Bugtraq

• Thread Index

• [security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS)
  • From: security-alert
• [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!
  • From: Pedro Ribeiro
• [security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
  • From: security-alert
• Multiple vulnerabilities in DrayTek VigorACS SI
  • From: Erik-Paul Dittmer
• OWTF 1.0 "Lionheart" released!
  • From: Abraham Aranguren
• Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
  • From: dkl
• CA20141001-01: Security Notice for Bash Shellshock Vulnerability
  • From: Williams, James K
• Multiple Vulnerabilities in Draytek Vigor 2130
  • From: Erik-Paul Dittmer
• PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 3044-1] qemu-kvm security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3042-1] exuberant-ctags security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3046-1] mediawiki security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3045-1] qemu security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code
  • From: security-alert
• PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability
  • From: Vulnerability Lab
• HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability
  • From: Vulnerability Lab
• BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
  • From: Vulnerability Lab
• CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway
  • From: mirko . casadei
• CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway
  • From: mirko . casadei
• [ MDVSA-2014:195 ] libvirt
  • From: security
• [ MDVSA-2014:194 ] phpmyadmin
  • From: security
• [security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
  • From: security-alert
• Elasticsearch vulnerability CVE-2014-6439
  • From: Jordan Sissel
• Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities
  • From: Patrick Webster
• [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution
  • From: security-alert
• the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
  • From: Michal Zalewski
• [ MDVSA-2014:193 ] xerces-j2
  • From: security
• [ MDVSA-2014:192 ] perl-Email-Address
  • From: security
• [SECURITY] [DSA 3041-1] xen security update
  • From: Moritz Muehlenhoff
• Reflected Cross-Site Scripting (XSS) in Textpattern
  • From: High-Tech Bridge Security Research
• Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin
  • From: High-Tech Bridge Security Research
• FreePBX (All Versions) RCE
  • From: rob . thomas
• NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
  • From: VMware Security Response Center
• [security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3040-1] rsyslog security update
  • From: Luciano Bello
• [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation
  • From: security-alert
• All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
  • From: Vulnerability Lab
• PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability
  • From: Vulnerability Lab
• PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• [slackware-security] seamonkey (SSA:2014-271-03)
  • From: Slackware Security Team
• London DEFCON - September 30th 2014
  • From: Major Malfunction
• [ MDVSA-2014:191 ] perl-XML-DT
  • From: security
• [slackware-security] bash (SSA:2014-272-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2014-271-02)
  • From: Slackware Security Team
• Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]
  • From: john . fitzpatrick
• Moab User Impersonation [CVE-2014-5375]
  • From: john . fitzpatrick
• Moab Authentication Bypass [CVE-2014-5300]
  • From: john . fitzpatrick
• [slackware-security] mozilla-firefox (SSA:2014-271-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3039-1] chromium-browser security update
  • From: Michael Gilbert
• [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
  • From: Pedro Ribeiro
• [SECURITY] [DSA 3038-1] libvirt security update
  • From: Salvatore Bonaccorso
• Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon
  • From: Aditya Gupta
• WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies
  • From: ML
• [SECURITY] [DSA 3037-1] icedove security update
  • From: Yves-Alexis Perez
• Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability
  • From: Vulnerability Lab
• Oracle Corporation MyOracle - Persistent Vulnerability
  • From: Vulnerability Lab
• Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:190 ] bash
  • From: security
• [slackware-security] bash (SSA:2014-268-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3036-1] mediawiki security update
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 3035-1] bash security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)
  • From: Slackware Security Team
• LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
  • From: advisories
• [oCERT-2014-007] libvncserver multiple issues
  • From: Andrea Barisani
• [slackware-security] bash (SSA:2014-267-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-nss (SSA:2014-267-02)
  • From: Slackware Security Team
• [ MDVSA-2014:189 ] nss
  • From: security
• [ MDVSA-2014:187 ] curl
  • From: security
• [ MDVSA-2014:188 ] wireshark
  • From: security
• [SECURITY] [DSA 3034-1] iceweasel security update
  • From: Yves-Alexis Perez
• CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control
  • From: main
• [SECURITY] [DSA 3033-1] nss security update
  • From: Yves-Alexis Perez
• [security bulletin] HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information
  • From: security-alert
• Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key
  • From: Gunnar Wolf
• [ MDVSA-2014:186 ] bash
  • From: security
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:184 ] net-snmp
  • From: security
• [ MDVSA-2014:183 ] phpmyadmin
  • From: security
• [ MDVSA-2014:182 ] zarafa
  • From: security
• [ MDVSA-2014:181 ] dump
  • From: security
• [ MDVSA-2014:185 ] libgadu
  • From: security
• [ MDVSA-2014:183 ] phpmyadmin
  • From: security
• [SECURITY] [DSA 3032-1] bash security update
  • From: Florian Weimer
• Two SQL Injections in All In One WP Security WordPress plugin
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 3031-1] apt security update
  • From: Salvatore Bonaccorso
• CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser
  • From: Steffen Bauch
• [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability
  • From: Egidio Romano
• [KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• Glype proxy cookie jar path traversal allows code execution
  • From: Securify B.V.
