Mail Thread Index
- CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras,
CORE Advisories Team
- Open-Xchange Security Advisory 2013-07-31,
Martin Braun
- SQL Injection in Cotonti,
advisory
- [security bulletin] HPSBMU02902 rev.1 - HP Integrated Lights-Out iLO3, iLO4 IPMI Cipher Suite 0 Authentication Bypass Vulnerability,
security-alert
- Multiple XSS Vulnerabilities in Jahia xCM,
advisory
- Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- [KIS-2013-05] vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities,
Egidio Romano
- [KIS-2013-07] vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability,
Egidio Romano
- [KIS-2013-08] vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability,
Egidio Romano
- Cisco Security Advisory: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products,
Cisco Systems Product Security Incident Response Team
- Update: Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials,
krlovett
- [KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities,
Egidio Romano
- SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598),
Rustein, Fara Denise (LATCO - Buenos Aires)
- Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2013:205 ] gnupg,
security
- [security bulletin] HPSBUX02907 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [security bulletin] HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- Multiple vulnerabilities on D-Link DIR-645 devices,
roberto
- [security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS),
security-alert
- [SECURITY] [DSA 2733-1] otrs2 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 2732-1] chromium-browser security update,
Michael Gilbert
- [slackware-security] gnupg / libgcrypt (SSA:2013-215-01),
Slackware Security Team
- withU Music Share v1.3.7 iOS - Command Inject Vulnerability,
Vulnerability Lab
- FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- Rgpg 0.2.2 Ruby Gem Remote Command Injection,
larry0
- SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness,
SEC Consult Vulnerability Lab
- PuTTY SSH handshake heap overflow,
Gergely Eberhardt
- Joomla core <= 3.1.5 reflected XSS vulnerability,
Emilio Pinna
- HP LaserJet Pro printers remote admin password extraction,
michal . sajdak
- [ MDVSA-2013:206 ] owncloud,
security
- Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities,
Matias Fontanini
- Joomseller "Events Booking Pro" and "JSE Event" reflected XSS,
samelat
- Huawei B153 3G/UMTS router WPS weakness,
roberto . paleari
- [SECURITY] [DSA 2734-1] wireshark security update,
Moritz Muehlenhoff
- Usernoise 3.7.8 WP plugin cross-site scripting vulnerability,
roguecoder
- SocialEngine 4.5 TimeLine 4.2.5p9 upload file "PHP" in the Cover Image,
Wesley Henrique
- [slackware-security] samba (SSA:2013-218-03),
Slackware Security Team
- [slackware-security] httpd (SSA:2013-218-02),
Slackware Security Team
- [slackware-security] bind (SSA:2013-218-01),
Slackware Security Team
- [ MDVSA-2013:207 ] samba,
security
- [ MDVSA-2013:208 ] libtiff,
security
- [ MDVSA-2013:209 ] subversion,
security
- [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity,
Chip Childers
- Re: XSS vulnerability in guestbook-php-script,
yjtdgs
- Attacking Google Accounts with 'weblogin:' Tokens,
Craig Young
- Microsoft Yammer Social Network - oAuth Bypass (Session Token) Vulnerability,
Vulnerability Lab
- Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!,
Stefan Kanthak
- Multiple Vulnerabilities in BigTree CMS,
advisory
- [ MDVSA-2013:210 ] firefox,
security
- [SECURITY] [DSA 2735-1] iceweasel security update,
Moritz Muehlenhoff
- Apache suEXEC privilege elevation / information disclosure,
king cope
- Re: Apache suEXEC privilege elevation / information disclosure,
Kingcope
- Re: Apache suEXEC privilege elevation / information disclosure,
Reindl Harald
Trustport Webfilter Remote File Access Vulnerability,
oliver
Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability,
Cisco Systems Product Security Incident Response Team
CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities,
CORE Advisories Team
Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity,
Chip Childers
PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities,
Matias Fontanini
Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal,
Erik Hjelmvik
HP Data Protector Arbitrary Remote Command Execution,
alessandro . dipinto
[slackware-security] mozilla-firefox (SSA:2013-219-01),
Slackware Security Team
[slackware-security] seamonkey (SSA:2013-219-03),
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-219-02),
Slackware Security Team
Re: Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure,
Hv5hA5ms
Joomla! redSHOP component v1.2 SQL Injection,
Matias Fontanini
[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service,
security-alert
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy,
Stefan Kanthak
[RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities,
roguecoder
ReviewBoard Vulnerabilities,
Craig Young
[SECURITY] [DSA 2736-1] putty security update,
Salvatore Bonaccorso
[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing,
bugtraq
[ MDVSA-2013:211 ] lcms2,
security
[SECURITY] [DSA 2737-1] swift security update,
Thijs Kinkhorst
CakePHP AssetDispatcher Local File Inclusion Vulnerability,
検査検査
Struts2 Prefixed Parameters OGNL Injection Vulnerability,
検査検査
Struts2 Prefixed Parameters Open Redirect Vulnerability,
検査検査
[ MDVSA-2013:212 ] otrs,
security
[ MDVSA-2013:213 ] xymon,
security
[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow,
bugtraq
Subverting BIND's SRTT Algorithm: Derandomizing NS Selection,
Roee Hay
