Mail Thread Index

• Date Index

• [slackware-security] gnutls (SSA:2013-242-03), Slackware Security Team
• [SECURITY] [DSA 2747-1] cacti security update, Florian Weimer
• list of vulnerability discovered by RealPentesting, Pedro Guillen
• Full Disclosure - Multiple vulnerabilities in five Zoom ADSL Modem/Routers, kyle Lovett
• Defense in depth -- the Microsoft way (part 9): erroneous documentation, Stefan Kanthak
• IndiaNIC Testimonail WP plugin - Multiple vulnerabilities, roguecoder
• [SECURITY] [DSA 2740-2] python-django regression update, Florian Weimer
• [SECURITY] [DSA 2748-1] exactimage security update, Florian Weimer
• Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption, king cope
• [SECURITY] [DSA 2749-1] asterisk security update, Moritz Muehlenhoff
• [ MDVSA-2013:224 ] libtiff, security
• [ MDVSA-2013:225 ] libdigidoc, security
• ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities, Security Alert
• PayPal's "invalid" aksession Padding Oracle Flaw, Timothy D. Morgan
• [SECURITY] [DSA 2750-1] imagemagick security update, Florian Weimer
• [PSA-2013-0903-1] Apple Safari Heap Buffer Overflow, bugtraq
• SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities, SEC Consult Vulnerability Lab
• Call for Paper/Event - nullcon Goa 2014, nullcon
• Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2751-1] libmodplug security update, Raphael Geissert
• [ MDVSA-2013:226 ] roundcubemail, security
• CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals, Maria Lemos
• APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4, Mihaela Popescu-Stanesti
  • <Possible follow-ups>
  • APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4, Apple Product Security
• [CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities, CORE Advisories Team
• Event Easy Calendar 1.0.0 WP plugin, roguecoder
• [SECURITY] [DSA 2752-1] phpbb3 security update, Thijs Kinkhorst
• [CVE-2013-5701] Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability, Julien Ahrens
• [slackware-security] subversion (SSA:2013-251-01), Slackware Security Team
• [ MDVSA-2013:227 ] python-setuptools, security
• Multiple vulnerabilities on D-Link Dir-505 devices, alessandro . dipinto
• Open-Xchange Security Advisory 2013-09-10, Martin Braun
• [ MDVSA-2013:228 ] cacti, security
• FreeBSD Security Advisory FreeBSD-SA-13:12.ifioctl, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-13:13.nullfs, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-13:10.sctp [REVISED], FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-13:11.sendfile, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast [REVISED], FreeBSD Security Advisories
• [ MDVSA-2013:229 ] bzr, security
• [security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse, security-alert
• eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability, Vulnerability Lab
• Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities, Vulnerability Lab
• Synology DSM multiple vulnerabilities, Andrea Fabrizi
• [security bulletin] HPSBUX02926 SSRT101281 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 2754-1] exactimage security update, Raphael Geissert
• Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability, Vulnerability Lab
• Insecure CHIASMUS encryption in GSTOOL, Jan Schejbal
• Cross-Site Scripting (XSS) in WikkaWiki, High-Tech Bridge Security Research
• ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation in kbdint authentication, king cope
• [SECURITY] [DSA 2755-1] python-django security update, Salvatore Bonaccorso
• OWASP Zed Attack Proxy 2.2.0, psiinon
• [ MDVSA-2013:230 ] gdm, security
• [security bulletin] HPSBUX02928 SSRT101274 rev.1 - HP-UX running perl, Remote Denial of Service (DoS), security-alert
• [ MDVSA-2013:231 ] openswan, security
• [iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin, Alexandro Silva
• APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004, Apple Product Security
• APPLE-SA-2013-09-12-2 Safari 5.1.10, Apple Product Security
• WordPress Fixes Multiple Vulnerabilities With 3.6.1 Release, danielthomson72
• OpenSSL,OpenSSH ecdsa authentication code inconsistent return values.. no vulnerability?, king cope
• [SECURITY] [DSA 2753-1] mediawiki security update, Thijs Kinkhorst
• [ MDVSA-2013:233 ] python-OpenSSL, security
• [SECURITY] [DSA 2756-1] wireshark security update, Moritz Muehlenhoff
• Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability, brianwarehime
• [ MDVSA-2013:232 ] libmodplug, security
• [ MDVSA-2013:234 ] python-django, security
• [SECURITY] [DSA 2757-1] wordpress security update, Yves-Alexis Perez
• Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability, emilio . pinn
• OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption, Kevin W. Wall
• Botconf 2013 - Pre-programme pubished & registration open (Nantes, France, 5-6/12/2013), Eric Freyssinet
• [ MDVSA-2013:235 ] mediawiki, security
• ExpressionEngine 2.6 Persistent XSS, Richard Clifford
• EarthVPN certificate configuration vulnerabilities, y6whynrzab
• [ MDVSA-2013:236 ] subversion, security
