Mail Index

• Thread Index

• [security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 2807-1] links2 security update
  • From: Moritz Muehlenhoff
• WorldCIST'14 - Submission deadline: December 7
  • From: WorldCIST
• Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• D-Link DIR-XXX remote root access exploit.
  • From: ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
• Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).
  • From: ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
• [SECURITY] [DSA 2808-1] openjpeg security update
  • From: Raphael Geissert
• bugs in IJG jpeg6b & libjpeg-turbo
  • From: Michal Zalewski
• NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
  • From: "VMware Security Response Center"
• [PT-2013-63] Hash Length Extension in HTMLPurifier
  • From: noreply
• Cross-Site Scripting (XSS) in Jamroom
  • From: High-Tech Bridge Security Research
• Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 2809-1] ruby1.8 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2810-1] ruby1.9.1 security update
  • From: Salvatore Bonaccorso
• Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day)
  • From: Vulnerability Lab
• Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability
  • From: Egidio Romano
• NEW VMSA-2013-0015 VMware ESX updates to third party libraries
  • From: Edward Hawkins
• [slackware-security] mozilla-nss (SSA:2013-339-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2013-339-02)
  • From: Slackware Security Team
• [slackware-security] seamonkey (SSA:2013-339-03)
  • From: Slackware Security Team
• [slackware-security] hplip (SSA:2013-339-04)
  • From: Slackware Security Team
• Opencart Multiple Vulnerabilities
  • From: trueend5
• [SECURITY] [DSA 2811-1] chromium-browser security update
  • From: Michael Gilbert
• LiveZilla 5.1.0.0 Reflected XSS in translations
  • From: zoczus
• Print n Share v5.5 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities
  • From: Security Alert
• [SECURITY] [DSA 2812-1] samba security update
  • From: Moritz Muehlenhoff
• Vulnerabilities in Apache Solr < 4.6.0
  • From: Nicolas Grégoire
• [SECURITY] [DSA 2814-1] varnish security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2813-1] gimp security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2815-1] munin security update
  • From: Salvatore Bonaccorso
• [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application
  • From: Daniel Wood
• EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution
  • From: nospam
• Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
  • From: Vulnerability Lab
• LiveZilla 5.1.1.0 Stored XSS in operator clients
  • From: zoczus
• [security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability
  • From: CORE Advisories Team
• [security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS)
  • From: security-alert
• Android Fragment Injection vulnerability
  • From: Roee Hay
• SQL Injection in InstantCMS
  • From: High-Tech Bridge Security Research
• Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• FlashCanvas 1.5 proxy.php XSS Vulnerability
  • From: code
• [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
  • From: advisories
• ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities
  • From: Security Alert
• CORE-2013-0807 - Divide Error in Windows Kernel
  • From: CORE Advisories Team
• Re: CORE-2013-0807 - Divide Error in Windows Kernel
  • From: CORE Advisories Team
• [CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection
  • From: mailing lists
• [CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup)
  • From: mailing lists
• Microsoft PhotoStory - CS Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• Microsoft Yammer - Persistent Profile Vulnerabilities
  • From: Vulnerability Lab
• Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 2816-1] php5 security update
  • From: Thijs Kinkhorst
• [security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
  • From: security-alert
• [security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS)
  • From: security-alert
• [security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update
  • From: security-alert
• [security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
  • From: security-alert
• Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities
  • From: Vulnerability Lab
• DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013
  • From: Tony Naggs
• Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability
  • From: Stefan Esser
• Call for Papers -YSTS 8 - Information Security Conference, Brazil
  • From: Luiz Eduardo
• Last Call - 2sd World Conference on IST; Submission: December 29
  • From: WorldCIST
• [SECURITY] [DSA 2817-1] libtar security update
  • From: Luciano Bello
• LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client
  • From: zoczus
• LiveZilla 5.1.2.0 Insecure password storage
  • From: zoczus
• Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line
  • From: Larry W. Cashdollar
• Command injection vulnerability in Ruby Gem sprout 0.7.246
  • From: Larry W. Cashdollar
• LiveZilla 5.1.2.0 PHP Object Injection
  • From: zoczus
