Bugtraq

Date Index

[Prev Page][Next Page]

CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway, mirko . casadei
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway, mirko . casadei
[ MDVSA-2014:195 ] libvirt, security
[ MDVSA-2014:194 ] phpmyadmin, security
[security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities, security-alert
Elasticsearch vulnerability CVE-2014-6439, Jordan Sissel
Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities, Patrick Webster
[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution, security-alert
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278), Michal Zalewski
[ MDVSA-2014:193 ] xerces-j2, security
[ MDVSA-2014:192 ] perl-Email-Address, security
[SECURITY] [DSA 3041-1] xen security update, Moritz Muehlenhoff
Reflected Cross-Site Scripting (XSS) in Textpattern, High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin, High-Tech Bridge Security Research
FreePBX (All Versions) RCE, rob . thomas
NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities, VMware Security Response Center
[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution, security-alert
[SECURITY] [DSA 3040-1] rsyslog security update, Luciano Bello
[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution, security-alert
[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation, security-alert
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability, Vulnerability Lab
PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability, Vulnerability Lab
PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
[slackware-security] seamonkey (SSA:2014-271-03), Slackware Security Team
London DEFCON - September 30th 2014, Major Malfunction
[ MDVSA-2014:191 ] perl-XML-DT, security
[slackware-security] bash (SSA:2014-272-01), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2014-271-02), Slackware Security Team
Moab Authentication Bypass (insecure message signing) [CVE-2014-5376], john . fitzpatrick
Moab User Impersonation [CVE-2014-5375], john . fitzpatrick
Moab Authentication Bypass [CVE-2014-5300], john . fitzpatrick
[slackware-security] mozilla-firefox (SSA:2014-271-01), Slackware Security Team
[SECURITY] [DSA 3039-1] chromium-browser security update, Michael Gilbert
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360, Pedro Ribeiro
[SECURITY] [DSA 3038-1] libvirt security update, Salvatore Bonaccorso
Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon, Aditya Gupta
WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies, ML
[SECURITY] [DSA 3037-1] icedove security update, Yves-Alexis Perez
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability, Vulnerability Lab
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities, Vulnerability Lab
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability, Vulnerability Lab
[ MDVSA-2014:190 ] bash, security
[slackware-security] bash (SSA:2014-268-01), Slackware Security Team
[SECURITY] [DSA 3036-1] mediawiki security update, Thijs Kinkhorst
[SECURITY] [DSA 3035-1] bash security update, Salvatore Bonaccorso
Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02), Slackware Security Team
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow, advisories
[oCERT-2014-007] libvncserver multiple issues, Andrea Barisani
[slackware-security] bash (SSA:2014-267-01), Slackware Security Team
[slackware-security] mozilla-nss (SSA:2014-267-02), Slackware Security Team
[ MDVSA-2014:189 ] nss, security
[ MDVSA-2014:187 ] curl, security
[ MDVSA-2014:188 ] wireshark, security
[SECURITY] [DSA 3034-1] iceweasel security update, Yves-Alexis Perez
CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control, main
[SECURITY] [DSA 3033-1] nss security update, Yves-Alexis Perez
[security bulletin] HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information, security-alert
[ MDVSA-2014:186 ] bash, security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2014:184 ] net-snmp, security
[ MDVSA-2014:182 ] zarafa, security
[ MDVSA-2014:181 ] dump, security
[ MDVSA-2014:185 ] libgadu, security
[ MDVSA-2014:183 ] phpmyadmin, security
- <Possible follow-ups>
- [ MDVSA-2014:183 ] phpmyadmin, security
[SECURITY] [DSA 3032-1] bash security update, Florian Weimer
Two SQL Injections in All In One WP Security WordPress plugin, High-Tech Bridge Security Research
[SECURITY] [DSA 3031-1] apt security update, Salvatore Bonaccorso
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser, Steffen Bauch
[KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability, Egidio Romano
[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability, Egidio Romano
Glype proxy cookie jar path traversal allows code execution, Securify B.V.
Glype proxy local address filter bypass, Securify B.V.
[security bulletin] HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access, security-alert
Glype proxy privacy settings can be disabled via CSRF, Securify B.V.
