Bugtraq

Date Index

[Prev Page][Next Page]

ASUS RT Series Routers FTP Service - Default anonymous access, kyle Lovett
- Re: ASUS RT Series Routers FTP Service - Default anonymous access, kyle Lovett
APPLE-SA-2014-02-11-1 Boot Camp 5.1, Apple Product Security
Mybb All Version Denial of Service Vulnerability, iedb . team
[ MDVSA-2014:026 ] openldap, security
jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 2850-2] libyaml regression update, Salvatore Bonaccorso
[CVE-2014-1903] FreePBX 2.9 through 12 RCE, rob . thomas
[SECURITY] [DSA 2860-1] parcimonie security update, Salvatore Bonaccorso
[ MDVSA-2014:025 ] pidgin, security
WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln, iedb . team
[mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation, john . fitzpatrick
Phpbb Forum Denial of Service Vulnerability, iedb . team
[SECURITY] [DSA 2859-1] pidgin security update, Moritz Muehlenhoff
[SECURITY] [DSA 2858-1] iceweasel security update, Moritz Muehlenhoff
Open-Xchange Security Advisory 2014-02-10, Martin Braun
[slackware-security] mozilla-thunderbird (SSA:2014-039-02), Slackware Security Team
ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure, kyle Lovett
[slackware-security] seamonkey (SSA:2014-039-03), Slackware Security Team
#CONFidence 2014- Call for Papers, only 0111 days left to become CONFidence ninja, Andrzej Targosz
[slackware-security] mozilla-firefox (SSA:2014-039-01), Slackware Security Team
[SECURITY] [DSA 2857-1] libspring-java security update, Moritz Muehlenhoff
[oCERT-2014-001] MantisBT input sanitization errors, Andrea Barisani
[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update, Florian Weimer
WHMCS Denial of Service Vulnerability, iedb . team
Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability, Vulnerability Lab
gpEasy v4.3.x CMS - Multiple Web Vulnerabilities, Vulnerability Lab
Information on recently-fixed Oracle VM VirtualBox vulnerabilities, Matthew Daley
[SECURITY] [DSA 2852-1] libgadu security update, Florian Weimer
CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability, CORE Advisories Team
AlienVault OSSIM SQL Injection vulnerability, jakx . ppr
German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability, Vulnerability Lab
German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability, Vulnerability Lab
German Telekom Bug Bounty #9 - Code Execution Vulnerability, Vulnerability Lab
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS, Mark Thomas
[SECURITY] [DSA 2855-1] libav security update, Moritz Muehlenhoff
[ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail, ISecAuditors Security Advisories
Inteno DG301 Command Injection, post
[SECURITY] [DSA 2853-1] horde3 security update, Luciano Bello
SQL Injection in doorGets CMS, High-Tech Bridge Security Research
Multiple SQL Injection Vulnerabilities in AuraCMS, High-Tech Bridge Security Research
ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability, Security Alert
- <Possible follow-ups>
- ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability, Security Alert
Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14, marcel . mangold
[slackware-security] pidgin (SSA:2014-034-01), Slackware Security Team
[SECURITY] [DSA 2851-1] drupal6 security update, Salvatore Bonaccorso
Security advisory, LedgerSMB 1.3.0-1.3.36, Chris Travers
CVE-2014-1213 - Denial of Service in Sophos Anti Virus, advisories
- CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin, advisories
[SECURITY] [DSA 2850-1] libyaml security update, Salvatore Bonaccorso
Joomla! JomSocial component < 3.1.0.1 - Remote code execution, Matias Fontanini
[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service, Security Explorations
[SECURITY] [DSA 2849-1] curl security update, Florian Weimer
Ektron CMS Take Over - Hijacking Accounts, Mark Litchfield
[slackware-security] bind (SSA:2014-028-01), Slackware Security Team
SimplyShare v1.4 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
SiteCore XML Control Script Insertion, Mark Litchfield
[slackware-security] mozilla-nss (SSA:2014-028-02), Slackware Security Team
Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail, Mark Litchfield
Multiple Vulnerabilities in Eventum, High-Tech Bridge Security Research
Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability, Vulnerability Lab
DC4420 - London DEFCON - January meet - Tuesday 28th January 2014, Major Malfunction
[ MDVSA-2014:021 ] perl-Proc-Daemon, security
[ MDVSA-2014:024 ] graphviz, security
[ MDVSA-2014:023 ] hplip, security
[ MDVSA-2014:022 ] augeas, security
Security Vulnerabilities in Apache Cordova / PhoneGap, mgeorgiev
[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7, Christian Catalano
[CTF] nullcon HackIM 2014 will start at 24-01-2014, when the clock will strike at 11:59 (+5:30 GMT), nullcon
[CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android), cjlacayo
[SECURITY] [DSA 2826-2] denyhosts regression update, Yves-Alexis Perez
[CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module, ali . hussein
[SECURITY] [DSA 2848-1] mysql-5.5 security update, Salvatore Bonaccorso
APPLE-SA-2014-01-22-1 iTunes 11.1.4, Apple Product Security
Cross-Site Scripting (XSS) in Komento Joomla Extension, High-Tech Bridge Security Research
SQL Injection in JV Comment Joomla Extension, High-Tech Bridge Security Research
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page, tudor . enache
CONFidence 2014- Call for Papers, Andrzej Targosz
CISTI'2014: CFP - Doctoral Symposium, ML
[ MDVSA-2014:020 ] x11-server, security
Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2014:019 ] elinks, security
[ MDVSA-2014:018 ] net-snmp, security
[ MDVSA-2014:017 ] net-snmp, security
