Bugtraq
[Prev Page][Next Page]
- iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability,
Vulnerability Lab
- Files Desk Pro v1.4 iOS - File Include Web Vulnerability,
Vulnerability Lab
- Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- TigerCom My Assistant v1.1 iOS - File Include Vulnerability,
Vulnerability Lab
- Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability,
Vulnerability Lab
- AllReader v1.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- NG WifiTransfer Pro 1.1 - File Include Vulnerability,
Vulnerability Lab
- CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite",
Christian Schneider
- LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues,
advisories
- CVE-2013-6825 DCMTK Root Privilege escalation,
Hector Marco
- CVE-2014-1226 s3dvt Root shell (still),
Hector Marco
- FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS),
Robin Bailey
- VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own),
VUPEN Security Research
- [FD] CVE-2013-6876 s3dvt Root shell,
Hector Marco
- ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability,
Security Alert
- CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite",
Christian Schneider
- CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite",
Christian Schneider
- [slackware-security] mariadb (SSA:2014-152-01),
Slackware Security Team
- [SECURITY] [DSA 2942-1] typo3-src security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2944-1] gnutls26 security update,
Moritz Muehlenhoff
- Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress,
Yarubo Internet Security Scan
- [SECURITY] [DSA 2941-1] lxml security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2943-1] php5 security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2939-1] chromium-browser security update,
Michael Gilbert
- Google Compute Engine Multiple DOS Vulnerabilities,
Scott T. Cameron
- Google Compute Engine - Lateral Compromise,
Scott T. Cameron
- NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation,
"VMware Security Response Center"
- Mybb Sendthread Page Denial of Service Vulnerability,
iedb . team
- OpenCart 1.5.6.4 Directory Traversal Vulnerability,
iedb . team
- Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines,
Stefan Kanthak
- [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script,
RedTeam Pentesting GmbH
- [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script,
RedTeam Pentesting GmbH
- SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress,
SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2937-1] mod-wsgi security update,
Moritz Muehlenhoff
- Multiple vulnerabilities in Sharetronix,
High-Tech Bridge Security Research
- LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability,
LSE Leading Security Experts GmbH (Security Advisories)
- [SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze,
Moritz Muehlenhoff
- [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure,
Mark Thomas
- CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages,
Portcullis Advisories
- [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure,
Mark Thomas
- [SECURITY] CVE-2014-0095 Apache Tomcat denial of service,
Mark Thomas
- [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure,
Mark Thomas
- [SECURITY] CVE-2014-0075 Apache Tomcat denial of service,
Mark Thomas
- call for papers- CSSE2014,
cfp-conf2014.org
- [security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code,
security-alert
- VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own),
VUPEN Security Research
- [security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information,
security-alert
- ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities,
Security Alert
- [SECURITY] [DSA 2936-1] torque security update,
Salvatore Bonaccorso
- [security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability,
Security Alert
- [security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code,
security-alert
- Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure,
kyle Lovett
- APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4,
Apple Product Security
- [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability,
Egidio Romano
- [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability,
Egidio Romano
- [SECURITY] [DSA 2935-1] libgadu security update,
Moritz Muehlenhoff
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Products,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wide Area Application Services Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information,
security-alert
- SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4,
SEC Consult Vulnerability Lab
- Wordpress Booking System (Booking Calendar) plugin SQL Injection,
info sec
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe,
Stefan Kanthak
- APPLE-SA-2014-15-20-1 OS X Server 3.1.2,
Apple Product Security
- CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS,
Portcullis Advisories
- CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS,
Portcullis Advisories
- CVE-2014-3450 - Privilege Escalation in Panda Security,
Portcullis Advisories
- CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS,
Portcullis Advisories
- [SECURITY] [DSA 2934-1] python-django security update,
