Bugtraq
[Prev Page][Next Page]
- FreeBSD Security Advisory FreeBSD-SA-14:14.openssl
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 2949-1] linux security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2950-1] openssl security update
- [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager
- From: RedTeam Pentesting GmbH
- Re: Bug in bash <= 4.3 [security feature bypassed]
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- [security bulletin] HPSBMU03033 rev.3 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2946-1] python-gnupg security update
- [SECURITY] [DSA 2948-1] python-bottle security update
- [SECURITY] [DSA 2947-1] libav security update
- ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability
- [SECURITY] [DSA 2945-1] chkrootkit security update
- FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail
- From: FreeBSD Security Advisories
- Bug in bash <= 4.3 [security feature bypassed]
- Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- From: Jose Carlos Luna Duran
- [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies
- FreeBSD Security Advisory FreeBSD-SA-14:13.pam
- From: FreeBSD Security Advisories
- CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2
- From: Portcullis Advisories
- CVE-2014-1226 s3dvt Root shell (still)
- CVE-2013-6825 DCMTK Root Privilege escalation
- CVE-2013-6876 s3dvt Root shell
- iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability
- Files Desk Pro v1.4 iOS - File Include Web Vulnerability
- Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities
- TigerCom My Assistant v1.1 iOS - File Include Vulnerability
- Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability
- AllReader v1.0 iOS - Multiple Web Vulnerabilities
- NG WifiTransfer Pro 1.1 - File Include Vulnerability
- CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"
- From: Christian Schneider
- LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues
- CVE-2013-6825 DCMTK Root Privilege escalation
- Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability
- CVE-2014-1226 s3dvt Root shell (still)
- FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS)
- VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own)
- From: VUPEN Security Research
- [FD] CVE-2013-6876 s3dvt Root shell
- ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability
- CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite"
- From: Christian Schneider
- CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"
- From: Christian Schneider
- [slackware-security] mariadb (SSA:2014-152-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2942-1] typo3-src security update
- [SECURITY] [DSA 2944-1] gnutls26 security update
- Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress
- From: Yarubo Internet Security Scan
- [SECURITY] [DSA 2941-1] lxml security update
- [SECURITY] [DSA 2943-1] php5 security update
- [SECURITY] [DSA 2939-1] chromium-browser security update
- Google Compute Engine Multiple DOS Vulnerabilities
- Google Compute Engine - Lateral Compromise
- NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
- From: "VMware Security Response Center"
- Mybb Sendthread Page Denial of Service Vulnerability
- OpenCart 1.5.6.4 Directory Traversal Vulnerability
- Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
- [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script
- From: RedTeam Pentesting GmbH
- SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2937-1] mod-wsgi security update
- Multiple vulnerabilities in Sharetronix
- From: High-Tech Bridge Security Research
- LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability
- From: LSE Leading Security Experts GmbH (Security Advisories)
- [SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze
- Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure
- [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure
- CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages
- From: Portcullis Advisories
- [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure
- [SECURITY] CVE-2014-0095 Apache Tomcat denial of service
- [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure
- [SECURITY] CVE-2014-0075 Apache Tomcat denial of service
- call for papers- CSSE2014
- [security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code
- VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own)
- From: VUPEN Security Research
- [security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information
- ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities
- [SECURITY] [DSA 2936-1] torque security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability
- [KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability
- [security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code
- Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure
- APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
- From: Apple Product Security
- [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability
- [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability
- [SECURITY] [DSA 2935-1] libgadu security update
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Products
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wide Area Application Services Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information
- SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4
- From: SEC Consult Vulnerability Lab
- Wordpress Booking System (Booking Calendar) plugin SQL Injection
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
- APPLE-SA-2014-15-20-1 OS X Server 3.1.2
