Mail Thread Index

• Date Index

• PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560), Jason Ostrom
• [SECURITY] [DSA 2891-2] mediawiki regression update, Thijs Kinkhorst
• [SECURITY] [DSA 2892-1] a2ps security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2893-1] openswan security update, Yves-Alexis Perez
• Regarding attacks and exploits of the physical body, stephen
• [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details), Security Explorations
  • Re: [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details), Security Explorations
• Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction, Bipin Gautam
• ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities, Security Alert
• [IMF 2014] Call for Participation, Oliver Goebel
• APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3, Apple Product Security
• iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities, Vulnerability Lab
• SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager, SEC Consult Vulnerability Lab
• Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin, High-Tech Bridge Security Research
• [MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability, Florent Daigniere
• 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day], 0a29 40
• Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability, Vulnerability Lab
• [softScheck] Denial of Service in Microsoft Office 2007-2013, Lubomir Stroetmann
• [security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP), security-alert
• ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities, Security Alert
• ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities, Security Alert
• CA20140403-01: Security Notice for CA Erwin Web Portal, Kotas, Kevin J
• [security bulletin] HPSBGN02986 rev.1 - HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload, Remote Denial of Service (DoS), security-alert
• Phrack Security Advisory 2014-001 - Paper leak on release timeout, Phrack Staff
• [SECURITY] [DSA 2891-3] mediawiki regression update, Thijs Kinkhorst
• Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ], Wesley Henrique
• Call for Papers, education
• [SECURITY] [DSA 2894-1] openssh security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2895-1] prosody security update, Luciano Bello
• Pearson eSIS Enterprise Student Information System Stored XSS, tudor . enache
• Pearson eSIS Enterprise Student Information System SQL Injection, tudor . enache
• MacOSX/XNU HFS Multiple Vulnerabilities, submit
• [security bulletin] HPSBST02980 rev.1 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege, security-alert
• [SECURITY] [DSA 2896-1] openssl security update, Salvatore Bonaccorso
• Open-Xchange Security Advisory 2014-04-08, Martin Braun
• Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2896-2] openssl security update, Salvatore Bonaccorso
• BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05], modzero security
• [SECURITY] [DSA 2897-1] tomcat7 security update, Moritz Muehlenhoff
• [slackware-security] openssl (SSA:2014-098-01), Slackware Security Team
• Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss), Ipstenu (Mika Epstein)
• FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:06.openssl, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED], FreeBSD Security Advisories
• Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:067 ] openssl, security
• CVE-2014-0160 mitigation using iptables, Fabien Bourdaire
• Сross-Site Request Forgery (CSRF) in XCloner Standalone, High-Tech Bridge Security Research
• SQL Injection in Orbit Open Ad Server, High-Tech Bridge Security Research
• [ MDVSA-2014:068 ] openssh, security
• [ MDVSA-2014:069 ] perl-YAML-LibYAML, security
• [ MDVSA-2014:071 ] yaml, security
• [ MDVSA-2014:072 ] php-ZendFramework, security
• [ MDVSA-2014:070 ] yaml, security
• [ MDVSA-2014:073 ] file, security
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2898-1] imagemagick security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2899-1] openafs security update, Thijs Kinkhorst
• AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability, Vulnerability Lab
• iVault Private P&V 1.1 iOS - Path Traversal Vulnerability, Vulnerability Lab
• BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability, Vulnerability Lab
• [ MDVSA-2014:075 ] php, security
• Sendy 1.1.9.1 - SQL Injection Vulnerability, marduk369
• OWASP ZAP 2.3.0, psiinon
• [ MDVSA-2014:076 ] a2ps, security
• [SECURITY] [DSA 2900-1] jbigkit security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information, security-alert
• SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server, SEC Consult Vulnerability Lab
• CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player, Portcullis Advisories
  • CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux, Portcullis Advisories
    • Message not available
      • CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server, Portcullis Advisories
• Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue, Vulnerability Lab
• ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability, Security Alert
• ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability, Security Alert
• ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks, Security Alert
• ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability, Security Alert
• [ MDVSA-2014:077 ] jbigkit, security
• [SECURITY] [DSA 2901-1] wordpress security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2902-1] curl security update, Salvatore Bonaccorso
• Adobe Reader for Android exposes insecure Javascript interfaces, Securify B.V.