[ MDVSA-2014:016 ] spice, security
[ MDVSA-2014:015 ] cups, security
SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12), SEC Consult Vulnerability Lab
[FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20, research-feedback
[ MDVSA-2014:014 ] php, security
[ MDVSA-2014:013 ] libxfont, security
[SECURITY] [DSA 2847-1] drupal7 security update, Salvatore Bonaccorso
[ MDVSA-2014:012 ] nss, security
[ MDVSA-2014:011 ] java-1.7.0-openjdk, security
Secunia Research: OpenPNE PHP Object Injection Vulnerability, Secunia Research
[ MDVSA-2014:009 ] librsvg, security
[SECURITY] [DSA 2846-1] libvirt security update, Moritz Muehlenhoff
SI6 Networks' IPv6 Toolkit v1.5.2 released!, Fernando Gont
[SECURITY] [DSA 2831-2] puppet regression update, Salvatore Bonaccorso
Ammyy Admin - Hidden hard-coded option and Access Control vulnerability., bhadresh . k . patel
[SECURITY] [DSA 2845-1] mysql-5.1 security update, Moritz Muehlenhoff
[ MDVSA-2014:010 ] memcached, security
[ MDVSA-2014:008 ] openjpeg, security
[ MDVSA-2014:007 ] openssl, security
Open-Xchange Security Advisory 2014-01-17, Martin Braun
[security bulletin] HPSBUX02961 SSRT101420 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[ MDVSA-2014:003 ] nrpe, security
CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers, Alexandre Herzog
[ MDVSA-2014:002 ] bind, security
SQL Injection in Sexy Polling Joomla Extension, High-Tech Bridge Security Research
[ MDVSA-2014:004 ] nagios, security
[ MDVSA-2014:006 ] libxslt, security
[ MDVSA-2014:005 ] ejabberd, security
[HITB-Announce] #HITB2014AMS Call for Papers - FINAL CALL, Hafez Kamal
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control System, Cisco Systems Product Security Incident Response Team
[slackware-security] openssl (SSA:2014-013-02), Slackware Security Team
Online OWASP Security Challenges, Ivan Buetler
[SECURITY] [DSA 2844-1] djvulibre security update, Raphael Geissert
FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd, FreeBSD Security Advisories
CVE-2013-6430 Possible XSS when using Spring MVC, Pivotal Security Team
FreeBSD Security Advisory FreeBSD-SA-14:02.ntpd, FreeBSD Security Advisories
CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete, Pivotal Security Team
[CVE-2014-1238] Cross Site Scripting(XSS) in q-pulse application, ali . hussein
FreeBSD Security Advisory FreeBSD-SA-14:04.bind, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:03.openssl, FreeBSD Security Advisories
[slackware-security] libXfont (SSA:2014-013-01), Slackware Security Team
[slackware-security] samba (SSA:2014-013-04), Slackware Security Team
[slackware-security] php (SSA:2014-013-03), Slackware Security Team
[CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application, Daniel Wood
[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 2843-1] graphviz security update, Salvatore Bonaccorso
[ MDVSA-2014:001 ] kernel, security
[SECURITY] [DSA 2842-1] libspring-java security update, Moritz Muehlenhoff
NETGEAR WNR1000v3 Password Recovery Vulnerability, c1ph04mail
CISTI'2014: List of Workshops, ML
- <Possible follow-ups>
- CISTI'2014: List of Workshops, ML
[SECURITY] [DSA 2841-1] movabletype-opensource security update, Moritz Muehlenhoff
Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices, Cisco Systems Product Security Incident Response Team
[CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow, Pedro Ribeiro
[SECURITY] [DSA 2840-1] srtp security update, Salvatore Bonaccorso
Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access, David Nalley
Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users, David Nalley
[CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL), Felipe Molina
nullcon Blackshield Awards 2014, nullcon
[SECURITY] [DSA 2839-1] spice security update, Salvatore Bonaccorso
Improper Authentication in Burden, High-Tech Bridge Security Research
Multiple Vulnerabilities in Horizon QCMS, High-Tech Bridge Security Research
[SECURITY] [DSA 2838-1] libxfont security update, Moritz Muehlenhoff
[SECURITY] [DSA 2837-1] openssl security update, Moritz Muehlenhoff
SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -, sisco . barrera
AusCERT2014 Call for Presentations and Tutorials, AusCERT
[HITB-Announce] HITB Magazine Issue 10 Out Now, Hafez Kamal
Open-Xchange Security Advisory 2014-01-06, Martin Braun
[SECURITY] [DSA 2836-1] devscripts security update, Raphael Geissert
[SECURITY] [DSA 2835-1] asterisk security update, Moritz Muehlenhoff
[security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
Path Traversal in eduTrac, High-Tech Bridge Security Research
[CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node, Tomaz Muraus
[SECURITY] [DSA 2834-1] typo3-src security update, Salvatore Bonaccorso
CFP - IEEE Co-sponsored CyberSec2014 - Lebanon Section, The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic
[SECURITY] [DSA 2833-1] openssl security update, Moritz Muehlenhoff
[SECURITY] [DSA 2832-1] memcached security update, Salvatore Bonaccorso
[SECURITY] [DSA 2831-1] puppet security update, Luciano Bello
[SECURITY] [DSA 2830-1] ruby-i18n security update, Florian Weimer
[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities, security-alert
CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition, Rodrigo Rubira Branco (BSDaemon)
[SECURITY] [DSA 2829-1] hplip security update, Moritz Muehlenhoff
[SECURITY] [DSA 2828-1] drupal6 security update, Salvatore Bonaccorso
SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection, SEC Consult Vulnerability Lab
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin, High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin, High-Tech Bridge Security Research
Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin, High-Tech Bridge Security Research
