Mail Index
- ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability
- ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
- SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5
- From: Apple Product Security
- APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003
- From: Apple Product Security
- [security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information
- APPLE-SA-2014-06-30-3 iOS 7.1.2
- From: Apple Product Security
- APPLE-SA-2014-06-30-4 Apple TV 6.1.2
- From: Apple Product Security
- ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities
- Kerio Control <= 8.3.1 Boolean-based blind SQL Injection
- SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom
- From: SEC Consult Vulnerability Lab
- CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board"
- From: Christian Schneider
- Cross-Site Request Forgery (CSRF) in Kanboard
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2971-1] dbus security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code
- [security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass
- POC2014 Call for Paper
- [security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- Lime Survey 2-05+ Multiple Vulnerabilities
- [SECURITY] [DSA 2972-1] linux security update
- From: Salvatore Bonaccorso
- Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100)
- CVE-2014-3863 - Stored XSS in JChatSocial
- iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
- {CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities.
- Backdoor access to Techboard/Syac devices
- PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability
- Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability
- Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability
- [SECURITY] CVE-2014-3503 Apache Syncope
- From: Francesco Chicchiriccò
- Photo Org WonderApplications v8.3 iOS - File Include Vulnerability
- ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities
- ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability
- [SECURITY] [DSA 2973-1] vlc security update
- [security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
- Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit
- CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
- From: Portcullis Advisories
- [ MDVSA-2014:126 ] phpmyadmin
- [security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
- [SECURITY] [DSA 2974-1] php5 security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-14:17.kmem
- From: FreeBSD Security Advisories
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
- From: Cisco Systems Product Security Incident Response Team
- CVE-2014-4331 OctavoCMS reflected XSS vulnerability
- Android NFC Service Denial of Service
- [ MDVSA-2014:127 ] gnupg
- [ MDVSA-2014:128 ] iodine
- [ MDVSA-2014:130 ] php
- [ MDVSA-2014:129 ] ffmpeg
- [ MDVSA-2014:131 ] file
- [ MDVSA-2014:132 ] libxfont
- OS Command Injection Infoblox Network Automation
- Weak Local Database Credentials in Infoblox Network Automation
- Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2975-1] phpmyadmin security update
- [security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
- [security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information
- SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2014:133 ] gd
- SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2014:134 ] liblzo
- [ MDVSA-2014:135 ] python
- Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability
- Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability
- [SECURITY] [DSA 2976-1] eglibc security update
- [ MDVSA-2014:136 ] samba
- [ MDVSA-2014:137 ] apache-mod_wsgi
- [SECURITY] [DSA 2977-1] libav security update
- [SECURITY] [DSA 2978-1] libxml2 security update
- [ MDVSA-2014:138 ] asterisk
- [slackware-security] php (SSA:2014-192-01)
- From: Slackware Security Team
- [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
- [security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege
- [security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
- Ruxcon 2014 Final Call For Presentations
- [security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
- Node Browserify RCE vuln (<= 4.2.0)
- From: Cal Leeming [Simplicity Media Ltd]
- [security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code
- KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
- From: KoreLogic Disclosures
- SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition
- From: SEC Consult Vulnerability Lab
- VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)
- From: VUPEN Security Research
- Reflected Cross-Site Scripting (XSS) in e107
- From: High-Tech Bridge Security Research
- SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client"
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone
- From: SEC Consult Vulnerability Lab
- Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2765-2] davfs regression update
- IP.Board 3.4 cross-site scripting in Referer header
- [HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August
- Ignore the amount customers confirm is no security vulnerability according to PayPal
- [SECURITY] [DSA 2979-1] fail2ban security update
- [SECURITY] [DSA 2980-1] openjdk-6 security update
- Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)
- Microsoft MSN HBE - Blind SQL Injection Vulnerability
- ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability
- CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure
- [SECURITY] [DSA 2981-1] polarssl security update
- From: Salvatore Bonaccorso
- CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
- KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
- From: KoreLogic Disclosures
- KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
- From: KoreLogic Disclosures
- [SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
- [SECURITY] [DSA 2983-1] drupal7 security update
- Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin
- [oCERT-2014-004] Ansible input sanitization errors
- Cross-site Scripting in EventLog Analyzer 9.0 build #9000
- Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080
- Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability
- [security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information
- Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability
- [SECURITY] [DSA 2984-1] acpi-support security update
- [SECURITY] [DSA 2985-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
- [oCERT-2014-005] LPAR2RRD input sanitization errors
- SQL Injection in Е2
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
- [security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- [SECURITY] [DSA 2986-1] iceweasel security update
- [SECURITY] [DSA 2987-1] openjdk-7 security update
- [security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
- [slackware-security] httpd (SSA:2014-204-01)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2014-204-02)
- From: Slackware Security Team
- Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398
- [slackware-security] mozilla-thunderbird (SSA:2014-204-03)
- From: Slackware Security Team
- [SECURITY] [DSA 2988-1] transmission security update
- Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
- [SECURITY] [DSA 2989-1] apache2 security update
- Easy file sharing web server - persist XSS in forum msgs
- Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- Web Encryption Extension security update
- [security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)
- [SECURITY] [DSA 2990-1] cups security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 2991-1] modsecurity-apache security update
- From: Salvatore Bonaccorso
- Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability
- Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities
- Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- [SECURITY] [DSA 2992-1] linux security update
- From: Salvatore Bonaccorso
- WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities
- Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities
- [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4
- From: Onapsis Research Labs
- [ MDVSA-2014:139 ] nss
- [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS
- From: Onapsis Research Labs
- [ MDVSA-2014:141 ] java-1.7.0-openjdk
- [security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- [ MDVSA-2014:140 ] owncloud
- Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]
- Improper Access Control in ArticleFR
- From: High-Tech Bridge Security Research
- [ MDVSA-2014:142 ] apache
- [ MDVSA-2014:143 ] phpmyadmin
- [ MDVSA-2014:144 ] live
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Mail converted by MHonArc