• [security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information, security-alert
• PDF Album v1.7 iOS - File Include Web Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2903-1] strongswan security update, Moritz Muehlenhoff
• VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own), VUPEN Security Research
• RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160, Ruckus Product Security Team
• [SECURITY] CVE-2014-0111 Apache Syncope, Francesco Chicchiriccò
• [security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2904-1] virtualbox security update, Moritz Muehlenhoff
• [security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk, security-alert
• [SECURITY] [DSA 2905-1] chromium-browser security update, Michael Gilbert
• CVE-2014-2735 - WinSCP: missing X.509 validation, Micha Borrmann
• SQL Injection in mAdserve, High-Tech Bridge Security Research
• [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information, security-alert
• ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities, Security Alert
• [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7, webmaster
• [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7, webmaster
• [CORE-2014-0003] - SAP Router Password Timing Attack, CORE Advisories Team
• [ MDVSA-2014:078 ] asterisk, security
• [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable, Moritz Muehlenhoff
• Buggy insecure "security" software executes rogue binary during installation and uninstallation, Stefan Kanthak
• [security bulletin] HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information, security-alert
• [security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information, security-alert
• [security bulletin] HPSBMU02987 rev.1 - HP Universal Configuration Management Database Integration Service, Remote Code Execution, security-alert
• [security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information, security-alert
• D-Link DAP-1320 Wireless Range Extender Directory Traversal and XSS Vulnerabilities, kyle Lovett
• [ MDVSA-2014:079 ] json-c, security
• [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12, LpSolit
• [SECURITY] [DSA 2908-1] openssl security update, Raphael Geissert
• [SECURITY] [DSA 2909-1] qemu security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2910-1] qemu-kvm security update, Salvatore Bonaccorso
• Remote Command Injection in Ruby Gem sfpagent 0.4.14, Larry W. Cashdollar
• [security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2901-2] wordpress regression update, Thijs Kinkhorst
• [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution, Brett Porter
• [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability, Brett Porter
• [security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information, security-alert
• Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2, craig . arendt
• Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl, craig . arendt
• [SECURITY] [DSA 2895-2] prosody regression update, Luciano Bello
• [SECURITY] [DSA 2901-3] wordpress regression update, Salvatore Bonaccorso
• [slackware-security] libyaml (SSA:2014-111-01), Slackware Security Team
• [slackware-security] php (SSA:2014-111-02), Slackware Security Team
• [security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2911-1] icedove security update, Moritz Muehlenhoff
• APPLE-SA-2014-04-22-1 Security Update 2014-002, Apple Product Security
• APPLE-SA-2014-04-22-3 Apple TV 6.1.1, Apple Product Security
• APPLE-SA-2014-04-22-2 iOS 7.1.1, Apple Product Security
• [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information, security-alert
• APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3, Apple Product Security
• [security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2808-2] openjpeg regression update, Raphael Geissert
• SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances, SEC Consult Vulnerability Lab
• CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive, Portcullis Advisories
• CVE-2014-2383 - Arbitrary file read in dompdf, Portcullis Advisories
• AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability, Vulnerability Lab
• CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive, Portcullis Advisories
• [security bulletin] HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02997 rev.2 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information, security-alert
• [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information, security-alert
• Weak firmware encryption and predictable WPA key on Sitecom routers, roberto . paleari
• Misli.com Android App SSL certificate validation weakness, harun . esur
• Birebin.com Android App SSL certificate validation weakness, harun . esur
• [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service, security-alert
• [security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02895 SSRT101253 rev.2 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2912-1] openjdk-6 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2906-1] linux-2.6 security update, dann frazier
• Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper, mdgh9
• [security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03010 rev.2 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2914-1] drupal6 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2913-1] drupal7 security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information, security-alert
• [ANN] Struts 2.3.16.2 GA release available - security fix, Lukasz Lenart
• [SECURITY] [DSA 2915-1] dpkg security update, Raphael Geissert
• [SECURITY] [DSA 2916-1] libmms security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2917-1] super security update, Florian Weimer
• [security bulletin] HPSBMU02995 rev.6 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBUX02963 SSRT101297 rev.2 - HP-UX m4(1), Local Unauthorized Access, security-alert
• [ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114, Rene Gielen
• [security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
• FreeBSD Security Advisory FreeBSD-SA-14:07.devfs, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:08.tcp, FreeBSD Security Advisories