015:003 ] ntp
- [ MDVSA-2015:004 ] php
- [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360
- [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
- [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
- [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
- [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
- [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
- [SECURITY] [DSA 3117-1] php5 security update
- From: Salvatore Bonaccorso
- [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
- Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
- ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability
- ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability
- [SECURITY] [DSA 3116-1] polarssl security update
- Remote Code Execution via Unauthorised File upload in Cforms 14.7
- [SECURITY] [DSA 3115-1] pyyaml security update
- nullcon HackIM Challenge 9-11 Jan 2015
- [SECURITY] [DSA 3113-1] unzip security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3114-1] mime-support security update
- From: Salvatore Bonaccorso
- Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability
- Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
- PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability
- Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability
- ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability
- Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability
- Facebook Bug Bounty #17 - Migrate Privacy Vulnerability
- DRAM unreliable under specific access patern
- Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5
- From: steffen . roesemann1986
- Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- FreeBSD Security Advisory FreeBSD-SA-14:31.ntp
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3110-1] mediawiki security update
- [SECURITY] [DSA 3112-1] sox security update
- From: Salvatore Bonaccorso
- Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
- From: steffen . roesemann1986
- [slackware-security] xorg-server (SSA:2014-356-03)
- From: Slackware Security Team
- [slackware-security] php (SSA:2014-356-02)
- From: Slackware Security Team
- [slackware-security] ntp (SSA:2014-356-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3111-1] cpio security update
- APPLE-SA-2014-12-22-1 OS X NTP Security Update
- From: Apple Product Security
- [oCERT-2014-011] UnZip input sanitization errors
- [oCERT-2014-010] SoX input sanitization errors
- VP-2014-004 SysAid Server Arbitrary File Disclosure
- [SECURITY] [DSA 3109-1] firebird2.5 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3107-2] subversion regression update
- [SECURITY] [DSA 3108-1] ntp security update
- [SECURITY] [DSA 3107-1] subversion security update
- [SECURITY] [DSA 3106-1] jasper security update
- From: Salvatore Bonaccorso
- TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367
- TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325
- Facebook BB #18 - IDOR Issue & Privacy Vulnerability
- Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability
- iBackup v10.0.0.45 - Privilege Escalation Vulnerability
- SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3
- From: Apple Product Security
- [oCERT-2014-012] JasPer input sanitization errors
- SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager
- From: SEC Consult Vulnerability Lab
- iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability
- E-Journal CMS (ID) - Multiple Web Vulnerabilities
- Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability
- Apple iOS v8.x - Message Context & Privacy Vulnerability
- Jease CMS v2.11 - Persistent UI Web Vulnerability
- Morfy CMS v1.05 - Command Execution Vulnerability
- Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability
- Cross-Site Scripting (XSS) in Revive Adserver
- From: High-Tech Bridge Security Research
- secuvera-SA-2014-01: Reflected XSS in W3 Total Cache
- FreeBSD Security Advisory FreeBSD-SA-14:30.unbound
- From: FreeBSD Security Advisories
- [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities
- [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution
- Elefant CMS v1.3.9 - Persistent Name Update Vulnerability
- [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities
- [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information
- RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability
- Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability
- Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability
- iWifi for Chat v1.1 iOS - Denial of Service Vulnerability
- [SECURITY] [DSA 3105-1] heirloom-mailx security update
- [SECURITY] [DSA 3104-1] bsd-mailx security update
- W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
- [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA
- From: Onapsis Research Labs
- "Ettercap 8.0 - 8.1" multiple vulnerabilities
- [SE-2014-02] Google App Engine Java security sandbox bypasses (status update)
- From: Security Explorations
- CA20141215-01: Security Notice for CA LISA Release Automation
- [ MDVSA-2014:252 ] nss
- [ MDVSA-2014:253 ] apache-mod_wsgi
- Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701
- From: steffen . roesemann1986
- Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]
- [ MDVSA-2014:242 ] yaml
- [SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3102-1] libyaml security update
- From: Salvatore Bonaccorso
- Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
- [ MDVSA-2014:238 ] bind
- [SECURITY] [DSA 3101-1] c-icap security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3100-1] mediawiki security update