[security bulletin] HPSBMU02915 rev.1 - HP Service Manager, Remote Unauthenticated Access and Elevation of Privilege,
security-alert
CFP: WorldCIST'14 - World Conference on IST; Best papers published in JCR/ISI Journals,
WorldCIST
Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access,
kyle Lovett
Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities,
Vulnerability Lab
Open-Xchange Security Advisory 2013-08-16,
Martin Braun
MS Excel 2002/2003 CRN record 0day PoC,
geinblues
x90c WOFF Firefox 1day exploit,
geinblues
Defense in depth -- the Microsoft way (part 7): executable files in data directories,
Stefan Kanthak
[SECURITY] [DSA 2738-1] ruby1.9.1 security update,
Thijs Kinkhorst
Multiple vulnerabilities on Sitecom N300/N600 devices,
roberto . paleari
[security bulletin] HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability,
security-alert
[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow,
bugtraq
ESA-2013-047: RSA® Authentication Agent for PAM Unlimited Login Attempts Vulnerability,
Security Alert
Samsung DVR authentication bypass,
Andrea Fabrizi
[security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
Path Traversal in DeWeS Web Server (Twilight CMS),
High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in BackWPup WordPress Plugin,
High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Twilight CMS,
High-Tech Bridge Security Research
CVE-2013-4124 samba nttrans dos private exploit,
geinblues
[ MDVSA-2013:214 ] python,
security
Netgear ProSafe switches: Unauthenticated startup-config disclosure and Denial of Service,
post
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities,
Cisco Systems Product Security Incident Response Team
Windows Embedded POSReady 2009: cruft, not craft,
Stefan Kanthak
[security bulletin] HPSBGN02905 rev.2 - HP LoadRunner, HP Business Process Monitor, Remote Code Execution and Denial of Service (DoS),
security-alert
[SECURITY] [DSA 2739-1] cacti security update,
Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-13:10.sctp,
FreeBSD Security Advisories
[slackware-security] poppler (SSA:2013-233-03),
Slackware Security Team
[slackware-security] hplip (SSA:2013-233-01),
Slackware Security Team
[slackware-security] xpdf (SSA:2013-233-02),
Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast,
FreeBSD Security Advisories
[ MDVSA-2013:215 ] cacti,
security
CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework,
Pivotal Security Team
Joomla! VirtueMart component <= 2.0.22a - SQL Injection,
Matias Fontanini
[security bulletin] HPSBST02897 rev.1 - HP StoreOnce D2D Backup System, Remote Denial of Service (DoS),
security-alert
CVE-2013-4124 samba dos exploit,
geinblues
NEW VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability,
VMware Security Team
[ MDVSA-2013:217 ] spice,
security
[ MDVSA-2013:216 ] perl-Proc-ProcessTable,
security
[ MDVSA-2013:218 ] python-django,
security
[ MDVSA-2013:219 ] libtiff,
security
Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities,
iedb . team
PayPal Bug Bounty #110 - Auth Bypass (Session) Vulnerability,
Vulnerability Lab
[SECURITY] [DSA 2740-1] python-django security update,
Salvatore Bonaccorso
libtiff <= 3.9.5 integer overflow bug,
geinblues
Wordpress post-gallery Plugin Xss vulnerabilities,
iedb . team
Defense in depth -- the Microsoft way (part 8): execute everywhere!,
Stefan Kanthak
[SECURITY] [DSA 2741-1] chromium-browser security update,
Michael Gilbert
DC4420 - London DEFCON - August Meet - Tuesday 27th August 2013,
Major Malfunction
[SECURITY] [DSA 2742-1] php5 security update,
Florian Weimer
[SECURITY] [DSA 2743-1] kfreebsd-9 security update,
Aurelien Jarno
POC2013 Call for Paper,
pocadm
[ MDVSA-2013:220 ] lcms,
security
[ MDVSA-2013:221 ] php,
security
[SECURITY] [DSA 2744-1] tiff security update,
Moritz Muehlenhoff
[ MDVSA-2013:222 ] puppet,
security
IBM Lotus iNotes 8.5.x cross-site scripting vulnerabilities,
danielthomson72
AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request,
Asterisk Security Team
AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP,
Asterisk Security Team
Two Instagram Android App Security Vulnerabilities,
Georg Lukas
[security bulletin] HPSBHF02888 rev.3 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution,
security-alert
Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
[CORE-2013-0805] Aloaha PDF Suite Buffer Overflow Vulnerability,
CORE Advisories Team
CORE-2013-0808 - EPS Viewer Buffer Overflow Vulnerability,
CORE Advisories Team
CORE-2013-0726 - AVTECH DVR multiple vulnerabilities,
CORE Advisories Team
30C3 Call for Participation,
fukami
[SECURITY] [DSA 2745-1] linux security update,
dann frazier
Drupal Node View Permissions module and Flag module Vulnerabilities,
danielthomson72
CyberArk User Enumeration - Multiple vulnerabilities,
moshez
CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability,
kerem . kocaer
[SECURITY] [DSA 2746-1] icedove security update,
Moritz Muehlenhoff
UTA EDU University ENG - SQL Injection Vulnerability,
Vulnerability Lab
Department of Transport UK - SQL Injection Vulnerability,
Vulnerability Lab
Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability,
Vulnerability Lab
NEW VMSA-2013-0011 VMware ESXi and ESX address an NFC Protocol Unhandled Exception,
VMware Security Team
[slackware-security] php (SSA:2013-242-02),
Slackware Security Team
VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063),
VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059),
VUPEN Security Research
[ MDVSA-2013:223 ] asterisk,
security
VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059),
VUPEN Security Research
[slackware-security] gnutls (SSA:2013-242-01),
Slackware Security Team
Mail converted by MHonArc