Bugtraq
[Prev Page][Next Page]
- Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE
- [ MDVSA-2014:038 ] kernel
- [ MDVSA-2014:037 ] ffmpeg
- Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec
- [ MDVSA-2014:036 ] varnish
- [ MDVSA-2014:035 ] libpng
- My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities
- [SECURITY] [DSA 2862-1] chromium-browser security update
- [SECURITY] [DSA 2861-1] file security update
- From: Salvatore Bonaccorso
- File Hub v1.9.1 iOS - Multiple Web Vulnerabilities
- mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities
- Office Assistant Pro v2.2.2 iOS - File Include Vulnerability
- Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console
- [ MDVSA-2014:033 ] socat
- phpMyBackupPro-2.4 Cross-Site Scripting vulnerability
- [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection
- CISTI'2014: List of Workshops
- [ MDVSA-2014:032 ] flite
- [ MDVSA-2014:031 ] drupal
- [ MDVSA-2014:034 ] yaml
- [slackware-security] ntp (SSA:2014-044-02)
- From: Slackware Security Team
- [ MDVSA-2014:029 ] mysql
- [slackware-security] curl (SSA:2014-044-01)
- From: Slackware Security Team
- [ MDVSA-2014:028 ] mariadb
- RE: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option
- Critical security flaws in Nagios NRPE client/server crypto
- [ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com)
- From: ISecAuditors Security Advisories
- Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability
- Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability
- Re: ASUS RT Series Routers FTP Service - Default anonymous access
- [ MDVSA-2014:027 ] php
- ASUS RT Series Routers FTP Service - Default anonymous access
- APPLE-SA-2014-02-11-1 Boot Camp 5.1
- From: Apple Product Security
- Mybb All Version Denial of Service Vulnerability
- [ MDVSA-2014:026 ] openldap
- jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities
- [SECURITY] [DSA 2850-2] libyaml regression update
- From: Salvatore Bonaccorso
- [CVE-2014-1903] FreePBX 2.9 through 12 RCE
- [SECURITY] [DSA 2860-1] parcimonie security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:025 ] pidgin
- WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities
- Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln
- [mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation
- Phpbb Forum Denial of Service Vulnerability
- [SECURITY] [DSA 2859-1] pidgin security update
- [SECURITY] [DSA 2858-1] iceweasel security update
- Open-Xchange Security Advisory 2014-02-10
- [slackware-security] mozilla-thunderbird (SSA:2014-039-02)
- From: Slackware Security Team
- ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure
- [slackware-security] seamonkey (SSA:2014-039-03)
- From: Slackware Security Team
- #CONFidence 2014- Call for Papers, only 0111 days left to become CONFidence ninja
- [slackware-security] mozilla-firefox (SSA:2014-039-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2857-1] libspring-java security update
- [oCERT-2014-001] MantisBT input sanitization errors
- [SECURITY] [DSA 2856-1] libcommons-fileupload-java security update
- WHMCS Denial of Service Vulnerability
- Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability
- gpEasy v4.3.x CMS - Multiple Web Vulnerabilities
- Information on recently-fixed Oracle VM VirtualBox vulnerabilities
- [SECURITY] [DSA 2852-1] libgadu security update
- CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability
- From: CORE Advisories Team
- AlienVault OSSIM SQL Injection vulnerability
- German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability
- German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability
- CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin
- German Telekom Bug Bounty #9 - Code Execution Vulnerability
- [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
- [SECURITY] [DSA 2855-1] libav security update
- [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail
- From: ISecAuditors Security Advisories
- Inteno DG301 Command Injection
- [SECURITY] [DSA 2853-1] horde3 security update
- SQL Injection in doorGets CMS
- From: High-Tech Bridge Security Research
- Multiple SQL Injection Vulnerabilities in AuraCMS
- From: High-Tech Bridge Security Research
- ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
- Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14
- [slackware-security] pidgin (SSA:2014-034-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2851-1] drupal6 security update
- From: Salvatore Bonaccorso
- Security advisory, LedgerSMB 1.3.0-1.3.36
- CVE-2014-1213 - Denial of Service in Sophos Anti Virus
- [SECURITY] [DSA 2850-1] libyaml security update
- From: Salvatore Bonaccorso