- [ MDVSA-2014:239 ] flac
- [ MDVSA-2014:243 ] phpmyadmin
- [ MDVSA-2014:244 ] openafs
- [ MDVSA-2014:245 ] mutt
- CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"
- From: Christian Schneider
- CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"
- From: Christian Schneider
- [ MDVSA-2014:251 ] rpm
- [ MDVSA-2014:250 ] cpio
- [ MDVSA-2014:249 ] qemu
- [ MDVSA-2014:248 ] graphviz
- [ MDVSA-2014:247 ] jasper
- [ MDVSA-2014:246 ] openvpn
- ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability
- ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities
- ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability
- [security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- Docker 1.3.3 - Security Advisory [11 Dec 2014]
- [SECURITY] [DSA 3099-1] dbus security update
- ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities
- APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2
- From: Apple Product Security
- [SECURITY] [DSA 3098-1] graphviz security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3097-1] unbound security update
- [slackware-security] openssh (SSA:2014-344-03)
- From: Slackware Security Team
- [slackware-security] wpa_supplicant (SSA:2014-344-07)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2014-344-02)
- From: Slackware Security Team
- [slackware-security] pidgin (SSA:2014-344-05)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2014-344-01)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-344-06)
- From: Slackware Security Team
- [slackware-security] openvpn (SSA:2014-344-04)
- From: Slackware Security Team
- [SECURITY] [DSA 3096-1] pdns-recursor security update
- [SECURITY] [DSA 3095-1] xorg-server security update
- AST-2014-019: Remote Crash Vulnerability in WebSocket Server
- From: Asterisk Security Team
- FreeBSD Security Advisory FreeBSD-SA-14:29.bind
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:28.file
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:27.stdio
- From: FreeBSD Security Advisories
- NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities
- From: VMware Security Response Center
- [CVE-2014-7301] SGI Tempo System Database Password Exposure
- [CVE-2014-7302] SGI SUID Root Privilege Escalation
- [CVE-2014-7303] SGI Tempo System Database Exposure
- Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
- [security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
- From: VMware Security Response Center
- [CVE-2014-8340] phpTrafficA SQL injection
- [security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information
- Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120
- [SECURITY] [DSA 3093-1] linux security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3094-1] bind9 security update
- [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds
- [ANN] Apache Struts 2.3.20 GA release available with security fix
- CFP: InfoSec SouthWest 2015 (ISSW)
- CMS Made Simple PHP Code Injection Vulnerability (All versions)
- Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux
- [SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google)
- From: Security Explorations
- [SECURITY] [DSA 3091-1] getmail4 security update
- [SECURITY] [DSA 3092-1] icedove security update
- NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass)
- NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- From: VMware Security Response Center
- Offset2lib: bypassing full ASLR on 64bit Linux
- [security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [SECURITY] [DSA 3090-1] iceweasel security update
- [SECURITY] [DSA 3089-1] jasper security update
- From: Salvatore Bonaccorso
- [oCERT-2014-009] JasPer input sanitization errors
- [SECURITY] [DSA 3088-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3087-1] qemu security update
- From: Salvatore Bonaccorso
- Re: Slider Revolution/Showbiz Pro shell upload exploit
- CVE-2014-9215 - SQL Injection in PBBoard CMS
- APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
- From: Apple Product Security
- [SECURITY] [DSA 3086-1] tcpdump security update
- From: Salvatore Bonaccorso
- Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection
- From: Ewerson Guimarães (Crash) - Dclabs
- Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360
- [slackware-security] mozilla-thunderbird (SSA:2014-337-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3085-1] wordpress security update
- F5 BIGIP - (OLD!) Persistent XSS in ASM Module
- ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability
- ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability
- CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress
- [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
- From: RedTeam Pentesting GmbH
- [SECURITY] [DSA 3084-1] openvpn security update
- [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire
- From: RedTeam Pentesting GmbH
- CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4
- [SECURITY] [DSA 3081-1] libvncserver security update
- [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360
- [SECURITY] [DSA 3082-1] flac security update
- [SECURITY] [DSA 3083-1] mutt security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3080-1] openjdk-7 security update
- [SECURITY] [DSA 3079-1] ppp security update
- WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034)
- [ MDVSA-2014:237 ] perl-Mojolicious
- [ MDVSA-2014:236 ] file
- [ MDVSA-2014:235 ] perl-Plack
- [ MDVSA-2014:234 ] libksba
- Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
