Mail Thread Index

• Date Index

• FreeBSD Security Advisory FreeBSD-SA-14:09.openssl, FreeBSD Security Advisories
• [slackware-security] mozilla-firefox (SSA:2014-119-01), Slackware Security Team
• SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex, SEC Consult Vulnerability Lab
• Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability, Felipe Daragon
• [SECURITY] [DSA 2918-1] iceweasel security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information, security-alert
• [slackware-security] mozilla-thunderbird (SSA:2014-119-02), Slackware Security Team
• LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access, LSE Leading Security Experts GmbH (Security Advisories)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence System MXP Series, Cisco Systems Product Security Incident Response Team
• ESA-2014-029: RSA® Access Manager Sensitive Information Disclosure Vulnerability, Security Alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software, Cisco Systems Product Security Incident Response Team
• Heartbleed Testing Server, Ivan Buetler
• FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED], FreeBSD Security Advisories
• [security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2915-2] dpkg security update, Raphael Geissert
• [security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS), security-alert
• [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact, Rene Gielen
  • Re: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact, Eric Reed
• [security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges, security-alert
• [security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution, security-alert
• [security bulletin] HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2919-1] mysql-5.5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2920-1] chromium-browser security update, Michael Gilbert
• [SECURITY] [DSA 2921-1] xbuffy security update, Yves-Alexis Perez
• Ruxcon 2014 Call For Papers, cfp
• ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities, Security Alert
• [ANN] Struts 2.3.16.3 GA release available - security fix, Lukasz Lenart
• [SECURITY] [DSA 2923-1] openjdk-7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2922-1] strongswan security update, Yves-Alexis Perez
• [SECURITY] [DSA 2924-1] icedove security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information, security-alert
• CVE-2014-2845 - Cyberduck (Windows): Failure validating some certificates (using FTP-SSL) with untrusted root certificate authority, Micha Borrmann
• [security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information, security-alert
• CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler, Portcullis Advisories
• CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler, Portcullis Advisories
• CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX, Portcullis Advisories
• [security bulletin] HPSBMU02994 rev.4 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information, security-alert
• Breakpoint 2014 Call For Presentations, cfp
• Cross-Site Scripting (XSS) in Offiria, High-Tech Bridge Security Research
• [security bulletin] HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information, security-alert
• Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players, Cisco Systems Product Security Incident Response Team
• SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration, SEC Consult Vulnerability Lab
• [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW, RedTeam Pentesting GmbH
• [security bulletin] HPSBMU02935 rev.3 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information, security-alert
• [ MDVSA-2014:081 ] apache-mod_security, security
• [ MDVSA-2014:080 ] openssl, security
• [ MDVSA-2014:082 ] python-imaging, security
• [ MDVSA-2014:083 ] mediawiki, security
• Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier, jpecou
• [SECURITY] [DSA 2925-1] rxvt-unicode security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS), security-alert
• SSH key cloning problem in OnApp templates, James Renken
• [security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege, security-alert
• [security bulletin] HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information, security-alert
• ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability, Security Alert
• [slackware-security] seamonkey (SSA:2014-131-01), Slackware Security Team
• [ MDVSA-2014:084 ] libpng, security
• [ MDVSA-2014:085 ] ldns, security
• [ MDVSA-2014:086 ] libxml2, security
• [security bulletin] HPSBMU02931 rev.6 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS), security-alert
• [SECURITY] [DSA 2926-1] linux security update, Moritz Muehlenhoff
• ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability, Security Alert
• [security bulletin] HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information, security-alert
• CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211, Portcullis Advisories
• Multiple Stored XSS in FOG Image deployment system - FD, Dolev Farhi
• [security bulletin] HPSBMU02964 rev.2 - HP Service Manager, Cross-Site Scripting (XSS), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues, security-alert
• FD - Cobbler Arbitrary File Read CVE-2014-3225, Dolev Farhi
• [security bulletin] HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU03022 rev.2 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2927-1] libxfont security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-14:10.openssl, FreeBSD Security Advisories
• CSRF and Remote Code Execution in EGroupware, High-Tech Bridge Security Research
• [security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• Paypal Inc Bug Bounty #109 MOS - Bypass & Persistent Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2928-1] linux-2.6 security update, dann frazier