• Glype proxy local address filter bypass
  • From: Securify B.V.
• [security bulletin] HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access
  • From: security-alert
• Glype proxy privacy settings can be disabled via CSRF
  • From: Securify B.V.
• Re: TP-LINK WDR4300 - Stored XSS & DoS
  • From: Simon Waters
• [ MDVSA-2014:180 ] gnupg
  • From: security
• Re: TP-LINK WDR4300 - Stored XSS & DoS
  • From: ozelisyan
• Strength and Weakness of Methods to Confirm SSH Host Key
  • From: John Leo
• TP-LINK WDR4300 - Stored XSS & DoS
  • From: ozelisyan
• [SECURITY] [DSA 3030-1] mantis security update
  • From: Moritz Muehlenhoff
• CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product
  • From: Christian Schneider
• [SECURITY] [DSA 3029-1] nginx security update
  • From: Salvatore Bonaccorso
• Re: Multiple Vulnerabilities with Aztech Modem Routers
  • From: Federick Joe P Fajardo
• CVE ID Syntax Change - Deadline Approaching
  • From: Christey, Steven M.
• Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
  • From: VSR Advisories
• [SECURITY] [DSA 3025-2] apt regression update
  • From: Salvatore Bonaccorso
• AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations
  • From: Asterisk Security Team
• AST-2014-009: Remote crash based on malformed SIP subscription requests
  • From: Asterisk Security Team
• APPLE-SA-2014-09-17-7 Xcode 6.0.1
  • From: Apple Product Security
• Oracle Corporation MyOracle - Persistent Vulnerability
  • From: Vulnerability Lab
• Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
  • From: VSR Advisories
• APPLE-SA-2014-09-17-6 OS X Server 2.2.3
  • From: Apple Product Security
• APPLE-SA-2014-09-17-5 OS X Server 3.2.1
  • From: Apple Product Security
• APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
  • From: Apple Product Security
• APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
  • From: Apple Product Security
• CVE ID Syntax Change - Deadline Approaching
  • From: Christey, Steven M.
• [SECURITY] [DSA 3028-1] icedove security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3027-1] libav security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2014-09-17-2 Apple TV 7
  • From: Apple Product Security
• APPLE-SA-2014-09-17-1 iOS 8
  • From: Apple Product Security
• Reflected Cross-Site Scripting (XSS) in MODX Revolution
  • From: High-Tech Bridge Security Research
• Path Traversal in webEdition
  • From: High-Tech Bridge Security Research
• MIUI Torch Open Vulnerability
  • From: vuln
• MIUI Wifi Connection Message Vulnerability
  • From: vuln
• Android Bluetooth Pairing Packet Processing Vulnerability&#65288;by wangzq from NCNIPC&#65289;
  • From: vuln
• [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow
  • From: CORE Advisories Team
• [SECURITY] [DSA 3026-1] dbus security update
  • From: Florian Weimer
• [SECURITY] [DSA 3025-1] apt security update
  • From: Salvatore Bonaccorso
• USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280
  • From: Onur Yilmaz
• Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308
  • From: Onur Yilmaz
• FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
  • From: FreeBSD Security Advisories
• ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities
  • From: Security Alert
• Briefcase 4.0 iOS - Code Execution & File Include Vulnerability
  • From: Vulnerability Lab
• Multiple Vulnerabilities with Aztech Modem Routers
  • From: Federick Joe P Fajardo
• Passwords^14 Norway - CFP
  • From: Per Thorsheim
• Open-Xchange Security Advisory 2014-09-15
  • From: Martin Heiland
• Re: HttpFileServer 2.3.x Remote Command Execution
  • From: danielelinguaglossa
• [security bulletin] HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information
  • From: security-alert
• HttpFileServer 2.3.x Remote Command Execution
  • From: danielelinguaglossa
• NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability
  • From: VMware Security Response Center
• [SECURITY] [DSA 3024-1] gnupg security update
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 3023-1] bind9 security update
  • From: Salvatore Bonaccorso
• Call for Participation: Semantic Web Business and Innovation (SWBI2015) * Switzerland
  • From: jackie
• ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability
  • From: Vulnerability Lab
• Photorange v1.0 iOS - File Include Web Vulnerability
  • From: Vulnerability Lab
• PhotoSync v2.2 iOS - Command Inject Web Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3021-2] file regression update
  • From: Luciano Bello
• [SECURITY] [DSA 3022-1] curl security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 3020-1] acpi-support security update
  • From: Raphael Geissert
• [SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat
  • From: Mark Thomas