- [security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information
- [ MDVSA-2014:233 ] wordpress
- [SECURITY] [DSA 3078-1] libksba security update
- From: Salvatore Bonaccorso
- [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
- [ MDVSA-2014:232 ] glibc
- [ MDVSA-2014:231 ] icecast
- [ MDVSA-2014:230 ] kernel
- [security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 3077-1] openjdk-6 security update
- [ MDVSA-2014:229 ] libvncserver
- CVE-2014-5439 - Root shell on Sniffit [with exploit]
- Сross-Site Request Forgery (CSRF) in xEpan
- From: High-Tech Bridge Security Research
- [ MDVSA-2014:228 ] phpmyadmin
- [SECURITY] [DSA 3076-1] wireshark security update
- [security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
- [security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information
- Slider Revolution/Showbiz Pro shell upload exploit
- [security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information
- [ MDVSA-2014:227 ] ffmpeg
- [ MDVSA-2014:226 ] imagemagick
- [ MDVSA-2014:225 ] ruby
- [oCERT 2014-008] libFLAC multiple issues
- Docker 1.3.2 - Security Advisory [24 Nov 2014]
- CVE-2014-8419 - CodeMeter Weak Service Permissions
- Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin
- From: Larry W. Cashdollar
- [security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
- [ MDVSA-2014:224 ] krb5
- [ MDVSA-2014:223 ] wireshark
- [ MDVSA-2014:222 ] libvirt
- [ MDVSA-2014:221 ] php-smarty
- [ MDVSA-2014:220 ] qemu
- [ MDVSA-2014:219 ] srtp
- [security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities
- [ MDVSA-2014:218 ] asterisk
- WordPress 3 persistent script injection
- AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.
- From: Asterisk Security Team
- AST-2014-013: PJSIP ACLs are not loaded on startup
- From: Asterisk Security Team
- AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver
- From: Asterisk Security Team
- AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver
- From: Asterisk Security Team
- AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
- From: Asterisk Security Team
- AST-2014-018: AMI permission escalation through DB dialplan function
- From: Asterisk Security Team
- AST-2014-014: High call load may result in hung channels in ConfBridge.
- From: Asterisk Security Team
- Multiple SQL Injection in SP Client Document Manager plugin
- [SECURITY] [DSA 3075-1] drupal7 security update
- From: Salvatore Bonaccorso
- CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin
- [ MDVSA-2014:217 ] clamav
- [ MDVSA-2014:216 ] php-ZendFramework
- [CORE-2014-0008] - Advantech AdamView Buffer Overflow
- From: CORE Advisories Team
- [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow
- From: CORE Advisories Team
- [CORE-2014-0009] - Advantech EKI-6340 Command Injection
- From: CORE Advisories Team
- CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM
- From: Portcullis Advisories
- [SECURITY] [DSA 3074-2] php5 regression update
- Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension
- From: High-Tech Bridge Security Research
- [ MDVSA-2014:215 ] gnutls
- [SECURITY] [DSA 3074-1] php5 security update
- [ MDVSA-2014:213 ] curl
- [ MDVSA-2014:214 ] dbus
- CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload
- CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload
- CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload
- APPLE-SA-2014-11-17-3 Apple TV 7.0.2
- From: Apple Product Security
- [security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code
- APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1
- From: Apple Product Security
- APPLE-SA-2014-11-17-1 iOS 8.1.1
- From: Apple Product Security
- [slackware-security] mozilla-thunderbird (SSA:2014-320-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3073-1] libgcrypt11 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information
- CVE-2014-8683 XSS in Gogs Markdown Renderer
- CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs
- Re: CVE-2014-8732
- Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
- [security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3050-3] iceweasel security update
- From: Salvatore Bonaccorso
- Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]
- CVE-2014-8732
- CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
- [SECURITY] [DSA 3072-1] file security update
- [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)
- [security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access
- [security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution
- [security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code
- [security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information
- [security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
- [SECURITY] [DSA 3071-1] nss security update
- [security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution
- Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211]
- [security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities
- [security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution
- BookFresh - Persistent Clients Invite Vulnerability
- [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360
- [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro
- [SECURITY] [DSA 3070-1] kfreebsd-9 security update
- CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests
- [SECURITY] [DSA 3069-1] curl security update
- From: Salvatore Bonaccorso
- PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability
- SeasonApps iTransfer 1.1 - Persistent UI Vulnerability