- Joomla! JomSocial component < 3.1.0.1 - Remote code execution
- [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service
- From: Security Explorations
- [SECURITY] [DSA 2849-1] curl security update
- Ektron CMS Take Over - Hijacking Accounts
- [slackware-security] bind (SSA:2014-028-01)
- From: Slackware Security Team
- SimplyShare v1.4 iOS - Multiple Web Vulnerabilities
- SiteCore XML Control Script Insertion
- [slackware-security] mozilla-nss (SSA:2014-028-02)
- From: Slackware Security Team
- Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail
- Multiple Vulnerabilities in Eventum
- From: High-Tech Bridge Security Research
- Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability
- DC4420 - London DEFCON - January meet - Tuesday 28th January 2014
- [ MDVSA-2014:021 ] perl-Proc-Daemon
- [ MDVSA-2014:024 ] graphviz
- [ MDVSA-2014:023 ] hplip
- [ MDVSA-2014:022 ] augeas
- Security Vulnerabilities in Apache Cordova / PhoneGap
- [CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7
- [CTF] nullcon HackIM 2014 will start at 24-01-2014, when the clock will strike at 11:59 (+5:30 GMT)
- [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)
- [SECURITY] [DSA 2826-2] denyhosts regression update
- [CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module
- [SECURITY] [DSA 2848-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- APPLE-SA-2014-01-22-1 iTunes 11.1.4
- From: Apple Product Security
- Cross-Site Scripting (XSS) in Komento Joomla Extension
- From: High-Tech Bridge Security Research
- SQL Injection in JV Comment Joomla Extension
- From: High-Tech Bridge Security Research
- Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page
- CONFidence 2014- Call for Papers
- CISTI'2014: CFP - Doctoral Symposium
- [ MDVSA-2014:020 ] x11-server
- Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2014:019 ] elinks
- [ MDVSA-2014:018 ] net-snmp
- [ MDVSA-2014:017 ] net-snmp
- [ MDVSA-2014:016 ] spice
- [ MDVSA-2014:015 ] cups
- SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
- From: SEC Consult Vulnerability Lab
- [FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20
- [ MDVSA-2014:014 ] php
- [ MDVSA-2014:013 ] libxfont
- [SECURITY] [DSA 2847-1] drupal7 security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:012 ] nss
- [ MDVSA-2014:011 ] java-1.7.0-openjdk
- Secunia Research: OpenPNE PHP Object Injection Vulnerability
- [ MDVSA-2014:009 ] librsvg
- [SECURITY] [DSA 2846-1] libvirt security update
- SI6 Networks' IPv6 Toolkit v1.5.2 released!
- [SECURITY] [DSA 2831-2] puppet regression update
- From: Salvatore Bonaccorso
- Ammyy Admin - Hidden hard-coded option and Access Control vulnerability.
- From: bhadresh . k . patel
- [SECURITY] [DSA 2845-1] mysql-5.1 security update
- [ MDVSA-2014:010 ] memcached
- [ MDVSA-2014:008 ] openjpeg
- [ MDVSA-2014:007 ] openssl
- Open-Xchange Security Advisory 2014-01-17
- [security bulletin] HPSBUX02961 SSRT101420 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [ MDVSA-2014:003 ] nrpe
- CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers
- [ MDVSA-2014:002 ] bind
- SQL Injection in Sexy Polling Joomla Extension
- From: High-Tech Bridge Security Research
- [ MDVSA-2014:004 ] nagios
- [ MDVSA-2014:006 ] libxslt
- [ MDVSA-2014:005 ] ejabberd
- [HITB-Announce] #HITB2014AMS Call for Papers - FINAL CALL
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control System
- From: Cisco Systems Product Security Incident Response Team
- [slackware-security] openssl (SSA:2014-013-02)
- From: Slackware Security Team
- Online OWASP Security Challenges
- [SECURITY] [DSA 2844-1] djvulibre security update
- FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd
- From: FreeBSD Security Advisories
- CVE-2013-6430 Possible XSS when using Spring MVC
- From: Pivotal Security Team
- FreeBSD Security Advisory FreeBSD-SA-14:02.ntpd
- From: FreeBSD Security Advisories
- CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete
- From: Pivotal Security Team
- [CVE-2014-1238] Cross Site Scripting(XSS) in q-pulse application
- FreeBSD Security Advisory FreeBSD-SA-14:04.bind
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:03.openssl
- From: FreeBSD Security Advisories
- [slackware-security] libXfont (SSA:2014-013-01)
- From: Slackware Security Team
- [slackware-security] samba (SSA:2014-013-04)
- From: Slackware Security Team
- [slackware-security] php (SSA:2014-013-03)
- From: Slackware Security Team
- [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application
- [security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)
- [SECURITY] [DSA 2843-1] graphviz security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:001 ] kernel
