Mail Index
- [ MDVSA-2013:264 ] firefox
- [security bulletin] HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution
- [security bulletin] HPSBMU02872 SSRT101185 rev.3 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
- [security bulletin] HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code
- [security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
- [SECURITY] [DSA 2789-1] strongswan security update
- [security bulletin] HPSBMU02874 SSRT101184 rev.2 - HP Service Manager, Java Runtime Environment (JRE) Security Update
- [security bulletin] HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution
- pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities
- [security bulletin] HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
- [SECURITY] [DSA 2790-1] nss security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-thunderbird (SSA:2013-307-01)
- From: Slackware Security Team
- XSS and CSRF Horde Groupware Web mail Edition
- CSRF Horde Groupware Web mail Edition
- XADV-2013003 Linux Kernel eCryptfs write_tag_3_packet Heap Buffer Overflow Vulnerability
- [SECURITY] [DSA 2791-1] tryton-client security update
- Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563
- [SECURITY] [DSA 2792-1] wireshark security update
- From: Salvatore Bonaccorso
- ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.
- ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities.
- [ISecAuditors Security Advisories] SQL Injection vulnerability in "Project'Or RIA" allow arbitrary access to the database and the file system
- From: ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"
- From: ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] LinkedIn social network is affected by Persistent Cross-Site Scripting vulnerability
- From: ISecAuditors Security Advisories
- wordpress jigoshop Plugin path disclosure vulnerabilities
- [SOJOBO-ADV-13-03] - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting
- Open-Xchange Security Advisory 2013-11-06
- SQL Injection in appRain
- From: High-Tech Bridge Security Research
- CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass
- From: CORE Advisories Team
- Cisco Security Advisory: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)
- From: Dirk-Willem van Gulik
- Cisco Security Advisory: Cisco WAAS Mobile Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CFP BugCON 2014 - Mexico City
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Apple MacOSX 10.9 Hard Link Memory Corruption
- RE: FP BugCON 2014 - Mexico City
- Word 2003 SP2 .doc fork bomb on WinXP SP3
- WorldCIST'14 - World Conference on IST; Submission deadline: November 29
- Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
- [SECURITY] [DSA 2793-1] libav security update
- XADV-2013003 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow
- [ MDVSA-2013:265 ] kernel
- Vulnerability in Pydio/AjaXplorer < = 5.0.3
- Vulnerability in Pydio/AjaXplorer <= 5.0.3
- [SECURITY] [DSA 2794-1] spip security update
- From: Salvatore Bonaccorso
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
- vulnerability issue for DB2 express
- XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3
- WebSurgery v1.1 released (Web application security testing suite)
- WebSurgery v1.1 released (Web application security testing suite)
- RUCKUS ADVISORY ID 111113-1: Authenticated code injection vulnerability in ZoneDirector administrative web interface
- From: Ruckus Product Security Team
- Re: Apple MacOSX 10.9 Hard Link Memory Corruption
- Fwd: vulnerability issue for DB2 express
- Fwd: RUCKUS ADVISORY ID 111113-2: Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers
- From: Ruckus Product Security Team
- [security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information
- [SECURITY] [DSA 2795-1] lighttpd security update
- LastPass Android container PIN and auto-wipe security feature bypass (CVE-2013-5113/5114)
- Cross-Site Scripting (XSS) in Zikula Application Framework
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 2796-1] torque security update
- From: Salvatore Bonaccorso
- Android Superuser shell character escape vulnerability
- Superuser "su --daemon" vulnerability on Android >= 4.3
- Superuser unsanitized environment vulnerability on Android <= 4.2.x
- [SECURITY] [DSA 2797-1] icedove security update
- Dahua DVR Authentication Bypass - CVE-2013-6117
- Re: DS3 Authentication Server - Multiple Issues
- Re: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
- Re: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
- Re: [security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- APPLE-SA-2013-11-14-1 iOS 7.0.4