• APPLE-SA-2013-09-17-1 OS X Server v2.2.2, Apple Product Security
• [SECURITY] [DSA 2758-1] python-django security update, Salvatore Bonaccorso
• [slackware-security] mozilla-firefox (SSA:2013-260-02), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2013-260-03), Slackware Security Team
• [ MDVSA-2013:237 ] firefox, security
• SQL Injection in vtiger CRM, High-Tech Bridge Security Research
• [SECURITY] [DSA 2759-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2760-1] chrony security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU02917 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Remote Command Execution and Privilege Escalation, security-alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability, Cisco Systems Product Security Incident Response Team
• APPLE-SA-2013-09-18-1 iTunes 11.1, Apple Product Security
• APPLE-SA-2013-09-18-2 iOS 7, Apple Product Security
• [security bulletin] HPSBUX02927 SSRT101288 rev.1 - HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• APPLE-SA-2013-09-18-3 Xcode 5.0, Apple Product Security
• CVE-2013-5210 Adtran Netvanta Remote Code Injection via XSS, J. Oquendo
• Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability, Vulnerability Lab
• [security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities, security-alert
• [slackware-security] glibc (SSA:2013-260-01), Slackware Security Team
• An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism, RBS Research
• [PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager, noreply
• [ MDVSA-2013:238 ] wireshark, security
• Re: %windir%\temp\sso\ssoexec.dll (or: howtrustworthy is Microsoft's build process), Stefan Kanthak
• [ MDVSA-2013:239 ] wordpress, security
• [security bulletin] HPSBGN02923 rev.1 - HP ArcSight Enterprise Security Manager Management Web Interface, Remote Cross Site Scripting (XSS), security-alert
• [SECURITY] [DSA 2761-1] puppet security update, Raphael Geissert
• [security bulletin] HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities, security-alert
• Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
• [iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin, Alexandro Silva
• Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability, Vulnerability Lab
• APPLE-SA-2013-09-20-1 Apple TV 6.0, Apple Product Security
• [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS), security-alert
• Wordpress fgallery_plus Plugin Xss vulnerabilities, iedb . team
  • <Possible follow-ups>
  • Wordpress fgallery_plus Plugin Xss vulnerabilities, iedb . team
  • Wordpress fgallery_plus Plugin Xss vulnerabilities, iedb . team
• [ANN] Struts 2.3.15.2 GA release available - security fix, Lukasz Lenart
  • Re: [ANN] Struts 2.3.15.2 GA release available - security fix, Emi Lu
• [SECURITY] [DSA 2762-1] icedove security update, Moritz Muehlenhoff
• [IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin, Alexandro Silva
• Re: DC4420 - London DEFCON - September meet - Tuesday 24th September 2013, Tony Naggs
• CVE-2013-5118 - XSS Good for Enterprise iOS, mario
• [SECURITY] [DSA 2763-1] pyopenssl security update, Salvatore Bonaccorso
• GreHack 2013 - 15 Nov. Grenoble, France - Conf. Registration OPEN, Fab Duchene
• Multiple Vulnerabilities in X2CRM, High-Tech Bridge Security Research
• [ MDVSA-2013:240 ] glpi, security
• [ MDVSA-2013:241 ] perl-Crypt-DSA, security
• [security bulletin] HPSBMU02872 SSRT101185 rev.2 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS), security-alert
• Cisco Security Advisory: Cisco IOS Software Queue Wedge Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability, Cisco Systems Product Security Incident Response Team
  • AW: Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability, Aichhorn, Herbert
• Cisco Security Advisory: Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability, Cisco Systems Product Security Incident Response Team
• joomla com_zimbcomment Components Local File Include vulnerability, iedb . team
  • <Possible follow-ups>
  • Re:joomla com_zimbcomment Components Local File Include vulnerability, Sergio Tam
• [SECURITY] [DSA 2764-1] libvirt security update, Moritz Muehlenhoff
• XAMPP 1.8.1 Local Write Access Vulnerability, ISecAuditors Security Advisories
• [ MDVSA-2013:242 ] kernel, security
• [ISecAuditors Security Advisories] Multiple Reflected Cross-Site Scripting vulnerabilities, ISecAuditors Security Advisories
• ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability, Security Alert
• APPLE-SA-2013-09-26-1 iOS 7.0.2, Apple Product Security
• [SECURITY] [DSA 2765-1] davfs2 security update, Luciano Bello
• [SECURITY] [DSA 2766-1] linux-2.6 security update, dann frazier
• [ MDVSA-2013:243 ] polkit, security
• [IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert, Alexandro Silva
• Linux Kernel Patches For Linux Kernel Security, geinblues
• [slackware-security] seamonkey (SSA:2013-271-01), Slackware Security Team
• [SECURITY] [DSA 27671-1] proftpd-dfsg security update, Nico Golde
• [CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability, guillaume