- [SECURITY] [DSA 2842-1] libspring-java security update
- NETGEAR WNR1000v3 Password Recovery Vulnerability
- CISTI'2014: List of Workshops
- [SECURITY] [DSA 2841-1] movabletype-opensource security update
- Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices
- From: Cisco Systems Product Security Incident Response Team
- [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow
- [SECURITY] [DSA 2840-1] srtp security update
- From: Salvatore Bonaccorso
- Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access
- Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users
- [CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)
- nullcon Blackshield Awards 2014
- [SECURITY] [DSA 2839-1] spice security update
- From: Salvatore Bonaccorso
- Improper Authentication in Burden
- From: High-Tech Bridge Security Research
- Multiple Vulnerabilities in Horizon QCMS
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 2838-1] libxfont security update
- [SECURITY] [DSA 2837-1] openssl security update
- SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -
- AusCERT2014 Call for Presentations and Tutorials
- [HITB-Announce] HITB Magazine Issue 10 Out Now
- Open-Xchange Security Advisory 2014-01-06
- [SECURITY] [DSA 2836-1] devscripts security update
- [SECURITY] [DSA 2835-1] asterisk security update
- [security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
- Path Traversal in eduTrac
- From: High-Tech Bridge Security Research
- [CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node
- [SECURITY] [DSA 2834-1] typo3-src security update
- From: Salvatore Bonaccorso
- CFP - IEEE Co-sponsored CyberSec2014 - Lebanon Section
- From: The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic
- [SECURITY] [DSA 2833-1] openssl security update
- [SECURITY] [DSA 2832-1] memcached security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2831-1] puppet security update
- [SECURITY] [DSA 2830-1] ruby-i18n security update
- [security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities
- CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition
- From: Rodrigo Rubira Branco (BSDaemon)
- [SECURITY] [DSA 2829-1] hplip security update
- [SECURITY] [DSA 2828-1] drupal6 security update
- From: Salvatore Bonaccorso
- SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection
- From: SEC Consult Vulnerability Lab
- Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin
- From: High-Tech Bridge Security Research
- Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin
- From: High-Tech Bridge Security Research
- Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin
- From: High-Tech Bridge Security Research
- [ MDVSA-2013:302 ] pixman
- ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability
- ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability
- [SECURITY] [DSA 2827-1] libcommons-fileupload-java security update
- From: Salvatore Bonaccorso
- [ MDVSA-2013:301 ] nss
- Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities
- [ MDVSA-2013:300 ] asterisk
- ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
- NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
- From: "VMware Security Response Center"
- [SECURITY] [DSA 2826-1] denyhosts security update
- [ MDVSA-2013:299 ] samba
- [slackware-security] gnupg (SSA:2013-354-01)
- From: Slackware Security Team
- Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities
- [ MDVSA-2013:298 ] php
- [SECURITY] [DSA 2825-1] wireshark security update
- [ MDVSA-2013:297 ] munin
- [ MDVSA-2013:296 ] wireshark
- [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability
- [SECURITY] [DSA 2824-1] curl security update
- From: Salvatore Bonaccorso
- [ MDVSA-2013:295 ] gnupg
- [security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS)
- ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities
- APPLE-SA-2013-12-19-1 Motion 5.1
- From: Apple Product Security
- CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability
- From: CORE Advisories Team
- [SECURITY] [DSA 2822-1] xorg-server security update
- [SECURITY] [DSA 2823-1] pixman security update
- [SECURITY] [DSA 2821-1] gnupg security update
- [ MDVSA-2013:294 ] gimp
- [ MDVSA-2013:293 ] gimp
- [ MDVSA-2013:292 ] links
- [ MDVSA-2013:291 ] kernel
- [ MDVSA-2013:289 ] owncloud
- [ MDVSA-2013:290 ] mediawiki
- [ MDVSA-2013:291 ] kernel
- [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities
- [CVE-2013-2764] Secure Entry Server - URL Redirection
- [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin
- [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms
- InfoSec Southwest 2014 CFP now open!
