Mail Thread Index

• Date Index

• GreHack 2013 - CFP EXTENDED TO JULY,16 - Conf: Nov. 15, Grenoble, France, F. Duchene
• [slackware-security] mozilla-thunderbird (SSA:2013-180-02), Slackware Security Team
• joomla com_football Components Sql Injection vulnerability, iedb . team
  • Re: joomla com_football Components Sql Injection vulnerability, Packet Storm
• [slackware-security] mozilla-firefox (SSA:2013-180-01), Slackware Security Team
• Re: ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability, security_alert
• [security bulletin] HPSBST02846 SSRT100798 rev.2 - HP LeftHand Virtual SAN Appliance hydra, Remote Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution, security-alert
• [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure, Jarek Gawor
• [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows, Inshell Security
• [CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference, Inshell Security
• Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access, kyle Lovett
  • <Possible follow-ups>
  • Re: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access, krlovett
• [ MDVSA-2013:187 ] apache-mod_security, security
• WordPress feed plugin Sql Injection, iedb . team
  • Re: WordPress feed plugin Sql Injection, Henri Salo
• [ MDVSA-2013:188 ] otrs, security
• [ MDVSA-2013:189 ] wordpress, security
• [ MDVSA-2013:190 ] autotrace, security
• WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities, iedb . team
• Real player resource exhaustion Vulnerability, akshay . vaghela
  • <Possible follow-ups>
  • re: Real player resource exhaustion Vulnerability, security curmudgeon
  • Re: re: Real player resource exhaustion Vulnerability, akshay . vaghela
    • Re: re: Real player resource exhaustion Vulnerability, Henri Salo
• [ MDVSA-2013:191 ] fail2ban, security
• [ MDVSA-2013:192 ] php-radius, security
• [SECURITY] [DSA 2718-1] wordpress security update, Yves-Alexis Perez
• [security bulletin] HPSBUX02893 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS), security-alert
• [security bulletin] HPSBUX02889 SSRT101252 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• APPLE-SA-2013-07-02-1 Security Update 2013-003, Apple Product Security
• Slots open for Security Projects :Open Source Showcase at AppSec Research / EU 2013, Dirk W
• Multiple Vulnerabilities in Kasseler CMS, advisory
• Multiple Vulnerabilities in OpenX, advisory
• Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability, Vulnerability Lab
• AVAST Internet Security Suite - Persistent Vulnerabilities, Vulnerability Lab
• AVAST Universal Core Installer - Multiple Vulnerabilities, Vulnerability Lab
• Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability, Vulnerability Lab
• AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities, Vulnerability Lab
• LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin, LSE Leading Security Experts GmbH (Security Advisories)
• [SECURITY] [DSA 2720-1] icedove security update, Moritz Muehlenhoff
• OS-Command Injection via UPnP Interface in multiple D-Link devices, devnull
  • <Possible follow-ups>
  • Re: OS-Command Injection via UPnP Interface in multiple D-Link devices, krlovett
  • Re: OS-Command Injection via UPnP Interface in multiple D-Link devices, devnull
• [oCERT-2013-001] File Roller path sanitization errors, Daniele Bianco
• [SECURITY] [DSA 2721-1] nginx security update, Nico Golde
• VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities, VUPEN Security Research
• VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability, VUPEN Security Research
• Avira Analysis Web Service - SQL Injection Vulnerability, Vulnerability Lab
• Authentication bypass in D-Link routers, doylej . ia
• ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability, Security Alert
• ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability, Security Alert
• Authentication bypass in D-Link devices (session cookies not validated), doylej . ia
• [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification, security-alert
  • Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification, Neusbeer
• [HITB-Announce] REMINDER: #HITB2013KUL CFP Closes 25th July, Hafez Kamal
• SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF, SEC Consult Vulnerability Lab
• Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution, kyle Lovett
• (CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability, chanam . park
• [security bulletin] HPSBST02896 rev.1 - HP StoreVirtual Storage, Remote Unauthorized Access, security-alert
• Re: Project Pier Web Vulnerabilities, the infinitenigma
• Re: Cisco/Linksys E1200 N300 Reflected XSS, the infinitenigma
• [slackware-security] dbus (SSA:2013-191-01), Slackware Security Team
• VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe, Stefan Kanthak
• [Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability, Jose Carlos de Arriba
• Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2719-1] poppler security update, Michael Gilbert
• Hard-coded accounts on multiple network cameras, roberto . paleari
• [ MDVSA-2013:193 ] apache, security
• Facebook Url Redirection Vuln., CANSIN YILDIRIM
  • Re: Facebook Url Redirection Vuln., Anthony Dubuissez
    • Re: Facebook Url Redirection Vuln., Jann Horn
• Re: Wordpress wp-private-messages Plugin Sql Injection vulnerability, Henri Salo
• [ MDVSA-2013:194 ] kernel, security
• Re: [Full-disclosure] XSS and SQL Injection Vulnerabilities in MiniBB, Henri Salo
• Windows 7/8 admin account installation password stored in the clear in LSA Secrets, Dnegel X.
  • Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets, Rob
    • Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets, Dnegel X.
      • Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets, Marco Ivaldi
• CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2, cyoung
• CVE-2013-3568 - Linksys CSRF + Root Command Injection, vuln-report
• Multiple vulnerabilities in McAfee ePO 4.6.6, NCIRC INFOSEC EVAL
  • <Possible follow-ups>
  • Re: Multiple vulnerabilities in McAfee ePO 4.6.6, Harold_Toomey
• Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95, NCIRC INFOSEC EVAL
• [security bulletin] HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege, security-alert
• [Foreground Security 2013-002]: Corda Path Disclosure and XSS, Adam Willard
• MiniUPnPd Information Disclosure (CVE-2013-2600), cyoung
  • Re: MiniUPnPd Information Disclosure (CVE-2013-2600), Jeffrey Walton
• Botconf 2013 - Call for short talks - Deadline Aug 31 2013, Eric Freyssinet
• Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units, kyle Lovett
  • <Possible follow-ups>
  • Re: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units, krlovett
  • Re: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units, krlovett
• [waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1, come2waraxe
• [CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce, Craig Young
• Ruxcon 2013 Final Call For Papers, cfp
• [ MDVSA-2013:195 ] php, security
  • Re: [ MDVSA-2013:195 ] php, Gabriel Maggiotti
• [ MDVSA-2013:196 ] java-1.6.0-openjdk, security
• Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability, Frédéric Basse
• [CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection, Frédéric Basse
• [SECURITY] [DSA 2722-1] openjdk-7 security update, Moritz Muehlenhoff
• CVE-2013-4788 - Eglibc PTR MANGLE bug, Hector Marco
• [security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure, security-alert
• Squid-3.3.5 DoS PoC, king cope
• [CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities, Craig Young
• Nikon CoolPix L Series Fw1.0 - Information Disclosure Issue, Vulnerability Lab
• FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability, Vulnerability Lab
• Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities, Vulnerability Lab
• Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities, Vulnerability Lab
• [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4, 醉麻
• Voice Logger astTECS - bypass login & arbitrary file download, Michał Błaszczak
• [security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
• [security bulletin] HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information, security-alert
• [slackware-security] php (SSA:2013-197-01), Slackware Security Team
• XSS Vulnerabilities in OpenCms, advisory
• ESA-2013-055: EMC Avamar Multiple Vulnerabilities, Security Alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Intrusion Prevention System Software, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBHF02888 rev.2 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution, security-alert
• [SECURITY] [DSA 2723-1] php5 security update, Florian Weimer
• WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability, Vulnerability Lab
• Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities (Bug Bounty #17), Vulnerability Lab
• ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access, security-alert
• [SE-2012-01] New Reflection API affected by a known 10+ years old attack, Security Explorations
  • Re: [Full-disclosure] [SE-2012-01] New Reflection API affected by a known 10+ years old attack, Jeffrey Walton
• Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit, th_decoder
• [security bulletin] HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities, security-alert
• [SECURITY] [DSA 2725-1] tomcat6 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2724-1] chromium-browser security update, Michael Gilbert
• DeepSec 2013 - Call for Papers - REMINDER, deepsec
• Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials, kyle Lovett
• SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer, SEC Consult Vulnerability Lab
• Re: [Full-disclosure] XSS Vulnerabilities in Serendipity, Henri Salo
• [security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities, security-alert
• Download Lite v4.3 iOS - Persistent File Web Vulnerability, Vulnerability Lab
• Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities, Vulnerability Lab
• Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability, Vulnerability Lab
• Samsung TV - DoS vulnerability, malik
  • <Possible follow-ups>