• Bilyoner mobile apps prone to various SSL/TLS attacks, harun . esur
• [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability, Matteo Beccati
• [ MDVSA-2014:087 ] php, security
• [CVE-2014-0749] TORQUE Buffer Overflow, john . fitzpatrick
• [ MDVSA-2014:088 ] python-lxml, security
• [security bulletin] HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3, Apple Product Security
• APPLE-SA-2014-05-15-2 iTunes 11.2, Apple Product Security
• [SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update, Florian Weimer
• [ MDVSA-2014:089 ] nagios, security
• Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel, High-Tech Bridge Security Research
• [ MDVSA-2014:092 ] cups, security
• [ MDVSA-2014:095 ] struts, security
• [ MDVSA-2014:098 ] rawtherapee, security
• [ MDVSA-2014:094 ] rxvt-unicode, security
• [ MDVSA-2014:096 ] python-jinja2, security
• CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability, Williams, James K
• [ MDVSA-2014:102 ] mariadb, security
• [ MDVSA-2014:100 ] java-1.7.0-openjdk, security
• [ MDVSA-2014:103 ] wordpress, security
• [ MDVSA-2014:091 ] cups, security
• [ MDVSA-2014:097 ] libvirt, security
• [ MDVSA-2014:099 ] dovecot, security
• [ MDVSA-2014:093 ] couchdb, security
• [ MDVSA-2014:101 ] owncloud, security
• [ MDVSA-2014:104 ] egroupware, security
• [security bulletin] HPSBHF02946 rev.2 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege, security-alert
• APPLE-SA-2014-05-16-1 iTunes 11.2.1, Apple Product Security
• [SECURITY] [DSA 2930-1] chromium-browser security update, Michael Gilbert
• [SECURITY] [DSA 2931-1] openssl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2932-1] qemu security update, Giuseppe Iuculano
• [SECURITY] [DSA 2933-1] qemu-kvm security update, Giuseppe Iuculano
• FTP Rush: missing X.509 validation (FTP with TLS), Micha Borrmann
• JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001], Alexandre Herzog
• [security bulletin] HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2934-1] python-django security update, Salvatore Bonaccorso
• t2'14: Call for Papers 2014 (Helsinki / Finland), Tomi Tuominen
• Construtiva CIS Manager CMS POST SQLi, edge
• [security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS), security-alert
• CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS, Portcullis Advisories
• CVE-2014-3450 - Privilege Escalation in Panda Security, Portcullis Advisories
• CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS, Portcullis Advisories
• CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS, Portcullis Advisories
• APPLE-SA-2014-15-20-1 OS X Server 3.1.2, Apple Product Security
• Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe, Stefan Kanthak
• Wordpress Booking System (Booking Calendar) plugin SQL Injection, info sec
• SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4, SEC Consult Vulnerability Lab
• [security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information, security-alert
• Cisco Security Advisory: Cisco Wide Area Application Services Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Products, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2935-1] libgadu security update, Moritz Muehlenhoff
• [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability, Egidio Romano
• [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability, Egidio Romano
  • [KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability, Egidio Romano
• APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4, Apple Product Security
• Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure, kyle Lovett
• ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability, Security Alert
• [security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2936-1] torque security update, Salvatore Bonaccorso
• ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities, Security Alert
• [security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS), security-alert
• VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own), VUPEN Security Research
• [security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code, security-alert
• call for papers- ＣＳＳＥ２０１４, cfp-conf2014.org
• [SECURITY] CVE-2014-0075 Apache Tomcat denial of service, Mark Thomas
• [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure, Mark Thomas
• [SECURITY] CVE-2014-0095 Apache Tomcat denial of service, Mark Thomas
• [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure, Mark Thomas
  • Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure, Mark Thomas
• CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages, Portcullis Advisories
• [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure, Mark Thomas
• [SECURITY] [DSA 2937-1] mod-wsgi security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze, Moritz Muehlenhoff
• LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability, LSE Leading Security Experts GmbH (Security Advisories)
• SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress, SEC Consult Vulnerability Lab
• Multiple vulnerabilities in Sharetronix, High-Tech Bridge Security Research
• [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script, RedTeam Pentesting GmbH
• [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script, RedTeam Pentesting GmbH
• Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines, Stefan Kanthak
• OpenCart 1.5.6.4 Directory Traversal Vulnerability, iedb . team
• Mybb Sendthread Page Denial of Service Vulnerability, iedb . team
• NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation, "VMware Security Response Center"
• Google Compute Engine - Lateral Compromise, Scott T. Cameron
• Google Compute Engine Multiple DOS Vulnerabilities, Scott T. Cameron