- [ MDVSA-2013:288 ] subversion
- [ MDVSA-2013:287-1 ] drupal
- Hancom Office '.hml' file heap-based buffer overflow
- [slackware-security] seamonkey (SSA:2013-350-07)
- From: Slackware Security Team
- [slackware-security] ruby (SSA:2013-350-06)
- From: Slackware Security Team
- [slackware-security] libjpeg (SSA:2013-350-02)
- From: Slackware Security Team
- [slackware-security] llvm (SSA:2013-350-03)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2013-350-05)
- From: Slackware Security Team
- [slackware-security] libiodbc (SSA:2013-350-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2820-1] nspr security update
- [slackware-security] mozilla-firefox (SSA:2013-350-04)
- From: Slackware Security Team
- QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability
- AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
- From: Asterisk Security Team
- AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message
- From: Asterisk Security Team
- FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities
- APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1
- From: Apple Product Security
- APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1
- From: Apple Product Security
- [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution
- [SECURITY] [DSA 2818-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- User Identity Spoofing in Bitrix Site Manager
- From: High-Tech Bridge Security Research
- XSS and Full Path Disclosure in MijoSearch Joomla Extension
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 2819-1] End-of-life announcement for iceape
- Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
- Command injection in Ruby Gem Webbynode 1.0.5.3
- From: Larry W. Cashdollar
- LiveZilla 5.1.2.0 PHP Object Injection
- Command injection vulnerability in Ruby Gem sprout 0.7.246
- From: Larry W. Cashdollar
- Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line
- From: Larry W. Cashdollar
- LiveZilla 5.1.2.0 Insecure password storage
- LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client
- [SECURITY] [DSA 2817-1] libtar security update
- Last Call - 2sd World Conference on IST; Submission: December 29
- Call for Papers -YSTS 8 - Information Security Conference, Brazil
- Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability
- DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013
- Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities
- [security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS)
- [security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
- [security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update
- [security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution
- [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
- [SECURITY] [DSA 2816-1] php5 security update
- Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
- [CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup)
- Microsoft Yammer - Persistent Profile Vulnerabilities
- Microsoft PhotoStory - CS Cross Site Scripting Vulnerability
- SAMSPADE 1.14 BUFFER OVERFLOW
- [CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection
- CORE-2013-0807 - Divide Error in Windows Kernel
- From: CORE Advisories Team
- Re: CORE-2013-0807 - Divide Error in Windows Kernel
- From: CORE Advisories Team
- FlashCanvas 1.5 proxy.php XSS Vulnerability
- ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities
- [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
- Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
- SQL Injection in InstantCMS
- From: High-Tech Bridge Security Research
- Android Fragment Injection vulnerability
- [security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS)
- CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability
- From: CORE Advisories Team
- [security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- LiveZilla 5.1.1.0 Stored XSS in operator clients
- Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
- EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution
- [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application
- [SECURITY] [DSA 2815-1] munin security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2812-1] samba security update
- [SECURITY] [DSA 2813-1] gimp security update
- [SECURITY] [DSA 2814-1] varnish security update
- From: Salvatore Bonaccorso
- Vulnerabilities in Apache Solr < 4.6.0
- [slackware-security] seamonkey (SSA:2013-339-03)
- From: Slackware Security Team
- ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities
- Print n Share v5.5 iOS - Multiple Web Vulnerabilities
- LiveZilla 5.1.0.0 Reflected XSS in translations
- [SECURITY] [DSA 2811-1] chromium-browser security update
- Opencart Multiple Vulnerabilities
- [slackware-security] hplip (SSA:2013-339-04)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2013-339-02)
- From: Slackware Security Team
- [slackware-security] mozilla-nss (SSA:2013-339-01)
- From: Slackware Security Team
- NEW VMSA-2013-0015 VMware ESX updates to third party libraries
- [KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability
- [SECURITY] [DSA 2809-1] ruby1.8 security update
- From: Salvatore Bonaccorso
- Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
- Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day)
- [SECURITY] [DSA 2810-1] ruby1.9.1 security update
- From: Salvatore Bonaccorso
- Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities
- Cross-Site Scripting (XSS) in Jamroom
- From: High-Tech Bridge Security Research
- [PT-2013-63] Hash Length Extension in HTMLPurifier
- NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
- From: "VMware Security Response Center"
- bugs in IJG jpeg6b & libjpeg-turbo
- [SECURITY] [DSA 2808-1] openjpeg security update
- Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).
- From: ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
- D-Link DIR-XXX remote root access exploit.