- Open-Xchange Security Advisory 2014-11-07
- [SECURITY] [DSA 3068-1] konversation security update
- FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED]
- From: FreeBSD Security Advisories
- Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]
- XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
- From: Larry W. Cashdollar
- ZTE ZXDSL 831 Multiple Cross Site Scripting
- ZTE 831CII Multiple Vulnerablities
- ZTE ZXDSL 831CII Direct Object Reference
- CA20141103-01: Security Notice for CA Cloud Service Management
- [SECURITY] [DSA 3067-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3066-1] qemu security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3065-1] libxml-security-java security update
- i.Mage Local Crash Poc
- [CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper
- SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
- From: SEC Consult Vulnerability Lab
- Cisco RV Series multiple vulnerabilities
- [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser
- i-FTP Buffer Overflow SEH
- i.Hex Local Crash Poc
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers
- From: Cisco Systems Product Security Incident Response Team
- ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability
- WordPress Wordfence Firewall 5.1.2 Cross Site Scripting
- Arbitrary File Upload in HelpDEZk
- From: High-Tech Bridge Security Research
- Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms
- From: High-Tech Bridge Security Research
- Wordpress bulletproof-security <=.51 multiple vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-14:26.ftp
- From: FreeBSD Security Advisories
- CVE-2014-6616 Softing FG-100 Webui XSS
- CVE-2014-6617 Softing FG-100 Backdoor Account
- KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read
- From: KoreLogic Disclosures
- FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:24.sshd
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3064-1] php5 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBUX03162 SSRT101767 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer
- Call for Papers - WorldCIST'15 - Best papers published in JCR/SCI journals
- [Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform
- From: AppCheck_Advisories
- [slackware-security] php (SSA:2014-307-03)
- From: Slackware Security Team
- Ahrareandeysheh CMS Cross-Site Scripting Vulnerability
- [slackware-security] mozilla-firefox (SSA:2014-307-02)
- From: Slackware Security Team
- [slackware-security] mariadb (SSA:2014-307-01)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-307-04)
- From: Slackware Security Team
- Modx CMS CSRF Bypass & XSS Vulnerabilities
- CFP: Fourth World Congress - SEMCMI2015 - Malaysia
- [SECURITY] [DSA 3062-1] wget security update
- [SECURITY] [DSA 3063-1] quassel security update
- PARSADEV CMS Cross-Site Scripting Vulnerability
- "Aircrack-ng 1.2 Beta 3" multiple vulnerabilities
- [SECURITY] [DSA 3061-1] icedove security update
- [SECURITY] [DSA 3060-1] linux security update
- From: Salvatore Bonaccorso
- [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU
- From: Security Explorations
- SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access
- From: SEC Consult Vulnerability Lab
- [SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)
- [security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- [security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)
- Call for Papers - WorldCIST'15 - Azores, Deadline: November 23
- [slackware-security] wget (SSA:2014-302-01)
- From: Slackware Security Team
- [security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)
- [SECURITY] [DSA 3059-1] dokuwiki security update
- Multiple vulnerabilities in EspoCRM
- From: High-Tech Bridge Security Research
- CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare
- SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2014:212 ] wget
- [ MDVSA-2014:211 ] wpa_supplicant
- [security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)
- [SECURITY] [DSA 3050-2] xulrunner update
- phpfusion (Search Page) Denial of Service Vulnerability
- [ MDVSA-2014:210 ] mariadb
- IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA
- [security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code
- [security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information
- Re: vulnerabilities in libbfd (CVE-2014-beats-me)
- Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)
- Folder Plus v2.5.1 iOS - Persistent Item Vulnerability
- Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability
- iFileExplorer v6.51 iOS - File Include Web Vulnerability
- WebDisk+ v2.1 iOS - Code Execution Vulnerability
- [SECURITY] [DSA 3058-1] torque security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information
- [SECURITY] [DSA 3057-1] libxml2 security update
- vulnerabilities in libbfd (CVE-2014-beats-me)
- [SECURITY] [DSA 3056-1] libtasn1-3 security update
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015
- [CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation
- NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability
- From: VMware Security Response Center
- iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
- Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
- [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
- [ MDVSA-2014:205 ] lua
- [ MDVSA-2014:209 ] java-1.7.0-openjdk
- [ MDVSA-2014:208 ] phpmyadmin
- [ MDVSA-2014:207 ] ejabberd
- [ MDVSA-2014:206 ] ctags
- [slackware-security] glibc (SSA:2014-296-01)
- From: Slackware Security Team
- [slackware-security] pidgin (SSA:2014-296-02)