- From: Apple Product Security
- CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS
- From: Portcullis Advisories
- CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS
- From: Portcullis Advisories
- CVE-2014-3450 - Privilege Escalation in Panda Security
- From: Portcullis Advisories
- CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS
- From: Portcullis Advisories
- [SECURITY] [DSA 2934-1] python-django security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS)
- Construtiva CIS Manager CMS POST SQLi
- t2'14: Call for Papers 2014 (Helsinki / Finland)
- JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
- FTP Rush: missing X.509 validation (FTP with TLS)
- [SECURITY] [DSA 2933-1] qemu-kvm security update
- [SECURITY] [DSA 2932-1] qemu security update
- [SECURITY] [DSA 2931-1] openssl security update
- [security bulletin] HPSBHF02946 rev.2 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege
- [SECURITY] [DSA 2930-1] chromium-browser security update
- APPLE-SA-2014-05-16-1 iTunes 11.2.1
- From: Apple Product Security
- [ MDVSA-2014:104 ] egroupware
- [ MDVSA-2014:101 ] owncloud
- [ MDVSA-2014:093 ] couchdb
- [ MDVSA-2014:099 ] dovecot
- [ MDVSA-2014:094 ] rxvt-unicode
- [ MDVSA-2014:097 ] libvirt
- [ MDVSA-2014:091 ] cups
- [ MDVSA-2014:103 ] wordpress
- [ MDVSA-2014:100 ] java-1.7.0-openjdk
- [ MDVSA-2014:102 ] mariadb
- [ MDVSA-2014:092 ] cups
- CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability
- [ MDVSA-2014:096 ] python-jinja2
- [ MDVSA-2014:098 ] rawtherapee
- [ MDVSA-2014:095 ] struts
- Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel
- From: High-Tech Bridge Security Research
- [ MDVSA-2014:089 ] nagios
- [SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
- APPLE-SA-2014-05-15-2 iTunes 11.2
- From: Apple Product Security
- APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3
- From: Apple Product Security
- [ MDVSA-2014:088 ] python-lxml
- [security bulletin] HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- [CVE-2014-0749] TORQUE Buffer Overflow
- [ MDVSA-2014:087 ] php
- [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability
- Bilyoner mobile apps prone to various SSL/TLS attacks
- CSRF and Remote Code Execution in EGroupware
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 2928-1] linux-2.6 security update
- Paypal Inc Bug Bounty #109 MOS - Bypass & Persistent Vulnerability
- [security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remote Disclosure of Information
- FreeBSD Security Advisory FreeBSD-SA-14:10.openssl
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 2927-1] libxfont security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03022 rev.2 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- FD - Cobbler Arbitrary File Read CVE-2014-3225
- [security bulletin] HPSBMU02964 rev.2 - HP Service Manager, Cross-Site Scripting (XSS), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
- Multiple Stored XSS in FOG Image deployment system - FD
- CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211
- From: Portcullis Advisories
- [security bulletin] HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
- ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
- [SECURITY] [DSA 2926-1] linux security update
- [security bulletin] HPSBMU02931 rev.6 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
- [ MDVSA-2014:086 ] libxml2
- [ MDVSA-2014:085 ] ldns
- [ MDVSA-2014:084 ] libpng
- [slackware-security] seamonkey (SSA:2014-131-01)
- From: Slackware Security Team
- ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability
- [security bulletin] HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege
- [security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information
- SSH key cloning problem in OnApp templates
- [security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS)
- [security bulletin] HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
- [SECURITY] [DSA 2925-1] rxvt-unicode security update
- [ MDVSA-2014:082 ] python-imaging
- Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier
- [ MDVSA-2014:081 ] apache-mod_security
- [ MDVSA-2014:083 ] mediawiki
- [ MDVSA-2014:080 ] openssl
- [security bulletin] HPSBMU02935 rev.3 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information
- [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW
- From: RedTeam Pentesting GmbH
- SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration
- From: SEC Consult Vulnerability Lab
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
- Cross-Site Scripting (XSS) in Offiria
- From: High-Tech Bridge Security Research
- Breakpoint 2014 Call For Presentations
- [security bulletin] HPSBMU02994 rev.4 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
- CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler
- From: Portcullis Advisories
- CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX
- From: Portcullis Advisories
- CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler
- From: Portcullis Advisories
- [security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
- CVE-2014-2845 - Cyberduck (Windows): Failure validating some certificates (using FTP-SSL) with untrusted root certificate authority
- [SECURITY] [DSA 2922-1] strongswan security update
- [security bulletin] HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
- Ruxcon 2014 Call For Papers
- [SECURITY] [DSA 2924-1] icedove security update
- [SECURITY] [DSA 2923-1] openjdk-7 security update
- [ANN] Struts 2.3.16.3 GA release available - security fix
- ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
- [SECURITY] [DSA 2921-1] xbuffy security update
- [SECURITY] [DSA 2920-1] chromium-browser security update
- [SECURITY] [DSA 2919-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
- [security bulletin] HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
- [security bulletin] HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges
- [security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information
- Re: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
- [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
- [security bulletin] HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- [security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
- [security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
- [SECURITY] [DSA 2915-2] dpkg security update
- Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability
- [security bulletin] HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
- FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]
- From: FreeBSD Security Advisories
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence System MXP Series
- From: Cisco Systems Product Security Incident Response Team
- [slackware-security] mozilla-thunderbird (SSA:2014-119-02)
- From: Slackware Security Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
- From: Cisco Systems Product Security Incident Response Team
- ESA-2014-029: RSA® Access Manager Sensitive Information Disclosure Vulnerability
- [slackware-security] mozilla-firefox (SSA:2014-119-01)
- From: Slackware Security Team
- LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access
- From: LSE Leading Security Experts GmbH (Security Advisories)
- [SECURITY] [DSA 2918-1] iceweasel security update
- Heartbleed Testing Server
- SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex
- From: SEC Consult Vulnerability Lab
- FreeBSD Security Advisory FreeBSD-SA-14:09.openssl
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:07.devfs
- From: FreeBSD Security Advisories
- [security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
- [ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114
- [security bulletin] HPSBUX02963 SSRT101297 rev.2 - HP-UX m4(1), Local Unauthorized Access
- [security bulletin] HPSBMU02995 rev.6 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2915-1] dpkg security update
- [SECURITY] [DSA 2917-1] super security update
- [SECURITY] [DSA 2916-1] libmms security update
- [security bulletin] HPSBGN03010 rev.2 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
- [ANN] Struts 2.3.16.2 GA release available - security fix
- [security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2913-1] drupal7 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2914-1] drupal6 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information
- [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper
- Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities
- [SECURITY] [DSA 2906-1] linux-2.6 security update
- [SECURITY] [DSA 2912-1] openjdk-6 security update
- [security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage Remote Disclosure of Information
- [security bulletin] HPSBMU02895 SSRT101253 rev.2 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
- [security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
- [security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information
- [security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service
- Birebin.com Android App SSL certificate validation weakness
- Misli.com Android App SSL certificate validation weakness
- Weak firmware encryption and predictable WPA key on Sitecom routers
- [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information
- [security bulletin] HPSBMU02997 rev.2 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
- CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive
- From: Portcullis Advisories
- CVE-2014-2383 - Arbitrary file read in dompdf
- From: Portcullis Advisories
- CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive
- From: Portcullis Advisories
- SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2808-2] openjpeg regression update
- [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
- APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
- From: Apple Product Security
- [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
- APPLE-SA-2014-04-22-2 iOS 7.1.1
- From: Apple Product Security
- APPLE-SA-2014-04-22-3 Apple TV 6.1.1
- From: Apple Product Security
- APPLE-SA-2014-04-22-1 Security Update 2014-002
- From: Apple Product Security
- [SECURITY] [DSA 2911-1] icedove security update
- [security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information
- [slackware-security] php (SSA:2014-111-02)
- From: Slackware Security Team
- [slackware-security] libyaml (SSA:2014-111-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2895-2] prosody regression update
- Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12
- [SECURITY] [DSA 2901-3] wordpress regression update
- From: Salvatore Bonaccorso
- Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl
- Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2
- [security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
- [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability
- [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution
- [SECURITY] [DSA 2901-2] wordpress regression update
- [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- Remote Command Injection in Ruby Gem sfpagent 0.4.14
