Mail Thread Index

• Date Index

• Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability, Vulnerability Lab
• CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki, Portcullis Advisories
  • CVE-2014-5880 - Authentication Bypass in Oracle Demantra, Portcullis Advisories
    • Re: CVE-2014-5880 - Authentication Bypass in Oracle Demantra, Arron Dowdeswell
    • Message not available
      • CVE-2014-0372 - SQL Injection in Oracle Demantra, Portcullis Advisories
    • CVE-2014-5795 - Database Credentials Leak in Oracle Demantra, Portcullis Advisories
      • Re: CVE-2014-5795 - Database Credentials Leak in Oracle Demantra, Arron Dowdeswell
  • Message not available
    • Message not available
      • Message not available
        • CVE-2014-2044 - Remote Code Execution in ownCloud, Portcullis Advisories
          • CVE-2014-1222 - Local File Inclusion in Vtiger CRM, Portcullis Advisories
          • CVE-2014-2043 - SQL Injection in Procentia IntelliPen, Portcullis Advisories
• [CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0, Christian Catalano
• ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability, Security Alert
• WordPress thecotton Themes Remote File Upload Vulnerability, iedb . team
• [CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0, Christian Catalano
• [CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0, Christian Catalano
• [CVE-2013-6234] XSS File Upload in SpagoBI v4.0, Christian Catalano
• [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution, Julien Ahrens
• [SECURITY] [DSA 2868-1] php5 security update, Salvatore Bonaccorso
• CFP: Passwords^14, Las Vegas, August 5-6, Per Thorsheim
• [SECURITY] [DSA 2869-1] gnutls26 security update, Yves-Alexis Perez
• [slackware-security] gnutls (SSA:2014-062-01), Slackware Security Team
• [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation, iclelland
• JOIDS (Java OpenID Server) multiple vulnerabilities, Bartlomiej Balcerek
• [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults, iclelland
• Public disclosure of Buffer Overflow Dassault Systems, 0xnanoquetz9l
• (Added CVE) Dassault Systemes Catia Stack Buffer Overflow, 0xnanoquetz9l
• PHP: patch to make session handling with default config more secure against local attackers, Jann Horn
• [security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS), security-alert
  • <Possible follow-ups>
  • [security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS), security-alert
• [security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity, security-alert
• CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box, alejandr0.w3b.p0wn3r
• Cross-Site Scripting (XSS) in Ilch CMS, High-Tech Bridge Security Research
• Multiple Vulnerabilities in OpenDocMan, High-Tech Bridge Security Research
• ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities, Security Alert
• [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure, Gustavo Speranza
  • <Possible follow-ups>
  • [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure, Gustavo Speranza
• Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers, Cisco Systems Product Security Incident Response Team
• [slackware-security] sudo (SSA:2014-064-01), Slackware Security Team
• [ANN] Struts 2.3.16.1 GA release available - security fix, Lukasz Lenart
• SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot, SEC Consult Vulnerability Lab
• [security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access, security-alert
• [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability, contact
• E-Store (1.0 & 2.0) <= SQL Injection Vulnerability, Alkeraithe
• [SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update, Salvatore Bonaccorso
• [ MDVSA-2014:048 ] gnutls, security
• [ MDVSA-2014:049 ] subversion, security
• [SECURITY] [DSA 2871-1] wireshark security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2872-1] udisks security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability, security-alert
• Android Vulnerability: Install App Without User Explicit Consent, Daniel Divricean
• APPLE-SA-2014-03-10-1 iOS 7.1, Apple Product Security
• [ MDVSA-2014:050 ] wireshark, security
• APPLE-SA-2014-03-10-2 Apple TV 6.1, Apple Product Security
• AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers., Asterisk Security Team
• AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers, Asterisk Security Team
• AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver, Asterisk Security Team
• AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling, Asterisk Security Team
• [security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information, security-alert
• [security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF), security-alert
• [security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS), security-alert
• [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue, Guillaume Ross
• [slackware-security] udisks, udisks2 (SSA:2014-070-01), Slackware Security Team
• CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities, CORE Advisories Team
• Medium severity flaw in BlackBerry QNX Neutrino RTOS, Tim Brown
  • Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS, Tim Brown
• [SECURITY] [DSA 2873-1] file security update, Salvatore Bonaccorso
• CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE), Pivotal Security Team
• CVE-2014-1904 XSS when using Spring MVC, Pivotal Security Team
• CVE-2014-0097 Spring Security Blank password may bypass user authentication, Pivotal Security Team
• NEW VMSA-2014-0002 VMware vSphere updates to third party libraries, "VMware Security Response Center"
• Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem, Larry W. Cashdollar
• Cross-Site Scripting (XSS) in Open Classifieds, High-Tech Bridge Security Research
• [SECURITY] [DSA 2876-1] cups security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2874-1] mutt security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2875-1] cups-filters security update, Moritz Muehlenhoff
• PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319), Hanno Böck
