Mail Index

• Thread Index

• [SECURITY] [DSA 2850-1] libyaml security update
  • From: Salvatore Bonaccorso
• CVE-2014-1213 - Denial of Service in Sophos Anti Virus
  • From: advisories
• [SECURITY] [DSA 2851-1] drupal6 security update
  • From: Salvatore Bonaccorso
• Security advisory, LedgerSMB 1.3.0-1.3.36
  • From: Chris Travers
• [slackware-security] pidgin (SSA:2014-034-01)
  • From: Slackware Security Team
• Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14
  • From: marcel . mangold
• ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
  • From: Security Alert
• Multiple SQL Injection Vulnerabilities in AuraCMS
  • From: High-Tech Bridge Security Research
• SQL Injection in doorGets CMS
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 2853-1] horde3 security update
  • From: Luciano Bello
• Inteno DG301 Command Injection
  • From: post
• [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail
  • From: ISecAuditors Security Advisories
• [SECURITY] [DSA 2855-1] libav security update
  • From: Moritz Muehlenhoff
• [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
  • From: Mark Thomas
• German Telekom Bug Bounty #9 - Code Execution Vulnerability
  • From: Vulnerability Lab
• CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin
  • From: advisories
• German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability
  • From: Vulnerability Lab
• AlienVault OSSIM SQL Injection vulnerability
  • From: jakx . ppr
• CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability
  • From: CORE Advisories Team
• [SECURITY] [DSA 2852-1] libgadu security update
  • From: Florian Weimer
• Information on recently-fixed Oracle VM VirtualBox vulnerabilities
  • From: Matthew Daley
• gpEasy v4.3.x CMS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability
  • From: Vulnerability Lab
• WHMCS Denial of Service Vulnerability
  • From: iedb . team
• [SECURITY] [DSA 2856-1] libcommons-fileupload-java security update
  • From: Florian Weimer
• [oCERT-2014-001] MantisBT input sanitization errors
  • From: Andrea Barisani
• [SECURITY] [DSA 2857-1] libspring-java security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2014-039-01)
  • From: Slackware Security Team
• #CONFidence 2014- Call for Papers, only 0111 days left to become CONFidence ninja
  • From: Andrzej Targosz
• [slackware-security] seamonkey (SSA:2014-039-03)
  • From: Slackware Security Team
• ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure
  • From: kyle Lovett
• [slackware-security] mozilla-thunderbird (SSA:2014-039-02)
  • From: Slackware Security Team
• Phpbb Forum Denial of Service Vulnerability
  • From: iedb . team
• Open-Xchange Security Advisory 2014-02-10
  • From: Martin Braun
• [SECURITY] [DSA 2858-1] iceweasel security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2859-1] pidgin security update
  • From: Moritz Muehlenhoff
• [mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation
  • From: john . fitzpatrick
• Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln
  • From: iedb . team
• WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2014:025 ] pidgin
  • From: security
• [SECURITY] [DSA 2860-1] parcimonie security update
  • From: Salvatore Bonaccorso
• [CVE-2014-1903] FreePBX 2.9 through 12 RCE
  • From: rob . thomas
• [SECURITY] [DSA 2850-2] libyaml regression update
  • From: Salvatore Bonaccorso
• jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2014:026 ] openldap
  • From: security
• Mybb All Version Denial of Service Vulnerability
  • From: iedb . team
• APPLE-SA-2014-02-11-1 Boot Camp 5.1
  • From: Apple Product Security
• ASUS RT Series Routers FTP Service - Default anonymous access
  • From: kyle Lovett
• [ MDVSA-2014:027 ] php
  • From: security
• Re: ASUS RT Series Routers FTP Service - Default anonymous access
  • From: kyle Lovett
• Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability
  • From: Pietro Oliva
• Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability
  • From: Pietro Oliva
• [ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com)
  • From: ISecAuditors Security Advisories
• Critical security flaws in Nagios NRPE client/server crypto
  • From: Aaron Zauner
• RE: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option
  • From: Williams, James K
• [ MDVSA-2014:028 ] mariadb
  • From: security
• [slackware-security] ntp (SSA:2014-044-02)
  • From: Slackware Security Team
• [slackware-security] curl (SSA:2014-044-01)
  • From: Slackware Security Team
• [ MDVSA-2014:029 ] mysql
  • From: security
• ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities
  • From: Security Alert
• [ MDVSA-2014:034 ] yaml
  • From: security
• [ MDVSA-2014:031 ] drupal
  • From: security
• [ MDVSA-2014:033 ] socat
  • From: security
• [ MDVSA-2014:032 ] flite
  • From: security
• CISTI'2014: List of Workshops
  • From: ML
• [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection
  • From: no-reply
• phpMyBackupPro-2.4 Cross-Site Scripting vulnerability
  • From: iedb . team
• Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console
  • From: kyle Lovett
• Office Assistant Pro v2.2.2 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• File Hub v1.9.1 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 2861-1] file security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2862-1] chromium-browser security update
  • From: Michael Gilbert
• Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE
  • From: Ronen Z
• My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2014:035 ] libpng
  • From: security