- From: ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
- [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
- Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
- Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
- [SECURITY] [DSA 2807-1] links2 security update
- [security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution
- [SECURITY] [DSA 2806-1] nbd security update
- FreeBSD Security Advisory FreeBSD-SA-13:14.openssh [REVISED]
- From: FreeBSD Security Advisories
- NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability
- RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface
- From: Ruckus Product Security Team
- [SECURITY] [DSA 2805-1] sup-mail security update
- [HITB-Announce] #HITB2014AMS Call for Papers Now Open
- SQL Injection in Chamilo LMS
- From: High-Tech Bridge Security Research
- SQL Injection in Dokeos
- From: High-Tech Bridge Security Research
- Multiple Cross-Site Scripting (XSS) in Claroline
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBGN02942 rev.1 - HP Service Manager and ServiceCenter, Remote Code Execution
- [SECURITY] [DSA 2804-1] drupal7 security update
- [ MDVSA-2013:287 ] drupal
- [SECURITY] [DSA 2803-1] quagga security update
- [ MDVSA-2013:286 ] ruby
- [ MDVSA-2013:285 ] bugzilla
- [SECURITY] [DSA 2800-1] nss security update
- From: Salvatore Bonaccorso
- Open-Xchange Security Advisory 2013-11-25
- [ MDVSA-2013:284 ] glibc
- [ MDVSA-2013:283 ] glibc
- [ MDVSA-2013:282 ] perl-HTTP-Body
- Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
- [ MDVSA-2013:281 ] nginx
- [ MDVSA-2013:280 ] memcached
- [ MDVSA-2013:279 ] wireshark
- Unauthorized console access on Satechi travel router v1.5
- CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater
- ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
- [SECURITY] [DSA 2802-1] nginx security update
- DC4420 (DefCon London) meeting next Tuesday, 26th November 2013
- [SECURITY] [DSA 2801-1] libhttp-body-perl security update
- From: Salvatore Bonaccorso
- [ MDVSA-2013:278 ] samba
- [ MDVSA-2013:274 ] libjpeg
- [ MDVSA-2013:276 ] curl
- Instagram Photo Upload and Flattr Money Redirection Vulnerability
- Facebook Vulnerability Discloses Friends Lists Defined as Private
- [ MDVSA-2013:277 ] lighttpd
- [ MDVSA-2013:273 ] libjpeg
- [ MDVSA-2013:275 ] krb5
- [ MDVSA-2013:272 ] poppler
- [ MDVSA-2013:271 ] pmake
- [SECURITY] [DSA 2798-2] curl security update
- From: Salvatore Bonaccorso
- [ MDVSA-2013:270 ] nss
- [ MDVSA-2013:269 ] firefox
- Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities
- Mybb Ajaxfs Plugin Sql Injection vulnerability
- Paypal Bug Bounty #14 - Persistent Payment Mail Encoding Vulnerability
- [ MDVSA-2013:268 ] torque
- XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow
- pineapp mailsecure remote no authenticated privilege escalation & remote execution code
- Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install)
- [ MDVSA-2013:266 ] java-1.6.0-openjdk
- XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow
- XADV-2013008 Linux Kernel 3.11.7 <= sk_attach_filter Kernel Heap Corruption
- 16TH AVAR INTERNATIONAL SECURITY CONFERENCE 2013 - (4th-7th Dec'13, Chennai. India)
- ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities
- [ MDVSA-2013:267 ] java-1.7.0-openjdk
- FreeBSD Security Advisory FreeBSD-SA-13:14.openssh
- From: FreeBSD Security Advisories
- SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution
- Paypal Inc Bug Bounty #47 ALYZ - Persistent Search Vulnerability
- PayPal Inc Bug Bounty #42 - Persistent POST Inject Vulnerability
- [slackware-security] seamonkey (SSA:2013-322-04)
- From: Slackware Security Team
- PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability
- [slackware-security] samba (SSA:2013-322-03)
- From: Slackware Security Team
- [slackware-security] openssh (SSA:2013-322-02)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2013-322-01)
- From: Slackware Security Team
- [SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities
- Re: Fwd: vulnerability issue for DB2 express
- [SECURITY] [DSA 2798-1] curl security update
- [OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass
- Information Security Forecast 2014
- [SECURITY] [DSA 2797-1] chromium-browser security update
- [SECURITY] [DSA 2795-2] lighttpd regression update
- Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin
- From: High-Tech Bridge Security Research
- XADV-2013006 FreeBSD <= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs
- XADV-2013005 FreeBSD 10 <= nand Driver IOCTL Kernel Memory Leak Bug
- [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability
- Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
- NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability
- From: "VMware Security Response Center"
- Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
- APPLE-SA-2013-11-14-1 iOS 7.0.4
- From: Apple Product Security
- Re: [security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- Re: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
- Re: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
- Re: DS3 Authentication Server - Multiple Issues
- Dahua DVR Authentication Bypass - CVE-2013-6117
- [SECURITY] [DSA 2797-1] icedove security update