• [security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code
  • From: security-alert
• [slackware-security] seamonkey (SSA:2014-252-01)
  • From: Slackware Security Team
• NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries
  • From: VMware Security Response Center
• Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
  • From: sales
• [SECURITY] [DSA 3021-1] file security update
  • From: Luciano Bello
• FreeBSD Security Advisory FreeBSD-SA-14:18.openssl
  • From: FreeBSD Security Advisories
• Cisco Security Advisory: Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability
  • From: main
• [security bulletin] HPSBST03106 rev.1 - HP P2000 G3 MSA Array System running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• [slackware-security] php (SSA:2014-247-01)
  • From: Slackware Security Team
• CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"
  • From: Christian Schneider
• CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler"
  • From: Christian Schneider
• CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler"
  • From: Christian Schneider
• t2’14 Challenge to be released 2014-09-13 10:00 EEST
  • From: Tomi Tuominen
• Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
  • From: Stefan Kanthak
• [security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities
  • From: security-alert
• [slackware-security] mozilla-thunderbird (SSA:2014-247-03)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-247-02)
  • From: Slackware Security Team
• [ MDVSA-2014:179 ] python-django
  • From: security
• [ MDVSA-2014:178 ] ppp
  • From: security
• [ MDVSA-2014:175 ] glibc
  • From: security
• [ MDVSA-2014:177 ] squid
  • From: security
• [ MDVSA-2014:176 ] libgcrypt
  • From: security
• apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error
  • From: Elar Lang
• [WorldCIST'15]: Call for Workshops Proposals; Best papers published in ISI Journals
  • From: ML
• [SECURITY] [DSA 3019-1] procmail security update
  • From: Salvatore Bonaccorso
• Uninit memory disclosure via truncated images in Firefox
  • From: Michal Zalewski
• [ MDVSA-2014:174 ] apache
  • From: security
• Avolve Software ProjectDox Multiple Vulnerability Disclosure
  • From: Romano, Christian
• [security bulletin] HPSBMU03083 rev.2 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 3018-1] iceweasel security update
  • From: Moritz Muehlenhoff
• Reflected Cross-Site Scripting (XSS) in MyWebSQL
  • From: High-Tech Bridge Security Research
• Reflected Cross-Site Scripting (XSS) in BlackCat CMS
  • From: High-Tech Bridge Security Research
• [ MDVSA-2014:172 ] php
  • From: security
• [ MDVSA-2014:173 ] busybox
  • From: security
• Re: ntopng 1.2.0 XSS injection using monitored network traffic
  • From: Steffen Bauch
• [CORE-2014-0005] - Advantech WebAccess Vulnerabilities
  • From: CORE Advisories Team
• [security bulletin] HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 3017-1] php-cas security update
  • From: Thijs Kinkhorst
• Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability
  • From: Vulnerability Lab
• Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
  • From: Stefan Kanthak
• [ MDVSA-2014:171 ] dhcpcd
  • From: security
• [ MDVSA-2014:170 ] jakarta-commons-httpclient
  • From: security
• [ MDVSA-2014:169 ] bugzilla
  • From: security
• [ MDVSA-2014:168 ] libvncserver
  • From: security
• [ MDVSA-2014:167 ] file
  • From: security
• [ MDVSA-2014:166 ] serf
  • From: security
• [ MDVSA-2014:165 ] krb5
  • From: security
• [ MDVSA-2014:163 ] python-imaging
  • From: security
• [ MDVSA-2014:164 ] phpmyadmin
  • From: security
• [ MDVSA-2014:162 ] catfish
  • From: security
• [ MDVSA-2014:161 ] subversion
  • From: security
• [ MDVSA-2014:160 ] gpgme
  • From: security
• Re: [FD] SSH host key fingerprint - through HTTPS
  • From: John Leo
• Re: SSH host key fingerprint - through HTTPS
  • From: John Leo
• Re: [FD] SSH host key fingerprint - through HTTPS
  • From: John Leo
• Re: [FD] SSH host key fingerprint - through HTTPS
  • From: John Leo
• Re: SSH host key fingerprint - through HTTPS
  • From: Jamie Riden
• Re: SSH host key fingerprint - through HTTPS
  • From: Lukasz Biegaj
• [SECURITY] [DSA 3016-1] lua5.2 security update
  • From: Florian Weimer
• Re: [FD] SSH host key fingerprint - through HTTPS
  • From: john
• Re: [FD] SSH host key fingerprint - through HTTPS
  • From: Jeroen van der Ham
• [SECURITY] [DSA 3015-1] lua5.1 security update
  • From: Florian Weimer
• Re: [FD] SSH host key fingerprint - through HTTPS
  • From: maxigas
• WWW File Share Pro v7.0 - Denial of Service Vulnerability
  • From: Vulnerability Lab
• Re: SSH host key fingerprint - through HTTPS
  • From: Chris Nehren
• Avira License Application - Cross Site Request Forgery Vulnerability
  • From: Vulnerability Lab