Salvatore Bonaccorso
- [security bulletin] HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS),
security-alert
- Construtiva CIS Manager CMS POST SQLi,
edge
- t2'14: Call for Papers 2014 (Helsinki / Finland),
Tomi Tuominen
- JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001],
Alexandre Herzog
- FTP Rush: missing X.509 validation (FTP with TLS),
Micha Borrmann
- [SECURITY] [DSA 2933-1] qemu-kvm security update,
Giuseppe Iuculano
- [SECURITY] [DSA 2932-1] qemu security update,
Giuseppe Iuculano
- [SECURITY] [DSA 2931-1] openssl security update,
Moritz Muehlenhoff
- [security bulletin] HPSBHF02946 rev.2 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege,
security-alert
- [SECURITY] [DSA 2930-1] chromium-browser security update,
Michael Gilbert
- APPLE-SA-2014-05-16-1 iTunes 11.2.1,
Apple Product Security
- [ MDVSA-2014:104 ] egroupware,
security
- [ MDVSA-2014:101 ] owncloud,
security
- [ MDVSA-2014:093 ] couchdb,
security
- [ MDVSA-2014:099 ] dovecot,
security
- [ MDVSA-2014:094 ] rxvt-unicode,
security
- [ MDVSA-2014:097 ] libvirt,
security
- [ MDVSA-2014:091 ] cups,
security
- [ MDVSA-2014:103 ] wordpress,
security
- [ MDVSA-2014:100 ] java-1.7.0-openjdk,
security
- [ MDVSA-2014:102 ] mariadb,
security
- [ MDVSA-2014:092 ] cups,
security
- CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability,
Williams, James K
- [ MDVSA-2014:096 ] python-jinja2,
security
- [ MDVSA-2014:098 ] rawtherapee,
security
- [ MDVSA-2014:095 ] struts,
security
- Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel,
High-Tech Bridge Security Research
- [ MDVSA-2014:089 ] nagios,
security
- [SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update,
Florian Weimer
- APPLE-SA-2014-05-15-2 iTunes 11.2,
Apple Product Security
- APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3,
Apple Product Security
- [ MDVSA-2014:088 ] python-lxml,
security
- [security bulletin] HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- [CVE-2014-0749] TORQUE Buffer Overflow,
john . fitzpatrick
- [ MDVSA-2014:087 ] php,
security
- [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability,
Matteo Beccati
- Bilyoner mobile apps prone to various SSL/TLS attacks,
harun . esur
- CSRF and Remote Code Execution in EGroupware,
High-Tech Bridge Security Research
- [SECURITY] [DSA 2928-1] linux-2.6 security update,
dann frazier
- Paypal Inc Bug Bounty #109 MOS - Bypass & Persistent Vulnerability,
Vulnerability Lab
- [security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- FreeBSD Security Advisory FreeBSD-SA-14:10.openssl,
FreeBSD Security Advisories
- [SECURITY] [DSA 2927-1] libxfont security update,
Salvatore Bonaccorso
- [security bulletin] HPSBMU03022 rev.2 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS),
security-alert
- FD - Cobbler Arbitrary File Read CVE-2014-3225,
Dolev Farhi
- [security bulletin] HPSBMU02964 rev.2 - HP Service Manager, Cross-Site Scripting (XSS), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues,
security-alert
- Multiple Stored XSS in FOG Image deployment system - FD,
Dolev Farhi
- CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211,
Portcullis Advisories
- [security bulletin] HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 2926-1] linux security update,
Moritz Muehlenhoff
- [security bulletin] HPSBMU02931 rev.6 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS),
security-alert
- [ MDVSA-2014:086 ] libxml2,
security
- [ MDVSA-2014:085 ] ldns,
security
- [ MDVSA-2014:084 ] libpng,
security
- [slackware-security] seamonkey (SSA:2014-131-01),
Slackware Security Team
- ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability,
Security Alert
- [security bulletin] HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege,
security-alert
- [security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information,
security-alert
- SSH key cloning problem in OnApp templates,
James Renken
- [security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS),
security-alert
- [security bulletin] HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 2925-1] rxvt-unicode security update,
Moritz Muehlenhoff
- [ MDVSA-2014:082 ] python-imaging,
security
- Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier,
jpecou
- [ MDVSA-2014:081 ] apache-mod_security,
security
- [ MDVSA-2014:083 ] mediawiki,
security
- [ MDVSA-2014:080 ] openssl,
security
- [security bulletin] HPSBMU02935 rev.3 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information,
security-alert
- [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW,
RedTeam Pentesting GmbH
- SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration,
SEC Consult Vulnerability Lab
- [security bulletin] HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information,
security-alert
- Cross-Site Scripting (XSS) in Offiria,
High-Tech Bridge Security Research
- Breakpoint 2014 Call For Presentations,
cfp
- [security bulletin] HPSBMU02994 rev.4 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information,
security-alert
- CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler,
Portcullis Advisories
- CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX,
Portcullis Advisories
- CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler,
