Bugtraq

Date Index

[Prev Page][Next Page]

NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability, VMware Security Response Center
Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection, Paul Craig
Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router, kingkaustubh
Reflected XSS vulnarbility in Asus RT-N10 Plus Router, kingkaustubh
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities, Security Alert
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385, Onur Yilmaz
CVE-2014-8779: SSH Host keys on Pexip Infinity, giles
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360), Pedro Ribeiro
Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability, Cisco Systems Product Security Incident Response Team
AST-2015-001: File descriptor leak when incompatible codecs are offered, Asterisk Security Team
[slackware-security] glibc (SSA:2015-028-01), Slackware Security Team
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation, KoreLogic Disclosures
[SECURITY] [DSA 3143-1] virtualbox security update, Moritz Muehlenhoff
Two XSS Vulnerabilities in SupportCenter Plus, High-Tech Bridge Security Research
[CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8, sven
[CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8, sven
[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability, Amplia Security Advisories
NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues, VMware Security Response Center
[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities, CORE Advisories Team
FreeBSD Security Advisory FreeBSD-SA-15:03.sctp, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:02.kmem, FreeBSD Security Advisories
APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3, Apple Product Security
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001, Apple Product Security
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow, Qualys Security Advisory
APPLE-SA-2015-01-27-2 iOS 8.1.3, Apple Product Security
APPLE-SA-2015-01-27-1 Apple TV 7.0.3, Apple Product Security
[SECURITY] [DSA 3142-1] eglibc security update, Florian Weimer
[SYSS-2014-012] FancyFon FAMOC - Session Fixation, matthias . deeg
[SECURITY] [DSA 3141-1] wireshark security update, Moritz Muehlenhoff
[SYSS-2014-010] FancyFon FAMOC - SQL Injection, matthias . deeg
[SECURITY] [DSA 3140-1] xen security update, Moritz Muehlenhoff
[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt, matthias . deeg
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting, matthias . deeg
CVE-2015-0223: anonymous access to qpidd cannot be prevented, Gordon Sim
CVE-2015-0224: qpidd can be crashed by unauthenticated user, Gordon Sim
[CORE-2015-0002] - Android WiFi-Direct Denial of Service, CORE Advisories Team
WebKitGTK+ Security Advisory WSA-2015-0001, Carlos Alberto Lopez Perez
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability, Rewterz - Research Group
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability, Rewterz - Research Group
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability, Rewterz - Research Group
[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days, Hafez Kamal
PhotoSync 1.1.3 Android - Command Inject Vulnerability, Vulnerability Lab
Program-O v2.4.6 - Multiple Web Vulnerabilities, Vulnerability Lab
CVE-2015-1180-xss-eventsentry, Sudhanshu Chauhan
CVE-2015-1179-xss-mango-automation-scada, Sudhanshu Chauhan
CVE-2015-1178-xss-x-cart-ecommerce, Sudhanshu Chauhan
CVE-2015-1177-xss-exponent, Sudhanshu Chauhan
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP, SEC Consult Vulnerability Lab
CVE-2015-1176-xss-osticket, Sudhanshu Chauhan
[slackware-security] samba (SSA:2015-020-01), Slackware Security Team
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities, Vulnerability Lab
[oCERT-2015-001] JasPer input sanitization errors, Andrea Barisani
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll, Vulnerability Lab
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass, RedTeam Pentesting GmbH
PhotoSync v1.1.3 Android - Command Inject Vulnerability, Vulnerability Lab
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 3134-1] sympa security update, Salvatore Bonaccorso
[SECURITY] [DSA 3133-1] privoxy security update, Moritz Muehlenhoff
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities, Security Alert
CVE-2015-1175-xss-prestashop, Sudhanshu Chauhan
[SECURITY] [DSA 3132-1] icedove security update, Moritz Muehlenhoff
MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities, Advisories
[slackware-security] mozilla-firefox (SSA:2015-016-02), Slackware Security Team
[SECURITY] [DSA 3131-1] xdg-utils security update, Michael Gilbert
CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability, Riley Baird
[slackware-security] seamonkey (SSA:2015-016-04), Slackware Security Team
[slackware-security] freetype (SSA:2015-016-01), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-016-03), Slackware Security Team
[ MDVSA-2015:027 ] kernel, security
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability, Vulnerability Lab
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability, admin@xxxxxxxxxxxxxxxxx
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability, Vulnerability Lab
VeryPhoto v3.0 iOS - Command Injection Vulnerability, Vulnerability Lab
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3129-1] rpm security update, Moritz Muehlenhoff