• Re: SSH host key fingerprint - through HTTPS
  • From: Micha Borrmann
• CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia
  • From: liezelle
• SSH host key fingerprint - through HTTPS
  • From: John Leo
• [SECURITY] [DSA 2987-2] openjdk-7 regression update
  • From: Florian Weimer
• WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
  • From: jesus . ramirez . pichardo
• WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
  • From: jesus . ramirez . pichardo
• Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
  • From: sales
• Sierra Library Services Platform Multiple Vulnerability Disclosure
  • From: Romano, Christian
• Re: SaaS Marketing platform Hubspot export vulnerability
  • From: security
• [SECURITY] [DSA 3014-1] squid3 security update
  • From: Salvatore Bonaccorso
• SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting
  • From: SEC Consult Vulnerability Lab
• Aerohive Hive Manager and Hive OS Multiple Vulnerabilities
  • From: Disclosure
• [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
  • From: Pedro Ribeiro
• [SECURITY] [DSA 3013-1] s3ql security update
  • From: Florian Weimer
• Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30)
  • From: jackie
• [SECURITY] [DSA 3012-1] eglibc security update
  • From: Florian Weimer
• SaaS Marketing platform Hubspot export vulnerability
  • From: ehoward
• Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
  • From: Fernando Gont
• Mathematica10.0.0 on Linux /tmp/MathLink vulnerability
  • From: paul . szabo
• Encore Discovery Solution Multiple Vulnerability Disclosure
  • From: Romano, Christian
• ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability
  • From: Security Alert
• [security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification
  • From: advisories
• ntopng 1.2.0 XSS injection using monitored network traffic
  • From: Steffen Bauch
• DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config
  • From: cseye_ut
• [WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc.
  • From: WorldCIST
• MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
  • From: cseye_ut
• DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config
  • From: cseye_ut
• Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)
  • From: Vulnerability Lab
• Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707)
  • From: Vulnerability Lab
• [SECURITY] [DSA 3011-1] mediawiki security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3010-1] python-django security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities
  • From: security-alert
• CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability
  • From: Herbert Duerr
• CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects
  • From: Herbert Duerr
• DoS attacks (ICMPv6-based) resulting from IPv6 EH drops
  • From: Fernando Gont
• [security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• [CVE-2014-5335] CSRF in Innovaphone PBX
  • From: rg
• [SECURITY] [DSA 3009-1] python-imaging security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3008-2] php5 regression update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2940-1] libstruts1.2-java security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3008-1] php5 security update
  • From: Salvatore Bonaccorso
• ToorCon 16 Call For Papers!
  • From: h1kari
• ArcGIS for Server Vulnerability Disclosure
  • From: Romano, Christian
• CVE-2014-4973 - Privilege Escalation in ESET Windows Products
  • From: Portcullis Advisories
• SQL Injection Vulnerability in ArticleFR
  • From: High-Tech Bridge Security Research
• ICETC2014 - IEEE Extended Submission until Aug. 28, 2014
  • From: jackie
• CVE-2014-5307 - Privilege Escalation in Panda Security Products
  • From: Portcullis Advisories
• [SECURITY] [DSA 3007-1] cacti security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
  • From: CERT
• [security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
  • From: security-alert
• [Call For Papers] RiseCON - Rosario, Argentina
  • From: Info RiseCON
• ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities
  • From: Security Alert
• [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability
  • From: Jacopo Cappellato
• ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
  • From: Security Alert
• ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability
  • From: Security Alert
• ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities
  • From: Security Alert
• ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities
  • From: Security Alert
• [SECURITY] [DSA 3006-1] xen security update
  • From: Moritz Muehlenhoff
• CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
  • From: Dirk-Willem van Gulik
• Outlook.com for Android fails to validate server certificates
  • From: Securify B.V.
• CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request
  • From: tekwizz123
• Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
  • From: Stefan Kanthak
• Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
  • From: Stefan Kanthak
• Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
  • From: Stefan Kanthak
• [SECURITY] [DSA 3005-1] gpgme1.0 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code
  • From: security-alert
• APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6
  • From: Apple Product Security
• [security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• Reflected Cross-Site Scripting (XSS) in Jamroom
  • From: High-Tech Bridge Security Research
• [oCERT-2014-006] Ganeti insecure archive permission
  • From: Andrea Barisani
• BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04]
  • From: security
• CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service
  • From: Gregory Pickett
• Apache Cordova 3.5.1: CVE-2014-3502 update
  • From: Marcel Kinard
• [security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2984-2] acpi-support regression update
  • From: Raphael Geissert
• IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)
  • From: Jamie Riden
• [slackware-security] openssl (SSA:2014-220-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3004-1] kde4libs security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3003-1] libav security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3002-1] wireshark security update
  • From: Moritz Muehlenhoff
• MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend
  • From: Benjamin Kaduk
• [SECURITY] [DSA 3001-1] wordpress security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3000-1] krb5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2999-1] drupal7 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• [ MDVSA-2014:158 ] openssl
  • From: security
• [ MDVSA-2014:159 ] wireshark
  • From: security
• ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability
  • From: Security Alert
• [ MDVSA-2014:157 ] ipython
  • From: security
• [WorldCIST'15]: Call for Workshops Proposals - Proceedings by Springer
  • From: ML
• [security bulletin] HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
  • From: security-alert
• Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
  • From: Stefan Kanthak
• [security bulletin] HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege
  • From: security-alert
• [security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code
  • From: security-alert
• Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2014:156 ] ocsinventory
  • From: security
• [ MDVSA-2014:154 ] readline
  • From: security
• TomatoCart v1.x (latest-stable) Multiple Vulnerabilities
  • From: Kenny Mathis
• (kind of) new tool: american fuzzy lop
  • From: Michal Zalewski
• [ MDVSA-2014:155 ] kernel
  • From: security
• (CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities
  • From: David Kaplan
• [SECURITY] [DSA 2998-1] openssl security update
  • From: Raphael Geissert
• [ MDVSA-2014:152 ] glibc
  • From: security
• [ MDVSA-2014:153 ] mediawiki
  • From: security
• [ MDVSA-2014:151 ] cups
  • From: security
• Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• RE: ownCloud Unencrypted Private Key Exposure
  • From: Mikhail A. Utin
• RE: ownCloud Unencrypted Private Key Exposure
  • From: Mikhail A. Utin
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Frank Stanek
• nullcon CFP is open
  • From: nullcon
• [ MDVSA-2014:150 ] tor
  • From: security
• RE: ownCloud Unencrypted Private Key Exposure - version (6.0.4) reported not vulnerable
  • From: Choulat, Trace
• PhotoSync v2.2 iOS - Command Inject Web Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:149 ] php
  • From: security
• PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege
  • From: security-alert
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Jack Brennan
• [SECURITY] [DSA 2997-1] reportbug security update
  • From: Salvatore Bonaccorso
• CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java
  • From: Georg Lukas
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Anthony Dubuissez
• Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
  • From: mike . manzotti
• SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director
  • From: SEC Consult Vulnerability Lab
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Frank Stanek
• Apache Cordova 3.5.1
  • From: Marcel Kinard
• Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability
  • From: Vulnerability Lab
• [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
  • From: Mike Antcliffe
• [security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
  • From: security-alert
• CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall
  • From: Portcullis Advisories
• [security bulletin] HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• FreeDisk v1.01 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• ownCloud Unencrypted Private Key Exposure
  • From: Senderek Web Security
• [SECURITY] [DSA 2996-1] icedove security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2995-1] lzo2 security update
  • From: Salvatore Bonaccorso
• [slackware-security] dhcpcd (SSA:2014-213-02)
  • From: Slackware Security Team
• [slackware-security] samba (SSA:2014-213-01)
  • From: Slackware Security Team
• Microsoft Exchange Multiple Vulnerabilities
  • From: np
• [SECURITY] [DSA 2993-1] tor security update
  • From: Salvatore Bonaccorso
• Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• C++11 <regex> insecure by default
  • From: submit
• [security bulletin] HPSBMU03081 rev.1 - HP Enterprise Maps, Remote Information Disclosure
  • From: security-alert
• [ MDVSA-2014:148 ] dbus
  • From: security
• [ MDVSA-2014:147 ] sendmail
  • From: security
• [SECURITY] [DSA 2994-1] nss security update
  • From: Raphael Geissert
• TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2014:146 ] file
  • From: security
• [ MDVSA-2014:145 ] php-ZendFramework
  • From: security
• Improper Access Control in ArticleFR
  • From: High-Tech Bridge Security Research
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Joe Souza
• [ MDVSA-2014:142 ] apache
  • From: security
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• [ MDVSA-2014:144 ] live
  • From: security
• [ MDVSA-2014:143 ] phpmyadmin
  • From: security
• Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]
  • From: Programa STIC
• [ MDVSA-2014:140 ] owncloud
  • From: security
• [security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• [ MDVSA-2014:141 ] java-1.7.0-openjdk
  • From: security
• [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass
  • From: Onapsis Research Labs
• [ MDVSA-2014:139 ] nss
  • From: security
• [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication
  • From: Onapsis Research Labs
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities
  • From: Vulnerability Lab
• WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 2992-1] linux security update
  • From: Salvatore Bonaccorso
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities
  • From: vulns
• Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities
  • From: vulns
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Gynvael Coldwind
• Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 2991-1] modsecurity-apache security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2990-1] cups security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)
  • From: security-alert
• Web Encryption Extension security update
  • From: Ralf Senderek
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities
  • From: Vulnerability Lab
• Easy file sharing web server - persist XSS in forum msgs
  • From: joseph . giron13
• [SECURITY] [DSA 2988-1] transmission security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2989-1] apache2 security update
  • From: Stefan Fritsch
• Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
  • From: dkl
• Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• [SECURITY] [DSA 2987-1] openjdk-7 security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2014-204-03)
  • From: Slackware Security Team
• Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398
  • From: Vulnerability Lab
• [slackware-security] mozilla-firefox (SSA:2014-204-02)
  • From: Slackware Security Team
• [slackware-security] httpd (SSA:2014-204-01)
  • From: Slackware Security Team
• [security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 2986-1] iceweasel security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
  • From: security-alert
• SQL Injection in Е2
  • From: High-Tech Bridge Security Research
• [oCERT-2014-005] LPAR2RRD input sanitization errors
  • From: Daniele Bianco
• Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
  • From: cseye_ut
• [SECURITY] [DSA 2985-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2984-1] acpi-support security update
  • From: Luciano Bello
• Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information
  • From: security-alert
• Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability
  • From: Vulnerability Lab
• Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080
  • From: audit1
• Cross-site Scripting in EventLog Analyzer 9.0 build #9000
  • From: audit1
• [oCERT-2014-004] Ansible input sanitization errors
  • From: Andrea Barisani
• Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin
  • From: president
• [SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
  • From: Moritz Muehlenhoff
• CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
  • From: Jordan Sissel
• CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure
  • From: i amroot
• [SECURITY] [DSA 2983-1] drupal7 security update
  • From: Moritz Muehlenhoff
• KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 2981-1] polarssl security update
  • From: Salvatore Bonaccorso
• ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability
  • From: Security Alert
• Microsoft MSN HBE - Blind SQL Injection Vulnerability
  • From: Vulnerability Lab
• Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)
  • From: Vulnerability Lab
• [SECURITY] [DSA 2980-1] openjdk-6 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2979-1] fail2ban security update
  • From: Moritz Muehlenhoff
• Ignore the amount customers confirm is no security vulnerability according to PayPal
  • From: Jan Kechel
• [HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August
  • From: Hafez Kamal
• IP.Board 3.4 cross-site scripting in Referer header
  • From: stormhacker
• [SECURITY] [DSA 2765-2] davfs regression update
  • From: Thijs Kinkhorst
• Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client"
  • From: SEC Consult Vulnerability Lab
• Reflected Cross-Site Scripting (XSS) in e107
  • From: High-Tech Bridge Security Research
• VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)
  • From: VUPEN Security Research
• SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition
  • From: SEC Consult Vulnerability Lab
• KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code
  • From: security-alert
• Node Browserify RCE vuln (<= 4.2.0)
  • From: Cal Leeming [Simplicity Media Ltd]
• [security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
  • From: security-alert
• Ruxcon 2014 Final Call For Presentations
  • From: cfp
• [security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege
  • From: security-alert
• [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [slackware-security] php (SSA:2014-192-01)
  • From: Slackware Security Team
• [ MDVSA-2014:138 ] asterisk
  • From: security
• [SECURITY] [DSA 2978-1] libxml2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2977-1] libav security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2014:137 ] apache-mod_wsgi
  • From: security
• [ MDVSA-2014:136 ] samba
  • From: security
• [SECURITY] [DSA 2976-1] eglibc security update
  • From: Florian Weimer
• Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability
  • From: Vulnerability Lab
• Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:135 ] python
  • From: security
• [ MDVSA-2014:134 ] liblzo
  • From: security
• SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop
  • From: SEC Consult Vulnerability Lab
• [ MDVSA-2014:133 ] gd
  • From: security
• SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2975-1] phpmyadmin security update
  • From: Thijs Kinkhorst
• Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• Weak Local Database Credentials in Infoblox Network Automation
  • From: nate
• OS Command Injection Infoblox Network Automation
  • From: nate
• [ MDVSA-2014:132 ] libxfont
  • From: security
• [ MDVSA-2014:131 ] file
  • From: security
• [ MDVSA-2014:129 ] ffmpeg
  • From: security
• [ MDVSA-2014:130 ] php
  • From: security
• [ MDVSA-2014:128 ] iodine
  • From: security
• [ MDVSA-2014:127 ] gnupg
  • From: security
• [SECURITY] [DSA 2974-1] php5 security update
  • From: Salvatore Bonaccorso
• Android NFC Service Denial of Service
  • From: vuln
• CVE-2014-4331 OctavoCMS reflected XSS vulnerability
  • From: andreu . antonio
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
  • From: Cisco Systems Product Security Incident Response Team
• FreeBSD Security Advisory FreeBSD-SA-14:17.kmem
  • From: FreeBSD Security Advisories
• [security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
  • From: security-alert
• [ MDVSA-2014:126 ] phpmyadmin
  • From: security
• CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
  • From: Portcullis Advisories
• [SECURITY] [DSA 2973-1] vlc security update
  • From: Moritz Muehlenhoff
• Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit
  • From: Sumit Siddharth
• [security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
  • From: security-alert
• ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability
  • From: Security Alert
• ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities
  • From: Security Alert
• Photo Org WonderApplications v8.3 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• CVE-2014-3863 - Stored XSS in JChatSocial
  • From: Teodor Lupan
• [SECURITY] CVE-2014-3503 Apache Syncope
  • From: Francesco Chicchiriccò
• Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability
  • From: Vulnerability Lab
• Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability
  • From: Vulnerability Lab
• Backdoor access to Techboard/Syac devices
  • From: roberto . paleari
• {CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities.
