Mail Index
- GreHack 2013 - CFP EXTENDED TO JULY,16 - Conf: Nov. 15, Grenoble, France
- [slackware-security] mozilla-thunderbird (SSA:2013-180-02)
- From: Slackware Security Team
- joomla com_football Components Sql Injection vulnerability
- [slackware-security] mozilla-firefox (SSA:2013-180-01)
- From: Slackware Security Team
- Re: ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
- [security bulletin] HPSBST02846 SSRT100798 rev.2 - HP LeftHand Virtual SAN Appliance hydra, Remote Execution of Arbitrary Code
- [security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution
- [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure
- [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows
- [CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference
- Re: joomla com_football Components Sql Injection vulnerability
- Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access
- [ MDVSA-2013:187 ] apache-mod_security
- WordPress feed plugin Sql Injection
- [ MDVSA-2013:188 ] otrs
- [ MDVSA-2013:189 ] wordpress
- [ MDVSA-2013:190 ] autotrace
- WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities
- Real player resource exhaustion Vulnerability
- [ MDVSA-2013:191 ] fail2ban
- [ MDVSA-2013:192 ] php-radius
- [SECURITY] [DSA 2718-1] wordpress security update
- [security bulletin] HPSBUX02893 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS)
- [security bulletin] HPSBUX02889 SSRT101252 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- APPLE-SA-2013-07-02-1 Security Update 2013-003
- From: Apple Product Security
- Slots open for Security Projects :Open Source Showcase at AppSec Research / EU 2013
- Multiple Vulnerabilities in Kasseler CMS
- Multiple Vulnerabilities in OpenX
- Re: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access
- re: Real player resource exhaustion Vulnerability
- From: security curmudgeon
- Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability
- AVAST Internet Security Suite - Persistent Vulnerabilities
- AVAST Universal Core Installer - Multiple Vulnerabilities
- Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability
- AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities
- LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin
- From: LSE Leading Security Experts GmbH (Security Advisories)
- [SECURITY] [DSA 2720-1] icedove security update
- OS-Command Injection via UPnP Interface in multiple D-Link devices
- [oCERT-2013-001] File Roller path sanitization errors
- [SECURITY] [DSA 2721-1] nginx security update
- VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities
- From: VUPEN Security Research
- VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability
- From: VUPEN Security Research
- Avira Analysis Web Service - SQL Injection Vulnerability
- Authentication bypass in D-Link routers
- ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability
- ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability
- Authentication bypass in D-Link devices (session cookies not validated)
- Re: OS-Command Injection via UPnP Interface in multiple D-Link devices
- Re: OS-Command Injection via UPnP Interface in multiple D-Link devices
- [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
- Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
- Re: WordPress feed plugin Sql Injection
- Re: re: Real player resource exhaustion Vulnerability
- [HITB-Announce] REMINDER: #HITB2013KUL CFP Closes 25th July
- SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF
- From: SEC Consult Vulnerability Lab
- Re: re: Real player resource exhaustion Vulnerability
- Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution
- (CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability
- [security bulletin] HPSBST02896 rev.1 - HP StoreVirtual Storage, Remote Unauthorized Access
- Re: Project Pier Web Vulnerabilities
- Re: Cisco/Linksys E1200 N300 Reflected XSS
- [slackware-security] dbus (SSA:2013-191-01)
- From: Slackware Security Team
- VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
- [Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability
- From: Jose Carlos de Arriba
- Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability
- [SECURITY] [DSA 2719-1] poppler security update
- Hard-coded accounts on multiple network cameras
- [ MDVSA-2013:193 ] apache
- Facebook Url Redirection Vuln.
- Re: Wordpress wp-private-messages Plugin Sql Injection vulnerability
- [ MDVSA-2013:194 ] kernel
- Re: [Full-disclosure] XSS and SQL Injection Vulnerabilities in MiniBB
- Re: Facebook Url Redirection Vuln.
- Re: Facebook Url Redirection Vuln.