[ MDVSA-2014:180 ] gnupg, security
Strength and Weakness of Methods to Confirm SSH Host Key, John Leo
- Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key, Gunnar Wolf
TP-LINK WDR4300 - Stored XSS & DoS, ozelisyan
- Re: TP-LINK WDR4300 - Stored XSS & DoS, Simon Waters
- <Possible follow-ups>
- Re: TP-LINK WDR4300 - Stored XSS & DoS, ozelisyan
[SECURITY] [DSA 3030-1] mantis security update, Moritz Muehlenhoff
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product, Christian Schneider
[SECURITY] [DSA 3029-1] nginx security update, Salvatore Bonaccorso
[SECURITY] [DSA 3025-2] apt regression update, Salvatore Bonaccorso
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations, Asterisk Security Team
AST-2014-009: Remote crash based on malformed SIP subscription requests, Asterisk Security Team
APPLE-SA-2014-09-17-7 Xcode 6.0.1, Apple Product Security
Oracle Corporation MyOracle - Persistent Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- Oracle Corporation MyOracle - Persistent Vulnerability, Vulnerability Lab
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw, VSR Advisories
- <Possible follow-ups>
- Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw, VSR Advisories
APPLE-SA-2014-09-17-6 OS X Server 2.2.3, Apple Product Security
APPLE-SA-2014-09-17-5 OS X Server 3.2.1, Apple Product Security
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004, Apple Product Security
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1, Apple Product Security
CVE ID Syntax Change - Deadline Approaching, Christey, Steven M.
- <Possible follow-ups>
- CVE ID Syntax Change - Deadline Approaching, Christey, Steven M.
[SECURITY] [DSA 3028-1] icedove security update, Moritz Muehlenhoff
[SECURITY] [DSA 3027-1] libav security update, Moritz Muehlenhoff
APPLE-SA-2014-09-17-2 Apple TV 7, Apple Product Security
APPLE-SA-2014-09-17-1 iOS 8, Apple Product Security
Reflected Cross-Site Scripting (XSS) in MODX Revolution, High-Tech Bridge Security Research
Path Traversal in webEdition, High-Tech Bridge Security Research
MIUI Torch Open Vulnerability, vuln
MIUI Wifi Connection Message Vulnerability, vuln
Android Bluetooth Pairing Packet Processing Vulnerability（by wangzq from NCNIPC）, vuln
[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow, CORE Advisories Team
[SECURITY] [DSA 3026-1] dbus security update, Florian Weimer
[SECURITY] [DSA 3025-1] apt security update, Salvatore Bonaccorso
USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability, Vulnerability Lab
Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280, Onur Yilmaz
Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308, Onur Yilmaz
FreeBSD Security Advisory FreeBSD-SA-14:19.tcp, FreeBSD Security Advisories
ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities, Security Alert
Briefcase 4.0 iOS - Code Execution & File Include Vulnerability, Vulnerability Lab
Multiple Vulnerabilities with Aztech Modem Routers, Federick Joe P Fajardo
- Re: Multiple Vulnerabilities with Aztech Modem Routers, Federick Joe P Fajardo
Passwords^14 Norway - CFP, Per Thorsheim
Open-Xchange Security Advisory 2014-09-15, Martin Heiland
[security bulletin] HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information, security-alert
HttpFileServer 2.3.x Remote Command Execution, danielelinguaglossa
- <Possible follow-ups>
- Re: HttpFileServer 2.3.x Remote Command Execution, danielelinguaglossa
NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability, VMware Security Response Center
[SECURITY] [DSA 3024-1] gnupg security update, Thijs Kinkhorst
[SECURITY] [DSA 3023-1] bind9 security update, Salvatore Bonaccorso
Call for Participation: Semantic Web Business and Innovation (SWBI2015) * Switzerland, jackie
ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability, Vulnerability Lab
Photorange v1.0 iOS - File Include Web Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3021-2] file regression update, Luciano Bello
[SECURITY] [DSA 3022-1] curl security update, Yves-Alexis Perez
[SECURITY] [DSA 3020-1] acpi-support security update, Raphael Geissert
[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat, Mark Thomas
[security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code, security-alert
[slackware-security] seamonkey (SSA:2014-252-01), Slackware Security Team
NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries, VMware Security Response Center
[SECURITY] [DSA 3021-1] file security update, Luciano Bello
FreeBSD Security Advisory FreeBSD-SA-14:18.openssl, FreeBSD Security Advisories
Cisco Security Advisory: Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability, main
[security bulletin] HPSBST03106 rev.1 - HP P2000 G3 MSA Array System running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
[slackware-security] php (SSA:2014-247-01), Slackware Security Team
CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler", Christian Schneider
CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler", Christian Schneider
CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler", Christian Schneider
t2’14 Challenge to be released 2014-09-13 10:00 EEST, Tomi Tuominen
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2], Stefan Kanthak
[security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities, security-alert
[slackware-security] mozilla-thunderbird (SSA:2014-247-03), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-247-02), Slackware Security Team
[ MDVSA-2014:179 ] python-django, security
[ MDVSA-2014:178 ] ppp, security
[ MDVSA-2014:175 ] glibc, security
[ MDVSA-2014:177 ] squid, security