- From: Slackware Security Team
- [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
- [SECURITY] [DSA 3055-1] pidgin security update
- OpenBSD <= 5.5 Local Kernel Panic
- From: Alejandro Hernandez
- [ MDVSA-2014:203 ] openssl
- [ MDVSA-2014:204 ] libxml2
- File Manager v4.2.10 iOS - Code Execution Vulnerability
- Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability
- [ MDVSA-2014:202 ] php
- APPLE-SA-2014-10-22-1 QuickTime 7.7.6
- From: Apple Product Security
- ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability
- ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability
- ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability
- File Manager v4.2.10 iOS - Code Execution Vulnerability
- iFunBox Free v1.1 iOS - File Include Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-14:23.openssl
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:21.routed
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:22.namei
- From: FreeBSD Security Advisories
- CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015
- From: icete . secretariat
- FileBug v1.5.1 iOS - Path Traversal Web Vulnerability
- Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities
- Vulnerabilities in WordPress Database Manager v2.7.1
- From: Larry W. Cashdollar
- [ MDVSA-2014:201 ] kernel
- [ MDVSA-2014:200 ] bugzilla
- [ MDVSA-2014:199 ] perl
- [ MDVSA-2014:198 ] mediawiki
- [ MDVSA-2014:197 ] python
- Incredible PBX remote command execution exploit
- [ MDVSA-2014:196 ] rsyslog
- [slackware-security] openssh (SSA:2014-293-01)
- From: Slackware Security Team
- [security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- [security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS)
- LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183
- APPLE-SA-2014-10-20-1 iOS 8.1
- From: Apple Product Security
- APPLE-SA-2014-10-20-2 Apple TV 7.0.1
- From: Apple Product Security
- AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
- From: Asterisk Security Team
- [SECURITY] [DSA 3054-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- [security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution
- [security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution
- [security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution
- [security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code
- [SECURITY] [DSA 3050-1] iceweasel security update
- Re: LiveZilla 5.3.0.7 Security Issue
- Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)
- APPLE-SA-2014-10-16-5 OS X Server v2.2.5
- From: Apple Product Security
- APPLE-SA-2014-10-16-4 OS X Server v3.2.2
- From: Apple Product Security
- APPLE-SA-2014-10-16-6 iTunes 12.0.1
- From: Apple Product Security
- APPLE-SA-2014-10-16-3 OS X Server v4.0
- From: Apple Product Security
- [SECURITY] [DSA 3053-1] openssl security update
- APPLE-SA-2014-10-16-2 Security Update 2014-005
- From: Apple Product Security
- Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
- From: Apple Product Security
- [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
- From: CORE Advisories Team
- [SECURITY] [DSA 3052-1] wpa security update
- [security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)
- [security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution
- [slackware-security] openssl (SSA:2014-288-01)
- From: Slackware Security Team
- Bypassing blacklists based on IPy
- [SECURITY] [DSA 3051-1] drupal7 security update
- Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin
- From: High-Tech Bridge Security Research
- SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces
- From: SEC Consult Vulnerability Lab
- Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
- From: High-Tech Bridge Security Research
- Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability
- Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
- PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability
- PayPal Inc BB #98 MOS - Persistent Settings Vulnerability
- [SE-2014-01] Breaking Oracle Database through Java exploits (details)
- From: Security Explorations
- [SECURITY] [DSA 3049-1] wireshark security update
- two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)
- LiveZilla 5.3.0.7 Security Issue
- [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
- Reminder: Passwords14 CFP + registration announcement
- PayPal Inc BB #96 - Persistent Tags Vulnerability
- PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability
- PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability
- CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)
- From: Dirk-Willem van Gulik
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015
- CSP Bypass in android browser prior to 4.4
- SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer
- CSNC-2014-004 neuroML - Multiple Vulnerabilities
- SAP Security Note 1908531 - XXE in BusinessObjects Explorer
- SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer
- [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
- [security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution
- [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA
- From: Onapsis Research Labs
- [security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code
- [SECURITY] [DSA 3048-1] apt security update
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection
- From: Onapsis Research Labs
- Two XSS in Contact Form DB WordPress plugin
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3047-1] rsyslog security update
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