Alienvault OSSIM/USM Command Execution Vulnerability, Peter Lapp
[ MDVSA-2015:025 ] mpfr, security
[ MDVSA-2015:026 ] untrf, security
[ MDVSA-2015:024 ] libsndfile, security
[ MDVSA-2015:023 ] libvirt, security
[SECURITY] [DSA 3128-1] linux security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-15:01.openssl, FreeBSD Security Advisories
[SECURITY] [DSA 3127-1] iceweasel security update, Moritz Muehlenhoff
Two XSS vulnerabilities in Simple Security WordPress Plugin, High-Tech Bridge Security Research
MS14-080 CVE-2014-6365 Code, Diéyǔ
AusCERT2015 Call for Papers: closes 18th January, AusCERT
[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information, security-alert
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update, Thijs Kinkhorst
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability, Vulnerability Lab
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information, security-alert
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi, SEC Consult Vulnerability Lab
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower, SEC Consult Vulnerability Lab
CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user, Gordon Sim
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones, SEC Consult Vulnerability Lab
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense", Diéyǔ
[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution, security-alert
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager, Peter Lapp
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager, Peter Lapp
[SECURITY] [DSA 3126-1] php5 security update, Thijs Kinkhorst
Corel Software DLL Hijacking, CORE Advisories Team
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0, RedTeam Pentesting GmbH
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0, RedTeam Pentesting GmbH
[ MDVSA-2015:022 ] wireshark, security
[ MDVSA-2015:021 ] curl, security
[ MDVSA-2015:020 ] libssh, security
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities, Vulnerability Lab
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability, Vulnerability Lab
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability, Vulnerability Lab
Blitz CMS Community - SQL Injection Web Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3125-1] openssl security update, Salvatore Bonaccorso
[SECURITY] [DSA 3124-1] otrs2 security update, Salvatore Bonaccorso
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities, Pietro Oliva
[security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities, security-alert
[ MDVSA-2015:019 ] openssl, security
[SECURITY] [DSA 3122-1] curl security update, Salvatore Bonaccorso
- <Possible follow-ups>
- Re: [SECURITY] [DSA 3122-1] curl security update, U2ME236
[SECURITY] [DSA 3121-1] file security update, Moritz Muehlenhoff
Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada, root
[ MDVSA-2015:018 ] asterisk, security
[ MDVSA-2015:017 ] libevent, security
[ MDVSA-2015:016 ] unzip, security
[ MDVSA-2015:015 ] sox, security
[ MDVSA-2015:014 ] libjpeg, security
[ MDVSA-2015:013 ] znc, security
[ MDVSA-2015:012 ] jasper, security
[ MDVSA-2015:011 ] nail, security
[ MDVSA-2015:010 ] file, security
[ MDVSA-2015:009 ] krb5, security
[ MDVSA-2015:008 ] pwgen, security
[ MDVSA-2015:007 ] unrtf, security
[ MDVSA-2015:006 ] mediawiki, security
[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3120-1] mantis security update, Moritz Muehlenhoff
Brother MFC Administration Reflected Cross-Site Scripting, vulns
Self-XSS in Microsoft Dynamics CRM 2013 SP1, High-Tech Bridge Security Research
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities, Vulnerability Lab
[ MDVSA-2015:005 ] subversion, security
ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities, Security Alert
[SECURITY] [DSA 3119-1] libevent security update, Salvatore Bonaccorso
[ MDVSA-2015:001 ] c-icap, security
[ MDVSA-2015:002 ] pcre, security
Open-Xchange Security Advisory 2015-01-05, Martin Heiland
[SECURITY] [DSA 3118-1] strongswan security update, Yves-Alexis Perez
[ MDVSA-2015:003 ] ntp, security
[ MDVSA-2015:004 ] php, security
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360, Pedro Ribeiro
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability, Egidio Romano
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability, Egidio Romano
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability, Egidio Romano
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability, Egidio Romano
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability, Egidio Romano
[SECURITY] [DSA 3117-1] php5 security update, Salvatore Bonaccorso
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central, Pedro Ribeiro
- Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central, Pedro Ribeiro
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook, Stefan Kanthak
ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability, Security Alert
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability, Security Alert
[SECURITY] [DSA 3116-1] polarssl security update, Moritz Muehlenhoff
Remote Code Execution via Unauthorised File upload in Cforms 14.7, z . fedotkin
[SECURITY] [DSA 3115-1] pyyaml security update, Moritz Muehlenhoff
nullcon HackIM Challenge 9-11 Jan 2015, nullcon
[SECURITY] [DSA 3113-1] unzip security update, Salvatore Bonaccorso
[SECURITY] [DSA 3114-1] mime-support security update, Salvatore Bonaccorso