[ MDVSA-2014:176 ] libgcrypt, security
apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error, Elar Lang
[WorldCIST'15]: Call for Workshops Proposals; Best papers published in ISI Journals, ML
[SECURITY] [DSA 3019-1] procmail security update, Salvatore Bonaccorso
Uninit memory disclosure via truncated images in Firefox, Michal Zalewski
[ MDVSA-2014:174 ] apache, security
Avolve Software ProjectDox Multiple Vulnerability Disclosure, Romano, Christian
[security bulletin] HPSBMU03083 rev.2 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
[SECURITY] [DSA 3018-1] iceweasel security update, Moritz Muehlenhoff
Reflected Cross-Site Scripting (XSS) in MyWebSQL, High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in BlackCat CMS, High-Tech Bridge Security Research
[ MDVSA-2014:172 ] php, security
[ MDVSA-2014:173 ] busybox, security
[CORE-2014-0005] - Advantech WebAccess Vulnerabilities, CORE Advisories Team
[security bulletin] HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3017-1] php-cas security update, Thijs Kinkhorst
Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability, Vulnerability Lab
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames, Stefan Kanthak
[ MDVSA-2014:171 ] dhcpcd, security
[ MDVSA-2014:170 ] jakarta-commons-httpclient, security
[ MDVSA-2014:169 ] bugzilla, security
[ MDVSA-2014:168 ] libvncserver, security
[ MDVSA-2014:167 ] file, security
[ MDVSA-2014:166 ] serf, security
[ MDVSA-2014:165 ] krb5, security
[ MDVSA-2014:163 ] python-imaging, security
[ MDVSA-2014:164 ] phpmyadmin, security
[ MDVSA-2014:162 ] catfish, security
[ MDVSA-2014:161 ] subversion, security
[ MDVSA-2014:160 ] gpgme, security
[SECURITY] [DSA 3016-1] lua5.2 security update, Florian Weimer
[SECURITY] [DSA 3015-1] lua5.1 security update, Florian Weimer
WWW File Share Pro v7.0 - Denial of Service Vulnerability, Vulnerability Lab
Avira License Application - Cross Site Request Forgery Vulnerability, Vulnerability Lab
CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia, liezelle
SSH host key fingerprint - through HTTPS, John Leo
- Re: SSH host key fingerprint - through HTTPS, Micha Borrmann
  - Re: SSH host key fingerprint - through HTTPS, John Leo
- Re: SSH host key fingerprint - through HTTPS, Chris Nehren
  - Re: SSH host key fingerprint - through HTTPS, Lukasz Biegaj
    - Re: SSH host key fingerprint - through HTTPS, Jamie Riden
- Re: [FD] SSH host key fingerprint - through HTTPS, maxigas
  - Re: [FD] SSH host key fingerprint - through HTTPS, John Leo
- Message not available
  - Re: [FD] SSH host key fingerprint - through HTTPS, Jeroen van der Ham
    - Re: [FD] SSH host key fingerprint - through HTTPS, John Leo
- Message not available
  - Re: [FD] SSH host key fingerprint - through HTTPS, john
- Message not available
  - Re: [FD] SSH host key fingerprint - through HTTPS, John Leo
[SECURITY] [DSA 2987-2] openjdk-7 regression update, Florian Weimer
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460), jesus . ramirez . pichardo
- <Possible follow-ups>
- WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460), jesus . ramirez . pichardo
Sierra Library Services Platform Multiple Vulnerability Disclosure, Romano, Christian
[SECURITY] [DSA 3014-1] squid3 security update, Salvatore Bonaccorso
SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting, SEC Consult Vulnerability Lab
Aerohive Hive Manager and Hive OS Multiple Vulnerabilities, Disclosure
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert, Pedro Ribeiro
[SECURITY] [DSA 3013-1] s3ql security update, Florian Weimer
Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30), jackie
[SECURITY] [DSA 3012-1] eglibc security update, Florian Weimer
SaaS Marketing platform Hubspot export vulnerability, ehoward
- <Possible follow-ups>
- Re: SaaS Marketing platform Hubspot export vulnerability, security
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks, Fernando Gont
Mathematica10.0.0 on Linux /tmp/MathLink vulnerability, paul . szabo
Encore Discovery Solution Multiple Vulnerability Disclosure, Romano, Christian
ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability, Security Alert
[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities, security-alert
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification, advisories
ntopng 1.2.0 XSS injection using monitored network traffic, Steffen Bauch
- <Possible follow-ups>
- Re: ntopng 1.2.0 XSS injection using monitored network traffic, Steffen Bauch
DNN(DotNetNuke�) Iconbar Control Panel Bad Access Level config, cseye_ut
[WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc., WorldCIST
MEHR Automation System Arbitrary File Download Vulnerability(persian portal), cseye_ut
DNN(DotNetNuke�) Ribbon Bar Control Panel Bad Access Level config, cseye_ut
Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699), Vulnerability Lab
Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707), Vulnerability Lab
[SECURITY] [DSA 3011-1] mediawiki security update, Salvatore Bonaccorso
[SECURITY] [DSA 3010-1] python-django security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities, security-alert
CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability, Herbert Duerr
CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects, Herbert Duerr
DoS attacks (ICMPv6-based) resulting from IPv6 EH drops, Fernando Gont
[security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
[CVE-2014-5335] CSRF in Innovaphone PBX, rg
[SECURITY] [DSA 3009-1] python-imaging security update, Moritz Muehlenhoff
[SECURITY] [DSA 3008-2] php5 regression update, Salvatore Bonaccorso