• [ MDVSA-2014:036 ] varnish
  • From: security
• Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec
  • From: cfp2014
• [ MDVSA-2014:037 ] ffmpeg
  • From: security
• [ MDVSA-2014:038 ] kernel
  • From: security
• Re: [Full-disclosure] CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger
  • From: Tim Brown
• SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection
  • From: SEC Consult Vulnerability Lab
• [ MDVSA-2014:040 ] puppet
  • From: security
• CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server
  • From: Portcullis Advisories
• [SECURITY] [DSA 2863-1] libtar security update
  • From: Luciano Bello
• [ MDVSA-2014:039 ] libgadu
  • From: security
• CA20140218-01: Security Notice for CA 2E Web Option
  • From: Williams, James K
• [ MDVSA-2014:041 ] python
  • From: security
• [ MDVSA-2014:043 ] gnutls
  • From: security
• [ MDVSA-2014:042 ] tomcat6
  • From: security
• Barracuda Message Archiver 650 - Persistent Web Vulnerability
  • From: Vulnerability Lab
• Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software
  • From: Cisco Systems Product Security Incident Response Team
• Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1
  • From: adrianomarciomonteiro
• [ MDVSA-2014:044 ] zarafa
  • From: security
• VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution
  • From: Julien Ahrens
• [HITB-Announce] Haxpo CFP
  • From: Hafez Kamal
• [slackware-security] kernel (SSA:2014-050-03)
  • From: Slackware Security Team
• [slackware-security] mariadb, mysql (SSA:2014-050-02)
  • From: Slackware Security Team
• SQL Injection in AdRotate
  • From: High-Tech Bridge Security Research
• [ MDVSA-2014:045 ] libtar
  • From: security
• Android & iOS Hands-on Exploitation at SyScan 2014
  • From: xys3c team
• [SECURITY] [DSA 2864-1] postgresql-8.4 security update
  • From: Moritz Muehlenhoff
• [CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12
  • From: Eric Flokstra
• [slackware-security] gnutls (SSA:2014-050-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 2865-1] postgresql-9.1 security update
  • From: Moritz Muehlenhoff
• ASUS router drive-by code execution via XSS and authentication bypass
  • From: buqtraq
• Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:046 ] phpmyadmin
  • From: security
• CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:047 ] postgresql
  • From: security
• 44CON 2014 September 11th - 12th CFP Open
  • From: Steve
• CVE-2014-1223 - Cross-site Scripting in Telligent Evolution
  • From: Portcullis Advisories
• APPLE-SA-2014-02-21-1 iOS 6.1.6
  • From: Apple Product Security
• APPLE-SA-2014-02-21-2 iOS 7.0.6
  • From: Mihaela Popescu-Stanesti
• APPLE-SA-2014-02-21-3 Apple TV 6.0.2
  • From: Mihaela Popescu-Stanesti
• APPLE-SA-2014-02-21-2 iOS 7.0.6
  • From: Apple Product Security
• APPLE-SA-2014-02-21-1 iOS 6.1.6
  • From: Apple Product Security
• APPLE-SA-2014-02-21-3 Apple TV 6.0.2
  • From: Apple Product Security
• DC4420 - London DEFCON - meeting Tuesday, 25th February 2014
  • From: Major Malfunction
• [SECURITY] [DSA 2866-1] gnutls26 security update
  • From: Salvatore Bonaccorso
• [CISTI'2014]: Iberian Conference on IST; Barcelona; Deadline: February 28
  • From: ML
• [SECURITY] [DSA 2867-1] otrs2 security update
  • From: Salvatore Bonaccorso
• Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability
  • From: Vulnerability Lab
• WiFiles HD v1.3 iOS - File Include Web Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
  • From: security-alert
• [security bulletin] HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure
  • From: security-alert
• [SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled
  • From: Mark Thomas
• [SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
  • From: Mark Thomas
• [SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications
  • From: Mark Thomas
• [SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
  • From: Mark Thomas
• Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities
  • From: Vulnerability Lab
• [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard
  • From: RedTeam Pentesting GmbH
• APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
  • From: Apple Product Security
• APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2
  • From: Apple Product Security
• [security bulletin] HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
  • From: security-alert
• [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information
  • From: security-alert
• [security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates
  • From: security-alert
• APPLE-SA-2014-02-25-3 QuickTime 7.7.5
  • From: Apple Product Security
• Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
  • From: innate
• Persistent XSS in Media File Renamer V1.7.0 wordpress plugin
  • From: Larry W. Cashdollar
• Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability
  • From: Vulnerability Lab
• Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability
  • From: Vulnerability Lab
• Office 365 - Account Hijacking Cookie Re-Use Flaw, extended
  • From: "Oei, Géry"
• Update: CVE-2014-0053 Information Disclosure when using Grails
  • From: Pivotal Security Team
• SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System)
  • From: SEC Consult Vulnerability Lab
• Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin
  • From: High-Tech Bridge Security Research
• [slackware-security] subversion (SSA:2014-058-01)
  • From: Slackware Security Team
• SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server
  • From: SEC Consult Vulnerability Lab