Mail Thread Index

• Date Index

• [SECURITY] [DSA 2939-1] chromium-browser security update, Michael Gilbert
• [SECURITY] [DSA 2943-1] php5 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2941-1] lxml security update, Moritz Muehlenhoff
• Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress, Yarubo Internet Security Scan
• [SECURITY] [DSA 2944-1] gnutls26 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2942-1] typo3-src security update, Moritz Muehlenhoff
• Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability, Henri Salo
• [slackware-security] mariadb (SSA:2014-152-01), Slackware Security Team
• CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite", Christian Schneider
• CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite", Christian Schneider
• CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite", Christian Schneider
• ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability, Security Alert
• [FD] CVE-2013-6876 s3dvt Root shell, Hector Marco
• VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own), VUPEN Security Research
• FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS), Robin Bailey
• CVE-2014-1226 s3dvt Root shell (still), Hector Marco
  • <Possible follow-ups>
  • CVE-2014-1226 s3dvt Root shell (still), Hector Marco
• CVE-2013-6825 DCMTK Root Privilege escalation, Hector Marco
  • <Possible follow-ups>
  • CVE-2013-6825 DCMTK Root Privilege escalation, Hector Marco
• LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues, advisories
• NG WifiTransfer Pro 1.1 - File Include Vulnerability, Vulnerability Lab
• Files Desk Pro v1.4 iOS - File Include Web Vulnerability, Vulnerability Lab
• AllReader v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability, Vulnerability Lab
• TigerCom My Assistant v1.1 iOS - File Include Vulnerability, Vulnerability Lab
• Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability, Vulnerability Lab
• CVE-2013-6876 s3dvt Root shell, Hector Marco
• Bug in bash <= 4.3 [security feature bypassed], Hector Marco
  • Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed], Jose Carlos Luna Duran
    • Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed], Hector Marco
      • Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed], Jeffrey Walton
    • Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed], lists
  • Re: Bug in bash <= 4.3 [security feature bypassed], Daryl Tester
    • Re: Bug in bash <= 4.3 [security feature bypassed], Hector Marco
• CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2, Portcullis Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:13.pam, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace, FreeBSD Security Advisories
• [SECURITY] [DSA 2945-1] chkrootkit security update, Giuseppe Iuculano
• [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies, Fran
• ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability, Security Alert
• [SECURITY] [DSA 2947-1] libav security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2948-1] python-bottle security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2946-1] python-gnupg security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU03033 rev.3 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information, security-alert
• [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager, RedTeam Pentesting GmbH
• [SECURITY] [DSA 2950-1] openssl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2949-1] linux security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-14:14.openssl, FreeBSD Security Advisories
• multiple Vulnerability in "WahmShoppes eStore", cseye_ut
• [security bulletin] HPSBMU03028 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information, security-alert
• ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
• [security bulletin] HPSBMU03029 rev.2 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information, security-alert
• Details for CVE-2014-0220, tucu
• [SECURITY] [DSA 2951-1] mupdf security update, Moritz Muehlenhoff
• Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2952-1] kfreebsd-9 security update, Nico Golde
• [slackware-security] libtasn1 (SSA:2014-156-02), Slackware Security Team
• [slackware-security] gnutls (SSA:2014-156-01), Slackware Security Team
• SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan, SEC Consult Vulnerability Lab
• [slackware-security] sendmail (SSA:2014-156-04), Slackware Security Team
• [slackware-security] openssl (SSA:2014-156-03), Slackware Security Team
• [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering, Onapsis Research Labs
• [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components, Onapsis Research Labs
• NeginGroup CMS Multiple Vulnerability, iedb . team
• CVE-2014-3740 - SpiceWorks Cross-site scripting, Dolev Farhi
• [slackware-security] mozilla-firefox (SSA:2014-157-01), Slackware Security Team
• [SECURITY] [DSA 2953-1] dpkg security update, Raphael Geissert
• DNN (DotNetNukeŽ) ASPSlideshow Module Arbitrary File Download Vulnerability, cseye_ut
• DNN (DotNetNukeŽ) CodeEditor Module Arbitrary File Download Vulnerability, cseye_ut
• DNN (DotNetNukeŽ) EasyDnnGallery Module Arbitrary File Download Vulnerability, cseye_ut
• DNN (DotNetNukeŽ) eventscalendar Module Arbitrary File Download Vulnerability, cseye_ut
• DNN (DotNetNukeŽ) responsivesidebar Module Arbitrary File Download Vulnerability, cseye_ut
• DNN (DotNetNukeŽ) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability, cseye_ut
• [security bulletin] HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information, security-alert
• [ MDVSA-2014:105 ] openssl, security
• [SECURITY] [DSA 2954-1] dovecot security update, Salvatore Bonaccorso
• [ MDVSA-2014:106 ] openssl, security
• [ MDVSA-2014:107 ] libtasn1, security
• [ MDVSA-2014:109 ] gnutls, security