[SECURITY] [DSA 2940-1] libstruts1.2-java security update, Moritz Muehlenhoff
[SECURITY] [DSA 3008-1] php5 security update, Salvatore Bonaccorso
ToorCon 16 Call For Papers!, h1kari
ArcGIS for Server Vulnerability Disclosure, Romano, Christian
CVE-2014-4973 - Privilege Escalation in ESET Windows Products, Portcullis Advisories
SQL Injection Vulnerability in ArticleFR, High-Tech Bridge Security Research
ICETC2014 - IEEE Extended Submission until Aug. 28, 2014, jackie
CVE-2014-5307 - Privilege Escalation in Panda Security Products, Portcullis Advisories
[SECURITY] [DSA 3007-1] cacti security update, Moritz Muehlenhoff
[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities, CERT
[security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access, security-alert
[security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access, security-alert
[Call For Papers] RiseCON - Rosario, Argentina, Info RiseCON
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities, Security Alert
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability, Jacopo Cappellato
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability, Security Alert
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities, Security Alert
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities, Security Alert
[SECURITY] [DSA 3006-1] xen security update, Moritz Muehlenhoff
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack, Dirk-Willem van Gulik
Outlook.com for Android fails to validate server certificates, Securify B.V.
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request, tekwizz123
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more), Stefan Kanthak
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more), Stefan Kanthak
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs, Stefan Kanthak
[SECURITY] [DSA 3005-1] gpgme1.0 security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code, security-alert
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6, Apple Product Security
[security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
Reflected Cross-Site Scripting (XSS) in Jamroom, High-Tech Bridge Security Research
[oCERT-2014-006] Ganeti insecure archive permission, Andrea Barisani
BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04], security
CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service, Gregory Pickett
Apache Cordova 3.5.1: CVE-2014-3502 update, Marcel Kinard
[security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information, security-alert
[SECURITY] [DSA 2984-2] acpi-support regression update, Raphael Geissert
IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915), Jamie Riden
[slackware-security] openssl (SSA:2014-220-01), Slackware Security Team
[SECURITY] [DSA 3004-1] kde4libs security update, Moritz Muehlenhoff
[SECURITY] [DSA 3003-1] libav security update, Moritz Muehlenhoff
[SECURITY] [DSA 3002-1] wireshark security update, Moritz Muehlenhoff
MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend, Benjamin Kaduk
[SECURITY] [DSA 3001-1] wordpress security update, Salvatore Bonaccorso
[SECURITY] [DSA 3000-1] krb5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 2999-1] drupal7 security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities, security-alert
[ MDVSA-2014:158 ] openssl, security
[ MDVSA-2014:159 ] wireshark, security
ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability, Security Alert
[ MDVSA-2014:157 ] ipython, security
[WorldCIST'15]: Call for Workshops Proposals - Proceedings by Springer, ML
[security bulletin] HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, security-alert
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files, Stefan Kanthak
[security bulletin] HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege, security-alert
[security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code, security-alert
Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities, Vulnerability Lab
[ MDVSA-2014:156 ] ocsinventory, security
[ MDVSA-2014:154 ] readline, security
TomatoCart v1.x (latest-stable) Multiple Vulnerabilities, Kenny Mathis
(kind of) new tool: american fuzzy lop, Michal Zalewski
[ MDVSA-2014:155 ] kernel, security
(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities, David Kaplan
[SECURITY] [DSA 2998-1] openssl security update, Raphael Geissert
[ MDVSA-2014:152 ] glibc, security
[ MDVSA-2014:153 ] mediawiki, security
[ MDVSA-2014:151 ] cups, security
Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
nullcon CFP is open, nullcon
[ MDVSA-2014:150 ] tor, security
PhotoSync v2.2 iOS - Command Inject Web Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- PhotoSync v2.2 iOS - Command Inject Web Vulnerability, Vulnerability Lab
[ MDVSA-2014:149 ] php, security
PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability, Vulnerability Lab
[security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege, security-alert
[SECURITY] [DSA 2997-1] reportbug security update, Salvatore Bonaccorso
CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java, Georg Lukas
Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities, mike . manzotti
- <Possible follow-ups>
- Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities, sales
- Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities, sales
SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director, SEC Consult Vulnerability Lab
Apache Cordova 3.5.1, Marcel Kinard
Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability, Vulnerability Lab
