Mail Thread Index

• Date Index

• [security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution, security-alert
• [SECURITY] [DSA 2807-1] links2 security update, Moritz Muehlenhoff
• WorldCIST'14 - Submission deadline: December 7, WorldCIST
• Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• D-Link DIR-XXX remote root access exploit., ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
• Multiple issues in OpenSSL - BN (multiprecision integer arithmetics)., ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
• [SECURITY] [DSA 2808-1] openjpeg security update, Raphael Geissert
• bugs in IJG jpeg6b & libjpeg-turbo, Michal Zalewski
• NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation, "VMware Security Response Center"
• [PT-2013-63] Hash Length Extension in HTMLPurifier, noreply
• Cross-Site Scripting (XSS) in Jamroom, High-Tech Bridge Security Research
• Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 2809-1] ruby1.8 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2810-1] ruby1.9.1 security update, Salvatore Bonaccorso
• Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day), Vulnerability Lab
• Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability, Egidio Romano
• NEW VMSA-2013-0015 VMware ESX updates to third party libraries, Edward Hawkins
• [slackware-security] mozilla-nss (SSA:2013-339-01), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2013-339-02), Slackware Security Team
• [slackware-security] seamonkey (SSA:2013-339-03), Slackware Security Team
• [slackware-security] hplip (SSA:2013-339-04), Slackware Security Team
• Opencart Multiple Vulnerabilities, trueend5
• [SECURITY] [DSA 2811-1] chromium-browser security update, Michael Gilbert
• LiveZilla 5.1.0.0 Reflected XSS in translations, zoczus
• Print n Share v5.5 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities, Security Alert
• [SECURITY] [DSA 2812-1] samba security update, Moritz Muehlenhoff
• Vulnerabilities in Apache Solr < 4.6.0, Nicolas Grégoire
• [SECURITY] [DSA 2814-1] varnish security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2813-1] gimp security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2815-1] munin security update, Salvatore Bonaccorso
• [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application, Daniel Wood
• EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution, nospam
• Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities, Vulnerability Lab
• LiveZilla 5.1.1.0 Stored XSS in operator clients, zoczus
• [security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability, CORE Advisories Team
• [security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS), security-alert
• Android Fragment Injection vulnerability, Roee Hay
• SQL Injection in InstantCMS, High-Tech Bridge Security Research
• Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities, Vulnerability Lab
• FlashCanvas 1.5 proxy.php XSS Vulnerability, code
• [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting, advisories
• ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities, Security Alert
• CORE-2013-0807 - Divide Error in Windows Kernel, CORE Advisories Team
  • Re: CORE-2013-0807 - Divide Error in Windows Kernel, CORE Advisories Team
• [CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection, mailing lists
• [CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup), mailing lists
• Microsoft PhotoStory - CS Cross Site Scripting Vulnerability, Vulnerability Lab
• Microsoft Yammer - Persistent Profile Vulnerabilities, Vulnerability Lab
• Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 2816-1] php5 security update, Thijs Kinkhorst
• [security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution, security-alert
• [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), security-alert
• [security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS), security-alert
• [security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update, security-alert
• [security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS), security-alert
• Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities, Vulnerability Lab
• DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013, Tony Naggs
• Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability, Stefan Esser
• Call for Papers -YSTS 8 - Information Security Conference, Brazil, Luiz Eduardo
• Last Call - 2sd World Conference on IST; Submission: December 29, WorldCIST
• [SECURITY] [DSA 2817-1] libtar security update, Luciano Bello
• LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client, zoczus
• LiveZilla 5.1.2.0 Insecure password storage, zoczus
• Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line, Larry W. Cashdollar
• Command injection vulnerability in Ruby Gem sprout 0.7.246, Larry W. Cashdollar