  • From: Madhu Akula
• iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
  • From: Stefan Kanthak
• Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100)
  • From: a . blas
• [SECURITY] [DSA 2972-1] linux security update
  • From: Salvatore Bonaccorso
• Lime Survey 2-05+ Multiple Vulnerabilities
  • From: g-damore
• [security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• POC2014 Call for Paper
  • From: pocadm
• [security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass
  • From: security-alert
• [security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code
  • From: security-alert
• [SECURITY] [DSA 2971-1] dbus security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• Cross-Site Request Forgery (CSRF) in Kanboard
  • From: High-Tech Bridge Security Research
• CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board"
  • From: Christian Schneider
• SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom
  • From: SEC Consult Vulnerability Lab
• Kerio Control <= 8.3.1 Boolean-based blind SQL Injection
  • From: info
• ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities
  • From: Security Alert
• APPLE-SA-2014-06-30-4 Apple TV 6.1.2
  • From: Apple Product Security
• APPLE-SA-2014-06-30-3 iOS 7.1.2
  • From: Apple Product Security
• [security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003
  • From: Apple Product Security
• APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5
  • From: Apple Product Security
• SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS
  • From: SEC Consult Vulnerability Lab
• ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
  • From: Security Alert
• ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability
  • From: Security Alert
• [SECURITY] [DSA 2970-1] cacti security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2969-1] libemail-address-perl security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege
  • From: security-alert
• [SECURITY] [DSA 2968-1] gnupg2 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• CFP 1st International Conference on Information Systems Security and Privacy - ICISSP 2015
  • From: calendarsites
• [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 2967-1] gnupg security update
  • From: Salvatore Bonaccorso
• CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014
  • From: Portcullis Advisories
• CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)
  • From: Portcullis Advisories
• [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
  • From: RedTeam Pentesting GmbH
• [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery
  • From: RedTeam Pentesting GmbH
• Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite
  • From: High-Tech Bridge Security Research
• [slackware-security] bind (SSA:2014-175-01)
  • From: Slackware Security Team
• NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library
  • From: "VMware Security Response Center"
• [slackware-security] seamonkey (SSA:2014-175-05)
  • From: Slackware Security Team
• [slackware-security] samba (SSA:2014-175-04)
  • From: Slackware Security Team
• [slackware-security] gnupg (SSA:2014-175-02)
  • From: Slackware Security Team
• [slackware-security] gnupg2 (SSA:2014-175-03)
  • From: Slackware Security Team
• FreeBSD Security Advisory FreeBSD-SA-14:16.file
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:15.iconv
  • From: FreeBSD Security Advisories
• [security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• [HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week
  • From: Hafez Kamal
• [security bulletin] HPSBMU03051 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• Boolean algebra and CSS history theft
  • From: Michal Zalewski
• Android KeyStore Stack Buffer Overflow (CVE-2014-3100)
  • From: Roee Hay
• [security bulletin] HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2964-1] iodine security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2966-1] samba security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 2965-1] tiff security update
  • From: Michael Gilbert
• [security bulletin] HPSBOV03047 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
  • From: security-alert
• Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities
  • From: Vulnerability Lab
• Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability
  • From: Vulnerability Lab
• Multiple SQL Injection Vulnerabilities in web2Project
  • From: High-Tech Bridge Security Research
• SQL Injection in Dolphin
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal
  • From: security-alert
• [security bulletin] HPSBUX03046 SSRT101590 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
  • From: security-alert
• [SECURITY] [DSA 2962-1] nspr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2963-1] lucene-solr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2961-1] php5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2950-2] openssl update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2960-1] icedove security update
  • From: Moritz Muehlenhoff
• [CFP] Hacktivity 2014 CFP is open
  • From: ferenc . spala