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities], Mike Antcliffe
[security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information, security-alert
CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall, Portcullis Advisories
[security bulletin] HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability, Vulnerability Lab
ownCloud Unencrypted Private Key Exposure, Senderek Web Security
- Re: ownCloud Unencrypted Private Key Exposure, Frank Stanek
  - Re: ownCloud Unencrypted Private Key Exposure, Anthony Dubuissez
    - RE: ownCloud Unencrypted Private Key Exposure, Mikhail A. Utin
  - Re: ownCloud Unencrypted Private Key Exposure, Jack Brennan
    - Re: ownCloud Unencrypted Private Key Exposure, Frank Stanek
    - RE: ownCloud Unencrypted Private Key Exposure, Mikhail A. Utin
  - RE: ownCloud Unencrypted Private Key Exposure - version (6.0.4) reported not vulnerable, Choulat, Trace
[SECURITY] [DSA 2996-1] icedove security update, Moritz Muehlenhoff
[SECURITY] [DSA 2995-1] lzo2 security update, Salvatore Bonaccorso
[slackware-security] dhcpcd (SSA:2014-213-02), Slackware Security Team
[slackware-security] samba (SSA:2014-213-01), Slackware Security Team
Microsoft Exchange Multiple Vulnerabilities, np
[SECURITY] [DSA 2993-1] tor security update, Salvatore Bonaccorso
Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability, Vulnerability Lab
C++11 <regex> insecure by default, submit
[security bulletin] HPSBMU03081 rev.1 - HP Enterprise Maps, Remote Information Disclosure, security-alert
[ MDVSA-2014:148 ] dbus, security
[ MDVSA-2014:147 ] sendmail, security
[SECURITY] [DSA 2994-1] nss security update, Raphael Geissert
TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities, Vulnerability Lab
[ MDVSA-2014:146 ] file, security
[ MDVSA-2014:145 ] php-ZendFramework, security
Improper Access Control in ArticleFR, High-Tech Bridge Security Research
[ MDVSA-2014:142 ] apache, security
[ MDVSA-2014:144 ] live, security
[ MDVSA-2014:143 ] phpmyadmin, security
Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529], Programa STIC
[ MDVSA-2014:140 ] owncloud, security
[security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
[ MDVSA-2014:141 ] java-1.7.0-openjdk, security
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS, Onapsis Research Labs
[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service, Onapsis Research Labs
[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass, Onapsis Research Labs
[ MDVSA-2014:139 ] nss, security
[Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4, Onapsis Research Labs
[Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool, Onapsis Research Labs
[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication, Onapsis Research Labs
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities, Vulnerability Lab
WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 2992-1] linux security update, Salvatore Bonaccorso
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
- Message not available
  - Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
    - Message not available
      - Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
        
        RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Joe Souza
        
        Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
- <Possible follow-ups>
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities, vulns
Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities, vulns
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability, Vulnerability Lab
[SECURITY] [DSA 2991-1] modsecurity-apache security update, Salvatore Bonaccorso
[SECURITY] [DSA 2990-1] cups security update, Salvatore Bonaccorso
[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS), security-alert
Web Encryption Extension security update, Ralf Senderek
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities, Vulnerability Lab
Easy file sharing web server - persist XSS in forum msgs, joseph . giron13
[SECURITY] [DSA 2988-1] transmission security update, Moritz Muehlenhoff
[SECURITY] [DSA 2989-1] apache2 security update, Stefan Fritsch
Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14, dkl
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
- Message not available
  - Message not available
    - Message not available
      - Message not available
        
        Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Gynvael Coldwind
        
        Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
[SECURITY] [DSA 2987-1] openjdk-7 security update, Moritz Muehlenhoff
[slackware-security] mozilla-thunderbird (SSA:2014-204-03), Slackware Security Team
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398, Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2014-204-02), Slackware Security Team
[slackware-security] httpd (SSA:2014-204-01), Slackware Security Team
[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities, security-alert
[SECURITY] [DSA 2986-1] iceweasel security update, Moritz Muehlenhoff
[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information, security-alert
SQL Injection in Е2 , High-Tech Bridge Security Research
[oCERT-2014-005] LPAR2RRD input sanitization errors, Daniele Bianco
Multiple Vulnerabilities in Parallels� Plesk Sitebuilder, cseye_ut
[SECURITY] [DSA 2985-1] mysql-5.5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 2984-1] acpi-support security update, Luciano Bello
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
[security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information, security-alert