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability, Vulnerability Lab
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities, Vulnerability Lab
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability, Vulnerability Lab
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability, Vulnerability Lab
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability, Vulnerability Lab
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability, Vulnerability Lab
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability, Vulnerability Lab
DRAM unreliable under specific access patern, Pavel Machek
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5, steffen . roesemann1986
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
FreeBSD Security Advisory FreeBSD-SA-14:31.ntp, FreeBSD Security Advisories
[SECURITY] [DSA 3110-1] mediawiki security update, Sebastien Delafond
[SECURITY] [DSA 3112-1] sox security update, Salvatore Bonaccorso
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1, steffen . roesemann1986
[slackware-security] xorg-server (SSA:2014-356-03), Slackware Security Team
[slackware-security] php (SSA:2014-356-02), Slackware Security Team
[slackware-security] ntp (SSA:2014-356-01), Slackware Security Team
[SECURITY] [DSA 3111-1] cpio security update, Michael Gilbert
APPLE-SA-2014-12-22-1 OS X NTP Security Update, Apple Product Security
[oCERT-2014-011] UnZip input sanitization errors, Andrea Barisani
[oCERT-2014-010] SoX input sanitization errors, Andrea Barisani
VP-2014-004 SysAid Server Arbitrary File Disclosure, Bernhard Mueller
[SECURITY] [DSA 3109-1] firebird2.5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3107-2] subversion regression update, Florian Weimer
[SECURITY] [DSA 3108-1] ntp security update, Florian Weimer
[SECURITY] [DSA 3107-1] subversion security update, Florian Weimer
[SECURITY] [DSA 3106-1] jasper security update, Salvatore Bonaccorso
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367, Onur Yilmaz
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325, Onur Yilmaz
Facebook BB #18 - IDOR Issue & Privacy Vulnerability, Vulnerability Lab
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability, Vulnerability Lab
iBackup v10.0.0.45 - Privilege Escalation Vulnerability, Vulnerability Lab
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor, SEC Consult Vulnerability Lab
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3, Apple Product Security
[oCERT-2014-012] JasPer input sanitization errors, Andrea Barisani
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted, SEC Consult Vulnerability Lab
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager, SEC Consult Vulnerability Lab
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability, Vulnerability Lab
E-Journal CMS (ID) - Multiple Web Vulnerabilities, Vulnerability Lab
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability, Vulnerability Lab
Apple iOS v8.x - Message Context & Privacy Vulnerability, Vulnerability Lab
Jease CMS v2.11 - Persistent UI Web Vulnerability, Vulnerability Lab
Morfy CMS v1.05 - Command Execution Vulnerability, Vulnerability Lab
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability, Vulnerability Lab
Cross-Site Scripting (XSS) in Revive Adserver, High-Tech Bridge Security Research
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache, Tobias Glemser
FreeBSD Security Advisory FreeBSD-SA-14:30.unbound, FreeBSD Security Advisories
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities, Matteo Beccati
[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution, security-alert
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability, Vulnerability Lab
[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information, security-alert
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability, Vulnerability Lab
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability, Vulnerability Lab
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability, Vulnerability Lab
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3105-1] heirloom-mailx security update, Florian Weimer
[SECURITY] [DSA 3104-1] bsd-mailx security update, Florian Weimer
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface, Mazin Ahmed
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA, Onapsis Research Labs
"Ettercap 8.0 - 8.1" multiple vulnerabilities, Nick Sampanis
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update), Security Explorations
CA20141215-01: Security Notice for CA LISA Release Automation, Williams, Ken
[ MDVSA-2014:252 ] nss, security
[ MDVSA-2014:253 ] apache-mod_wsgi, security
Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701, steffen . roesemann1986
Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01], modzero
[ MDVSA-2014:242 ] yaml, security
[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update, Salvatore Bonaccorso
[SECURITY] [DSA 3102-1] libyaml security update, Salvatore Bonaccorso
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote..., Stefan Kanthak
[ MDVSA-2014:238 ] bind, security
[SECURITY] [DSA 3101-1] c-icap security update, Salvatore Bonaccorso
[SECURITY] [DSA 3100-1] mediawiki security update, Sebastien Delafond
[ MDVSA-2014:239 ] flac, security
[ MDVSA-2014:243 ] phpmyadmin, security
[ MDVSA-2014:244 ] openafs, security
[ MDVSA-2014:245 ] mutt, security
CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional", Christian Schneider
CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional", Christian Schneider
[ MDVSA-2014:251 ] rpm, security
[ MDVSA-2014:250 ] cpio, security
[ MDVSA-2014:249 ] qemu, security
[ MDVSA-2014:248 ] graphviz, security
[ MDVSA-2014:247 ] jasper, security
[ MDVSA-2014:246 ] openvpn, security
ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability, Security Alert
ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities, Security Alert
ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability, Security Alert
[security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack, security-alert
Docker 1.3.3 - Security Advisory [11 Dec 2014], Eric Windisch
[SECURITY] [DSA 3099-1] dbus security update, Florian Weimer
ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities, petri . iivonen
- <Possible follow-ups>
- Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities, dan
APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2, Apple Product Security
[SECURITY] [DSA 3098-1] graphviz security update, Salvatore Bonaccorso
[SECURITY] [DSA 3097-1] unbound security update, Yves-Alexis Perez
[slackware-security] openssh (SSA:2014-344-03), Slackware Security Team
[slackware-security] wpa_supplicant (SSA:2014-344-07), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-344-02), Slackware Security Team
[slackware-security] pidgin (SSA:2014-344-05), Slackware Security Team
[slackware-security] bind (SSA:2014-344-01), Slackware Security Team
[slackware-security] seamonkey (SSA:2014-344-06), Slackware Security Team
[slackware-security] openvpn (SSA:2014-344-04), Slackware Security Team
[SECURITY] [DSA 3096-1] pdns-recursor security update, Sebastien Delafond
[SECURITY] [DSA 3095-1] xorg-server security update, Moritz Muehlenhoff
AST-2014-019: Remote Crash Vulnerability in WebSocket Server, Asterisk Security Team
FreeBSD Security Advisory FreeBSD-SA-14:29.bind, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:28.file, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:27.stdio, FreeBSD Security Advisories
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities, VMware Security Response Center
[CVE-2014-7301] SGI Tempo System Database Password Exposure, john . fitzpatrick
[CVE-2014-7302] SGI SUID Root Privilege Escalation, john . fitzpatrick
[CVE-2014-7303] SGI Tempo System Database Exposure, john . fitzpatrick
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities, simo
[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information, security-alert
[security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability, VMware Security Response Center
[CVE-2014-8340] phpTrafficA SQL injection, Daniël Geerts
[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information, security-alert
Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120, Onur Yilmaz
[SECURITY] [DSA 3093-1] linux security update, Salvatore Bonaccorso
[security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution, security-alert
[SECURITY] [DSA 3094-1] bind9 security update, Giuseppe Iuculano
[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds, jlk
[ANN] Apache Struts 2.3.20 GA release available with security fix, Lukasz Lenart
CFP: InfoSec SouthWest 2015 (ISSW), Tod Beardsley
CMS Made Simple PHP Code Injection Vulnerability (All versions), sahm
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google), Security Explorations
[SECURITY] [DSA 3091-1] getmail4 security update, Giuseppe Iuculano
[SECURITY] [DSA 3092-1] icedove security update, Moritz Muehlenhoff
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass), Vulnerability Lab
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities, VMware Security Response Center
Offset2lib: bypassing full ASLR on 64bit Linux, Hector Marco
- Message not available
  - Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux, Shawn
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[SECURITY] [DSA 3090-1] iceweasel security update, Moritz Muehlenhoff
[SECURITY] [DSA 3089-1] jasper security update, Salvatore Bonaccorso
[oCERT-2014-009] JasPer input sanitization errors, Andrea Barisani
[SECURITY] [DSA 3088-1] qemu-kvm security update, Salvatore Bonaccorso
[SECURITY] [DSA 3087-1] qemu security update, Salvatore Bonaccorso
CVE-2014-9215 - SQL Injection in PBBoard CMS, tien . d . tran
APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1, Apple Product Security
[SECURITY] [DSA 3086-1] tcpdump security update, Salvatore Bonaccorso
Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection, Ewerson Guimarães (Crash) - Dclabs
[slackware-security] mozilla-thunderbird (SSA:2014-337-01), Slackware Security Team
[SECURITY] [DSA 3085-1] wordpress security update, Yves-Alexis Perez
F5 BIGIP - (OLD!) Persistent XSS in ASM Module, jplopezy
ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability, Security Alert
ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability, Security Alert
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress, Henri Salo
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components, RedTeam Pentesting GmbH
[SECURITY] [DSA 3084-1] openvpn security update, Florian Weimer
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure, RedTeam Pentesting GmbH
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf, RedTeam Pentesting GmbH