- Superuser unsanitized environment vulnerability on Android <= 4.2.x
- Superuser "su --daemon" vulnerability on Android >= 4.3
- Android Superuser shell character escape vulnerability
- [SECURITY] [DSA 2796-1] torque security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2795-1] lighttpd security update
- Cross-Site Scripting (XSS) in Zikula Application Framework
- From: High-Tech Bridge Security Research
- LastPass Android container PIN and auto-wipe security feature bypass (CVE-2013-5113/5114)
- Fwd: vulnerability issue for DB2 express
- [security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information
- Fwd: RUCKUS ADVISORY ID 111113-2: Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers
- From: Ruckus Product Security Team
- Re: Apple MacOSX 10.9 Hard Link Memory Corruption
- RUCKUS ADVISORY ID 111113-1: Authenticated code injection vulnerability in ZoneDirector administrative web interface
- From: Ruckus Product Security Team
- WebSurgery v1.1 released (Web application security testing suite)
- WebSurgery v1.1 released (Web application security testing suite)
- XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3
- vulnerability issue for DB2 express
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
- [SECURITY] [DSA 2794-1] spip security update
- From: Salvatore Bonaccorso
- Vulnerability in Pydio/AjaXplorer <= 5.0.3
- Vulnerability in Pydio/AjaXplorer < = 5.0.3
- [ MDVSA-2013:265 ] kernel
- XADV-2013003 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow
- [SECURITY] [DSA 2793-1] libav security update
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
- Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials
- WorldCIST'14 - World Conference on IST; Submission deadline: November 29
- Word 2003 SP2 .doc fork bomb on WinXP SP3
- RE: FP BugCON 2014 - Mexico City
- Apple MacOSX 10.9 Hard Link Memory Corruption
- Cisco Security Advisory: Cisco WAAS Mobile Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CFP BugCON 2014 - Mexico City
- CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)
- From: Dirk-Willem van Gulik
- CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass
- From: CORE Advisories Team
- SQL Injection in appRain
- From: High-Tech Bridge Security Research
- Open-Xchange Security Advisory 2013-11-06
- [SOJOBO-ADV-13-03] - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting
- wordpress jigoshop Plugin path disclosure vulnerabilities
- [ISecAuditors Security Advisories] LinkedIn social network is affected by Persistent Cross-Site Scripting vulnerability
- From: ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"
- From: ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] SQL Injection vulnerability in "Project'Or RIA" allow arbitrary access to the database and the file system
- From: ISecAuditors Security Advisories
- ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities.
- ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.
- [SECURITY] [DSA 2792-1] wireshark security update
- From: Salvatore Bonaccorso
- Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563
- [security bulletin] HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
- [SECURITY] [DSA 2791-1] tryton-client security update
- XADV-2013003 Linux Kernel eCryptfs write_tag_3_packet Heap Buffer Overflow Vulnerability
- CSRF Horde Groupware Web mail Edition
- XSS and CSRF Horde Groupware Web mail Edition
- [slackware-security] mozilla-thunderbird (SSA:2013-307-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2790-1] nss security update
- From: Salvatore Bonaccorso
- pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities
- [security bulletin] HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code
- [security bulletin] HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution
- [security bulletin] HPSBMU02874 SSRT101184 rev.2 - HP Service Manager, Java Runtime Environment (JRE) Security Update
- [SECURITY] [DSA 2789-1] strongswan security update
- [security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
- [security bulletin] HPSBMU02872 SSRT101185 rev.3 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
- [security bulletin] HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution
- [ MDVSA-2013:264 ] firefox
- [SECURITY] [DSA 2788-1] iceweasel security update
- Unicorn Router WB-3300NR CSRF (Factory Reset/DNS Change)
- nullcon Goa V First Speaker list and CFP closes soon
- [CVE-2013-4484] DoS vulnerability in Varnish HTTP cache
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2013:263 ] roundcubemail
- ESA-2013-074: EMC Unisphere for VMAX Information Disclosure Vulnerability
- Apache PHP Remote Exploit - apache-magika.c
- Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability
- GTX CMS 2013 Optima - Multiple Web Vulnerabilities
- ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability
- CVE-2013-5694 Blind SQL Injection in Ops View
- [PSA-2013-1022-1] Microsoft Silverlight Invalid Typecast / Memory Disclosure
- Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236)
- [ MDVSA-2013:262 ] python-pycrypto
- [ MDVSA-2013:261 ] dropbear
- [ MDVSA-2013:260 ] x11-server
- [ MDVSA-2013:259 ] x11-server
- [ MDVSA-2013:258 ] icu
- CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View
- ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability
- Re: Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014)
- From: Brandon Butterworth
- Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities
- [PT-2013-46] Local File Include in Nagios Looking Glass
- [scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting
- [ISecAuditors Security Advisories] XSS vulnerability in LinkedIn
- From: ISecAuditors Security Advisories
- vBulletin remote admin injection exploit
- Multiple CSRF Horde Groupware Web mail Edition 5.1.2
- [SECURITY] [DSA 2786-1] icu security update
- Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014)
- From: 2014 Symposium on Protocols and Rules for Security (SPRS2014)
- [CVE-2012-6297] DD-WRT v24-sp2 Command Injection
- Call for Papers, 2014 Symposium on Cryptography and Authentication (SCA2014) , Suzhou, China
- From: 2014 Symposium on Cryptography and Authentication (SCA2014)
- [SECURITY] [DSA 2787-1] roundcube security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2785-1] chromium-browser security update
- Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability
- Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability
- Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution
- DC4420 - London DEFCON - October meet - Tuesday 29th October 2013
- [SECURITY] [DSA 2783-2] librack-ruby regression update
- From: Salvatore Bonaccorso
- Re: RPS/APS vulnerability in snom/yealink and others
- From: Cal Leeming [Simplicity Media Ltd]
- CA20131024-01: Security Notice for CA SiteMinder
- Re: RPS/APS vulnerability in snom/yealink and others
- [WorldCIST'14]: World Conference on IST; Proceedings by Springer
- [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30
- From: ISecAuditors Security Advisories
- RPS/APS vulnerability in snom/yealink and others
- From: Cal Leeming [Simplicity Media Ltd]
- ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability
- Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Identity Services Engine
- From: Cisco Systems Product Security Incident Response Team
- Cross-Site Scripting (XSS) in GuppY
- From: High-Tech Bridge Security Research
- [ MDVSA-2013:257 ] nss
- [Article] The Audit DSOs of the rtld
- AusCERT2014: Call for Presentations NOW OPEN
- [SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting
- [SECURITY] [DSA 2784-1] xorg-server security update
- [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root
- [CVE-2013-4295] Apache Shindig information disclosure vulnerability
- [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities
- [SECURITY] [DSA 2783-1] librack-ruby security update
- [SECURITY] [DSA 2782-1] polarssl security update
- glibc 2.5 <= reloc types to crash bug
- [Article] Linux Kernel Patches For Linux Kernel Security
- Defense in depth -- the Microsoft way (part 12): NOOP security fixes
- [slackware-security] hplip (SSA:2013-291-01)
- From: Slackware Security Team
- Wordpress videowall Plugin Xss vulnerabilities
- [slackware-security] libtiff (SSA:2013-290-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2781-1] python-crypto security update
- OWASP Vulnerable Web Applications Directory Project
- [SECURITY] [DSA 2780-1] mysql-5.1 security update
- [ MDVSA-2013:256 ] apache-mod_fcgid
- [ MDVSA-2013:255 ] clutter
- [ MDVSA-2013:254 ] quagga
- [ MDVSA-2013:252 ] torque
- [ MDVSA-2013:251 ] aircrack-ng
- [ MDVSA-2013:253 ] libtar
- NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
- From: "VMware Security Response Center"
- Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities
- [ANN] Struts 2.3.15.3 GA release available - security fix
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- [ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn
- From: ISecAuditors Security Advisories
- PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability
- Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability
- Zikula CMS v1.3.5 - Multiple Web Vulnerabilities
- Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
- [ MDVSA-2013:250 ] mysql
- [security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
- PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability
- [SE-2012-01] Issue 69 details and IBM Java vulnerabilities
- From: Security Explorations
- Remote Code Execution in Microweber
- From: High-Tech Bridge Security Research
- [ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart
- From: ISecAuditors Security Advisories
- APPLE-SA-2013-10-15-1 Java for OS X 2013-005 and Mac OS X v10.6 Update 17
- From: Apple Product Security
- [slackware-security] xorg-server (SSA:2013-287-05)
- From: Slackware Security Team
- [security bulletin] HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
- ZAPms v1.42 CMS - Client Side Cross Site Scripting Web Vulnerability
- Training : Advanced Android & iOS Hands-on Exploitation at Toorcon San Diego [16th-17th Oct,2013]
- DornCMS Application v1.4 - Multiple Web Vulnerabilities
- Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability
- Paypal Inc Bug Bounty #105 MOS - Multiple Persistent Print Layout Vulnerabilities
- My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities
- SEC Consult SA-20131015-0 :: Multiple vulnerabilities in SpamTitan
