Mail Index
- FreeBSD Security Advisory FreeBSD-SA-14:09.openssl
- From: FreeBSD Security Advisories
- [slackware-security] mozilla-firefox (SSA:2014-119-01)
- From: Slackware Security Team
- SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex
- From: SEC Consult Vulnerability Lab
- Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability
- [SECURITY] [DSA 2918-1] iceweasel security update
- [security bulletin] HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
- [slackware-security] mozilla-thunderbird (SSA:2014-119-02)
- From: Slackware Security Team
- LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access
- From: LSE Leading Security Experts GmbH (Security Advisories)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence System MXP Series
- From: Cisco Systems Product Security Incident Response Team
- ESA-2014-029: RSA® Access Manager Sensitive Information Disclosure Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
- From: Cisco Systems Product Security Incident Response Team
- Heartbleed Testing Server
- FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]
- From: FreeBSD Security Advisories
- [security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
- [SECURITY] [DSA 2915-2] dpkg security update
- [security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
- [security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
- Re: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
- [security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges
- [security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
- [security bulletin] HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
- [security bulletin] HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2919-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2920-1] chromium-browser security update
- [SECURITY] [DSA 2921-1] xbuffy security update
- Ruxcon 2014 Call For Papers
- ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
- [ANN] Struts 2.3.16.3 GA release available - security fix
- [SECURITY] [DSA 2923-1] openjdk-7 security update
- [SECURITY] [DSA 2922-1] strongswan security update
- [SECURITY] [DSA 2924-1] icedove security update
- [security bulletin] HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
- CVE-2014-2845 - Cyberduck (Windows): Failure validating some certificates (using FTP-SSL) with untrusted root certificate authority
- [security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
- CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler
- From: Portcullis Advisories
- CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler
- From: Portcullis Advisories
- CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX
- From: Portcullis Advisories
- [security bulletin] HPSBMU02994 rev.4 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
- Breakpoint 2014 Call For Presentations
- Cross-Site Scripting (XSS) in Offiria
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
- From: Cisco Systems Product Security Incident Response Team
- SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration
- From: SEC Consult Vulnerability Lab
- [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW
- From: RedTeam Pentesting GmbH
- [security bulletin] HPSBMU02935 rev.3 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information
- [ MDVSA-2014:081 ] apache-mod_security
- [ MDVSA-2014:080 ] openssl
- [ MDVSA-2014:082 ] python-imaging
- [ MDVSA-2014:083 ] mediawiki
- Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier
- [SECURITY] [DSA 2925-1] rxvt-unicode security update
- [security bulletin] HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
- [security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS)
- SSH key cloning problem in OnApp templates
- [security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information
- [security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege
- [security bulletin] HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
- ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability
- [slackware-security] seamonkey (SSA:2014-131-01)
- From: Slackware Security Team
- [ MDVSA-2014:084 ] libpng
- [ MDVSA-2014:085 ] ldns
- [ MDVSA-2014:086 ] libxml2
- [security bulletin] HPSBMU02931 rev.6 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
- [SECURITY] [DSA 2926-1] linux security update
- ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
- [security bulletin] HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
- CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211
- From: Portcullis Advisories
- Multiple Stored XSS in FOG Image deployment system - FD
- [security bulletin] HPSBMU02964 rev.2 - HP Service Manager, Cross-Site Scripting (XSS), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
- FD - Cobbler Arbitrary File Read CVE-2014-3225
- [security bulletin] HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- [security bulletin] HPSBMU03022 rev.2 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2927-1] libxfont security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-14:10.openssl
- From: FreeBSD Security Advisories
- CSRF and Remote Code Execution in EGroupware
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remote Disclosure of Information
- Paypal Inc Bug Bounty #109 MOS - Bypass & Persistent Vulnerability
- [SECURITY] [DSA 2928-1] linux-2.6 security update
- Bilyoner mobile apps prone to various SSL/TLS attacks
- [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability
- [ MDVSA-2014:087 ] php
- [CVE-2014-0749] TORQUE Buffer Overflow
- [ MDVSA-2014:088 ] python-lxml
- [security bulletin] HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3
- From: Apple Product Security
- APPLE-SA-2014-05-15-2 iTunes 11.2
- From: Apple Product Security
- [SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
- [ MDVSA-2014:089 ] nagios
- Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel
- From: High-Tech Bridge Security Research
- [ MDVSA-2014:092 ] cups
- [ MDVSA-2014:095 ] struts
- [ MDVSA-2014:098 ] rawtherapee
- [ MDVSA-2014:094 ] rxvt-unicode
- [ MDVSA-2014:096 ] python-jinja2
- CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability
- [ MDVSA-2014:102 ] mariadb
- [ MDVSA-2014:100 ] java-1.7.0-openjdk
- [ MDVSA-2014:103 ] wordpress
- [ MDVSA-2014:091 ] cups
- [ MDVSA-2014:097 ] libvirt
- [ MDVSA-2014:099 ] dovecot
- [ MDVSA-2014:093 ] couchdb
- [ MDVSA-2014:101 ] owncloud
- [ MDVSA-2014:104 ] egroupware
- [security bulletin] HPSBHF02946 rev.2 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege
- APPLE-SA-2014-05-16-1 iTunes 11.2.1
- From: Apple Product Security
- [SECURITY] [DSA 2930-1] chromium-browser security update
- [SECURITY] [DSA 2931-1] openssl security update
- [SECURITY] [DSA 2932-1] qemu security update
- [SECURITY] [DSA 2933-1] qemu-kvm security update
- FTP Rush: missing X.509 validation (FTP with TLS)
- JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
- [security bulletin] HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2934-1] python-django security update
- From: Salvatore Bonaccorso
- t2'14: Call for Papers 2014 (Helsinki / Finland)
- Construtiva CIS Manager CMS POST SQLi
- [security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS)
- CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS
- From: Portcullis Advisories
- CVE-2014-3450 - Privilege Escalation in Panda Security
- From: Portcullis Advisories
- CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS
- From: Portcullis Advisories
- CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS
- From: Portcullis Advisories
- APPLE-SA-2014-15-20-1 OS X Server 3.1.2
- From: Apple Product Security
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
- Wordpress Booking System (Booking Calendar) plugin SQL Injection
- SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code
- [security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information
- Cisco Security Advisory: Cisco Wide Area Application Services Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Products
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2935-1] libgadu security update
- [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability
- [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability
- [KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability
- APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
- From: Apple Product Security
- Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure
- ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability
- [security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2936-1] torque security update
- From: Salvatore Bonaccorso
- ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS)
- VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own)
- From: VUPEN Security Research
- [security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code
- call for papers- CSSE2014
- [SECURITY] CVE-2014-0075 Apache Tomcat denial of service
- [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure
- [SECURITY] CVE-2014-0095 Apache Tomcat denial of service
- [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure
- CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages
- From: Portcullis Advisories
- [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure
- Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure
- [SECURITY] [DSA 2937-1] mod-wsgi security update
- [SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze
- LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability
- From: LSE Leading Security Experts GmbH (Security Advisories)
- SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress
- From: SEC Consult Vulnerability Lab
- Multiple vulnerabilities in Sharetronix
- From: High-Tech Bridge Security Research
- [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script
- From: RedTeam Pentesting GmbH
- Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
- OpenCart 1.5.6.4 Directory Traversal Vulnerability
- Mybb Sendthread Page Denial of Service Vulnerability
- NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
- From: "VMware Security Response Center"
- Google Compute Engine - Lateral Compromise
- Google Compute Engine Multiple DOS Vulnerabilities
Mail converted by MHonArc