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability, Vulnerability Lab
Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080, audit1
Cross-site Scripting in EventLog Analyzer 9.0 build #9000, audit1
[oCERT-2014-004] Ansible input sanitization errors, Andrea Barisani
Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin, president
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update, Moritz Muehlenhoff
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs., Jordan Sissel
CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure, i amroot
[SECURITY] [DSA 2983-1] drupal7 security update, Moritz Muehlenhoff
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation, KoreLogic Disclosures
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation, KoreLogic Disclosures
[SECURITY] [DSA 2981-1] polarssl security update, Salvatore Bonaccorso
ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability, Security Alert
Microsoft MSN HBE - Blind SQL Injection Vulnerability, Vulnerability Lab
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703), Vulnerability Lab
[SECURITY] [DSA 2980-1] openjdk-6 security update, Moritz Muehlenhoff
[SECURITY] [DSA 2979-1] fail2ban security update, Moritz Muehlenhoff
Ignore the amount customers confirm is no security vulnerability according to PayPal, Jan Kechel
[HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August, Hafez Kamal
IP.Board 3.4 cross-site scripting in Referer header, stormhacker
[SECURITY] [DSA 2765-2] davfs regression update, Thijs Kinkhorst
Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone, SEC Consult Vulnerability Lab
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway, SEC Consult Vulnerability Lab
SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client", SEC Consult Vulnerability Lab
Reflected Cross-Site Scripting (XSS) in e107, High-Tech Bridge Security Research
VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014), VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014), VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014), VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014), VUPEN Security Research
SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition, SEC Consult Vulnerability Lab
KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation, KoreLogic Disclosures
[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code, security-alert
Node Browserify RCE vuln (<= 4.2.0), Cal Leeming [Simplicity Media Ltd]
[security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information, security-alert
Ruxcon 2014 Final Call For Presentations, cfp
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information, security-alert
[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege, security-alert
[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability, Egidio Romano
[slackware-security] php (SSA:2014-192-01), Slackware Security Team
[ MDVSA-2014:138 ] asterisk, security
[SECURITY] [DSA 2978-1] libxml2 security update, Moritz Muehlenhoff
[SECURITY] [DSA 2977-1] libav security update, Moritz Muehlenhoff
[ MDVSA-2014:137 ] apache-mod_wsgi, security
[ MDVSA-2014:136 ] samba, security
[SECURITY] [DSA 2976-1] eglibc security update, Florian Weimer
Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability, Vulnerability Lab
[ MDVSA-2014:135 ] python, security
[ MDVSA-2014:134 ] liblzo, security
SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop, SEC Consult Vulnerability Lab
[ MDVSA-2014:133 ] gd, security
SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu, SEC Consult Vulnerability Lab
SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system, SEC Consult Vulnerability Lab
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop, SEC Consult Vulnerability Lab
[security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information, security-alert
[security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information, security-alert
[SECURITY] [DSA 2975-1] phpmyadmin security update, Thijs Kinkhorst
Weak Local Database Credentials in Infoblox Network Automation, nate
OS Command Injection Infoblox Network Automation, nate
[ MDVSA-2014:132 ] libxfont, security
[ MDVSA-2014:131 ] file, security
[ MDVSA-2014:129 ] ffmpeg, security
[ MDVSA-2014:130 ] php, security
[ MDVSA-2014:128 ] iodine, security
[ MDVSA-2014:127 ] gnupg, security
[SECURITY] [DSA 2974-1] php5 security update, Salvatore Bonaccorso
Android NFC Service Denial of Service, vuln
CVE-2014-4331 OctavoCMS reflected XSS vulnerability, andreu . antonio
FreeBSD Security Advisory FreeBSD-SA-14:17.kmem, FreeBSD Security Advisories
[security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information, security-alert
[ MDVSA-2014:126 ] phpmyadmin, security
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX, Portcullis Advisories
[SECURITY] [DSA 2973-1] vlc security update, Moritz Muehlenhoff
Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit, Sumit Siddharth
[security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access, security-alert
ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability, Security Alert
ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities, Security Alert
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability, Vulnerability Lab
CVE-2014-3863 - Stored XSS in JChatSocial, Teodor Lupan
[SECURITY] CVE-2014-3503 Apache Syncope, Francesco Chicchiriccò
Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability, Vulnerability Lab
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability, Vulnerability Lab
Backdoor access to Techboard/Syac devices, roberto . paleari
{CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities., Madhu Akula
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries, Stefan Kanthak
[SECURITY] [DSA 2972-1] linux security update, Salvatore Bonaccorso
Lime Survey 2-05+ Multiple Vulnerabilities, g-damore
[security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
POC2014 Call for Paper, pocadm
[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass, security-alert
[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code, security-alert
[SECURITY] [DSA 2971-1] dbus security update, Salvatore Bonaccorso
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager, Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
Cross-Site Request Forgery (CSRF) in Kanboard, High-Tech Bridge Security Research
CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board", Christian Schneider
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom, SEC Consult Vulnerability Lab
Kerio Control <= 8.3.1 Boolean-based blind SQL Injection, info
ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities, Security Alert
APPLE-SA-2014-06-30-4 Apple TV 6.1.2, Apple Product Security
APPLE-SA-2014-06-30-3 iOS 7.1.2, Apple Product Security
[security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information, security-alert
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003, Apple Product Security
APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5, Apple Product Security
SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS, SEC Consult Vulnerability Lab
ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability, Security Alert
[SECURITY] [DSA 2970-1] cacti security update, Moritz Muehlenhoff
[SECURITY] [DSA 2969-1] libemail-address-perl security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
[security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
[security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege, security-alert
[SECURITY] [DSA 2968-1] gnupg2 security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information, security-alert
CFP 1st International Conference on Information Systems Security and Privacy - ICISSP 2015, calendarsites
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution, RedTeam Pentesting GmbH
[SECURITY] [DSA 2967-1] gnupg security update, Salvatore Bonaccorso
CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014, Portcullis Advisories
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux), Portcullis Advisories
[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting, RedTeam Pentesting GmbH
[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery, RedTeam Pentesting GmbH
Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite, High-Tech Bridge Security Research
[slackware-security] bind (SSA:2014-175-01), Slackware Security Team
NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library, "VMware Security Response Center"
[slackware-security] seamonkey (SSA:2014-175-05), Slackware Security Team
[slackware-security] samba (SSA:2014-175-04), Slackware Security Team
[slackware-security] gnupg (SSA:2014-175-02), Slackware Security Team
[slackware-security] gnupg2 (SSA:2014-175-03), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-14:16.file, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:15.iconv, FreeBSD Security Advisories
[security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information, security-alert
[HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week, Hafez Kamal
[security bulletin] HPSBMU03051 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
Boolean algebra and CSS history theft, Michal Zalewski
Android KeyStore Stack Buffer Overflow (CVE-2014-3100), Roee Hay
- <Possible follow-ups>
- Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100), a . blas
[security bulletin] HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information, security-alert
[SECURITY] [DSA 2964-1] iodine security update, Salvatore Bonaccorso
[SECURITY] [DSA 2966-1] samba security update, Yves-Alexis Perez
[SECURITY] [DSA 2965-1] tiff security update, Michael Gilbert
[security bulletin] HPSBOV03047 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities, Vulnerability Lab
Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability, Vulnerability Lab
Multiple SQL Injection Vulnerabilities in web2Project, High-Tech Bridge Security Research
[security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal, security-alert
[security bulletin] HPSBUX03046 SSRT101590 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access, security-alert
[SECURITY] [DSA 2962-1] nspr security update, Moritz Muehlenhoff
[SECURITY] [DSA 2963-1] lucene-solr security update, Moritz Muehlenhoff
[SECURITY] [DSA 2961-1] php5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 2950-2] openssl update, Moritz Muehlenhoff
[SECURITY] [DSA 2960-1] icedove security update, Moritz Muehlenhoff
[CFP] Hacktivity 2014 CFP is open, ferenc . spala
[SE-2014-01] Security vulnerabilities in Oracle Database Java VM, Security Explorations
[SECURITY] [DSA 2959-1] chromium-browser security update, Michael Gilbert
ClipBucket CMS Xss Vulnerability, iedb . team
[ MDVSA-2014:125 ] nspr, security
[ MDVSA-2014:124 ] kernel, security
[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution, Brett Porter
[security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access, security-alert
AST-2014-006: Asterisk Manager User Unauthorized Shell Access, Asterisk Security Team
CVE-2014-0228: Apache Hive Authorization vulnerability, Thejas Nair
[SECURITY] [DSA 2957-1] mediawiki security update, Thijs Kinkhorst