Portcullis Advisories
- [security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information,
security-alert
- CVE-2014-2845 - Cyberduck (Windows): Failure validating some certificates (using FTP-SSL) with untrusted root certificate authority,
Micha Borrmann
- [SECURITY] [DSA 2922-1] strongswan security update,
Yves-Alexis Perez
- [security bulletin] HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information,
security-alert
- Ruxcon 2014 Call For Papers,
cfp
- [SECURITY] [DSA 2924-1] icedove security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2923-1] openjdk-7 security update,
Moritz Muehlenhoff
- [ANN] Struts 2.3.16.3 GA release available - security fix,
Lukasz Lenart
- [SECURITY] [DSA 2921-1] xbuffy security update,
Yves-Alexis Perez
- [SECURITY] [DSA 2920-1] chromium-browser security update,
Michael Gilbert
- [SECURITY] [DSA 2919-1] mysql-5.5 security update,
Salvatore Bonaccorso
- [security bulletin] HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution,
security-alert
- [security bulletin] HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges,
security-alert
- [security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information,
security-alert
- [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact,
Rene Gielen
- [security bulletin] HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 2915-2] dpkg security update,
Raphael Geissert
- Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability,
Felipe Daragon
- [security bulletin] HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information,
security-alert
- FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED],
FreeBSD Security Advisories
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence System MXP Series,
Cisco Systems Product Security Incident Response Team
- [slackware-security] mozilla-thunderbird (SSA:2014-119-02),
Slackware Security Team
- ESA-2014-029: RSA® Access Manager Sensitive Information Disclosure Vulnerability,
Security Alert
- [slackware-security] mozilla-firefox (SSA:2014-119-01),
Slackware Security Team
- LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access,
LSE Leading Security Experts GmbH (Security Advisories)
- [SECURITY] [DSA 2918-1] iceweasel security update,
Moritz Muehlenhoff
- Heartbleed Testing Server,
Ivan Buetler
- SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex,
SEC Consult Vulnerability Lab
- FreeBSD Security Advisory FreeBSD-SA-14:09.openssl,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:08.tcp,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:07.devfs,
FreeBSD Security Advisories
- [security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information,
security-alert
- [ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114,
Rene Gielen
- [security bulletin] HPSBUX02963 SSRT101297 rev.2 - HP-UX m4(1), Local Unauthorized Access,
security-alert
- [security bulletin] HPSBMU02995 rev.6 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 2915-1] dpkg security update,
Raphael Geissert
- [SECURITY] [DSA 2917-1] super security update,
Florian Weimer
- [SECURITY] [DSA 2916-1] libmms security update,
Moritz Muehlenhoff
- [security bulletin] HPSBGN03010 rev.2 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information,
security-alert
- [ANN] Struts 2.3.16.2 GA release available - security fix,
Lukasz Lenart
- [security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 2913-1] drupal7 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 2914-1] drupal6 security update,
Salvatore Bonaccorso
- [security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information,
security-alert
- [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper,
mdgh9
- Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- [SECURITY] [DSA 2906-1] linux-2.6 security update,
dann frazier
- [SECURITY] [DSA 2912-1] openjdk-6 security update,
Moritz Muehlenhoff
- [security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02895 SSRT101253 rev.2 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service,
security-alert
- Birebin.com Android App SSL certificate validation weakness,
harun . esur
- Misli.com Android App SSL certificate validation weakness,
harun . esur
- Weak firmware encryption and predictable WPA key on Sitecom routers,
roberto . paleari
- [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02997 rev.2 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability,
Vulnerability Lab
- CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive,
Portcullis Advisories
- CVE-2014-2383 - Arbitrary file read in dompdf,
Portcullis Advisories
- CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive,
Portcullis Advisories
- SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances,
SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2808-2] openjpeg regression update,
Raphael Geissert
- [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information,
security-alert
- APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3,
Apple Product Security
- [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information,
security-alert
- APPLE-SA-2014-04-22-2 iOS 7.1.1,
Apple Product Security
- APPLE-SA-2014-04-22-3 Apple TV 6.1.1,
Apple Product Security