- From: SEC Consult Vulnerability Lab
- OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability
- Training : Advanced Android & iOS Hands-on Exploitation at Toorcon San Diego [16th-17th Oct,2013]
- Critical vulnerabilities discovered in Gazelle and TBDEV.net
- [slackware-security] gnupg2 (SSA:2013-287-02)
- From: Slackware Security Team
- [slackware-security] gnupg (SSA:2013-287-01)
- From: Slackware Security Team
- [slackware-security] gnutls (SSA:2013-287-03)
- From: Slackware Security Team
- [slackware-security] libgpg-error (SSA:2013-287-04)
- From: Slackware Security Team
- Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities
- [SECURITY] [DSA 2779-1] libxml2 security update
- CFP: Passwords^13 Bergen (Norway), December 2-3 2013
- [CISTI'2014]: Call for Workshops
- [SECURITY] [DSA 2778-1] libapache2-mod-fcgid security update
- From: Salvatore Bonaccorso
- Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities
- [SECURITY] [DSA 2776-1] drupal6 security update
- [SECURITY] [DSA 2777-1] systemd security update
- [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information
- [SECURITY] [DSA 2773-1] gnupg security update
- [SECURITY] [DSA 2774-1] gnupg security update
- [ MDVSA-2013:249 ] libraw
- [ MDVSA-2013:247 ] gnupg
- [SECURITY] [DSA 2772-1] typo3-src security update
- [ MDVSA-2013:248 ] xinetd
- [SECURITY] [DSA 2775-1] ejabberd security update
- [SECURITY] [DSA 2771-1] nas security update
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Software
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2770-1] torque security update
- From: Salvatore Bonaccorso
- [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5
- From: ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11
- From: ISecAuditors Security Advisories
- Cross-Site Scripting (XSS) in Feng Office
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection
- [security bulletin] HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information
- [SECURITY] [DSA-2769-1] kfreebsd-9 security update
- From: Salvatore Bonaccorso
- NotSoSecure CTF (in partnership with Appsec USA)
- [ MDVSA-2013:246 ] openjpa
- Apple Motion Integer Overflow Vulnerability
- [SECURITY] [DSA 2768-1] icedtea-web security update
- From: Salvatore Bonaccorso
- [KIS-2013-09] Vanilla Forums <= 2.0.18.5 (class.utilitycontroller.php) PHP Object Injection Vulnerability
- SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update
- From: Apple Product Security
- [security bulletin] HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information
- ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability
- [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities
- [ MDVSA-2013:245 ] proftpd
- SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler
- From: SEC Consult Vulnerability Lab
- Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability
- WebAssist PowerCMS PHP - Multiple Web Vulnerabilities
- elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities
- SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities
- Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities
- Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability
- Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability
- RootedCON 2014 - Call For Papers
- Cisco Security Advisory: Cisco IOS XR Software Memory Exhaustion Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- All in One SEO Pack Plugin for WordPress 1.3.6.4 - 2.0.3 XSS
- Multiple Vulnerabilities in Gnew
- From: High-Tech Bridge Security Research
- Remote Code Execution in GLPI
- From: High-Tech Bridge Security Research
- Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
- CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure
- From: CORE Advisories Team
- CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability
- From: CORE Advisories Team
- Re: iOS: List of available trusted root certificates
- iOS: List of available trusted root certificates
- CFP: WorldCIST'14 - World Conference on IST, at Madeira Island
- CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.
- [ MDVSA-2013:244 ] davfs2
- Open-Xchange Security Advisory 2013-09-30
- Firefox for Android - Same-origin bypass through symbolic links
- [CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability
- [SECURITY] [DSA 27671-1] proftpd-dfsg security update
- [slackware-security] seamonkey (SSA:2013-271-01)
- From: Slackware Security Team
- Linux Kernel Patches For Linux Kernel Security
- [IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert
- [ MDVSA-2013:243 ] polkit
- [SECURITY] [DSA 2766-1] linux-2.6 security update
- [SECURITY] [DSA 2765-1] davfs2 security update
- Re:joomla com_zimbcomment Components Local File Include vulnerability
- APPLE-SA-2013-09-26-1 iOS 7.0.2
- From: Apple Product Security
- ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability
- AW: Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
- [ISecAuditors Security Advisories] Multiple Reflected Cross-Site Scripting vulnerabilities
- From: ISecAuditors Security Advisories
- Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability
- From: Cisco Systems Product Security Incident Response Team
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