- From: Larry W. Cashdollar
- [SECURITY] [DSA 2910-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2909-1] qemu security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2908-1] openssl security update
- [security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- D-Link DAP-1320 Wireless Range Extender Directory Traversal and XSS Vulnerabilities
- [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
- [ MDVSA-2014:079 ] json-c
- [security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information
- [security bulletin] HPSBMU02987 rev.1 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
- [security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information
- [security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information
- [security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
- [security bulletin] HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code
- Buggy insecure "security" software executes rogue binary during installation and uninstallation
- CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server
- From: Portcullis Advisories
- [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable
- [ MDVSA-2014:078 ] asterisk
- [CORE-2014-0003] - SAP Router Password Timing Attack
- From: CORE Advisories Team
- [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7
- [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7
- ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
- [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
- SQL Injection in mAdserve
- From: High-Tech Bridge Security Research
- CVE-2014-2735 - WinSCP: missing X.509 validation
- [SECURITY] [DSA 2905-1] chromium-browser security update
- [security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk
- [SECURITY] [DSA 2904-1] virtualbox security update
- [security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information
- [SECURITY] CVE-2014-0111 Apache Syncope
- From: Francesco Chicchiriccò
- RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160
- From: Ruckus Product Security Team
- VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)
- From: VUPEN Security Research
- [SECURITY] [DSA 2903-1] strongswan security update
- PDF Album v1.7 iOS - File Include Web Vulnerability
- CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux
- From: Portcullis Advisories
- [security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information
- [security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- Adobe Reader for Android exposes insecure Javascript interfaces
- [SECURITY] [DSA 2902-1] curl security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:077 ] jbigkit
- [SECURITY] [DSA 2901-1] wordpress security update
- From: Salvatore Bonaccorso
- ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability
- ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
- ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
- ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability
- Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue
- CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player
- From: Portcullis Advisories
- [ MDVSA-2014:076 ] a2ps
- SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
- [SECURITY] [DSA 2900-1] jbigkit security update
- OWASP ZAP 2.3.0
- Sendy 1.1.9.1 - SQL Injection Vulnerability
- [ MDVSA-2014:075 ] php
- BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability
- iVault Private P&V 1.1 iOS - Path Traversal Vulnerability
- AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability
- [SECURITY] [DSA 2899-1] openafs security update
- [SECURITY] [DSA 2898-1] imagemagick security update
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2014:073 ] file
- [ MDVSA-2014:069 ] perl-YAML-LibYAML
- [ MDVSA-2014:070 ] yaml
- [ MDVSA-2014:072 ] php-ZendFramework
- [ MDVSA-2014:071 ] yaml
- [ MDVSA-2014:068 ] openssh
- Сross-Site Request Forgery (CSRF) in XCloner Standalone
- From: High-Tech Bridge Security Research
- SQL Injection in Orbit Open Ad Server
- From: High-Tech Bridge Security Research
- CVE-2014-0160 mitigation using iptables
- Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)
- From: Ipstenu (Mika Epstein)
- [ MDVSA-2014:067 ] openssl
- Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver
- From: FreeBSD Security Advisories
- [slackware-security] openssl (SSA:2014-098-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2897-1] tomcat7 security update
- BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05]
- [security bulletin] HPSBST02980 rev.1 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege
- [SECURITY] [DSA 2896-2] openssl security update
- From: Salvatore Bonaccorso
- Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability
- Open-Xchange Security Advisory 2014-04-08
- [SECURITY] [DSA 2896-1] openssl security update
- From: Salvatore Bonaccorso
- MacOSX/XNU HFS Multiple Vulnerabilities
- Pearson eSIS Enterprise Student Information System SQL Injection
- Pearson eSIS Enterprise Student Information System Stored XSS
- [SECURITY] [DSA 2895-1] prosody security update
- [SECURITY] [DSA 2894-1] openssh security update
- From: Salvatore Bonaccorso
- Call for Papers
- Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]
- [SECURITY] [DSA 2891-3] mediawiki regression update
- Phrack Security Advisory 2014-001 - Paper leak on release timeout
- [security bulletin] HPSBGN02986 rev.1 - HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload, Remote Denial of Service (DoS)
- CA20140403-01: Security Notice for CA Erwin Web Portal
- ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
- ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities
- [security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
- [softScheck] Denial of Service in Microsoft Office 2007-2013
- Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability
- 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day]
- [MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability
- Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin
- From: High-Tech Bridge Security Research
- SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager
- From: SEC Consult Vulnerability Lab
- iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
- APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3
- From: Apple Product Security
- [IMF 2014] Call for Participation
- ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities
- [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details)
- From: Security Explorations
- Re: [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details)
- From: Security Explorations
- Regarding attacks and exploits of the physical body
- Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
- [SECURITY] [DSA 2893-1] openswan security update
- [SECURITY] [DSA 2892-1] a2ps security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2891-2] mediawiki regression update
- PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560)
- PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities
- Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
- [SECURITY] [DSA 2891-1] mediawiki security update
- [SECURITY] [DSA 2890-1] libspring-java security update
- [slackware-security] httpd (SSA:2014-086-02)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-086-07)
- From: Slackware Security Team
- [slackware-security] curl (SSA:2014-086-01)
- From: Slackware Security Team
- [slackware-security] openssh (SSA:2014-086-06)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2014-086-03)
- From: Slackware Security Team
- [slackware-security] mozilla-nss (SSA:2014-086-04)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2014-086-05)
- From: Slackware Security Team
- Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk
- iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities
- My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability
- SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2889-1] postfixadmin security update
- [RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration
- From: RedTeam Pentesting GmbH
- [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update
- [SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update
- [security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access
- ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities
- ES746 DELL Support-Bulletin - EMS Vulnerability Resolved
- Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities
- Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities
- FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability
- Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities
- Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities
- [oCERT-2014-003] LibYAML input sanitization errors
- ESA-2014-016: EMC VPLEX Multiple Vulnerabilities
- [SECURITY] [DSA 2886-1] libxalan2-java security update
- [SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2884-1] libyaml security update
- From: Salvatore Bonaccorso
- Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
- Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability
- VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)
- From: VUPEN Security Research
- VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own)
- From: VUPEN Security Research
- VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)
- From: VUPEN Security Research
- [security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access
- Web Egg Hunting Game - Hacky Easter
- [security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
- CVE-2013-6955 Synology DSM remote code execution
- [CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13
- MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)
- [oCERT-2014-002] Xalan-Java insufficient secure processing
- [SECURITY] [DSA 2873-2] file regression update
- From: Salvatore Bonaccorso
- Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
- Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk
- Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga
- Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti
- ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability
- CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting
- c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops
- From: c0c0n International Information Security Conference
- [SECURITY] [DSA 2883-1] chromium-browser security update
- NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation
- [ MDVSA-2014:066 ] nss
- [SECURITY] [DSA 2882-1] extplorer security update
- [ MDVSA-2014:065 ] apache
- Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities
- Shakacon 2014: Call for Papers - Deadline April 11th
- [SECURITY] [DSA 2859-2] pidgin security update
- Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2881-1] iceweasel security update
- Cross-Site Scripting (XSS) in CMSimple
- From: High-Tech Bridge Security Research
- (CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE)
- ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability
- 2014 World Conference on IST - Madeira Island, April 15-17
- =?utf-7?q?Microsoft Forefront Protection for Exchange Server detected a virus?=