• [ MDVSA-2014:108 ] gnutls, security
• [slackware-security] php (SSA:2014-160-01), Slackware Security Team
• [ MDVSA-2014:111 ] otrs, security
• [ MDVSA-2014:112 ] python-django, security
• [ MDVSA-2014:110 ] curl, security
• Re: MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service, Pavel Machek
• [ MDVSA-2014:113 ] python-django, security
• [ MDVSA-2014:114 ] squid, security
• [ MDVSA-2014:115 ] php, security
• [ MDVSA-2014:116 ] file, security
• [ MDVSA-2014:117 ] libcap-ng, security
• CodeIgniter <= 2.1.4 Session Decoding Vulnerability, Robin Bailey
• [ MDVSA-2014:119 ] mediawiki, security
• [ MDVSA-2014:121 ] libgadu, security
• [ MDVSA-2014:118 ] emacs, security
• [ MDVSA-2014:120 ] miniupnpc, security
• [security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution, security-alert
• NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities, "VMware Security Response Center"
• CVE-2014-3977 - Privilege Escalation in IBM AIX, Portcullis Advisories
• [ MDVSA-2014:123 ] tor, security
• [ MDVSA-2014:122 ] chkrootkit, security
• [SECURITY] [DSA 2956-1] icinga security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2955-1] iceweasel security update, Moritz Muehlenhoff
• Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones, J. Oquendo
• [slackware-security] mozilla-thunderbird (SSA:2014-163-01), Slackware Security Team
• [SECURITY] [DSA 2957-1] mediawiki security update, Thijs Kinkhorst
• [SECURITY] [DSA 2958-1] apt security update, Thijs Kinkhorst
• AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework, Asterisk Security Team
• AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections, Asterisk Security Team
• AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions, Asterisk Security Team
• [security bulletin] HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information, security-alert
• CVE-2014-0228: Apache Hive Authorization vulnerability, Thejas Nair
• AST-2014-006: Asterisk Manager User Unauthorized Shell Access, Asterisk Security Team
• [security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access, security-alert
• [SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution, Brett Porter
• [ MDVSA-2014:124 ] kernel, security
• [ MDVSA-2014:125 ] nspr, security
• ClipBucket CMS Xss Vulnerability, iedb . team
• [SECURITY] [DSA 2959-1] chromium-browser security update, Michael Gilbert
• [SE-2014-01] Security vulnerabilities in Oracle Database Java VM, Security Explorations
• [CFP] Hacktivity 2014 CFP is open, ferenc . spala
• [SECURITY] [DSA 2960-1] icedove security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2950-2] openssl update, Moritz Muehlenhoff
• [SECURITY] [DSA 2961-1] php5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2962-1] nspr security update, Moritz Muehlenhoff
• [security bulletin] HPSBUX03046 SSRT101590 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access, security-alert
• [SECURITY] [DSA 2963-1] lucene-solr security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal, security-alert
• SQL Injection in Dolphin, High-Tech Bridge Security Research
• Multiple SQL Injection Vulnerabilities in web2Project, High-Tech Bridge Security Research
• Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability, Vulnerability Lab
• Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBOV03047 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• [SECURITY] [DSA 2964-1] iodine security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2965-1] tiff security update, Michael Gilbert
• [SECURITY] [DSA 2966-1] samba security update, Yves-Alexis Perez
• [security bulletin] HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information, security-alert
• Android KeyStore Stack Buffer Overflow (CVE-2014-3100), Roee Hay
• Boolean algebra and CSS history theft, Michal Zalewski
• [security bulletin] HPSBMU03051 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• [HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week, Hafez Kamal
• [security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information, security-alert
• FreeBSD Security Advisory FreeBSD-SA-14:15.iconv, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:16.file, FreeBSD Security Advisories
• [slackware-security] gnupg2 (SSA:2014-175-03), Slackware Security Team
• [slackware-security] gnupg (SSA:2014-175-02), Slackware Security Team
• [slackware-security] bind (SSA:2014-175-01), Slackware Security Team
• [slackware-security] samba (SSA:2014-175-04), Slackware Security Team
• [slackware-security] seamonkey (SSA:2014-175-05), Slackware Security Team
• NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library, "VMware Security Response Center"
• Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite, High-Tech Bridge Security Research
• [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery, RedTeam Pentesting GmbH
• [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting, RedTeam Pentesting GmbH
• CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux), Portcullis Advisories
• CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014, Portcullis Advisories
• [SECURITY] [DSA 2967-1] gnupg security update, Salvatore Bonaccorso
• [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution, RedTeam Pentesting GmbH
• CFP 1st International Conference on Information Systems Security and Privacy - ICISSP 2015, calendarsites
• [security bulletin] HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2968-1] gnupg2 security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege, security-alert
• [security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• [security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• [SECURITY] [DSA 2969-1] libemail-address-perl security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2970-1] cacti security update, Moritz Muehlenhoff