  • Re: Samsung TV - DoS vulnerability, malik
• DirectShow Arbitrary Memory Overwrite Vulnerability ms13-056, Andres Gomez Ramirez
• [CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz, Jacopo Cappellato
• [CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application, Jacopo Cappellato
• Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability, Vulnerability Lab
• Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials, kyle Lovett
• Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities, Vulnerability Lab
• Juniper Secure Access XSS Vulnerability, Anil Pazvant
• SurgeFtp Server BufferOverflow Vulnerability, Anil Pazvant
• Defense in depth -- the Microsoft way (part 4), Stefan Kanthak
• Photo Server 2.0 iOS - Multiple Critical Vulnerabilities, Vulnerability Lab
• CORE-2013-0705 - XnView Buffer Overflow Vulnerability, CORE Advisories Team
• CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability, CORE Advisories Team
• [ MDVSA-2013:197 ] mysql, security
• Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions!, bhadresh . k . patel
• CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions, CORE Advisories Team
• [ MDVSA-2013:198 ] libxml2, security
• Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets, Albert Puigsech Galicia
  • Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets, Kingcope
• Cross-Site Scripting (XSS) in Magnolia CMS, advisory
• Cross-Site Scripting (XSS) in Duplicator WordPress Plugin, advisory
• Easy Blog by JM LLC - Multiple Vulnerabilities, Sp3ctrecore ­
• Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Video Surveillance Manager, Cisco Systems Product Security Incident Response Team
• Basic Forum by JM LLC - Multiple Vulnerabilities, Sp3ctrecore ­
• iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability, Vulnerability Lab
• [security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service (DoS), security-alert
• [security bulletin] HPSBGN02906 rev.1 - HP Application Lifecycle Management Quality Center (ALM), Remote Cross Site Scripting (XSS), security-alert
• [ MDVSA-2013:199 ] squid, security
• [SECURITY] [DSA 2726-1] php-radius security update, Thijs Kinkhorst
• Xymon Systems and Network Monitor - remote file deletion vulnerability, Henrik Størner
• [security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2727-1] openjdk-6 security update, Moritz Muehlenhoff
• CA20130725-01: Security Notice for CA Service Desk Manager, Kotas, Kevin J
• CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability, Herbert Duerr
• CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability, Herbert Duerr
• Meet the folks of ws-attacker, BeEF, WAHH, sqlmap, Zed Attack Proxy, OWASP Top10, DOMinator, Minion, Mallodroid, and the inglorious bastards aka HackPra Allstars, Dirk Wetter
• SEC Consult SA-20130726-0 :: Multiple vulnerabilities - Surveillance via Symantec Web Gateway, SEC Consult Vulnerability Lab
• [ MDVSA-2013:200 ] ruby, security
• [ MDVSA-2013:201 ] ruby, security
• FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver, FreeBSD Security Advisories
• [SECURITY] [DSA 2728-1] bind9 security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-13:07.bind, FreeBSD Security Advisories
• Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities, Stefan Kanthak
• [Announcement] CHMag - Call for Articles, abhijeet
• [SECURITY] [DSA 2729-1] openafs security update, Moritz Muehlenhoff
• Private Photos v1.0 iOS - Persistent Path Web Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • Private Photos v1.0 iOS - Persistent Path Web Vulnerability, Vulnerability Lab
• WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability, Vulnerability Lab
• [ MDVSA-2013:202 ] bind, security
• DEFCON London - DC4420 July - social event - Tuesday 30th July 2013, Tony Naggs
  • Re: DEFCON London - DC4420 July - social event - Tuesday 30th July 2013, Tony Naggs
• ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability, Security Alert
• WorldCIST'14 - World Conference on IST, 15 - 18 April 2014, at Madeira Island, maria Lemos
• [security bulletin] HPSBGN02904 rev.1 - HP SiteScope running SOAP, Remote Code Execution, security-alert
• [SECURITY] [DSA 2731-1] libgcrypt11 security update, Thijs Kinkhorst
• [SECURITY] [DSA 2730-1] gnupg security update, Thijs Kinkhorst
• [ MDVSA-2013:203 ] phpmyadmin, security
• [ MDVSA-2013:204 ] wireshark, security
• MojoPortal XSS, vulns
• NGS00434 Technical Advisory: Oracle Hyperion 11 Directory Traversal, NCC Group Research
• NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE, NCC Group Research