• Command injection in Ruby Gem Webbynode 1.0.5.3
  • From: Larry W. Cashdollar
• Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• User Identity Spoofing in Bitrix Site Manager
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 2818-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 2819-1] End-of-life announcement for iceape
  • From: Moritz Muehlenhoff
• XSS and Full Path Disclosure in MijoSearch Joomla Extension
  • From: High-Tech Bridge Security Research
• APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1
  • From: Apple Product Security
• APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1
  • From: Apple Product Security
• FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message
  • From: Asterisk Security Team
• AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
  • From: Asterisk Security Team
• QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability
  • From: Vulnerability Lab
• [slackware-security] mozilla-firefox (SSA:2013-350-04)
  • From: Slackware Security Team
• [SECURITY] [DSA 2820-1] nspr security update
  • From: Raphael Geissert
• [slackware-security] libiodbc (SSA:2013-350-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2013-350-05)
  • From: Slackware Security Team
• [slackware-security] llvm (SSA:2013-350-03)
  • From: Slackware Security Team
• [slackware-security] libjpeg (SSA:2013-350-02)
  • From: Slackware Security Team
• [slackware-security] ruby (SSA:2013-350-06)
  • From: Slackware Security Team
• [slackware-security] seamonkey (SSA:2013-350-07)
  • From: Slackware Security Team
• Hancom Office '.hml' file heap-based buffer overflow
  • From: diroverflow
• [ MDVSA-2013:287-1 ] drupal
  • From: security
• [ MDVSA-2013:288 ] subversion
  • From: security
• InfoSec Southwest 2014 CFP now open!
  • From: ISSW CFP
• CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability
  • From: CORE Advisories Team
• [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms
  • From: Christian Catalano
• [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin
  • From: Christian Catalano
• [CVE-2013-2764] Secure Entry Server - URL Redirection
  • From: Alexandre Herzog
• [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities
  • From: Alexandre Herzog
• [ MDVSA-2013:291 ] kernel
  • From: security
• [ MDVSA-2013:290 ] mediawiki
  • From: security
• [ MDVSA-2013:289 ] owncloud
  • From: security
• [ MDVSA-2013:291 ] kernel
  • From: security
• [ MDVSA-2013:292 ] links
  • From: security
• [ MDVSA-2013:293 ] gimp
  • From: security
• [ MDVSA-2013:294 ] gimp
  • From: security
• [SECURITY] [DSA 2821-1] gnupg security update
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 2823-1] pixman security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2822-1] xorg-server security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2013-12-19-1 Motion 5.1
  • From: Apple Product Security
• ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities
  • From: Security Alert
• [security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS)
  • From: security-alert
• [ MDVSA-2013:295 ] gnupg
  • From: security
• [SECURITY] [DSA 2824-1] curl security update
  • From: Salvatore Bonaccorso
• Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities
  • From: Vulnerability Lab
• [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability
  • From: Matteo Beccati
• [ MDVSA-2013:296 ] wireshark
  • From: security
• [ MDVSA-2013:297 ] munin
  • From: security
• [SECURITY] [DSA 2825-1] wireshark security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2013:298 ] php
  • From: security
• [slackware-security] gnupg (SSA:2013-354-01)
  • From: Slackware Security Team
• [ MDVSA-2013:299 ] samba
  • From: security
• [SECURITY] [DSA 2826-1] denyhosts security update
  • From: Yves-Alexis Perez
• NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
  • From: "VMware Security Response Center"
• ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
  • From: Security Alert
• [ MDVSA-2013:300 ] asterisk
  • From: security
• Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2013:301 ] nss
  • From: security
• [SECURITY] [DSA 2827-1] libcommons-fileupload-java security update
  • From: Salvatore Bonaccorso
• ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability
  • From: Security Alert
• ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability
  • From: Security Alert
• [ MDVSA-2013:302 ] pixman
  • From: security
• Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin
  • From: High-Tech Bridge Security Research
• Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin
  • From: High-Tech Bridge Security Research
• Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin
  • From: High-Tech Bridge Security Research
• SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 2828-1] drupal6 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2829-1] hplip security update
  • From: Moritz Muehlenhoff
• CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition
  • From: Rodrigo Rubira Branco (BSDaemon)
• [security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 2830-1] ruby-i18n security update
  • From: Florian Weimer