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire, RedTeam Pentesting GmbH
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4, Stephan.Rickauer
[SECURITY] [DSA 3081-1] libvncserver security update, Luciano Bello
[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360, Pedro Ribeiro
- Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360, Pedro Ribeiro
[SECURITY] [DSA 3082-1] flac security update, Sebastien Delafond
[SECURITY] [DSA 3083-1] mutt security update, Salvatore Bonaccorso
[SECURITY] [DSA 3080-1] openjdk-7 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3079-1] ppp security update, Sebastien Delafond
WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034), john
[ MDVSA-2014:237 ] perl-Mojolicious, security
[ MDVSA-2014:236 ] file, security
[ MDVSA-2014:235 ] perl-Plack, security
[ MDVSA-2014:234 ] libksba, security
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used), Stefan Kanthak
[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information, security-alert
[ MDVSA-2014:233 ] wordpress, security
[SECURITY] [DSA 3078-1] libksba security update, Salvatore Bonaccorso
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability, Egidio Romano
[ MDVSA-2014:232 ] glibc, security
[ MDVSA-2014:231 ] icecast, security
[ MDVSA-2014:230 ] kernel, security
[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3077-1] openjdk-6 security update, Moritz Muehlenhoff
[ MDVSA-2014:229 ] libvncserver, security
CVE-2014-5439 - Root shell on Sniffit [with exploit], Hector Marco
Сross-Site Request Forgery (CSRF) in xEpan, High-Tech Bridge Security Research
[ MDVSA-2014:228 ] phpmyadmin, security
[SECURITY] [DSA 3076-1] wireshark security update, Moritz Muehlenhoff
[security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass, security-alert
[security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information, security-alert
Slider Revolution/Showbiz Pro shell upload exploit, simo
- <Possible follow-ups>
- Re: Slider Revolution/Showbiz Pro shell upload exploit, assistenz
[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information, security-alert
[ MDVSA-2014:227 ] ffmpeg, security
[ MDVSA-2014:226 ] imagemagick, security
[ MDVSA-2014:225 ] ruby, security
[oCERT 2014-008] libFLAC multiple issues, Daniele Bianco
Docker 1.3.2 - Security Advisory [24 Nov 2014], Eric Windisch
CVE-2014-8419 - CodeMeter Weak Service Permissions, ajs
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin, Larry W. Cashdollar
[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, security-alert
[ MDVSA-2014:224 ] krb5, security
[ MDVSA-2014:223 ] wireshark, security
[ MDVSA-2014:222 ] libvirt, security
[ MDVSA-2014:221 ] php-smarty, security
[ MDVSA-2014:220 ] qemu, security
[ MDVSA-2014:219 ] srtp, security
[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities, security-alert
[ MDVSA-2014:218 ] asterisk, security
WordPress 3 persistent script injection, Jouko Pynnonen
AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic., Asterisk Security Team
AST-2014-013: PJSIP ACLs are not loaded on startup, Asterisk Security Team
AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver, Asterisk Security Team
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver, Asterisk Security Team
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>, Asterisk Security Team
AST-2014-018: AMI permission escalation through DB dialplan function, Asterisk Security Team
AST-2014-014: High call load may result in hung channels in ConfBridge., Asterisk Security Team
Multiple SQL Injection in SP Client Document Manager plugin, thai . q . dang
[SECURITY] [DSA 3075-1] drupal7 security update, Salvatore Bonaccorso
CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin, phi . n . le
[ MDVSA-2014:217 ] clamav, security
[ MDVSA-2014:216 ] php-ZendFramework, security
[CORE-2014-0008] - Advantech AdamView Buffer Overflow, CORE Advisories Team
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow, CORE Advisories Team
[CORE-2014-0009] - Advantech EKI-6340 Command Injection, CORE Advisories Team
CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM, Portcullis Advisories
[SECURITY] [DSA 3074-2] php5 regression update, Yves-Alexis Perez
Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension, High-Tech Bridge Security Research
[ MDVSA-2014:215 ] gnutls, security
[SECURITY] [DSA 3074-1] php5 security update, Yves-Alexis Perez
[ MDVSA-2014:213 ] curl, security
[ MDVSA-2014:214 ] dbus, security
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload, Steffen Bauch
CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload, Steffen Bauch
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload, Steffen Bauch
APPLE-SA-2014-11-17-3 Apple TV 7.0.2, Apple Product Security
[security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code, security-alert
APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1, Apple Product Security
APPLE-SA-2014-11-17-1 iOS 8.1.1, Apple Product Security
[slackware-security] mozilla-thunderbird (SSA:2014-320-01), Slackware Security Team
[SECURITY] [DSA 3073-1] libgcrypt11 security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information, security-alert
CVE-2014-8683 XSS in Gogs Markdown Renderer, Timo Schmid
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs, Timo Schmid
[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution, security-alert
[SECURITY] [DSA 3050-3] iceweasel security update, Salvatore Bonaccorso
