Mail Index
- [SECURITY] [DSA 2939-1] chromium-browser security update
- [SECURITY] [DSA 2943-1] php5 security update
- [SECURITY] [DSA 2941-1] lxml security update
- Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress
- From: Yarubo Internet Security Scan
- [SECURITY] [DSA 2944-1] gnutls26 security update
- [SECURITY] [DSA 2942-1] typo3-src security update
- Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability
- [slackware-security] mariadb (SSA:2014-152-01)
- From: Slackware Security Team
- CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"
- From: Christian Schneider
- CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"
- From: Christian Schneider
- CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite"
- From: Christian Schneider
- ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability
- [FD] CVE-2013-6876 s3dvt Root shell
- VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own)
- From: VUPEN Security Research
- FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS)
- CVE-2014-1226 s3dvt Root shell (still)
- CVE-2013-6825 DCMTK Root Privilege escalation
- LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues
- NG WifiTransfer Pro 1.1 - File Include Vulnerability
- Files Desk Pro v1.4 iOS - File Include Web Vulnerability
- AllReader v1.0 iOS - Multiple Web Vulnerabilities
- Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability
- TigerCom My Assistant v1.1 iOS - File Include Vulnerability
- Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities
- iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability
- CVE-2013-6876 s3dvt Root shell
- CVE-2013-6825 DCMTK Root Privilege escalation
- CVE-2014-1226 s3dvt Root shell (still)
- Bug in bash <= 4.3 [security feature bypassed]
- CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2
- From: Portcullis Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:13.pam
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 2945-1] chkrootkit security update
- [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies
- Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- From: Jose Carlos Luna Duran
- ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability
- [SECURITY] [DSA 2947-1] libav security update
- [SECURITY] [DSA 2948-1] python-bottle security update
- [SECURITY] [DSA 2946-1] python-gnupg security update
- [security bulletin] HPSBMU03033 rev.3 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- Re: Bug in bash <= 4.3 [security feature bypassed]
- [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager
- From: RedTeam Pentesting GmbH
- [SECURITY] [DSA 2950-1] openssl security update
- [SECURITY] [DSA 2949-1] linux security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-14:14.openssl
- From: FreeBSD Security Advisories
- multiple Vulnerability in "WahmShoppes eStore"
- [security bulletin] HPSBMU03028 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information
- ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
- [security bulletin] HPSBMU03029 rev.2 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
- Details for CVE-2014-0220
- [SECURITY] [DSA 2951-1] mupdf security update
- Re: Bug in bash <= 4.3 [security feature bypassed]
- Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2952-1] kfreebsd-9 security update
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
- [slackware-security] libtasn1 (SSA:2014-156-02)
- From: Slackware Security Team
- [slackware-security] gnutls (SSA:2014-156-01)
- From: Slackware Security Team
- SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan
- From: SEC Consult Vulnerability Lab
- [slackware-security] sendmail (SSA:2014-156-04)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2014-156-03)
- From: Slackware Security Team
- [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering
- From: Onapsis Research Labs
- [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components
- From: Onapsis Research Labs
- NeginGroup CMS Multiple Vulnerability
- CVE-2014-3740 - SpiceWorks Cross-site scripting
- [slackware-security] mozilla-firefox (SSA:2014-157-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2953-1] dpkg security update
- DNN (DotNetNukeŽ) ASPSlideshow Module Arbitrary File Download Vulnerability
- DNN (DotNetNukeŽ) CodeEditor Module Arbitrary File Download Vulnerability
- DNN (DotNetNukeŽ) EasyDnnGallery Module Arbitrary File Download Vulnerability
- DNN (DotNetNukeŽ) eventscalendar Module Arbitrary File Download Vulnerability
- DNN (DotNetNukeŽ) responsivesidebar Module Arbitrary File Download Vulnerability
- DNN (DotNetNukeŽ) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability
- [security bulletin] HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
- [ MDVSA-2014:105 ] openssl
- [SECURITY] [DSA 2954-1] dovecot security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:106 ] openssl
- [ MDVSA-2014:107 ] libtasn1
- [ MDVSA-2014:109 ] gnutls
- [ MDVSA-2014:108 ] gnutls
- [slackware-security] php (SSA:2014-160-01)
- From: Slackware Security Team
- [ MDVSA-2014:111 ] otrs
- [ MDVSA-2014:112 ] python-django
- [ MDVSA-2014:110 ] curl