[ MDVSA-2013:302 ] pixman, security
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability, Security Alert
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability, Security Alert
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update, Salvatore Bonaccorso
[ MDVSA-2013:301 ] nss, security
[ MDVSA-2013:300 ] asterisk, security
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability, Security Alert
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX, "VMware Security Response Center"
[SECURITY] [DSA 2826-1] denyhosts security update, Yves-Alexis Perez
[ MDVSA-2013:299 ] samba, security
[slackware-security] gnupg (SSA:2013-354-01), Slackware Security Team
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities, Vulnerability Lab
- <Possible follow-ups>
- Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities, Vulnerability Lab
[ MDVSA-2013:298 ] php, security
[SECURITY] [DSA 2825-1] wireshark security update, Moritz Muehlenhoff
[ MDVSA-2013:297 ] munin, security
[ MDVSA-2013:296 ] wireshark, security
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability, Matteo Beccati
[SECURITY] [DSA 2824-1] curl security update, Salvatore Bonaccorso
[ MDVSA-2013:295 ] gnupg, security
[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS), security-alert
ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities, Security Alert
APPLE-SA-2013-12-19-1 Motion 5.1, Apple Product Security
CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability, CORE Advisories Team
[SECURITY] [DSA 2822-1] xorg-server security update, Moritz Muehlenhoff
[SECURITY] [DSA 2823-1] pixman security update, Moritz Muehlenhoff
[SECURITY] [DSA 2821-1] gnupg security update, Thijs Kinkhorst
[ MDVSA-2013:294 ] gimp, security
[ MDVSA-2013:293 ] gimp, security
[ MDVSA-2013:292 ] links, security
[ MDVSA-2013:289 ] owncloud, security
[ MDVSA-2013:290 ] mediawiki, security
[ MDVSA-2013:291 ] kernel, security
- <Possible follow-ups>
- [ MDVSA-2013:291 ] kernel, security
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities, Alexandre Herzog
[CVE-2013-2764] Secure Entry Server - URL Redirection, Alexandre Herzog
[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin, Christian Catalano
[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms, Christian Catalano
InfoSec Southwest 2014 CFP now open!, ISSW CFP
[ MDVSA-2013:288 ] subversion, security
[ MDVSA-2013:287-1 ] drupal, security
Hancom Office '.hml' file heap-based buffer overflow, diroverflow
[slackware-security] seamonkey (SSA:2013-350-07), Slackware Security Team
[slackware-security] ruby (SSA:2013-350-06), Slackware Security Team
[slackware-security] libjpeg (SSA:2013-350-02), Slackware Security Team
[slackware-security] llvm (SSA:2013-350-03), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-350-05), Slackware Security Team
[slackware-security] libiodbc (SSA:2013-350-01), Slackware Security Team
[SECURITY] [DSA 2820-1] nspr security update, Raphael Geissert
[slackware-security] mozilla-firefox (SSA:2013-350-04), Slackware Security Team
QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability, Vulnerability Lab
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation, Asterisk Security Team
AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message, Asterisk Security Team
FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1, Apple Product Security
APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1, Apple Product Security
[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution, security-alert
[SECURITY] [DSA 2818-1] mysql-5.5 security update, Salvatore Bonaccorso
User Identity Spoofing in Bitrix Site Manager, High-Tech Bridge Security Research
XSS and Full Path Disclosure in MijoSearch Joomla Extension, High-Tech Bridge Security Research
[SECURITY] [DSA 2819-1] End-of-life announcement for iceape, Moritz Muehlenhoff
Command injection in Ruby Gem Webbynode 1.0.5.3, Larry W. Cashdollar
LiveZilla 5.1.2.0 PHP Object Injection, zoczus
Command injection vulnerability in Ruby Gem sprout 0.7.246, Larry W. Cashdollar
Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line, Larry W. Cashdollar
LiveZilla 5.1.2.0 Insecure password storage, zoczus
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client, zoczus
[SECURITY] [DSA 2817-1] libtar security update, Luciano Bello
Last Call - 2sd World Conference on IST; Submission: December 29, WorldCIST
Call for Papers -YSTS 8 - Information Security Conference, Brazil, Luiz Eduardo
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability, Stefan Esser
DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013, Tony Naggs
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities, Vulnerability Lab
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS), security-alert
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS), security-alert
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update, security-alert
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution, security-alert
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), security-alert
[SECURITY] [DSA 2816-1] php5 security update, Thijs Kinkhorst
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities, Vulnerability Lab
- <Possible follow-ups>
- Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities, Vulnerability Lab
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup), mailing lists
Microsoft Yammer - Persistent Profile Vulnerabilities, Vulnerability Lab
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability, Vulnerability Lab
SAMSPADE 1.14 BUFFER OVERFLOW, vishal_mishra
[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection, mailing lists