- APPLE-SA-2014-04-22-1 Security Update 2014-002,
Apple Product Security
- [SECURITY] [DSA 2911-1] icedove security update,
Moritz Muehlenhoff
- [security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information,
security-alert
- [slackware-security] php (SSA:2014-111-02),
Slackware Security Team
- [slackware-security] libyaml (SSA:2014-111-01),
Slackware Security Team
- [SECURITY] [DSA 2895-2] prosody regression update,
Luciano Bello
- Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12,
LpSolit
- [SECURITY] [DSA 2901-3] wordpress regression update,
Salvatore Bonaccorso
- Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl,
craig . arendt
- Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2,
craig . arendt
- [security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information,
security-alert
- [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability,
Brett Porter
- [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution,
Brett Porter
- [SECURITY] [DSA 2901-2] wordpress regression update,
Thijs Kinkhorst
- [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- Remote Command Injection in Ruby Gem sfpagent 0.4.14,
Larry W. Cashdollar
- [SECURITY] [DSA 2910-1] qemu-kvm security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 2909-1] qemu security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 2908-1] openssl security update,
Raphael Geissert
- [security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS),
security-alert
- D-Link DAP-1320 Wireless Range Extender Directory Traversal and XSS Vulnerabilities,
kyle Lovett
- [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information,
security-alert
- [ MDVSA-2014:079 ] json-c,
security
- [security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information,
security-alert
- [security bulletin] HPSBMU02987 rev.1 - HP Universal Configuration Management Database Integration Service, Remote Code Execution,
security-alert
- [security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code,
security-alert
- Buggy insecure "security" software executes rogue binary during installation and uninstallation,
Stefan Kanthak
- [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable,
Moritz Muehlenhoff
- [ MDVSA-2014:078 ] asterisk,
security
- [CORE-2014-0003] - SAP Router Password Timing Attack,
CORE Advisories Team
- [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7,
webmaster
- [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7,
webmaster
- ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities,
Security Alert
- [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information,
security-alert
- SQL Injection in mAdserve,
High-Tech Bridge Security Research
- CVE-2014-2735 - WinSCP: missing X.509 validation,
Micha Borrmann
- [SECURITY] [DSA 2905-1] chromium-browser security update,
Michael Gilbert
- [security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk,
security-alert
- [SECURITY] [DSA 2904-1] virtualbox security update,
Moritz Muehlenhoff
- [security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information,
security-alert
- [SECURITY] CVE-2014-0111 Apache Syncope,
Francesco Chicchiriccò
- RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160,
Ruckus Product Security Team
- VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own),
VUPEN Security Research
- [SECURITY] [DSA 2903-1] strongswan security update,
Moritz Muehlenhoff
- PDF Album v1.7 iOS - File Include Web Vulnerability,
Vulnerability Lab
- [security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information,
security-alert
- Adobe Reader for Android exposes insecure Javascript interfaces,
Securify B.V.
- [SECURITY] [DSA 2902-1] curl security update,
Salvatore Bonaccorso
- [ MDVSA-2014:077 ] jbigkit,
security
- [SECURITY] [DSA 2901-1] wordpress security update,
Salvatore Bonaccorso
- ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability,
Security Alert
- ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks,
Security Alert
- ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability,
Security Alert
- Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue,
Vulnerability Lab
- [ MDVSA-2014:076 ] a2ps,
security
- SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server,
SEC Consult Vulnerability Lab
- [security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 2900-1] jbigkit security update,
Moritz Muehlenhoff
- OWASP ZAP 2.3.0,
psiinon
- Sendy 1.1.9.1 - SQL Injection Vulnerability,
marduk369
- [ MDVSA-2014:075 ] php,
security
- BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability,
Vulnerability Lab
- iVault Private P&V 1.1 iOS - Path Traversal Vulnerability,
Vulnerability Lab
- AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 2899-1] openafs security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2898-1] imagemagick security update,
Moritz Muehlenhoff
- [ MDVSA-2014:073 ] file,
security
- [ MDVSA-2014:069 ] perl-YAML-LibYAML,
security
- [ MDVSA-2014:070 ] yaml,
security
- [ MDVSA-2014:072 ] php-ZendFramework,
security
- [ MDVSA-2014:071 ] yaml,
security
- [ MDVSA-2014:068 ] openssh,
security
- Сross-Site Request Forgery (CSRF) in XCloner Standalone,
High-Tech Bridge Security Research
- SQL Injection in Orbit Open Ad Server,