• LiveZilla 5.1.2.0 PHP Object Injection, zoczus
• Command injection in Ruby Gem Webbynode 1.0.5.3, Larry W. Cashdollar
• User Identity Spoofing in Bitrix Site Manager, High-Tech Bridge Security Research
• [SECURITY] [DSA 2818-1] mysql-5.5 security update, Salvatore Bonaccorso
• [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution, security-alert
• [SECURITY] [DSA 2819-1] End-of-life announcement for iceape, Moritz Muehlenhoff
• XSS and Full Path Disclosure in MijoSearch Joomla Extension, High-Tech Bridge Security Research
• APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1, Apple Product Security
• APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1, Apple Product Security
• FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message, Asterisk Security Team
• AST-2013-007: Asterisk Manager User Dialplan Permission Escalation, Asterisk Security Team
• QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability, Vulnerability Lab
• [slackware-security] mozilla-firefox (SSA:2013-350-04), Slackware Security Team
• [SECURITY] [DSA 2820-1] nspr security update, Raphael Geissert
• [slackware-security] libiodbc (SSA:2013-350-01), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2013-350-05), Slackware Security Team
• [slackware-security] llvm (SSA:2013-350-03), Slackware Security Team
• [slackware-security] libjpeg (SSA:2013-350-02), Slackware Security Team
• [slackware-security] ruby (SSA:2013-350-06), Slackware Security Team
• [slackware-security] seamonkey (SSA:2013-350-07), Slackware Security Team
• Hancom Office '.hml' file heap-based buffer overflow, diroverflow
• [ MDVSA-2013:287-1 ] drupal, security
• [ MDVSA-2013:288 ] subversion, security
• InfoSec Southwest 2014 CFP now open!, ISSW CFP
• CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability, CORE Advisories Team
• [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms, Christian Catalano
• [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin, Christian Catalano
• [CVE-2013-2764] Secure Entry Server - URL Redirection, Alexandre Herzog
• [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities, Alexandre Herzog
• [ MDVSA-2013:291 ] kernel, security
  • <Possible follow-ups>
  • [ MDVSA-2013:291 ] kernel, security
• [ MDVSA-2013:290 ] mediawiki, security
• [ MDVSA-2013:289 ] owncloud, security
• [ MDVSA-2013:292 ] links, security
• [ MDVSA-2013:293 ] gimp, security
• [ MDVSA-2013:294 ] gimp, security
• [SECURITY] [DSA 2821-1] gnupg security update, Thijs Kinkhorst
• [SECURITY] [DSA 2823-1] pixman security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2822-1] xorg-server security update, Moritz Muehlenhoff
• APPLE-SA-2013-12-19-1 Motion 5.1, Apple Product Security
• ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities, Security Alert
• [security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS), security-alert
• [ MDVSA-2013:295 ] gnupg, security
• [SECURITY] [DSA 2824-1] curl security update, Salvatore Bonaccorso
• Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities, Vulnerability Lab
• [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability, Matteo Beccati
• [ MDVSA-2013:296 ] wireshark, security
• [ MDVSA-2013:297 ] munin, security
• [SECURITY] [DSA 2825-1] wireshark security update, Moritz Muehlenhoff
• [ MDVSA-2013:298 ] php, security
• [slackware-security] gnupg (SSA:2013-354-01), Slackware Security Team
• [ MDVSA-2013:299 ] samba, security
• [SECURITY] [DSA 2826-1] denyhosts security update, Yves-Alexis Perez
• NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX, "VMware Security Response Center"
• ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability, Security Alert
• [ MDVSA-2013:300 ] asterisk, security
• [ MDVSA-2013:301 ] nss, security
• [SECURITY] [DSA 2827-1] libcommons-fileupload-java security update, Salvatore Bonaccorso
• ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability, Security Alert
• ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability, Security Alert
• [ MDVSA-2013:302 ] pixman, security
• Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin, High-Tech Bridge Security Research
• Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin, High-Tech Bridge Security Research
• Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin, High-Tech Bridge Security Research
• SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 2828-1] drupal6 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2829-1] hplip security update, Moritz Muehlenhoff
• CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition, Rodrigo Rubira Branco (BSDaemon)
• [security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities, security-alert
• [SECURITY] [DSA 2830-1] ruby-i18n security update, Florian Weimer