CORE-2013-0807 - Divide Error in Windows Kernel, CORE Advisories Team
- Re: CORE-2013-0807 - Divide Error in Windows Kernel, CORE Advisories Team
FlashCanvas 1.5 proxy.php XSS Vulnerability, code
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities, Security Alert
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting, advisories
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities, Vulnerability Lab
SQL Injection in InstantCMS, High-Tech Bridge Security Research
Android Fragment Injection vulnerability, Roee Hay
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS), security-alert
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability, CORE Advisories Team
[security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
LiveZilla 5.1.1.0 Stored XSS in operator clients, zoczus
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities, Vulnerability Lab
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution, nospam
[CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application, Daniel Wood
[SECURITY] [DSA 2815-1] munin security update, Salvatore Bonaccorso
[SECURITY] [DSA 2812-1] samba security update, Moritz Muehlenhoff
[SECURITY] [DSA 2813-1] gimp security update, Moritz Muehlenhoff
[SECURITY] [DSA 2814-1] varnish security update, Salvatore Bonaccorso
Vulnerabilities in Apache Solr < 4.6.0, Nicolas Grégoire
[slackware-security] seamonkey (SSA:2013-339-03), Slackware Security Team
ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities, Security Alert
Print n Share v5.5 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
LiveZilla 5.1.0.0 Reflected XSS in translations, zoczus
[SECURITY] [DSA 2811-1] chromium-browser security update, Michael Gilbert
Opencart Multiple Vulnerabilities, trueend5
[slackware-security] hplip (SSA:2013-339-04), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-339-02), Slackware Security Team
[slackware-security] mozilla-nss (SSA:2013-339-01), Slackware Security Team
NEW VMSA-2013-0015 VMware ESX updates to third party libraries, Edward Hawkins
[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability, Egidio Romano
[SECURITY] [DSA 2809-1] ruby1.8 security update, Salvatore Bonaccorso
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day), Vulnerability Lab
[SECURITY] [DSA 2810-1] ruby1.9.1 security update, Salvatore Bonaccorso
Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
Cross-Site Scripting (XSS) in Jamroom, High-Tech Bridge Security Research
[PT-2013-63] Hash Length Extension in HTMLPurifier, noreply
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation, "VMware Security Response Center"
bugs in IJG jpeg6b & libjpeg-turbo, Michal Zalewski
[SECURITY] [DSA 2808-1] openjpeg security update, Raphael Geissert
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics)., ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
D-Link DIR-XXX remote root access exploit., ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
[Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation, Stefan Kanthak
- Message not available
  - Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation, Stefan Kanthak
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 2807-1] links2 security update, Moritz Muehlenhoff
[security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution, security-alert
[SECURITY] [DSA 2806-1] nbd security update, Thijs Kinkhorst
FreeBSD Security Advisory FreeBSD-SA-13:14.openssh [REVISED], FreeBSD Security Advisories
NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability, Vulnerability Lab
RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface, Ruckus Product Security Team
[SECURITY] [DSA 2805-1] sup-mail security update, Luciano Bello
[HITB-Announce] #HITB2014AMS Call for Papers Now Open, Hafez Kamal
SQL Injection in Chamilo LMS, High-Tech Bridge Security Research
SQL Injection in Dokeos, High-Tech Bridge Security Research
Multiple Cross-Site Scripting (XSS) in Claroline, High-Tech Bridge Security Research
[security bulletin] HPSBGN02942 rev.1 - HP Service Manager and ServiceCenter, Remote Code Execution, security-alert
[SECURITY] [DSA 2804-1] drupal7 security update, Moritz Muehlenhoff
[ MDVSA-2013:287 ] drupal, security
[SECURITY] [DSA 2803-1] quagga security update, Moritz Muehlenhoff
[ MDVSA-2013:286 ] ruby, security
[ MDVSA-2013:285 ] bugzilla, security
[SECURITY] [DSA 2800-1] nss security update, Salvatore Bonaccorso
Open-Xchange Security Advisory 2013-11-25, Martin Braun
[ MDVSA-2013:284 ] glibc, security
[ MDVSA-2013:283 ] glibc, security
[ MDVSA-2013:282 ] perl-HTTP-Body, security
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation, Stefan Kanthak
[ MDVSA-2013:281 ] nginx, security
[ MDVSA-2013:280 ] memcached, security
[ MDVSA-2013:279 ] wireshark, security
Unauthorized console access on Satechi travel router v1.5, Luc Dore
CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater, andrew
ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities, Security Alert
[SECURITY] [DSA 2802-1] nginx security update, Thijs Kinkhorst
DC4420 (DefCon London) meeting next Tuesday, 26th November 2013, Tony Naggs
[SECURITY] [DSA 2801-1] libhttp-body-perl security update, Salvatore Bonaccorso
[ MDVSA-2013:278 ] samba, security
[ MDVSA-2013:274 ] libjpeg, security
[ MDVSA-2013:276 ] curl, security
Instagram Photo Upload and Flattr Money Redirection Vulnerability, pfohl
Facebook Vulnerability Discloses Friends Lists Defined as Private, qsrc Quotium
[ MDVSA-2013:277 ] lighttpd, security
[ MDVSA-2013:273 ] libjpeg, security
[ MDVSA-2013:275 ] krb5, security
[ MDVSA-2013:272 ] poppler, security
[ MDVSA-2013:271 ] pmake, security
[SECURITY] [DSA 2798-2] curl security update, Salvatore Bonaccorso
[ MDVSA-2013:270 ] nss, security