[security bulletin] HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information, security-alert
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions, Asterisk Security Team
AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections, Asterisk Security Team
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework, Asterisk Security Team
[SECURITY] [DSA 2958-1] apt security update, Thijs Kinkhorst
[slackware-security] mozilla-thunderbird (SSA:2014-163-01), Slackware Security Team
CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones, J. Oquendo
[SECURITY] [DSA 2955-1] iceweasel security update, Moritz Muehlenhoff
[SECURITY] [DSA 2956-1] icinga security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2014:122 ] chkrootkit, security
[ MDVSA-2014:123 ] tor, security
NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities, "VMware Security Response Center"
CVE-2014-3977 - Privilege Escalation in IBM AIX, Portcullis Advisories
[security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution, security-alert
[ MDVSA-2014:120 ] miniupnpc, security
[ MDVSA-2014:118 ] emacs, security
[ MDVSA-2014:121 ] libgadu, security
[ MDVSA-2014:119 ] mediawiki, security
CodeIgniter <= 2.1.4 Session Decoding Vulnerability, Robin Bailey
[ MDVSA-2014:117 ] libcap-ng, security
[ MDVSA-2014:116 ] file, security
[ MDVSA-2014:115 ] php, security
[ MDVSA-2014:114 ] squid, security
[ MDVSA-2014:113 ] python-django, security
[ MDVSA-2014:110 ] curl, security
[ MDVSA-2014:112 ] python-django, security
[ MDVSA-2014:111 ] otrs, security
[ MDVSA-2014:106 ] openssl, security
[slackware-security] php (SSA:2014-160-01), Slackware Security Team
[ MDVSA-2014:108 ] gnutls, security
[SECURITY] [DSA 2954-1] dovecot security update, Salvatore Bonaccorso
[ MDVSA-2014:109 ] gnutls, security
[ MDVSA-2014:105 ] openssl, security
[ MDVSA-2014:107 ] libtasn1, security
[security bulletin] HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information, security-alert
DNN (DotNetNuke�) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability, cseye_ut
DNN (DotNetNuke�) responsivesidebar Module Arbitrary File Download Vulnerability, cseye_ut
DNN (DotNetNuke�) eventscalendar Module Arbitrary File Download Vulnerability, cseye_ut
DNN (DotNetNuke�) EasyDnnGallery Module Arbitrary File Download Vulnerability, cseye_ut
DNN (DotNetNuke�) CodeEditor Module Arbitrary File Download Vulnerability, cseye_ut
DNN (DotNetNuke�) ASPSlideshow Module Arbitrary File Download Vulnerability, cseye_ut
[SECURITY] [DSA 2953-1] dpkg security update, Raphael Geissert
[slackware-security] mozilla-firefox (SSA:2014-157-01), Slackware Security Team
CVE-2014-3740 - SpiceWorks Cross-site scripting, Dolev Farhi
NeginGroup CMS Multiple Vulnerability, iedb . team
[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components, Onapsis Research Labs
[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering, Onapsis Research Labs
[slackware-security] openssl (SSA:2014-156-03), Slackware Security Team
[slackware-security] sendmail (SSA:2014-156-04), Slackware Security Team
SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan, SEC Consult Vulnerability Lab
[slackware-security] gnutls (SSA:2014-156-01), Slackware Security Team
[slackware-security] libtasn1 (SSA:2014-156-02), Slackware Security Team
[SECURITY] [DSA 2952-1] kfreebsd-9 security update, Nico Golde
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2951-1] mupdf security update, Moritz Muehlenhoff
Details for CVE-2014-0220, tucu
[security bulletin] HPSBMU03029 rev.2 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information, security-alert
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
- <Possible follow-ups>
- ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
[security bulletin] HPSBMU03028 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information, security-alert
multiple Vulnerability in "WahmShoppes eStore", cseye_ut
FreeBSD Security Advisory FreeBSD-SA-14:14.openssl, FreeBSD Security Advisories
[SECURITY] [DSA 2949-1] linux security update, Salvatore Bonaccorso
[SECURITY] [DSA 2950-1] openssl security update, Moritz Muehlenhoff
[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager, RedTeam Pentesting GmbH
[security bulletin] HPSBMU03033 rev.3 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 2946-1] python-gnupg security update, Moritz Muehlenhoff
[SECURITY] [DSA 2948-1] python-bottle security update, Moritz Muehlenhoff
[SECURITY] [DSA 2947-1] libav security update, Moritz Muehlenhoff
ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability, Security Alert
[SECURITY] [DSA 2945-1] chkrootkit security update, Giuseppe Iuculano
FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail, FreeBSD Security Advisories
Bug in bash <= 4.3 [security feature bypassed], Hector Marco
- Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed], Jose Carlos Luna Duran
  - Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed], lists
  - Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed], Hector Marco
    - Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed], Jeffrey Walton
- Re: Bug in bash <= 4.3 [security feature bypassed], Daryl Tester
  - Re: Bug in bash <= 4.3 [security feature bypassed], Hector Marco
[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies, Fran
FreeBSD Security Advisory FreeBSD-SA-14:13.pam, FreeBSD Security Advisories
CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2, Portcullis Advisories
CVE-2013-6876 s3dvt Root shell, Hector Marco

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]