• Synology DSM4 Blind SQL Injection, Michael Wisniewski
• [SECURITY] [DSA 2877-1] lighttpd security update, Michael Gilbert
• [slackware-security] mutt (SSA:2014-071-01), Slackware Security Team
• [ MDVSA-2014:051 ] file, security
• [ MDVSA-2014:052 ] net-snmp, security
• [ MDVSA-2014:053 ] libssh, security
• [ MDVSA-2014:055 ] owncloud, security
• [ MDVSA-2014:054 ] otrs, security
• [ MDVSA-2014:056 ] apache-commons-fileupload, security
• [ MDVSA-2014:057 ] mediawiki, security
• [security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2878-1] virtualbox security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges, security-alert
• [ MDVSA-2014:058 ] freeradius, security
• ActiVPN launches its security bug bounty, Ninja ActiVPN
• [CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution, Julien Ahrens
• [SECURITY] [DSA 2879-1] libssh security update, Raphael Geissert
• [slackware-security] samba (SSA:2014-072-01), Slackware Security Team
• NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode, NCC Group Research
• Multiple Vulnerabilities in SeedDMS < = 4.3.3, craig . arendt
• [ MDVSA-2014:059 ] php, security
• [ MDVSA-2014:060 ] imapsync, security
• [ MDVSA-2014:061 ] oath-toolkit, security
• [slackware-security] php (SSA:2014-074-01), Slackware Security Team
• exploit for old rlpdaemon bug, Nomen Nescio
• MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service, submit
• Open-Xchange Security Advisory 2014-03-17, Martin Braun
• [ MDVSA-2014:062 ] webmin, security
• [ MDVSA-2014:064 ] udisks, security
• [ MDVSA-2014:063 ] x2goserver, security
• [SECURITY] [DSA 2880-1] python2.7 security update, Moritz Muehlenhoff
• =?utf-7?q?Microsoft Forefront Protection for Exchange Server detected a virus?=, ForefrontServerProtection
• 2014 World Conference on IST - Madeira Island, April 15-17, ML
• ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability, Security Alert
• (CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE), Fernando Gont
• Cross-Site Scripting (XSS) in CMSimple, High-Tech Bridge Security Research
• [SECURITY] [DSA 2881-1] iceweasel security update, Moritz Muehlenhoff
• Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2859-2] pidgin security update, Raphael Geissert
• Shakacon 2014: Call for Papers - Deadline April 11th, Shakacon
• Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [ MDVSA-2014:065 ] apache, security
• [SECURITY] [DSA 2882-1] extplorer security update, Giuseppe Iuculano
• [ MDVSA-2014:066 ] nss, security
• NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation, NCC Group Research
• [SECURITY] [DSA 2883-1] chromium-browser security update, Michael Gilbert
• c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops, c0c0n International Information Security Conference
• CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting, Daniel Marques
• ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability, Security Alert
• Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti, CERT
• Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga, CERT
• Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk, CERT
• Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability, CERT
• [SECURITY] [DSA 2873-2] file regression update, Salvatore Bonaccorso
• [oCERT-2014-002] Xalan-Java insufficient secure processing, Andrea Barisani
• MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently), Dieyu
• [CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13, Eric Flokstra
• CVE-2013-6955 Synology DSM remote code execution, tiamat451
• [security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code, security-alert
• Web Egg Hunting Game - Hacky Easter, Ivan Buetler
• [security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access, security-alert
• VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own), VUPEN Security Research
• VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own), VUPEN Security Research
• VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own), VUPEN Security Research
• ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability, Security Alert
• Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516), Roee Hay
• [SECURITY] [DSA 2884-1] libyaml security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2886-1] libxalan2-java security update, Florian Weimer
• ESA-2014-016: EMC VPLEX Multiple Vulnerabilities, Security Alert
• [oCERT-2014-003] LibYAML input sanitization errors, Andrea Barisani
• Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities, Vulnerability Lab
• FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability, Vulnerability Lab
• Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities, Vulnerability Lab
• Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability, Vulnerability Lab
• ES746 DELL Support-Bulletin - EMS Vulnerability Resolved, Vulnerability Lab
• ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access, security-alert
• [SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update, Moritz Muehlenhoff
• [RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration, RedTeam Pentesting GmbH
• [SECURITY] [DSA 2889-1] postfixadmin security update, Thijs Kinkhorst
• SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator, SEC Consult Vulnerability Lab
• iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk, CERT
• [slackware-security] mozilla-thunderbird (SSA:2014-086-05), Slackware Security Team
• [slackware-security] mozilla-nss (SSA:2014-086-04), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-086-03), Slackware Security Team
• [slackware-security] openssh (SSA:2014-086-06), Slackware Security Team
• [slackware-security] curl (SSA:2014-086-01), Slackware Security Team
• [slackware-security] seamonkey (SSA:2014-086-07), Slackware Security Team
• [slackware-security] httpd (SSA:2014-086-02), Slackware Security Team
• [SECURITY] [DSA 2890-1] libspring-java security update, Florian Weimer
• [SECURITY] [DSA 2891-1] mediawiki security update, Thijs Kinkhorst
• PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities, Vulnerability Lab