[ MDVSA-2013:269 ] firefox, security
Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
Mybb Ajaxfs Plugin Sql Injection vulnerability, iedb . team
Paypal Bug Bounty #14 - Persistent Payment Mail Encoding Vulnerability, Vulnerability Lab
[ MDVSA-2013:268 ] torque, security
XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow, geinblues
pineapp mailsecure remote no authenticated privilege escalation & remote execution code, rubengarrote
Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install), bruk0ut . sec
[ MDVSA-2013:266 ] java-1.6.0-openjdk, security
XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow, geinblues
XADV-2013008 Linux Kernel 3.11.7 <= sk_attach_filter Kernel Heap Corruption, geinblues
16TH AVAR INTERNATIONAL SECURITY CONFERENCE 2013 - (4th-7th Dec'13, Chennai. India), Gregory Panakkal
ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities, Security Alert
[ MDVSA-2013:267 ] java-1.7.0-openjdk, security
FreeBSD Security Advisory FreeBSD-SA-13:14.openssh, FreeBSD Security Advisories
SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution, Dennis Kelly
Paypal Inc Bug Bounty #47 ALYZ - Persistent Search Vulnerability, Vulnerability Lab
PayPal Inc Bug Bounty #42 - Persistent POST Inject Vulnerability, Vulnerability Lab
[slackware-security] seamonkey (SSA:2013-322-04), Slackware Security Team
PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability, Vulnerability Lab
[slackware-security] samba (SSA:2013-322-03), Slackware Security Team
[slackware-security] openssh (SSA:2013-322-02), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2013-322-01), Slackware Security Team
[SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities, advisories
[SECURITY] [DSA 2798-1] curl security update, Michael Gilbert
[OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass, Tim Brown
Information Security Forecast 2014, Jeimy Cano
[SECURITY] [DSA 2797-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 2795-2] lighttpd regression update, Michael Gilbert
Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin, High-Tech Bridge Security Research
XADV-2013006 FreeBSD <= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs, geinblues
XADV-2013005 FreeBSD 10 <= nand Driver IOCTL Kernel Memory Leak Bug, geinblues
[CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability, Julien Ahrens
NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability, "VMware Security Response Center"
APPLE-SA-2013-11-14-1 iOS 7.0.4, Apple Product Security
Dahua DVR Authentication Bypass - CVE-2013-6117, Jake Reynolds
[SECURITY] [DSA 2797-1] icedove security update, Moritz Muehlenhoff
Superuser unsanitized environment vulnerability on Android <= 4.2.x, Kevin Cernekee
- Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x, Gleb O. Raiko
  - Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x, Kevin Cernekee
Superuser "su --daemon" vulnerability on Android >= 4.3, Kevin Cernekee
Android Superuser shell character escape vulnerability, Kevin Cernekee
[SECURITY] [DSA 2796-1] torque security update, Salvatore Bonaccorso
[SECURITY] [DSA 2795-1] lighttpd security update, Michael Gilbert
Cross-Site Scripting (XSS) in Zikula Application Framework, High-Tech Bridge Security Research
LastPass Android container PIN and auto-wipe security feature bypass (CVE-2013-5113/5114), Chris John Riley
[security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information, security-alert
Fwd: RUCKUS ADVISORY ID 111113-2: Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers, Ruckus Product Security Team
RUCKUS ADVISORY ID 111113-1: Authenticated code injection vulnerability in ZoneDirector administrative web interface, Ruckus Product Security Team
WebSurgery v1.1 released (Web application security testing suite), John Stamatakis
- <Possible follow-ups>
- WebSurgery v1.1 released (Web application security testing suite), John Stamatakis
XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3, info
vulnerability issue for DB2 express, bhavyasethi . atcs
- Message not available
  - Fwd: vulnerability issue for DB2 express, Jonathan Yu
- <Possible follow-ups>
- Re: Fwd: vulnerability issue for DB2 express, shatter
[SECURITY] [DSA 2794-1] spip security update, Salvatore Bonaccorso
Vulnerability in Pydio/AjaXplorer <= 5.0.3, advisories
Vulnerability in Pydio/AjaXplorer < = 5.0.3, advisories
[ MDVSA-2013:265 ] kernel, security
XADV-2013003 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow, geinblues
[SECURITY] [DSA 2793-1] libav security update, Moritz Muehlenhoff
Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials, Johannes . Ernst
WorldCIST'14 - World Conference on IST; Submission deadline: November 29, Maria Lemos
Word 2003 SP2 .doc fork bomb on WinXP SP3, jsibley1
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3, Stefan Kanthak
- <Possible follow-ups>
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3, jsibley1
RE: FP BugCON 2014 - Mexico City, Tamara Vera
Apple MacOSX 10.9 Hard Link Memory Corruption, submit
- Re: Apple MacOSX 10.9 Hard Link Memory Corruption, Stefan Arentz
Cisco Security Advisory: Cisco WAAS Mobile Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability, Cisco Systems Product Security Incident Response Team
CFP BugCON 2014 - Mexico City, Carlos A. Lozano
CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application), Dirk-Willem van Gulik
CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass, CORE Advisories Team
SQL Injection in appRain, High-Tech Bridge Security Research
Open-Xchange Security Advisory 2013-11-06, Martin Braun
[SOJOBO-ADV-13-03] - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting, advisories
wordpress jigoshop Plugin path disclosure vulnerabilities, iedb . team