High-Tech Bridge Security Research
- CVE-2014-0160 mitigation using iptables,
Fabien Bourdaire
- Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss),
Ipstenu (Mika Epstein)
- [ MDVSA-2014:067 ] openssl,
security
- Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products,
Cisco Systems Product Security Incident Response Team
- FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED],
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:06.openssl,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver,
FreeBSD Security Advisories
- [slackware-security] openssl (SSA:2014-098-01),
Slackware Security Team
- [SECURITY] [DSA 2897-1] tomcat7 security update,
Moritz Muehlenhoff
- BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05],
modzero security
- [security bulletin] HPSBST02980 rev.1 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege,
security-alert
- [SECURITY] [DSA 2896-2] openssl security update,
Salvatore Bonaccorso
- Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability,
Vulnerability Lab
- Open-Xchange Security Advisory 2014-04-08,
Martin Braun
- [SECURITY] [DSA 2896-1] openssl security update,
Salvatore Bonaccorso
- MacOSX/XNU HFS Multiple Vulnerabilities,
submit
- Pearson eSIS Enterprise Student Information System SQL Injection,
tudor . enache
- Pearson eSIS Enterprise Student Information System Stored XSS,
tudor . enache
- [SECURITY] [DSA 2895-1] prosody security update,
Luciano Bello
- [SECURITY] [DSA 2894-1] openssh security update,
Salvatore Bonaccorso
- Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ],
Wesley Henrique
- [SECURITY] [DSA 2891-3] mediawiki regression update,
Thijs Kinkhorst
- Phrack Security Advisory 2014-001 - Paper leak on release timeout,
Phrack Staff
- [security bulletin] HPSBGN02986 rev.1 - HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload, Remote Denial of Service (DoS),
security-alert
- CA20140403-01: Security Notice for CA Erwin Web Portal,
Kotas, Kevin J
- ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities,
Security Alert
- [security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP),
security-alert
- [softScheck] Denial of Service in Microsoft Office 2007-2013,
Lubomir Stroetmann
- Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability,
Vulnerability Lab
- 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day],
0a29 40
- [MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability,
Florent Daigniere
- Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin,
High-Tech Bridge Security Research
- SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager,
SEC Consult Vulnerability Lab
- iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities,
Vulnerability Lab
- APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3,
Apple Product Security
- [IMF 2014] Call for Participation,
Oliver Goebel
- ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities,
Security Alert
- [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details),
Security Explorations
- Regarding attacks and exploits of the physical body,
stephen
- Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction,
Bipin Gautam
- [SECURITY] [DSA 2893-1] openswan security update,
Yves-Alexis Perez
- [SECURITY] [DSA 2892-1] a2ps security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 2891-2] mediawiki regression update,
Thijs Kinkhorst
- PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560),
Jason Ostrom
- PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities,
Vulnerability Lab
- [SECURITY] [DSA 2891-1] mediawiki security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2890-1] libspring-java security update,
Florian Weimer
- [slackware-security] httpd (SSA:2014-086-02),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-086-07),
Slackware Security Team
- [slackware-security] curl (SSA:2014-086-01),
Slackware Security Team
- [slackware-security] openssh (SSA:2014-086-06),
Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2014-086-03),
Slackware Security Team
- [slackware-security] mozilla-nss (SSA:2014-086-04),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2014-086-05),
Slackware Security Team
- Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk,
CERT
- iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability,
Vulnerability Lab
- SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator,
SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2889-1] postfixadmin security update,
Thijs Kinkhorst
- [RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration,
RedTeam Pentesting GmbH
- [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update,
Moritz Muehlenhoff
- [security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access,
security-alert
- ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- ES746 DELL Support-Bulletin - EMS Vulnerability Resolved,
Vulnerability Lab
- Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities,
Vulnerability Lab
- FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability,
Vulnerability Lab
- Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities,
Vulnerability Lab
- [oCERT-2014-003] LibYAML input sanitization errors,
Andrea Barisani
- ESA-2014-016: EMC VPLEX Multiple Vulnerabilities,
Security Alert