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731], Programa STIC
CVE-2014-8732, cert
- <Possible follow-ups>
- Re: CVE-2014-8732, cert
CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2, cert
- <Possible follow-ups>
- Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2, cert
[SECURITY] [DSA 3072-1] file security update, Thijs Kinkhorst
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC), ESNC Security
[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access, security-alert
[security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code, security-alert
[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities, security-alert
[SECURITY] [DSA 3071-1] nss security update, Sebastien Delafond
[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution, security-alert
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211], Programa STIC
[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities, security-alert
[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution, security-alert
BookFresh - Persistent Clients Invite Vulnerability, Vulnerability Lab
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360, Pedro Ribeiro
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro, Pedro Ribeiro
[SECURITY] [DSA 3070-1] kfreebsd-9 security update, Moritz Muehlenhoff
CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests, Gordon Sim
[SECURITY] [DSA 3069-1] curl security update, Salvatore Bonaccorso
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability, Vulnerability Lab
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability, Vulnerability Lab
Open-Xchange Security Advisory 2014-11-07, Martin Heiland
[SECURITY] [DSA 3068-1] konversation security update, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED], FreeBSD Security Advisories
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426], Programa STIC
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities, Larry W. Cashdollar
ZTE ZXDSL 831 Multiple Cross Site Scripting, habte . yibelo
ZTE 831CII Multiple Vulnerablities, habte . yibelo
ZTE ZXDSL 831CII Direct Object Reference, habte . yibelo
CA20141103-01: Security Notice for CA Cloud Service Management, Kotas, Kevin J
[SECURITY] [DSA 3067-1] qemu-kvm security update, Salvatore Bonaccorso
[SECURITY] [DSA 3066-1] qemu security update, Salvatore Bonaccorso
[SECURITY] [DSA 3065-1] libxml-security-java security update, Sebastien Delafond
i.Mage Local Crash Poc, metacom27
[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper, mdgh9
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection, SEC Consult Vulnerability Lab
Cisco RV Series multiple vulnerabilities, Securify B.V.
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser, Pedro Ribeiro
i-FTP Buffer Overflow SEH, metacom27
i.Hex Local Crash Poc, metacom27
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers, Cisco Systems Product Security Incident Response Team
ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability, Security Alert
WordPress Wordfence Firewall 5.1.2 Cross Site Scripting, bhati . contact
Arbitrary File Upload in HelpDEZk, High-Tech Bridge Security Research
Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms, High-Tech Bridge Security Research
Wordpress bulletproof-security <=.51 multiple vulnerabilities, Pietro Oliva
FreeBSD Security Advisory FreeBSD-SA-14:26.ftp, FreeBSD Security Advisories
CVE-2014-6616 Softing FG-100 Webui XSS, Ingmar Rosenhagen
CVE-2014-6617 Softing FG-100 Backdoor Account, Ingmar Rosenhagen
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read, KoreLogic Disclosures
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd, FreeBSD Security Advisories
[SECURITY] [DSA 3064-1] php5 security update, Salvatore Bonaccorso
[security bulletin] HPSBUX03162 SSRT101767 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack, security-alert
Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer, subs
Call for Papers - WorldCIST'15 - Best papers published in JCR/SCI journals, ML
[Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform, AppCheck_Advisories
[slackware-security] php (SSA:2014-307-03), Slackware Security Team
Ahrareandeysheh CMS Cross-Site Scripting Vulnerability, iedb . team
[slackware-security] mozilla-firefox (SSA:2014-307-02), Slackware Security Team
[slackware-security] mariadb (SSA:2014-307-01), Slackware Security Team
[slackware-security] seamonkey (SSA:2014-307-04), Slackware Security Team
Modx CMS CSRF Bypass & XSS Vulnerabilities, bhati . contact
CFP: Fourth World Congress - SEMCMI2015 - Malaysia, Conference Updates
[SECURITY] [DSA 3062-1] wget security update, Luciano Bello
[SECURITY] [DSA 3063-1] quassel security update, Luciano Bello
PARSADEV CMS Cross-Site Scripting Vulnerability, iedb . team
"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities, n . sampanis
[SECURITY] [DSA 3061-1] icedove security update, Moritz Muehlenhoff
[SECURITY] [DSA 3060-1] linux security update, Salvatore Bonaccorso
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU, Security Explorations
SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access, SEC Consult Vulnerability Lab
[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565), matthias . deeg
[security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack, security-alert
[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS), security-alert