[ISecAuditors Security Advisories] LinkedIn social network is affected by Persistent Cross-Site Scripting vulnerability, ISecAuditors Security Advisories
[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA", ISecAuditors Security Advisories
[ISecAuditors Security Advisories] SQL Injection vulnerability in "Project'Or RIA" allow arbitrary access to the database and the file system, ISecAuditors Security Advisories
ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities., Security Alert
ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability., Security Alert
[SECURITY] [DSA 2792-1] wireshark security update, Salvatore Bonaccorso
Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563, g . delvecchio
[security bulletin] HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS), security-alert
[SECURITY] [DSA 2791-1] tryton-client security update, Florian Weimer
XADV-2013003 Linux Kernel eCryptfs write_tag_3_packet Heap Buffer Overflow Vulnerability, geinblues
CSRF Horde Groupware Web mail Edition, m . benetrix
XSS and CSRF Horde Groupware Web mail Edition, m . benetrix
[slackware-security] mozilla-thunderbird (SSA:2013-307-01), Slackware Security Team
[SECURITY] [DSA 2790-1] nss security update, Salvatore Bonaccorso
pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities, Vulnerability Lab
[security bulletin] HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution, security-alert
[security bulletin] HPSBMU02874 SSRT101184 rev.2 - HP Service Manager, Java Runtime Environment (JRE) Security Update, security-alert
[SECURITY] [DSA 2789-1] strongswan security update, Yves-Alexis Perez
[security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution, security-alert
[security bulletin] HPSBMU02872 SSRT101185 rev.3 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS), security-alert
[security bulletin] HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution, security-alert
[ MDVSA-2013:264 ] firefox, security
[SECURITY] [DSA 2788-1] iceweasel security update, Raphael Geissert
Unicorn Router WB-3300NR CSRF (Factory Reset/DNS Change), jsibley1
nullcon Goa V First Speaker list and CFP closes soon, nullcon
[CVE-2013-4484] DoS vulnerability in Varnish HTTP cache, Poul-Henning Kamp
[ MDVSA-2013:263 ] roundcubemail, security
ESA-2013-074: EMC Unisphere for VMAX Information Disclosure Vulnerability, Security Alert
Apache PHP Remote Exploit - apache-magika.c, king cope
Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability, Vulnerability Lab
GTX CMS 2013 Optima - Multiple Web Vulnerabilities, Vulnerability Lab
ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability, Security Alert
CVE-2013-5694 Blind SQL Injection in Ops View, J. Oquendo
[PSA-2013-1022-1] Microsoft Silverlight Invalid Typecast / Memory Disclosure, bugtraq
Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236), Mark Stanislav
[ MDVSA-2013:262 ] python-pycrypto, security
[ MDVSA-2013:261 ] dropbear, security
[ MDVSA-2013:260 ] x11-server, security
[ MDVSA-2013:259 ] x11-server, security
[ MDVSA-2013:258 ] icu, security
CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View, J. Oquendo
ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability, Vulnerability Lab
Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
[PT-2013-46] Local File Include in Nagios Looking Glass, noreply
[scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting, Marc Ruef
[ISecAuditors Security Advisories] XSS vulnerability in LinkedIn, ISecAuditors Security Advisories
vBulletin remote admin injection exploit, simo
Multiple CSRF Horde Groupware Web mail Edition 5.1.2, m . benetrix
[SECURITY] [DSA 2786-1] icu security update, Michael Gilbert
Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014), 2014 Symposium on Protocols and Rules for Security (SPRS2014)
- <Possible follow-ups>
- Re: Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014), Brandon Butterworth
[CVE-2012-6297] DD-WRT v24-sp2 Command Injection, Craig Young
Call for Papers, 2014 Symposium on Cryptography and Authentication (SCA2014) , Suzhou, China, 2014 Symposium on Cryptography and Authentication (SCA2014)
[SECURITY] [DSA 2787-1] roundcube security update, Salvatore Bonaccorso
[SECURITY] [DSA 2785-1] chromium-browser security update, Michael Gilbert
Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability, Vulnerability Lab
Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability, Vulnerability Lab
Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution, nospam
DC4420 - London DEFCON - October meet - Tuesday 29th October 2013, Major Malfunction
[SECURITY] [DSA 2783-2] librack-ruby regression update, Salvatore Bonaccorso
CA20131024-01: Security Notice for CA SiteMinder, Kotas, Kevin J
[WorldCIST'14]: World Conference on IST; Proceedings by Springer, Maria Lemos
[ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30, ISecAuditors Security Advisories
RPS/APS vulnerability in snom/yealink and others, Cal Leeming [Simplicity Media Ltd]
- Re: RPS/APS vulnerability in snom/yealink and others, Cal Leeming [Simplicity Media Ltd]
- <Possible follow-ups>
- Re: RPS/APS vulnerability in snom/yealink and others, god
ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability, Security Alert
Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Identity Services Engine, Cisco Systems Product Security Incident Response Team
Cross-Site Scripting (XSS) in GuppY, High-Tech Bridge Security Research
[ MDVSA-2013:257 ] nss, security
[Article] The Audit DSOs of the rtld, geinblues
AusCERT2014: Call for Presentations NOW OPEN, auto-bulletins
[SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting, advisories
