Mail Index

• Thread Index

• Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability
  • From: Vulnerability Lab
• CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki
  • From: Portcullis Advisories
• CVE-2014-5880 - Authentication Bypass in Oracle Demantra
  • From: Portcullis Advisories
• Re: CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
  • From: Arron Dowdeswell
• Re: CVE-2014-5880 - Authentication Bypass in Oracle Demantra
  • From: Arron Dowdeswell
• CVE-2014-0372 - SQL Injection in Oracle Demantra
  • From: Portcullis Advisories
• CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
  • From: Portcullis Advisories
• [CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0
  • From: Christian Catalano
• ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
  • From: Security Alert
• WordPress thecotton Themes Remote File Upload Vulnerability
  • From: iedb . team
• [CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0
  • From: Christian Catalano
• [CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0
  • From: Christian Catalano
• [CVE-2013-6234] XSS File Upload in SpagoBI v4.0
  • From: Christian Catalano
• [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
  • From: Julien Ahrens
• [SECURITY] [DSA 2868-1] php5 security update
  • From: Salvatore Bonaccorso
• CFP: Passwords^14, Las Vegas, August 5-6
  • From: Per Thorsheim
• [SECURITY] [DSA 2869-1] gnutls26 security update
  • From: Yves-Alexis Perez
• [slackware-security] gnutls (SSA:2014-062-01)
  • From: Slackware Security Team
• [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation
  • From: iclelland
• JOIDS (Java OpenID Server) multiple vulnerabilities
  • From: Bartlomiej Balcerek
• [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults
  • From: iclelland
• Public disclosure of Buffer Overflow Dassault Systems
  • From: 0xnanoquetz9l
• (Added CVE) Dassault Systemes Catia Stack Buffer Overflow
  • From: 0xnanoquetz9l
• PHP: patch to make session handling with default config more secure against local attackers
  • From: Jann Horn
• [security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity
  • From: security-alert
• CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box
  • From: alejandr0.w3b.p0wn3r
• Cross-Site Scripting (XSS) in Ilch CMS
  • From: High-Tech Bridge Security Research
• Multiple Vulnerabilities in OpenDocMan
  • From: High-Tech Bridge Security Research
• ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities
  • From: Security Alert
• [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure
  • From: Gustavo Speranza
• Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
  • From: Cisco Systems Product Security Incident Response Team
• [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure
  • From: Gustavo Speranza
• [slackware-security] sudo (SSA:2014-064-01)
  • From: Slackware Security Team
• [ANN] Struts 2.3.16.1 GA release available - security fix
  • From: Lukasz Lenart
• SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• CVE-2014-2044 - Remote Code Execution in ownCloud
  • From: Portcullis Advisories
• SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access
  • From: security-alert
• [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability
  • From: contact
• E-Store (1.0 & 2.0) <= SQL Injection Vulnerability
  • From: Alkeraithe
• [SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update
  • From: Salvatore Bonaccorso
• [ MDVSA-2014:048 ] gnutls
  • From: security
• [ MDVSA-2014:049 ] subversion
  • From: security
• [SECURITY] [DSA 2871-1] wireshark security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2872-1] udisks security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability
  • From: security-alert
• Android Vulnerability: Install App Without User Explicit Consent
  • From: Daniel Divricean
• APPLE-SA-2014-03-10-1 iOS 7.1
  • From: Apple Product Security
• [ MDVSA-2014:050 ] wireshark
  • From: security
• APPLE-SA-2014-03-10-2 Apple TV 6.1
  • From: Apple Product Security
• AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
  • From: Asterisk Security Team
• AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers
  • From: Asterisk Security Team
• AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver
  • From: Asterisk Security Team
• AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling
  • From: Asterisk Security Team
• [security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF)
  • From: security-alert
• [security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS)
  • From: security-alert
• [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue
  • From: Guillaume Ross
• [slackware-security] udisks, udisks2 (SSA:2014-070-01)
  • From: Slackware Security Team
• CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
  • From: CORE Advisories Team
• Medium severity flaw in BlackBerry QNX Neutrino RTOS
  • From: Tim Brown
• [SECURITY] [DSA 2873-1] file security update
  • From: Salvatore Bonaccorso
• CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
  • From: Pivotal Security Team
• CVE-2014-1904 XSS when using Spring MVC
  • From: Pivotal Security Team
• CVE-2014-0097 Spring Security Blank password may bypass user authentication
  • From: Pivotal Security Team
• NEW VMSA-2014-0002 VMware vSphere updates to third party libraries
  • From: "VMware Security Response Center"
• CVE-2014-1222 - Local File Inclusion in Vtiger CRM
  • From: Portcullis Advisories
• CVE-2014-2043 - SQL Injection in Procentia IntelliPen
  • From: Portcullis Advisories
• Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
  • From: Larry W. Cashdollar
• Cross-Site Scripting (XSS) in Open Classifieds
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 2876-1] cups security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2874-1] mutt security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2875-1] cups-filters security update
  • From: Moritz Muehlenhoff
• PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319)
  • From: Hanno Böck
• Synology DSM4 Blind SQL Injection
  • From: Michael Wisniewski
• [SECURITY] [DSA 2877-1] lighttpd security update
  • From: Michael Gilbert
• [slackware-security] mutt (SSA:2014-071-01)
  • From: Slackware Security Team
• [ MDVSA-2014:051 ] file
  • From: security