- Windows 7/8 admin account installation password stored in the clear in LSA Secrets
- Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets
- CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
- Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets
- CVE-2013-3568 - Linksys CSRF + Root Command Injection
- Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets
- Multiple vulnerabilities in McAfee ePO 4.6.6
- Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
- [security bulletin] HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege
- [Foreground Security 2013-002]: Corda Path Disclosure and XSS
- MiniUPnPd Information Disclosure (CVE-2013-2600)
- Re: MiniUPnPd Information Disclosure (CVE-2013-2600)
- Botconf 2013 - Call for short talks - Deadline Aug 31 2013
- Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
- [waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1
- [CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce
- Ruxcon 2013 Final Call For Papers
- [ MDVSA-2013:195 ] php
- [ MDVSA-2013:196 ] java-1.6.0-openjdk
- Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability
- [CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
- [SECURITY] [DSA 2722-1] openjdk-7 security update
- CVE-2013-4788 - Eglibc PTR MANGLE bug
- [security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure
- Squid-3.3.5 DoS PoC
- [CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities
- Re: Multiple vulnerabilities in McAfee ePO 4.6.6
- Nikon CoolPix L Series Fw1.0 - Information Disclosure Issue
- FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability
- Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability
- Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities
- Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities
- Re: [ MDVSA-2013:195 ] php
- [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
- Voice Logger astTECS - bypass login & arbitrary file download
- [security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
- [security bulletin] HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information
- [slackware-security] php (SSA:2013-197-01)
- From: Slackware Security Team
- XSS Vulnerabilities in OpenCms
- ESA-2013-055: EMC Avamar Multiple Vulnerabilities
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Intrusion Prevention System Software
- From: Cisco Systems Product Security Incident Response Team
- Re: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
- [security bulletin] HPSBHF02888 rev.2 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution
- Re: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
- [SECURITY] [DSA 2723-1] php5 security update
- WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities
- Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability
- Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities (Bug Bounty #17)
- ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities
- Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities
- [security bulletin] HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access
- [SE-2012-01] New Reflection API affected by a known 10+ years old attack
- From: Security Explorations
- Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit
- [security bulletin] HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
- [SECURITY] [DSA 2725-1] tomcat6 security update
- [SECURITY] [DSA 2724-1] chromium-browser security update
- DeepSec 2013 - Call for Papers - REMINDER
- Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials
- SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer
- From: SEC Consult Vulnerability Lab
- Re: [Full-disclosure] XSS Vulnerabilities in Serendipity
- [security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
- Download Lite v4.3 iOS - Persistent File Web Vulnerability
- Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities
- Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability
- Re: [Full-disclosure] [SE-2012-01] New Reflection API affected by a known 10+ years old attack
- Samsung TV - DoS vulnerability
- DirectShow Arbitrary Memory Overwrite Vulnerability ms13-056
- From: Andres Gomez Ramirez
- [CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
- [CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application
- Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability
- Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials
- Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities
- Juniper Secure Access XSS Vulnerability
- SurgeFtp Server BufferOverflow Vulnerability
- Defense in depth -- the Microsoft way (part 4)
- Photo Server 2.0 iOS - Multiple Critical Vulnerabilities
- Re: Samsung TV - DoS vulnerability
- CORE-2013-0705 - XnView Buffer Overflow Vulnerability
- From: CORE Advisories Team
- CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability
- From: CORE Advisories Team
- [ MDVSA-2013:197 ] mysql
- Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions!
- From: bhadresh . k . patel
- CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions
- From: CORE Advisories Team
- [ MDVSA-2013:198 ] libxml2
- Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets
- From: Albert Puigsech Galicia
- Cross-Site Scripting (XSS) in Magnolia CMS
- Cross-Site Scripting (XSS) in Duplicator WordPress Plugin
- Easy Blog by JM LLC - Multiple Vulnerabilities
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Video Surveillance Manager
- From: Cisco Systems Product Security Incident Response Team
- Basic Forum by JM LLC - Multiple Vulnerabilities
- iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability
- [security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service (DoS)
- [security bulletin] HPSBGN02906 rev.1 - HP Application Lifecycle Management Quality Center (ALM), Remote Cross Site Scripting (XSS)
- [ MDVSA-2013:199 ] squid
- [SECURITY] [DSA 2726-1] php-radius security update
- Xymon Systems and Network Monitor - remote file deletion vulnerability
- [security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code
- [SECURITY] [DSA 2727-1] openjdk-6 security update
- CA20130725-01: Security Notice for CA Service Desk Manager
- CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability
- CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability
- Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets
- Meet the folks of ws-attacker, BeEF, WAHH, sqlmap, Zed Attack Proxy, OWASP Top10, DOMinator, Minion, Mallodroid, and the inglorious bastards aka HackPra Allstars
- SEC Consult SA-20130726-0 :: Multiple vulnerabilities - Surveillance via Symantec Web Gateway
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2013:200 ] ruby
- [ MDVSA-2013:201 ] ruby
- FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 2728-1] bind9 security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-13:07.bind
- From: FreeBSD Security Advisories
- Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
- [Announcement] CHMag - Call for Articles
- Re: DEFCON London - DC4420 July - social event - Tuesday 30th July 2013
- [SECURITY] [DSA 2729-1] openafs security update
- Private Photos v1.0 iOS - Persistent Path Web Vulnerability
- Private Photos v1.0 iOS - Persistent Path Web Vulnerability
- WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability
- [ MDVSA-2013:202 ] bind
- DEFCON London - DC4420 July - social event - Tuesday 30th July 2013
- ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability
- WorldCIST'14 - World Conference on IST, 15 - 18 April 2014, at Madeira Island
- [security bulletin] HPSBGN02904 rev.1 - HP SiteScope running SOAP, Remote Code Execution
- [SECURITY] [DSA 2731-1] libgcrypt11 security update
- [SECURITY] [DSA 2730-1] gnupg security update
- [ MDVSA-2013:203 ] phpmyadmin
- [ MDVSA-2013:204 ] wireshark
- MojoPortal XSS
- NGS00434 Technical Advisory: Oracle Hyperion 11 Directory Traversal
- NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE
Mail converted by MHonArc