Call for Papers - WorldCIST'15 - Azores, Deadline: November 23, ML
[slackware-security] wget (SSA:2014-302-01), Slackware Security Team
[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS), security-alert
[SECURITY] [DSA 3059-1] dokuwiki security update, Moritz Muehlenhoff
Multiple vulnerabilities in EspoCRM, High-Tech Bridge Security Research
CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare, research
SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme, SEC Consult Vulnerability Lab
SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel, SEC Consult Vulnerability Lab
[ MDVSA-2014:212 ] wget, security
[ MDVSA-2014:211 ] wpa_supplicant, security
[security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS), security-alert
[SECURITY] [DSA 3050-2] xulrunner update, Moritz Muehlenhoff
phpfusion (Search Page) Denial of Service Vulnerability, iedb . team
[ MDVSA-2014:210 ] mariadb, security
IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA, liezelle
[security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information, security-alert
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration), Vulnerability Lab
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability, Vulnerability Lab
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability, Vulnerability Lab
iFileExplorer v6.51 iOS - File Include Web Vulnerability, Vulnerability Lab
WebDisk+ v2.1 iOS - Code Execution Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3058-1] torque security update, Salvatore Bonaccorso
[security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3057-1] libxml2 security update, Thijs Kinkhorst
vulnerabilities in libbfd (CVE-2014-beats-me), Michal Zalewski
- Message not available
  - Re: vulnerabilities in libbfd (CVE-2014-beats-me), Mike Frysinger
[SECURITY] [DSA 3056-1] libtasn1-3 security update, Sebastien Delafond
[CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation, g-damore
NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability, VMware Security Response Center
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries, Stefan Kanthak
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1, Stefan Kanthak
[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability, Egidio Romano
[ MDVSA-2014:205 ] lua, security
[ MDVSA-2014:209 ] java-1.7.0-openjdk, security
[ MDVSA-2014:208 ] phpmyadmin, security
[ MDVSA-2014:207 ] ejabberd, security
[ MDVSA-2014:206 ] ctags, security
[slackware-security] glibc (SSA:2014-296-01), Slackware Security Team
[slackware-security] pidgin (SSA:2014-296-02), Slackware Security Team
[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness, Egidio Romano
[SECURITY] [DSA 3055-1] pidgin security update, Moritz Muehlenhoff
OpenBSD <= 5.5 Local Kernel Panic, Alejandro Hernandez
[ MDVSA-2014:203 ] openssl, security
[ MDVSA-2014:204 ] libxml2, security
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability, Vulnerability Lab
[ MDVSA-2014:202 ] php, security
APPLE-SA-2014-10-22-1 QuickTime 7.7.6, Apple Product Security
ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability, Security Alert
ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability, Security Alert
ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability, Security Alert
File Manager v4.2.10 iOS - Code Execution Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- File Manager v4.2.10 iOS - Code Execution Vulnerability, Vulnerability Lab
iFunBox Free v1.1 iOS - File Include Vulnerability, Vulnerability Lab
FreeBSD Security Advisory FreeBSD-SA-14:23.openssl, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:21.routed, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:22.namei, FreeBSD Security Advisories
CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015, icete . secretariat
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability, Vulnerability Lab
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities, Vulnerability Lab
Vulnerabilities in WordPress Database Manager v2.7.1, Larry W. Cashdollar
[ MDVSA-2014:201 ] kernel, security
[ MDVSA-2014:200 ] bugzilla, security
[ MDVSA-2014:199 ] perl, security
[ MDVSA-2014:198 ] mediawiki, security
[ MDVSA-2014:197 ] python, security
Incredible PBX remote command execution exploit, simo
[ MDVSA-2014:196 ] rsyslog, security
[slackware-security] openssh (SSA:2014-293-01), Slackware Security Team
[security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
[security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS), security-alert
LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183, Onur Yilmaz
APPLE-SA-2014-10-20-1 iOS 8.1, Apple Product Security
APPLE-SA-2014-10-20-2 Apple TV 7.0.1, Apple Product Security
AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability, Asterisk Security Team
[SECURITY] [DSA 3054-1] mysql-5.5 security update, Salvatore Bonaccorso
[security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
[security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 3050-1] iceweasel security update, Moritz Muehlenhoff
Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF), simo
APPLE-SA-2014-10-16-5 OS X Server v2.2.5, Apple Product Security
APPLE-SA-2014-10-16-4 OS X Server v3.2.2, Apple Product Security
APPLE-SA-2014-10-16-6 iTunes 12.0.1, Apple Product Security
APPLE-SA-2014-10-16-3 OS X Server v4.0, Apple Product Security
