Mail Index

• Thread Index

• PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560)
  • From: Jason Ostrom
• [SECURITY] [DSA 2891-2] mediawiki regression update
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 2892-1] a2ps security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2893-1] openswan security update
  • From: Yves-Alexis Perez
• Regarding attacks and exploits of the physical body
  • From: stephen
• [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details)
  • From: Security Explorations
• Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
  • From: Bipin Gautam
• Re: [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details)
  • From: Security Explorations
• ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities
  • From: Security Alert
• [IMF 2014] Call for Participation
  • From: Oliver Goebel
• APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3
  • From: Apple Product Security
• iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager
  • From: SEC Consult Vulnerability Lab
• Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin
  • From: High-Tech Bridge Security Research
• [MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability
  • From: Florent Daigniere
• 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day]
  • From: 0a29 40
• Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability
  • From: Vulnerability Lab
• [softScheck] Denial of Service in Microsoft Office 2007-2013
  • From: Lubomir Stroetmann
• [security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
  • From: security-alert
• ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities
  • From: Security Alert
• ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
  • From: Security Alert
• CA20140403-01: Security Notice for CA Erwin Web Portal
  • From: Kotas, Kevin J
• [security bulletin] HPSBGN02986 rev.1 - HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload, Remote Denial of Service (DoS)
  • From: security-alert
• Phrack Security Advisory 2014-001 - Paper leak on release timeout
  • From: Phrack Staff
• [SECURITY] [DSA 2891-3] mediawiki regression update
  • From: Thijs Kinkhorst
• Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ]
  • From: Wesley Henrique
• Call for Papers
  • From: education
• [SECURITY] [DSA 2894-1] openssh security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2895-1] prosody security update
  • From: Luciano Bello
• Pearson eSIS Enterprise Student Information System Stored XSS
  • From: tudor . enache
• Pearson eSIS Enterprise Student Information System SQL Injection
  • From: tudor . enache
• MacOSX/XNU HFS Multiple Vulnerabilities
  • From: submit
• [security bulletin] HPSBST02980 rev.1 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege
  • From: security-alert
• [SECURITY] [DSA 2896-1] openssl security update
  • From: Salvatore Bonaccorso
• Open-Xchange Security Advisory 2014-04-08
  • From: Martin Braun
• Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 2896-2] openssl security update
  • From: Salvatore Bonaccorso
• BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05]
  • From: modzero security
• [SECURITY] [DSA 2897-1] tomcat7 security update
  • From: Moritz Muehlenhoff
• [slackware-security] openssl (SSA:2014-098-01)
  • From: Slackware Security Team
• Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)
  • From: Ipstenu (Mika Epstein)
• FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]
  • From: FreeBSD Security Advisories
• Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:067 ] openssl
  • From: security
• CVE-2014-0160 mitigation using iptables
  • From: Fabien Bourdaire
• Сross-Site Request Forgery (CSRF) in XCloner Standalone
  • From: High-Tech Bridge Security Research
• SQL Injection in Orbit Open Ad Server
  • From: High-Tech Bridge Security Research
• [ MDVSA-2014:068 ] openssh
  • From: security
• [ MDVSA-2014:069 ] perl-YAML-LibYAML
  • From: security
• [ MDVSA-2014:071 ] yaml
  • From: security
• [ MDVSA-2014:072 ] php-ZendFramework
  • From: security
• [ MDVSA-2014:070 ] yaml
  • From: security
• [ MDVSA-2014:073 ] file
  • From: security
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2898-1] imagemagick security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2899-1] openafs security update
  • From: Thijs Kinkhorst
• AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability
  • From: Vulnerability Lab
• iVault Private P&V 1.1 iOS - Path Traversal Vulnerability
  • From: Vulnerability Lab
• BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:075 ] php
  • From: security
• Sendy 1.1.9.1 - SQL Injection Vulnerability
  • From: marduk369
• OWASP ZAP 2.3.0
  • From: psiinon
• [ MDVSA-2014:076 ] a2ps
  • From: security
• [SECURITY] [DSA 2900-1] jbigkit security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
  • From: security-alert
• SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server
  • From: SEC Consult Vulnerability Lab
• CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player
  • From: Portcullis Advisories
• Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue
  • From: Vulnerability Lab
• ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability
  • From: Security Alert
• ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
  • From: Security Alert
• ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
  • From: Security Alert
• ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability
  • From: Security Alert
• [ MDVSA-2014:077 ] jbigkit
  • From: security
• [SECURITY] [DSA 2901-1] wordpress security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2902-1] curl security update
  • From: Salvatore Bonaccorso
• Adobe Reader for Android exposes insecure Javascript interfaces
  • From: Securify B.V.