• [SE-2014-01] Security vulnerabilities in Oracle Database Java VM
  • From: Security Explorations
• [SECURITY] [DSA 2959-1] chromium-browser security update
  • From: Michael Gilbert
• ClipBucket CMS Xss Vulnerability
  • From: iedb . team
• [ MDVSA-2014:125 ] nspr
  • From: security
• [ MDVSA-2014:124 ] kernel
  • From: security
• [SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution
  • From: Brett Porter
• [security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
  • From: security-alert
• AST-2014-006: Asterisk Manager User Unauthorized Shell Access
  • From: Asterisk Security Team
• CVE-2014-0228: Apache Hive Authorization vulnerability
  • From: Thejas Nair
• [SECURITY] [DSA 2957-1] mediawiki security update
  • From: Thijs Kinkhorst
• [security bulletin] HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
  • From: Asterisk Security Team
• AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
  • From: Asterisk Security Team
• AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
  • From: Asterisk Security Team
• [SECURITY] [DSA 2958-1] apt security update
  • From: Thijs Kinkhorst
• [slackware-security] mozilla-thunderbird (SSA:2014-163-01)
  • From: Slackware Security Team
• CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones
  • From: J. Oquendo
• [SECURITY] [DSA 2955-1] iceweasel security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2956-1] icinga security update
  • From: Moritz Muehlenhoff
• Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:122 ] chkrootkit
  • From: security
• [ MDVSA-2014:123 ] tor
  • From: security
• NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities
  • From: "VMware Security Response Center"
• CVE-2014-3977 - Privilege Escalation in IBM AIX
  • From: Portcullis Advisories
• [security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution
  • From: security-alert
• [ MDVSA-2014:120 ] miniupnpc
  • From: security
• [ MDVSA-2014:118 ] emacs
  • From: security
• [ MDVSA-2014:121 ] libgadu
  • From: security
• [ MDVSA-2014:119 ] mediawiki
  • From: security
• CodeIgniter <= 2.1.4 Session Decoding Vulnerability
  • From: Robin Bailey
• [ MDVSA-2014:117 ] libcap-ng
  • From: security
• [ MDVSA-2014:116 ] file
  • From: security
• [ MDVSA-2014:115 ] php
  • From: security
• [ MDVSA-2014:114 ] squid
  • From: security
• [ MDVSA-2014:113 ] python-django
  • From: security
• Re: MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
  • From: Pavel Machek
• [ MDVSA-2014:110 ] curl
  • From: security
• [ MDVSA-2014:112 ] python-django
  • From: security
• [ MDVSA-2014:111 ] otrs
  • From: security
• [ MDVSA-2014:106 ] openssl
  • From: security
• [slackware-security] php (SSA:2014-160-01)
  • From: Slackware Security Team
• [ MDVSA-2014:108 ] gnutls
  • From: security
• [SECURITY] [DSA 2954-1] dovecot security update
  • From: Salvatore Bonaccorso
• [ MDVSA-2014:109 ] gnutls
  • From: security
• [ MDVSA-2014:105 ] openssl
  • From: security
• [ MDVSA-2014:107 ] libtasn1
  • From: security
• [security bulletin] HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
  • From: security-alert
• DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability
  • From: cseye_ut
• DNN (DotNetNuke®) responsivesidebar Module Arbitrary File Download Vulnerability
  • From: cseye_ut
• DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability
  • From: cseye_ut
• DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability
  • From: cseye_ut
• DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability
  • From: cseye_ut
• DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability
  • From: cseye_ut
• [SECURITY] [DSA 2953-1] dpkg security update
  • From: Raphael Geissert
• [slackware-security] mozilla-firefox (SSA:2014-157-01)
  • From: Slackware Security Team
• CVE-2014-3740 - SpiceWorks Cross-site scripting
  • From: Dolev Farhi
• NeginGroup CMS Multiple Vulnerability
  • From: iedb . team
• [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering
  • From: Onapsis Research Labs
• [slackware-security] openssl (SSA:2014-156-03)
  • From: Slackware Security Team
• [slackware-security] sendmail (SSA:2014-156-04)
  • From: Slackware Security Team
• SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan
  • From: SEC Consult Vulnerability Lab
• [slackware-security] gnutls (SSA:2014-156-01)
  • From: Slackware Security Team
• [slackware-security] libtasn1 (SSA:2014-156-02)
  • From: Slackware Security Team
• Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
  • From: Jeffrey Walton
• [SECURITY] [DSA 2952-1] kfreebsd-9 security update
  • From: Nico Golde
• Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• Re: Bug in bash <= 4.3 [security feature bypassed]
  • From: Hector Marco
• [SECURITY] [DSA 2951-1] mupdf security update
  • From: Moritz Muehlenhoff
• Details for CVE-2014-0220
  • From: tucu
• [security bulletin] HPSBMU03029 rev.2 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
  • From: Security Alert
• [security bulletin] HPSBMU03028 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• multiple Vulnerability in "WahmShoppes eStore"
  • From: cseye_ut