- From: ForefrontServerProtection
- [SECURITY] [DSA 2880-1] python2.7 security update
- [ MDVSA-2014:063 ] x2goserver
- [ MDVSA-2014:064 ] udisks
- [ MDVSA-2014:062 ] webmin
- Open-Xchange Security Advisory 2014-03-17
- MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
- exploit for old rlpdaemon bug
- [slackware-security] php (SSA:2014-074-01)
- From: Slackware Security Team
- [ MDVSA-2014:061 ] oath-toolkit
- [ MDVSA-2014:060 ] imapsync
- [ MDVSA-2014:059 ] php
- Multiple Vulnerabilities in SeedDMS < = 4.3.3
- NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode
- [slackware-security] samba (SSA:2014-072-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2879-1] libssh security update
- [CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution
- ActiVPN launches its security bug bounty
- [ MDVSA-2014:058 ] freeradius
- [security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges
- [SECURITY] [DSA 2878-1] virtualbox security update
- [security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
- [ MDVSA-2014:057 ] mediawiki
- [ MDVSA-2014:056 ] apache-commons-fileupload
- Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS
- [ MDVSA-2014:054 ] otrs
- [ MDVSA-2014:055 ] owncloud
- [ MDVSA-2014:053 ] libssh
- [ MDVSA-2014:052 ] net-snmp
- [ MDVSA-2014:051 ] file
- [slackware-security] mutt (SSA:2014-071-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2877-1] lighttpd security update
- Synology DSM4 Blind SQL Injection
- PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319)
- CVE-2014-2043 - SQL Injection in Procentia IntelliPen
- From: Portcullis Advisories
- CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
- From: Pivotal Security Team
- [SECURITY] [DSA 2875-1] cups-filters security update
- NEW VMSA-2014-0002 VMware vSphere updates to third party libraries
- From: "VMware Security Response Center"
- Medium severity flaw in BlackBerry QNX Neutrino RTOS
- CVE-2014-0097 Spring Security Blank password may bypass user authentication
- From: Pivotal Security Team
- Cross-Site Scripting (XSS) in Open Classifieds
- From: High-Tech Bridge Security Research
- Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
- From: Larry W. Cashdollar
- CVE-2014-1904 XSS when using Spring MVC
- From: Pivotal Security Team
- [SECURITY] [DSA 2874-1] mutt security update
- [SECURITY] [DSA 2873-1] file security update
- From: Salvatore Bonaccorso
- CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
- From: CORE Advisories Team
- CVE-2014-1222 - Local File Inclusion in Vtiger CRM
- From: Portcullis Advisories
- [SECURITY] [DSA 2876-1] cups security update
- [slackware-security] udisks, udisks2 (SSA:2014-070-01)
- From: Slackware Security Team
- [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue
- [security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF)
- [security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
- AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling
- From: Asterisk Security Team
- AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver
- From: Asterisk Security Team
- AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers
- From: Asterisk Security Team
- AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
- From: Asterisk Security Team
- APPLE-SA-2014-03-10-2 Apple TV 6.1
- From: Apple Product Security
- [ MDVSA-2014:050 ] wireshark
- APPLE-SA-2014-03-10-1 iOS 7.1
- From: Apple Product Security
- Android Vulnerability: Install App Without User Explicit Consent
- [security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability
- [SECURITY] [DSA 2872-1] udisks security update
- [SECURITY] [DSA 2871-1] wireshark security update
- [ MDVSA-2014:049 ] subversion
- [ MDVSA-2014:048 ] gnutls
- [SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update
- From: Salvatore Bonaccorso
- E-Store (1.0 & 2.0) <= SQL Injection Vulnerability
- [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability
- SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access
- CVE-2014-2044 - Remote Code Execution in ownCloud
- From: Portcullis Advisories
- SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability
- [ANN] Struts 2.3.16.1 GA release available - security fix
- [slackware-security] sudo (SSA:2014-064-01)
- From: Slackware Security Team
- [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure
- ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities
- Public disclosure of Buffer Overflow Dassault Systems
- Multiple Vulnerabilities in OpenDocMan
- From: High-Tech Bridge Security Research
- Cross-Site Scripting (XSS) in Ilch CMS
- From: High-Tech Bridge Security Research
- CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box
- From: alejandr0.w3b.p0wn3r
- [security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity
- [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
- [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
- [security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code
- [security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- PHP: patch to make session handling with default config more secure against local attackers
- (Added CVE) Dassault Systemes Catia Stack Buffer Overflow
- JOIDS (Java OpenID Server) multiple vulnerabilities
- From: Bartlomiej Balcerek
- [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults
- [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation
- [slackware-security] gnutls (SSA:2014-062-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2869-1] gnutls26 security update
- CFP: Passwords^14, Las Vegas, August 5-6