- [SECURITY] [DSA 2886-1] libxalan2-java security update,
Florian Weimer
- [SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 2884-1] libyaml security update,
Salvatore Bonaccorso
- Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516),
Roee Hay
- Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability,
Security Alert
- VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own),
VUPEN Security Research
- VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own),
VUPEN Security Research
- VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own),
VUPEN Security Research
- [security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access,
security-alert
- Web Egg Hunting Game - Hacky Easter,
Ivan Buetler
- [security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- CVE-2013-6955 Synology DSM remote code execution,
tiamat451
- [CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13,
Eric Flokstra
- MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently),
Dieyu
- [oCERT-2014-002] Xalan-Java insufficient secure processing,
Andrea Barisani
- [SECURITY] [DSA 2873-2] file regression update,
Salvatore Bonaccorso
- Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability,
CERT
- Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk,
CERT
- Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga,
CERT
- Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti,
CERT
- ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability,
Security Alert
- CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting,
Daniel Marques
- c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops,
c0c0n International Information Security Conference
- [SECURITY] [DSA 2883-1] chromium-browser security update,
Michael Gilbert
- NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation,
NCC Group Research
- [ MDVSA-2014:066 ] nss,
security
- [SECURITY] [DSA 2882-1] extplorer security update,
Giuseppe Iuculano
- [ MDVSA-2014:065 ] apache,
security
- Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- Shakacon 2014: Call for Papers - Deadline April 11th,
Shakacon
- [SECURITY] [DSA 2859-2] pidgin security update,
Raphael Geissert
- Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2881-1] iceweasel security update,
Moritz Muehlenhoff
- Cross-Site Scripting (XSS) in CMSimple,
High-Tech Bridge Security Research
- (CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE),
Fernando Gont
- ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability,
Security Alert
- 2014 World Conference on IST - Madeira Island, April 15-17,
ML
- =?utf-7?q?Microsoft Forefront Protection for Exchange Server detected a virus?=,
ForefrontServerProtection
- [SECURITY] [DSA 2880-1] python2.7 security update,
Moritz Muehlenhoff
- [ MDVSA-2014:063 ] x2goserver,
security
- [ MDVSA-2014:064 ] udisks,
security
- [ MDVSA-2014:062 ] webmin,
security
- Open-Xchange Security Advisory 2014-03-17,
Martin Braun
- MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service,
submit
- exploit for old rlpdaemon bug,
Nomen Nescio
- [slackware-security] php (SSA:2014-074-01),
Slackware Security Team
- [ MDVSA-2014:061 ] oath-toolkit,
security
- [ MDVSA-2014:060 ] imapsync,
security
- [ MDVSA-2014:059 ] php,
security
- Multiple Vulnerabilities in SeedDMS < = 4.3.3,
craig . arendt
- NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode,
NCC Group Research
- [slackware-security] samba (SSA:2014-072-01),
Slackware Security Team
- [SECURITY] [DSA 2879-1] libssh security update,
Raphael Geissert
- [CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution,
Julien Ahrens
- ActiVPN launches its security bug bounty,
Ninja ActiVPN
- [ MDVSA-2014:058 ] freeradius,
security
- [security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges,
security-alert
- [SECURITY] [DSA 2878-1] virtualbox security update,
Moritz Muehlenhoff
- [security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2014:057 ] mediawiki,
security
- [ MDVSA-2014:056 ] apache-commons-fileupload,
security
- [ MDVSA-2014:054 ] otrs,
security
- [ MDVSA-2014:055 ] owncloud,
security
- [ MDVSA-2014:053 ] libssh,
security
- [ MDVSA-2014:052 ] net-snmp,
security
- [ MDVSA-2014:051 ] file,
security
- [slackware-security] mutt (SSA:2014-071-01),
Slackware Security Team
- [SECURITY] [DSA 2877-1] lighttpd security update,
Michael Gilbert
- Synology DSM4 Blind SQL Injection,
Michael Wisniewski
- PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319),
Hanno Böck
- CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE),
Pivotal Security Team
- [SECURITY] [DSA 2875-1] cups-filters security update,
Moritz Muehlenhoff
- NEW VMSA-2014-0002 VMware vSphere updates to third party libraries,
"VMware Security Response Center"
- Medium severity flaw in BlackBerry QNX Neutrino RTOS,
Tim Brown
- CVE-2014-0097 Spring Security Blank password may bypass user authentication,
Pivotal Security Team
- Cross-Site Scripting (XSS) in Open Classifieds,
High-Tech Bridge Security Research
- Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem,
Larry W. Cashdollar
- CVE-2014-1904 XSS when using Spring MVC,
Pivotal Security Team
- [SECURITY] [DSA 2874-1] mutt security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2873-1] file security update,