• [ MDVSA-2014:052 ] net-snmp
  • From: security
• [ MDVSA-2014:053 ] libssh
  • From: security
• [ MDVSA-2014:055 ] owncloud
  • From: security
• [ MDVSA-2014:054 ] otrs
  • From: security
• Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS
  • From: Tim Brown
• [ MDVSA-2014:056 ] apache-commons-fileupload
  • From: security
• [ MDVSA-2014:057 ] mediawiki
  • From: security
• [security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA 2878-1] virtualbox security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges
  • From: security-alert
• [ MDVSA-2014:058 ] freeradius
  • From: security
• ActiVPN launches its security bug bounty
  • From: Ninja ActiVPN
• [CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution
  • From: Julien Ahrens
• [SECURITY] [DSA 2879-1] libssh security update
  • From: Raphael Geissert
• [slackware-security] samba (SSA:2014-072-01)
  • From: Slackware Security Team
• NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode
  • From: NCC Group Research
• Multiple Vulnerabilities in SeedDMS < = 4.3.3
  • From: craig . arendt
• [ MDVSA-2014:059 ] php
  • From: security
• [ MDVSA-2014:060 ] imapsync
  • From: security
• [ MDVSA-2014:061 ] oath-toolkit
  • From: security
• [slackware-security] php (SSA:2014-074-01)
  • From: Slackware Security Team
• exploit for old rlpdaemon bug
  • From: Nomen Nescio
• MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
  • From: submit
• Open-Xchange Security Advisory 2014-03-17
  • From: Martin Braun
• [ MDVSA-2014:062 ] webmin
  • From: security
• [ MDVSA-2014:064 ] udisks
  • From: security
• [ MDVSA-2014:063 ] x2goserver
  • From: security
• [SECURITY] [DSA 2880-1] python2.7 security update
  • From: Moritz Muehlenhoff
• =?utf-7?q?Microsoft Forefront Protection for Exchange Server detected a virus?=
  • From: ForefrontServerProtection
• 2014 World Conference on IST - Madeira Island, April 15-17
  • From: ML
• ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability
  • From: Security Alert
• (CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE)
  • From: Fernando Gont
• Cross-Site Scripting (XSS) in CMSimple
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 2881-1] iceweasel security update
  • From: Moritz Muehlenhoff
• Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2859-2] pidgin security update
  • From: Raphael Geissert
• Shakacon 2014: Call for Papers - Deadline April 11th
  • From: Shakacon
• Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2014:065 ] apache
  • From: security
• [SECURITY] [DSA 2882-1] extplorer security update
  • From: Giuseppe Iuculano
• [ MDVSA-2014:066 ] nss
  • From: security
• NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation
  • From: NCC Group Research
• [SECURITY] [DSA 2883-1] chromium-browser security update
  • From: Michael Gilbert
• c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops
  • From: c0c0n International Information Security Conference
• CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting
  • From: Daniel Marques
• ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability
  • From: Security Alert
• Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti
  • From: CERT
• Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga
  • From: CERT
• Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk
  • From: CERT
• Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
  • From: CERT
• [SECURITY] [DSA 2873-2] file regression update
  • From: Salvatore Bonaccorso
• [oCERT-2014-002] Xalan-Java insufficient secure processing
  • From: Andrea Barisani
• MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)
  • From: Dieyu
• [CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13
  • From: Eric Flokstra
• CVE-2013-6955 Synology DSM remote code execution
  • From: tiamat451
• [security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
  • From: security-alert
• Web Egg Hunting Game - Hacky Easter
  • From: Ivan Buetler
• [security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access
  • From: security-alert
• VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)
  • From: VUPEN Security Research
• VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own)
  • From: VUPEN Security Research
• VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)
  • From: VUPEN Security Research
• ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability
  • From: Security Alert
• Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
  • From: Roee Hay
• [SECURITY] [DSA 2884-1] libyaml security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2886-1] libxalan2-java security update
  • From: Florian Weimer
• ESA-2014-016: EMC VPLEX Multiple Vulnerabilities
  • From: Security Alert
• [oCERT-2014-003] LibYAML input sanitization errors
  • From: Andrea Barisani
• Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities
  • From: Vulnerability Lab
• Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability
  • From: Vulnerability Lab
• ES746 DELL Support-Bulletin - EMS Vulnerability Resolved
  • From: Vulnerability Lab
• ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access
  • From: security-alert
• [SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update
  • From: Moritz Muehlenhoff
• [RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 2889-1] postfixadmin security update
  • From: Thijs Kinkhorst
• SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
  • From: SEC Consult Vulnerability Lab
• iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk
  • From: CERT
• [slackware-security] mozilla-thunderbird (SSA:2014-086-05)
  • From: Slackware Security Team
• [slackware-security] mozilla-nss (SSA:2014-086-04)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-086-03)
  • From: Slackware Security Team
• [slackware-security] openssh (SSA:2014-086-06)
  • From: Slackware Security Team
• [slackware-security] curl (SSA:2014-086-01)
  • From: Slackware Security Team
• [slackware-security] seamonkey (SSA:2014-086-07)
  • From: Slackware Security Team
• [slackware-security] httpd (SSA:2014-086-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 2890-1] libspring-java security update
  • From: Florian Weimer
• [SECURITY] [DSA 2891-1] mediawiki security update
  • From: Thijs Kinkhorst
• PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab