Mail Index

• Thread Index

• [SECURITY] [DSA 2831-1] puppet security update
  • From: Luciano Bello
• [SECURITY] [DSA 2832-1] memcached security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2833-1] openssl security update
  • From: Moritz Muehlenhoff
• CFP - IEEE Co-sponsored CyberSec2014 - Lebanon Section
  • From: The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic
• [SECURITY] [DSA 2834-1] typo3-src security update
  • From: Salvatore Bonaccorso
• [CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node
  • From: Tomaz Muraus
• Path Traversal in eduTrac
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA 2835-1] asterisk security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2836-1] devscripts security update
  • From: Raphael Geissert
• Open-Xchange Security Advisory 2014-01-06
  • From: Martin Braun
• [HITB-Announce] HITB Magazine Issue 10 Out Now
  • From: Hafez Kamal
• AusCERT2014 Call for Presentations and Tutorials
  • From: AusCERT
• SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -
  • From: sisco . barrera
• [SECURITY] [DSA 2837-1] openssl security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2838-1] libxfont security update
  • From: Moritz Muehlenhoff
• Multiple Vulnerabilities in Horizon QCMS
  • From: High-Tech Bridge Security Research
• Improper Authentication in Burden
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 2839-1] spice security update
  • From: Salvatore Bonaccorso
• nullcon Blackshield Awards 2014
  • From: nullcon
• [CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)
  • From: Felipe Molina
• Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users
  • From: David Nalley
• Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access
  • From: David Nalley
• [SECURITY] [DSA 2840-1] srtp security update
  • From: Salvatore Bonaccorso
• [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow
  • From: Pedro Ribeiro
• Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2841-1] movabletype-opensource security update
  • From: Moritz Muehlenhoff
• CISTI'2014: List of Workshops
  • From: ML
• NETGEAR WNR1000v3 Password Recovery Vulnerability
  • From: c1ph04mail
• [ MDVSA-2014:001 ] kernel
  • From: security
• [SECURITY] [DSA 2842-1] libspring-java security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2843-1] graphviz security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)
  • From: security-alert
• [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application
  • From: Daniel Wood
• [slackware-security] php (SSA:2014-013-03)
  • From: Slackware Security Team
• [slackware-security] samba (SSA:2014-013-04)
  • From: Slackware Security Team
• [slackware-security] libXfont (SSA:2014-013-01)
  • From: Slackware Security Team
• CVE-2013-6430 Possible XSS when using Spring MVC
  • From: Pivotal Security Team
• FreeBSD Security Advisory FreeBSD-SA-14:03.openssl
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:04.bind
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:02.ntpd
  • From: FreeBSD Security Advisories
• [CVE-2014-1238] Cross Site Scripting(XSS) in q-pulse application
  • From: ali . hussein
• CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete
  • From: Pivotal Security Team
• FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 2844-1] djvulibre security update
  • From: Raphael Geissert
• Online OWASP Security Challenges
  • From: Ivan Buetler
• [slackware-security] openssl (SSA:2014-013-02)
  • From: Slackware Security Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control System
  • From: Cisco Systems Product Security Incident Response Team
• CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers
  • From: Alexandre Herzog
• [HITB-Announce] #HITB2014AMS Call for Papers - FINAL CALL
  • From: Hafez Kamal
• SQL Injection in Sexy Polling Joomla Extension
  • From: High-Tech Bridge Security Research
• [ MDVSA-2014:002 ] bind
  • From: security
• [ MDVSA-2014:003 ] nrpe
  • From: security
• [ MDVSA-2014:005 ] ejabberd
  • From: security
• [ MDVSA-2014:006 ] libxslt
  • From: security
• [ MDVSA-2014:004 ] nagios
  • From: security
• [security bulletin] HPSBUX02961 SSRT101420 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
  • From: security-alert
• Open-Xchange Security Advisory 2014-01-17
  • From: Martin Braun
• [ MDVSA-2014:007 ] openssl
  • From: security
• [ MDVSA-2014:008 ] openjpeg
  • From: security
• [ MDVSA-2014:010 ] memcached
  • From: security
• [ MDVSA-2014:009 ] librsvg
  • From: security
• [SECURITY] [DSA 2845-1] mysql-5.1 security update
  • From: Moritz Muehlenhoff
• Ammyy Admin - Hidden hard-coded option and Access Control vulnerability.
  • From: bhadresh . k . patel
• [SECURITY] [DSA 2831-2] puppet regression update
  • From: Salvatore Bonaccorso
• SI6 Networks' IPv6 Toolkit v1.5.2 released!
  • From: Fernando Gont
• [SECURITY] [DSA 2846-1] libvirt security update
  • From: Moritz Muehlenhoff
• Secunia Research: OpenPNE PHP Object Injection Vulnerability
  • From: Secunia Research
• [ MDVSA-2014:011 ] java-1.7.0-openjdk
  • From: security
• [ MDVSA-2014:012 ] nss
  • From: security
• [SECURITY] [DSA 2847-1] drupal7 security update
  • From: Salvatore Bonaccorso
• [ MDVSA-2014:013 ] libxfont
  • From: security
• [ MDVSA-2014:014 ] php
  • From: security
• [FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20
  • From: research-feedback
• SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
  • From: SEC Consult Vulnerability Lab
• [ MDVSA-2014:015 ] cups
  • From: security
• [ MDVSA-2014:016 ] spice
  • From: security
• [ MDVSA-2014:017 ] net-snmp
  • From: security
• [ MDVSA-2014:018 ] net-snmp
  • From: security
• [ MDVSA-2014:019 ] elinks
  • From: security
• Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:020 ] x11-server
  • From: security
• CISTI'2014: CFP - Doctoral Symposium
  • From: ML
• CONFidence 2014- Call for Papers
  • From: Andrzej Targosz
• APPLE-SA-2014-01-22-1 iTunes 11.1.4
  • From: Apple Product Security
• Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page
  • From: tudor . enache
• SQL Injection in JV Comment Joomla Extension
  • From: High-Tech Bridge Security Research
• Cross-Site Scripting (XSS) in Komento Joomla Extension
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 2848-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• [CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module
  • From: ali . hussein
• [CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7
  • From: Christian Catalano
• [SECURITY] [DSA 2826-2] denyhosts regression update
  • From: Yves-Alexis Perez
• [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)
  • From: cjlacayo
• [CTF] nullcon HackIM 2014 will start at 24-01-2014, when the clock will strike at 11:59 (+5:30 GMT)
  • From: nullcon
• Security Vulnerabilities in Apache Cordova / PhoneGap
  • From: mgeorgiev
• [ MDVSA-2014:022 ] augeas
  • From: security
• [ MDVSA-2014:021 ] perl-Proc-Daemon
  • From: security
• [ MDVSA-2014:023 ] hplip
  • From: security
• [ MDVSA-2014:024 ] graphviz
  • From: security
• Multiple Vulnerabilities in Eventum
  • From: High-Tech Bridge Security Research
• DC4420 - London DEFCON - January meet - Tuesday 28th January 2014
  • From: Major Malfunction
• Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability
  • From: Vulnerability Lab
• Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail
  • From: Mark Litchfield
• [slackware-security] mozilla-nss (SSA:2014-028-02)
  • From: Slackware Security Team
• SiteCore XML Control Script Insertion
  • From: Mark Litchfield
• [slackware-security] bind (SSA:2014-028-01)
  • From: Slackware Security Team
• SimplyShare v1.4 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Ektron CMS Take Over - Hijacking Accounts
  • From: Mark Litchfield
• Joomla! JomSocial component < 3.1.0.1 - Remote code execution
  • From: Matias Fontanini
• [SECURITY] [DSA 2849-1] curl security update
  • From: Florian Weimer
• [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service
  • From: Security Explorations