- [SECURITY] [DSA 2868-1] php5 security update
- From: Salvatore Bonaccorso
- [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
- [CVE-2013-6234] XSS File Upload in SpagoBI v4.0
- [CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0
- [CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0
- WordPress thecotton Themes Remote File Upload Vulnerability
- CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki
- From: Portcullis Advisories
- ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
- [CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0
- CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
- From: Portcullis Advisories
- CVE-2014-0372 - SQL Injection in Oracle Demantra
- From: Portcullis Advisories
- Re: CVE-2014-5880 - Authentication Bypass in Oracle Demantra
- Re: CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
- CVE-2014-5880 - Authentication Bypass in Oracle Demantra
- From: Portcullis Advisories
- Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability
- SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch
- From: SEC Consult Vulnerability Lab
- [slackware-security] subversion (SSA:2014-058-01)
- From: Slackware Security Team
- Office 365 - Account Hijacking Cookie Re-Use Flaw, extended
- Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin
- From: High-Tech Bridge Security Research
- SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System)
- From: SEC Consult Vulnerability Lab
- Update: CVE-2014-0053 Information Disclosure when using Grails
- From: Pivotal Security Team
- Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability
- Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability
- Persistent XSS in Media File Renamer V1.7.0 wordpress plugin
- From: Larry W. Cashdollar
- Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
- APPLE-SA-2014-02-25-3 QuickTime 7.7.5
- From: Apple Product Security
- [security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates
- [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information
- [security bulletin] HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
- APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2
- From: Apple Product Security
- APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
- From: Apple Product Security
- [SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled
- [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard
- From: RedTeam Pentesting GmbH
- Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities
- [SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
- [SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
- [SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
- [security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure
- [security bulletin] HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code
- [security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
- WiFiles HD v1.3 iOS - File Include Web Vulnerability
- Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability
- [SECURITY] [DSA 2867-1] otrs2 security update
- From: Salvatore Bonaccorso
- [CISTI'2014]: Iberian Conference on IST; Barcelona; Deadline: February 28
- [SECURITY] [DSA 2866-1] gnutls26 security update
- From: Salvatore Bonaccorso
- DC4420 - London DEFCON - meeting Tuesday, 25th February 2014
- APPLE-SA-2014-02-21-3 Apple TV 6.0.2
- From: Apple Product Security
- APPLE-SA-2014-02-21-1 iOS 6.1.6
- From: Apple Product Security
- APPLE-SA-2014-02-21-2 iOS 7.0.6
- From: Apple Product Security
- APPLE-SA-2014-02-21-3 Apple TV 6.0.2
- From: Mihaela Popescu-Stanesti
- APPLE-SA-2014-02-21-2 iOS 7.0.6
- From: Mihaela Popescu-Stanesti
- [ MDVSA-2014:047 ] postgresql
- APPLE-SA-2014-02-21-1 iOS 6.1.6
- From: Apple Product Security
- CVE-2014-1223 - Cross-site Scripting in Telligent Evolution
- From: Portcullis Advisories
- 44CON 2014 September 11th - 12th CFP Open
- CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability
- [ MDVSA-2014:046 ] phpmyadmin
- Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability
- ASUS router drive-by code execution via XSS and authentication bypass
- [SECURITY] [DSA 2864-1] postgresql-8.4 security update
- [SECURITY] [DSA 2865-1] postgresql-9.1 security update
- [slackware-security] gnutls (SSA:2014-050-01)
- From: Slackware Security Team
- [CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12
- Android & iOS Hands-on Exploitation at SyScan 2014
- [ MDVSA-2014:045 ] libtar
- SQL Injection in AdRotate
- From: High-Tech Bridge Security Research
- [slackware-security] mariadb, mysql (SSA:2014-050-02)
- From: Slackware Security Team
- [slackware-security] kernel (SSA:2014-050-03)
- From: Slackware Security Team
- Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [HITB-Announce] Haxpo CFP
- VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution
- [ MDVSA-2014:044 ] zarafa
- Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1
- From: adrianomarciomonteiro
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2014:043 ] gnutls
- Barracuda Message Archiver 650 - Persistent Web Vulnerability
- [ MDVSA-2014:042 ] tomcat6
- [ MDVSA-2014:041 ] python
- [SECURITY] [DSA 2863-1] libtar security update
- CA20140218-01: Security Notice for CA 2E Web Option
- [ MDVSA-2014:039 ] libgadu
- CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server
- From: Portcullis Advisories
- [ MDVSA-2014:040 ] puppet
- SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection
- From: SEC Consult Vulnerability Lab
- Re: [Full-disclosure] CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