- From: Apple Product Security
- Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
- NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability
- From: "VMware Security Response Center"
- Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
- Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin
- From: High-Tech Bridge Security Research
- [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability
- XADV-2013005 FreeBSD 10 <= nand Driver IOCTL Kernel Memory Leak Bug
- XADV-2013006 FreeBSD <= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs
- [SECURITY] [DSA 2795-2] lighttpd regression update
- [SECURITY] [DSA 2797-1] chromium-browser security update
- [SECURITY] [DSA 2798-1] curl security update
- Information Security Forecast 2014
- [OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass
- Re: Fwd: vulnerability issue for DB2 express
- [SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities
- [slackware-security] mozilla-firefox (SSA:2013-322-01)
- From: Slackware Security Team
- [slackware-security] openssh (SSA:2013-322-02)
- From: Slackware Security Team
- [slackware-security] samba (SSA:2013-322-03)
- From: Slackware Security Team
- PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability
- [slackware-security] seamonkey (SSA:2013-322-04)
- From: Slackware Security Team
- PayPal Inc Bug Bounty #42 - Persistent POST Inject Vulnerability
- Paypal Inc Bug Bounty #47 ALYZ - Persistent Search Vulnerability
- SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution
- FreeBSD Security Advisory FreeBSD-SA-13:14.openssh
- From: FreeBSD Security Advisories
- 16TH AVAR INTERNATIONAL SECURITY CONFERENCE 2013 - (4th-7th Dec'13, Chennai. India)
- [ MDVSA-2013:266 ] java-1.6.0-openjdk
- [ MDVSA-2013:267 ] java-1.7.0-openjdk
- ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities
- pineapp mailsecure remote no authenticated privilege escalation & remote execution code
- XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow
- XADV-2013008 Linux Kernel 3.11.7 <= sk_attach_filter Kernel Heap Corruption
- XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow
- Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install)
- [ MDVSA-2013:268 ] torque
- Paypal Bug Bounty #14 - Persistent Payment Mail Encoding Vulnerability
- Mybb Ajaxfs Plugin Sql Injection vulnerability
- Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities
- [ MDVSA-2013:269 ] firefox
- [ MDVSA-2013:270 ] nss
- [SECURITY] [DSA 2798-2] curl security update
- From: Salvatore Bonaccorso
- [ MDVSA-2013:273 ] libjpeg
- [ MDVSA-2013:271 ] pmake
- [ MDVSA-2013:272 ] poppler
- [ MDVSA-2013:275 ] krb5
- [ MDVSA-2013:277 ] lighttpd
- Facebook Vulnerability Discloses Friends Lists Defined as Private
- Instagram Photo Upload and Flattr Money Redirection Vulnerability
- [ MDVSA-2013:276 ] curl
- [ MDVSA-2013:274 ] libjpeg
- [ MDVSA-2013:278 ] samba
- [SECURITY] [DSA 2801-1] libhttp-body-perl security update
- From: Salvatore Bonaccorso
- DC4420 (DefCon London) meeting next Tuesday, 26th November 2013
- ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
- [SECURITY] [DSA 2802-1] nginx security update
- CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater
- Unauthorized console access on Satechi travel router v1.5
- [ MDVSA-2013:279 ] wireshark
- [ MDVSA-2013:280 ] memcached
- [ MDVSA-2013:281 ] nginx
- Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
- Open-Xchange Security Advisory 2013-11-25
- [ MDVSA-2013:282 ] perl-HTTP-Body
- [ MDVSA-2013:283 ] glibc
- [ MDVSA-2013:284 ] glibc
- [SECURITY] [DSA 2800-1] nss security update
- From: Salvatore Bonaccorso
- [ MDVSA-2013:285 ] bugzilla
- [ MDVSA-2013:286 ] ruby
- [SECURITY] [DSA 2803-1] quagga security update
- [ MDVSA-2013:287 ] drupal
- [SECURITY] [DSA 2804-1] drupal7 security update
- [security bulletin] HPSBGN02942 rev.1 - HP Service Manager and ServiceCenter, Remote Code Execution
- Multiple Cross-Site Scripting (XSS) in Claroline
- From: High-Tech Bridge Security Research
- SQL Injection in Dokeos
- From: High-Tech Bridge Security Research
- SQL Injection in Chamilo LMS
- From: High-Tech Bridge Security Research
- [HITB-Announce] #HITB2014AMS Call for Papers Now Open
- [SECURITY] [DSA 2805-1] sup-mail security update
- RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface
- From: Ruckus Product Security Team
- NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-13:14.openssh [REVISED]
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 2806-1] nbd security update
Mail converted by MHonArc