Salvatore Bonaccorso
- CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities,
CORE Advisories Team
- [SECURITY] [DSA 2876-1] cups security update,
Moritz Muehlenhoff
- [slackware-security] udisks, udisks2 (SSA:2014-070-01),
Slackware Security Team
- [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue,
Guillaume Ross
- [security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF),
security-alert
- [security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information,
security-alert
- AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling,
Asterisk Security Team
- AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver,
Asterisk Security Team
- AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers,
Asterisk Security Team
- AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.,
Asterisk Security Team
- APPLE-SA-2014-03-10-2 Apple TV 6.1,
Apple Product Security
- [ MDVSA-2014:050 ] wireshark,
security
- APPLE-SA-2014-03-10-1 iOS 7.1,
Apple Product Security
- Android Vulnerability: Install App Without User Explicit Consent,
Daniel Divricean
- [security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability,
security-alert
- [SECURITY] [DSA 2872-1] udisks security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2871-1] wireshark security update,
Moritz Muehlenhoff
- [ MDVSA-2014:049 ] subversion,
security
- [ MDVSA-2014:048 ] gnutls,
security
- [SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update,
Salvatore Bonaccorso
- E-Store (1.0 & 2.0) <= SQL Injection Vulnerability,
Alkeraithe
- [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability,
contact
- SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot,
SEC Consult Vulnerability Lab
- [security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access,
security-alert
- SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability,
Vulnerability Lab
- [ANN] Struts 2.3.16.1 GA release available - security fix,
Lukasz Lenart
- [slackware-security] sudo (SSA:2014-064-01),
Slackware Security Team
- Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability,
Cisco Systems Product Security Incident Response Team
- [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure,
Gustavo Speranza
- ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities,
Security Alert
- Public disclosure of Buffer Overflow Dassault Systems,
0xnanoquetz9l
- Multiple Vulnerabilities in OpenDocMan,
High-Tech Bridge Security Research
- Cross-Site Scripting (XSS) in Ilch CMS,
High-Tech Bridge Security Research
- CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box,
alejandr0.w3b.p0wn3r
- [security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity,
security-alert
- [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- PHP: patch to make session handling with default config more secure against local attackers,
Jann Horn
- (Added CVE) Dassault Systemes Catia Stack Buffer Overflow,
0xnanoquetz9l
- JOIDS (Java OpenID Server) multiple vulnerabilities,
Bartlomiej Balcerek
- [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults,
iclelland
- [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation,
iclelland
- [slackware-security] gnutls (SSA:2014-062-01),
Slackware Security Team
- [SECURITY] [DSA 2869-1] gnutls26 security update,
Yves-Alexis Perez
- CFP: Passwords^14, Las Vegas, August 5-6,
Per Thorsheim
- [SECURITY] [DSA 2868-1] php5 security update,
Salvatore Bonaccorso
- [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution,
Julien Ahrens
- [CVE-2013-6234] XSS File Upload in SpagoBI v4.0,
Christian Catalano
- [CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0,
Christian Catalano
- [CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0,
Christian Catalano
- WordPress thecotton Themes Remote File Upload Vulnerability,
iedb . team
- ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability,
Security Alert
- [CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0,
Christian Catalano
- Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability,
Vulnerability Lab
- SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server,
SEC Consult Vulnerability Lab
- SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch,
SEC Consult Vulnerability Lab
- [slackware-security] subversion (SSA:2014-058-01),
Slackware Security Team
- Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin,
High-Tech Bridge Security Research
- SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System),
SEC Consult Vulnerability Lab
- Update: CVE-2014-0053 Information Disclosure when using Grails,
Pivotal Security Team
- Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability,
Vulnerability Lab
- Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability,
Vulnerability Lab
- Persistent XSS in Media File Renamer V1.7.0 wordpress plugin,
Larry W. Cashdollar
- Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher),
innate
- APPLE-SA-2014-02-25-3 QuickTime 7.7.5,
Apple Product Security
- [security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates,
security-alert
- [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information,
security-alert
- [security bulletin] HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files,
security-alert
- APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2,
Apple Product Security
- APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001,
Apple Product Security
- [SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled,
Mark Thomas
- [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard,
RedTeam Pentesting GmbH
Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities,
Vulnerability Lab
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure),
Mark Thomas
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications,
Mark Thomas
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service),
Mark Thomas
[security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure,
security-alert
[security bulletin] HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code,
security-alert
[security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues,
security-alert
WiFiles HD v1.3 iOS - File Include Web Vulnerability,
Vulnerability Lab
Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability,
Vulnerability Lab
[SECURITY] [DSA 2867-1] otrs2 security update,
Salvatore Bonaccorso
[CISTI'2014]: Iberian Conference on IST; Barcelona; Deadline: February 28,
ML
[SECURITY] [DSA 2866-1] gnutls26 security update,
Salvatore Bonaccorso
DC4420 - London DEFCON - meeting Tuesday, 25th February 2014,
Major Malfunction
APPLE-SA-2014-02-21-3 Apple TV 6.0.2,
Mihaela Popescu-Stanesti
APPLE-SA-2014-02-21-2 iOS 7.0.6,
Mihaela Popescu-Stanesti
[ MDVSA-2014:047 ] postgresql,
security
APPLE-SA-2014-02-21-1 iOS 6.1.6,
Apple Product Security
44CON 2014 September 11th - 12th CFP Open,
Steve
CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability,
Vulnerability Lab
[ MDVSA-2014:046 ] phpmyadmin,
security
Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability,
Vulnerability Lab
ASUS router drive-by code execution via XSS and authentication bypass,
buqtraq
[SECURITY] [DSA 2864-1] postgresql-8.4 security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2865-1] postgresql-9.1 security update,
Moritz Muehlenhoff
[slackware-security] gnutls (SSA:2014-050-01),
Slackware Security Team
[CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12,
Eric Flokstra
Android & iOS Hands-on Exploitation at SyScan 2014,
xys3c team
[ MDVSA-2014:045 ] libtar,
security
SQL Injection in AdRotate,
High-Tech Bridge Security Research
[slackware-security] mariadb, mysql (SSA:2014-050-02),
Slackware Security Team
[slackware-security] kernel (SSA:2014-050-03),
Slackware Security Team
Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability,
Cisco Systems Product Security Incident Response Team
[HITB-Announce] Haxpo CFP,
Hafez Kamal
VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution,
Julien Ahrens
[ MDVSA-2014:044 ] zarafa,
security
Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1,
adrianomarciomonteiro
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
[ MDVSA-2014:043 ] gnutls,
security
Barracuda Message Archiver 650 - Persistent Web Vulnerability,
Vulnerability Lab
[ MDVSA-2014:042 ] tomcat6,
security
[ MDVSA-2014:041 ] python,
security
[SECURITY] [DSA 2863-1] libtar security update,
Luciano Bello
CA20140218-01: Security Notice for CA 2E Web Option,
Williams, James K
[ MDVSA-2014:039 ] libgadu,
security
CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server,
Portcullis Advisories
[ MDVSA-2014:040 ] puppet,
security
SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection,
SEC Consult Vulnerability Lab
Re: [Full-disclosure] CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger,
Tim Brown
Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE,
Ronen Z
[ MDVSA-2014:038 ] kernel,
security
[ MDVSA-2014:037 ] ffmpeg,
security
Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec,
cfp2014
[ MDVSA-2014:036 ] varnish,
security
[ MDVSA-2014:035 ] libpng,
security
My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities,
Vulnerability Lab
[SECURITY] [DSA 2862-1] chromium-browser security update,
Michael Gilbert
[SECURITY] [DSA 2861-1] file security update,
Salvatore Bonaccorso
File Hub v1.9.1 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
Office Assistant Pro v2.2.2 iOS - File Include Vulnerability,
Vulnerability Lab
Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console,
kyle Lovett
[ MDVSA-2014:033 ] socat,
security
phpMyBackupPro-2.4 Cross-Site Scripting vulnerability,
iedb . team
[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection,
no-reply
[ MDVSA-2014:032 ] flite,
security
[ MDVSA-2014:031 ] drupal,
security
[ MDVSA-2014:034 ] yaml,
security
[slackware-security] ntp (SSA:2014-044-02),
Slackware Security Team
[ MDVSA-2014:029 ] mysql,
security
[slackware-security] curl (SSA:2014-044-01),
Slackware Security Team
[ MDVSA-2014:028 ] mariadb,
security
RE: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option,
Williams, James K
Critical security flaws in Nagios NRPE client/server crypto,
Aaron Zauner
[ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com),
ISecAuditors Security Advisories
Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability,
Pietro Oliva
Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability,
Pietro Oliva
[ MDVSA-2014:027 ] php,
security
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