• [security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux
  • From: Portcullis Advisories
• PDF Album v1.7 iOS - File Include Web Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 2903-1] strongswan security update
  • From: Moritz Muehlenhoff
• VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)
  • From: VUPEN Security Research
• RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160
  • From: Ruckus Product Security Team
• [SECURITY] CVE-2014-0111 Apache Syncope
  • From: Francesco Chicchiriccò
• [security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2904-1] virtualbox security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk
  • From: security-alert
• [SECURITY] [DSA 2905-1] chromium-browser security update
  • From: Michael Gilbert
• CVE-2014-2735 - WinSCP: missing X.509 validation
  • From: Micha Borrmann
• SQL Injection in mAdserve
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
  • From: Security Alert
• [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7
  • From: webmaster
• [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7
  • From: webmaster
• [CORE-2014-0003] - SAP Router Password Timing Attack
  • From: CORE Advisories Team
• [ MDVSA-2014:078 ] asterisk
  • From: security
• [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable
  • From: Moritz Muehlenhoff
• CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server
  • From: Portcullis Advisories
• Buggy insecure "security" software executes rogue binary during installation and uninstallation
  • From: Stefan Kanthak
• [security bulletin] HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02987 rev.1 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information
  • From: security-alert
• D-Link DAP-1320 Wireless Range Extender Directory Traversal and XSS Vulnerabilities
  • From: kyle Lovett
• [ MDVSA-2014:079 ] json-c
  • From: security
• [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12
  • From: LpSolit
• [SECURITY] [DSA 2908-1] openssl security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2909-1] qemu security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2910-1] qemu-kvm security update
  • From: Salvatore Bonaccorso
• Remote Command Injection in Ruby Gem sfpagent 0.4.14
  • From: Larry W. Cashdollar
• [security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2901-2] wordpress regression update
  • From: Thijs Kinkhorst
• [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution
  • From: Brett Porter
• [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability
  • From: Brett Porter
• [security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2
  • From: craig . arendt
• Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl
  • From: craig . arendt
• [SECURITY] [DSA 2895-2] prosody regression update
  • From: Luciano Bello
• [SECURITY] [DSA 2901-3] wordpress regression update
  • From: Salvatore Bonaccorso
• [slackware-security] libyaml (SSA:2014-111-01)
  • From: Slackware Security Team
• [slackware-security] php (SSA:2014-111-02)
  • From: Slackware Security Team
• [security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2911-1] icedove security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2014-04-22-1 Security Update 2014-002
  • From: Apple Product Security
• APPLE-SA-2014-04-22-3 Apple TV 6.1.1
  • From: Apple Product Security
• APPLE-SA-2014-04-22-2 iOS 7.1.1
  • From: Apple Product Security
• [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
  • From: Apple Product Security
• [security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2808-2] openjpeg regression update
  • From: Raphael Geissert
• SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
  • From: SEC Consult Vulnerability Lab
• CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive
  • From: Portcullis Advisories
• CVE-2014-2383 - Arbitrary file read in dompdf
  • From: Portcullis Advisories
• AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive
  • From: Portcullis Advisories
• [security bulletin] HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02997 rev.2 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• Weak firmware encryption and predictable WPA key on Sitecom routers
  • From: roberto . paleari
• Misli.com Android App SSL certificate validation weakness
  • From: harun . esur
• Birebin.com Android App SSL certificate validation weakness
  • From: harun . esur
• [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service
  • From: security-alert
• [security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02895 SSRT101253 rev.2 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2912-1] openjdk-6 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2906-1] linux-2.6 security update
  • From: dann frazier
• Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper
  • From: mdgh9
• [security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03010 rev.2 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2914-1] drupal6 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2913-1] drupal7 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [ANN] Struts 2.3.16.2 GA release available - security fix
  • From: Lukasz Lenart
• [SECURITY] [DSA 2915-1] dpkg security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2916-1] libmms security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2917-1] super security update
  • From: Florian Weimer
• [security bulletin] HPSBMU02995 rev.6 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBUX02963 SSRT101297 rev.2 - HP-UX m4(1), Local Unauthorized Access
  • From: security-alert
• [ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114
  • From: Rene Gielen
• [security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-14:07.devfs
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
  • From: FreeBSD Security Advisories