[SECURITY] [DSA 3053-1] openssl security update, Thijs Kinkhorst
APPLE-SA-2014-10-16-2 Security Update 2014-005, Apple Product Security
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10, Apple Product Security
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability, CORE Advisories Team
[SECURITY] [DSA 3052-1] wpa security update, Michael Gilbert
[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS), security-alert
[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution, security-alert
[slackware-security] openssl (SSA:2014-288-01), Slackware Security Team
Bypassing blacklists based on IPy, Nicolas Grégoire
[SECURITY] [DSA 3051-1] drupal7 security update, Moritz Muehlenhoff
Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability, Cisco Systems Product Security Incident Response Team
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability, Stefan Horst
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability, Cisco Systems Product Security Incident Response Team
Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin, High-Tech Bridge Security Research
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces, SEC Consult Vulnerability Lab
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin, High-Tech Bridge Security Research
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability, Vulnerability Lab
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities, Vulnerability Lab
PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability, Vulnerability Lab
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability, Vulnerability Lab
[SE-2014-01] Breaking Oracle Database through Java exploits (details), Security Explorations
[SECURITY] [DSA 3049-1] wireshark security update, Moritz Muehlenhoff
two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other), Michal Zalewski
LiveZilla 5.3.0.7 Security Issue, sourav . infosec
- Re: LiveZilla 5.3.0.7 Security Issue, Henri Salo
[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery, security-alert
[security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution, security-alert
Reminder: Passwords14 CFP + registration announcement, Per Thorsheim
PayPal Inc BB #96 - Persistent Tags Vulnerability, Vulnerability Lab
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability, Vulnerability Lab
PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability, Vulnerability Lab
CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.), Dirk-Willem van Gulik
Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015, ML
- <Possible follow-ups>
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015, ML
CSP Bypass in android browser prior to 4.4, evanjjohns
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer, Alexandre Herzog
CSNC-2014-004 neuroML - Multiple Vulnerabilities, Alexandre Herzog
SAP Security Note 1908531 - XXE in BusinessObjects Explorer, Alexandre Herzog
SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer, Alexandre Herzog
[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution, security-alert
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA, Onapsis Research Labs
[security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code, security-alert
[SECURITY] [DSA 3048-1] apt security update, Thijs Kinkhorst
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting, Onapsis Research Labs
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA, Onapsis Research Labs
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure, Onapsis Research Labs
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check, Onapsis Research Labs
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities, Onapsis Research Labs
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection, Onapsis Research Labs
Two XSS in Contact Form DB WordPress plugin, High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin, High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin, High-Tech Bridge Security Research
[SECURITY] [DSA 3047-1] rsyslog security update, Luciano Bello
[security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS), security-alert
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!, Pedro Ribeiro
[security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities, security-alert
Multiple vulnerabilities in DrayTek VigorACS SI, Erik-Paul Dittmer
OWTF 1.0 "Lionheart" released!, Abraham Aranguren
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15, dkl
CA20141001-01: Security Notice for Bash Shellshock Vulnerability, Williams, James K
Multiple Vulnerabilities in Draytek Vigor 2130, Erik-Paul Dittmer
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities, Vulnerability Lab
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 3044-1] qemu-kvm security update, Moritz Muehlenhoff
[SECURITY] [DSA 3042-1] exuberant-ctags security update, Moritz Muehlenhoff
[SECURITY] [DSA 3046-1] mediawiki security update, Salvatore Bonaccorso
[SECURITY] [DSA 3045-1] qemu security update, Moritz Muehlenhoff
[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code, security-alert
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- Re: PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability, ahmadshafique
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability, Vulnerability Lab
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability, Vulnerability Lab

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]