[SECURITY] [DSA 2784-1] xorg-server security update, Moritz Muehlenhoff
[CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root, Craig Young
[CVE-2013-4295] Apache Shindig information disclosure vulnerability, Ryan Baxter
[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities, Julien Ahrens
[SECURITY] [DSA 2783-1] librack-ruby security update, Thijs Kinkhorst
[SECURITY] [DSA 2782-1] polarssl security update, Moritz Muehlenhoff
glibc 2.5 <= reloc types to crash bug, geinblues
[Article] Linux Kernel Patches For Linux Kernel Security, geinblues
Defense in depth -- the Microsoft way (part 12): NOOP security fixes, Stefan Kanthak
[slackware-security] hplip (SSA:2013-291-01), Slackware Security Team
Wordpress videowall Plugin Xss vulnerabilities, iedb . team
[slackware-security] libtiff (SSA:2013-290-01), Slackware Security Team
[SECURITY] [DSA 2781-1] python-crypto security update, Yves-Alexis Perez
OWASP Vulnerable Web Applications Directory Project, psiinon
[SECURITY] [DSA 2780-1] mysql-5.1 security update, Moritz Muehlenhoff
[ MDVSA-2013:256 ] apache-mod_fcgid, security
[ MDVSA-2013:255 ] clutter, security
[ MDVSA-2013:254 ] quagga, security
[ MDVSA-2013:252 ] torque, security
[ MDVSA-2013:251 ] aircrack-ng, security
[ MDVSA-2013:253 ] libtar, security
NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities, "VMware Security Response Center"
Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities, Vulnerability Lab
[ANN] Struts 2.3.15.3 GA release available - security fix, Lukasz Lenart
[ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn, ISecAuditors Security Advisories
Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability, Vulnerability Lab
Zikula CMS v1.3.5 - Multiple Web Vulnerabilities, Vulnerability Lab
Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11, LpSolit
[ MDVSA-2013:250 ] mysql, security
[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse, security-alert
PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
[SE-2012-01] Issue 69 details and IBM Java vulnerabilities, Security Explorations
Remote Code Execution in Microweber, High-Tech Bridge Security Research
[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart, ISecAuditors Security Advisories
APPLE-SA-2013-10-15-1 Java for OS X 2013-005 and Mac OS X v10.6 Update 17, Apple Product Security
[slackware-security] xorg-server (SSA:2013-287-05), Slackware Security Team
[security bulletin] HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS), security-alert
ZAPms v1.42 CMS - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
DornCMS Application v1.4 - Multiple Web Vulnerabilities, Vulnerability Lab
Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability, Vulnerability Lab
Paypal Inc Bug Bounty #105 MOS - Multiple Persistent Print Layout Vulnerabilities, Vulnerability Lab
My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
SEC Consult SA-20131015-0 :: Multiple vulnerabilities in SpamTitan, SEC Consult Vulnerability Lab
OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability, Vulnerability Lab
Training : Advanced Android & iOS Hands-on Exploitation at Toorcon San Diego [16th-17th Oct,2013], xys3c team
- <Possible follow-ups>
- Training : Advanced Android & iOS Hands-on Exploitation at Toorcon San Diego [16th-17th Oct,2013], xys3c team
Critical vulnerabilities discovered in Gazelle and TBDEV.net, Bogdan Calin
[slackware-security] gnupg2 (SSA:2013-287-02), Slackware Security Team
[slackware-security] gnupg (SSA:2013-287-01), Slackware Security Team
[slackware-security] gnutls (SSA:2013-287-03), Slackware Security Team
[slackware-security] libgpg-error (SSA:2013-287-04), Slackware Security Team
[SECURITY] [DSA 2779-1] libxml2 security update, Michael Gilbert
CFP: Passwords^13 Bergen (Norway), December 2-3 2013, Per Thorsheim
[CISTI'2014]: Call for Workshops, Maria Lemos
[SECURITY] [DSA 2778-1] libapache2-mod-fcgid security update, Salvatore Bonaccorso
Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities, jsibley1
- <Possible follow-ups>
- Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities, jsibley1
[SECURITY] [DSA 2776-1] drupal6 security update, Moritz Muehlenhoff
[SECURITY] [DSA 2777-1] systemd security update, Moritz Muehlenhoff
[security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information, security-alert
[SECURITY] [DSA 2773-1] gnupg security update, Thijs Kinkhorst
[SECURITY] [DSA 2774-1] gnupg security update, Thijs Kinkhorst
[ MDVSA-2013:249 ] libraw, security
[ MDVSA-2013:247 ] gnupg, security
[SECURITY] [DSA 2772-1] typo3-src security update, Moritz Muehlenhoff
[ MDVSA-2013:248 ] xinetd, security
[SECURITY] [DSA 2775-1] ejabberd security update, Thijs Kinkhorst
[SECURITY] [DSA 2771-1] nas security update, Moritz Muehlenhoff
[SECURITY] [DSA 2770-1] torque security update, Salvatore Bonaccorso
[ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5, ISecAuditors Security Advisories
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11, ISecAuditors Security Advisories
Cross-Site Scripting (XSS) in Feng Office, High-Tech Bridge Security Research
[security bulletin] HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection, security-alert
[security bulletin] HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information, security-alert
[SECURITY] [DSA-2769-1] kfreebsd-9 security update, Salvatore Bonaccorso
NotSoSecure CTF (in partnership with Appsec USA), sid
[ MDVSA-2013:246 ] openjpa, security
Apple Motion Integer Overflow Vulnerability, pereira
[SECURITY] [DSA 2768-1] icedtea-web security update, Salvatore Bonaccorso
[KIS-2013-09] Vanilla Forums <= 2.0.18.5 (class.utilitycontroller.php) PHP Object Injection Vulnerability, Egidio Romano
SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix, SEC Consult Vulnerability Lab
APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update, Apple Product Security
[security bulletin] HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information, security-alert
ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability, Security Alert
[SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities, advisories
[ MDVSA-2013:245 ] proftpd, security
SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler, SEC Consult Vulnerability Lab
Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability, Vulnerability Lab
WebAssist PowerCMS PHP - Multiple Web Vulnerabilities, Vulnerability Lab
elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities, Vulnerability Lab
SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities, Vulnerability Lab
Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities, Vulnerability Lab
Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability, Vulnerability Lab
Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
RootedCON 2014 - Call For Papers, Javier Olascoaga
Cisco Security Advisory: Cisco IOS XR Software Memory Exhaustion Vulnerability, Cisco Systems Product Security Incident Response Team
All in One SEO Pack Plugin for WordPress 1.3.6.4 - 2.0.3 XSS, Charlie Briggs
Multiple Vulnerabilities in Gnew, High-Tech Bridge Security Research
Remote Code Execution in GLPI, High-Tech Bridge Security Research
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies, Stefan Kanthak
CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure, CORE Advisories Team
CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability, CORE Advisories Team
iOS: List of available trusted root certificates, Jeffrey Walton
- Re: iOS: List of available trusted root certificates, Jason Hellenthal
CFP: WorldCIST'14 - World Conference on IST, at Madeira Island, Maria Lemos
CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic., Dennis Jenkins
[ MDVSA-2013:244 ] davfs2, security
Open-Xchange Security Advisory 2013-09-30, Martin Braun
Firefox for Android - Same-origin bypass through symbolic links, Takeshi Terada
[CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability, guillaume
[SECURITY] [DSA 27671-1] proftpd-dfsg security update, Nico Golde
[slackware-security] seamonkey (SSA:2013-271-01), Slackware Security Team
Linux Kernel Patches For Linux Kernel Security, geinblues
[IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert, Alexandro Silva
[ MDVSA-2013:243 ] polkit, security
[SECURITY] [DSA 2766-1] linux-2.6 security update, dann frazier
[SECURITY] [DSA 2765-1] davfs2 security update, Luciano Bello
APPLE-SA-2013-09-26-1 iOS 7.0.2, Apple Product Security
ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability, Security Alert
[ISecAuditors Security Advisories] Multiple Reflected Cross-Site Scripting vulnerabilities, ISecAuditors Security Advisories
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2013:242 ] kernel, security
XAMPP 1.8.1 Local Write Access Vulnerability, ISecAuditors Security Advisories
[SECURITY] [DSA 2764-1] libvirt security update, Moritz Muehlenhoff
joomla com_zimbcomment Components Local File Include vulnerability, iedb . team
- <Possible follow-ups>
- Re:joomla com_zimbcomment Components Local File Include vulnerability, Sergio Tam
Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Queue Wedge Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability, Cisco Systems Product Security Incident Response Team
- AW: Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability, Aichhorn, Herbert
Cisco Security Advisory: Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBMU02872 SSRT101185 rev.2 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS), security-alert
[ MDVSA-2013:240 ] glpi, security
[ MDVSA-2013:241 ] perl-Crypt-DSA, security
Multiple Vulnerabilities in X2CRM, High-Tech Bridge Security Research
GreHack 2013 - 15 Nov. Grenoble, France - Conf. Registration OPEN, Fab Duchene
[SECURITY] [DSA 2763-1] pyopenssl security update, Salvatore Bonaccorso
CVE-2013-5118 - XSS Good for Enterprise iOS, mario
Re: DC4420 - London DEFCON - September meet - Tuesday 24th September 2013, Tony Naggs
[IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin, Alexandro Silva
[SECURITY] [DSA 2762-1] icedove security update, Moritz Muehlenhoff
[ANN] Struts 2.3.15.2 GA release available - security fix, Lukasz Lenart
- Re: [ANN] Struts 2.3.15.2 GA release available - security fix, Emi Lu
Wordpress fgallery_plus Plugin Xss vulnerabilities, iedb . team
- <Possible follow-ups>
- Wordpress fgallery_plus Plugin Xss vulnerabilities, iedb . team
- Wordpress fgallery_plus Plugin Xss vulnerabilities, iedb . team
[security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS), security-alert
APPLE-SA-2013-09-20-1 Apple TV 6.0, Apple Product Security
Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability, Vulnerability Lab
[iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin, Alexandro Silva
[security bulletin] HPSBGN02923 rev.1 - HP ArcSight Enterprise Security Manager Management Web Interface, Remote Cross Site Scripting (XSS), security-alert
Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
[security bulletin] HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities, security-alert
[SECURITY] [DSA 2761-1] puppet security update, Raphael Geissert
[ MDVSA-2013:239 ] wordpress, security
[ MDVSA-2013:238 ] wireshark, security
[PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager, noreply
An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism, RBS Research
[slackware-security] glibc (SSA:2013-260-01), Slackware Security Team

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]