- Re: MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
- [ MDVSA-2014:113 ] python-django
- [ MDVSA-2014:114 ] squid
- [ MDVSA-2014:115 ] php
- [ MDVSA-2014:116 ] file
- [ MDVSA-2014:117 ] libcap-ng
- CodeIgniter <= 2.1.4 Session Decoding Vulnerability
- [ MDVSA-2014:119 ] mediawiki
- [ MDVSA-2014:121 ] libgadu
- [ MDVSA-2014:118 ] emacs
- [ MDVSA-2014:120 ] miniupnpc
- [security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution
- NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities
- From: "VMware Security Response Center"
- CVE-2014-3977 - Privilege Escalation in IBM AIX
- From: Portcullis Advisories
- [ MDVSA-2014:123 ] tor
- [ MDVSA-2014:122 ] chkrootkit
- [SECURITY] [DSA 2956-1] icinga security update
- [SECURITY] [DSA 2955-1] iceweasel security update
- Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones
- [slackware-security] mozilla-thunderbird (SSA:2014-163-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2957-1] mediawiki security update
- [SECURITY] [DSA 2958-1] apt security update
- AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
- From: Asterisk Security Team
- AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
- From: Asterisk Security Team
- AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
- From: Asterisk Security Team
- [security bulletin] HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
- CVE-2014-0228: Apache Hive Authorization vulnerability
- AST-2014-006: Asterisk Manager User Unauthorized Shell Access
- From: Asterisk Security Team
- [security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
- [SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution
- [ MDVSA-2014:124 ] kernel
- [ MDVSA-2014:125 ] nspr
- ClipBucket CMS Xss Vulnerability
- [SECURITY] [DSA 2959-1] chromium-browser security update
- [SE-2014-01] Security vulnerabilities in Oracle Database Java VM
- From: Security Explorations
- [CFP] Hacktivity 2014 CFP is open
- [SECURITY] [DSA 2960-1] icedove security update
- [SECURITY] [DSA 2950-2] openssl update
- [SECURITY] [DSA 2961-1] php5 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2962-1] nspr security update
- [security bulletin] HPSBUX03046 SSRT101590 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
- [SECURITY] [DSA 2963-1] lucene-solr security update
- [security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal
- SQL Injection in Dolphin
- From: High-Tech Bridge Security Research
- Multiple SQL Injection Vulnerabilities in web2Project
- From: High-Tech Bridge Security Research
- Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability
- Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities
- [security bulletin] HPSBOV03047 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- [SECURITY] [DSA 2964-1] iodine security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2965-1] tiff security update
- [SECURITY] [DSA 2966-1] samba security update
- [security bulletin] HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information
- Android KeyStore Stack Buffer Overflow (CVE-2014-3100)
- Boolean algebra and CSS history theft
- [security bulletin] HPSBMU03051 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- [HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week
- [security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information
- FreeBSD Security Advisory FreeBSD-SA-14:15.iconv
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:16.file
- From: FreeBSD Security Advisories
- [slackware-security] gnupg2 (SSA:2014-175-03)
- From: Slackware Security Team
- [slackware-security] gnupg (SSA:2014-175-02)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2014-175-01)
- From: Slackware Security Team
- [slackware-security] samba (SSA:2014-175-04)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-175-05)
- From: Slackware Security Team
- NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library
- From: "VMware Security Response Center"
- Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite
- From: High-Tech Bridge Security Research
- [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery
- From: RedTeam Pentesting GmbH
- [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
- From: RedTeam Pentesting GmbH
- CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)
- From: Portcullis Advisories
- CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014
- From: Portcullis Advisories
- [SECURITY] [DSA 2967-1] gnupg security update
- From: Salvatore Bonaccorso
- [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
- From: RedTeam Pentesting GmbH
- CFP 1st International Conference on Information Systems Security and Privacy - ICISSP 2015
- [security bulletin] HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 2968-1] gnupg2 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege
- [security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- [security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- [SECURITY] [DSA 2969-1] libemail-address-perl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2970-1] cacti security update
Mail converted by MHonArc