Mail Thread Index

• Date Index

• ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability, Security Alert
• ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
• SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS, SEC Consult Vulnerability Lab
• APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5, Apple Product Security
• APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003, Apple Product Security
• [security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information, security-alert
• APPLE-SA-2014-06-30-3 iOS 7.1.2, Apple Product Security
• APPLE-SA-2014-06-30-4 Apple TV 6.1.2, Apple Product Security
• ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities, Security Alert
• Kerio Control <= 8.3.1 Boolean-based blind SQL Injection, info
• SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom, SEC Consult Vulnerability Lab
• CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board", Christian Schneider
• Cross-Site Request Forgery (CSRF) in Kanboard, High-Tech Bridge Security Research
• [security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager, Cisco Systems Product Security Incident Response Team
  • <Possible follow-ups>
  • Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2971-1] dbus security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code, security-alert
• [security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass, security-alert
• POC2014 Call for Paper, pocadm
• [security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• Lime Survey 2-05+ Multiple Vulnerabilities, g-damore
• [SECURITY] [DSA 2972-1] linux security update, Salvatore Bonaccorso
• Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100), a . blas
• CVE-2014-3863 - Stored XSS in JChatSocial, Teodor Lupan
• iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries, Stefan Kanthak
• {CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities., Madhu Akula
• Backdoor access to Techboard/Syac devices, roberto . paleari
• PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability, Vulnerability Lab
• Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability, Vulnerability Lab
• [SECURITY] CVE-2014-3503 Apache Syncope, Francesco Chicchiriccò
• Photo Org WonderApplications v8.3 iOS - File Include Vulnerability, Vulnerability Lab
• ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities, Security Alert
• ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability, Security Alert
• [SECURITY] [DSA 2973-1] vlc security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access, security-alert
• Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit, Sumit Siddharth
• CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX, Portcullis Advisories
• [ MDVSA-2014:126 ] phpmyadmin, security
• [security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information, security-alert
• [SECURITY] [DSA 2974-1] php5 security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-14:17.kmem, FreeBSD Security Advisories
• CVE-2014-4331 OctavoCMS reflected XSS vulnerability, andreu . antonio
• Android NFC Service Denial of Service, vuln
• [ MDVSA-2014:127 ] gnupg, security
• [ MDVSA-2014:128 ] iodine, security
• [ MDVSA-2014:130 ] php, security
• [ MDVSA-2014:129 ] ffmpeg, security
• [ MDVSA-2014:131 ] file, security
• [ MDVSA-2014:132 ] libxfont, security
• OS Command Injection Infoblox Network Automation, nate
• Weak Local Database Credentials in Infoblox Network Automation, nate
• Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2975-1] phpmyadmin security update, Thijs Kinkhorst
• [security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information, security-alert
• [security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information, security-alert
• SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop, SEC Consult Vulnerability Lab
• SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system, SEC Consult Vulnerability Lab
• SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu, SEC Consult Vulnerability Lab
• [ MDVSA-2014:133 ] gd, security
• SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop, SEC Consult Vulnerability Lab
• [ MDVSA-2014:134 ] liblzo, security
• [ MDVSA-2014:135 ] python, security
• Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
• Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2976-1] eglibc security update, Florian Weimer
• [ MDVSA-2014:136 ] samba, security
• [ MDVSA-2014:137 ] apache-mod_wsgi, security
• [SECURITY] [DSA 2977-1] libav security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2978-1] libxml2 security update, Moritz Muehlenhoff
• [ MDVSA-2014:138 ] asterisk, security
• [slackware-security] php (SSA:2014-192-01), Slackware Security Team
• [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability, Egidio Romano
• [security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege, security-alert
• [security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information, security-alert
• Ruxcon 2014 Final Call For Presentations, cfp
• [security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information, security-alert
• Node Browserify RCE vuln (<= 4.2.0), Cal Leeming [Simplicity Media Ltd]
• [security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code, security-alert
• KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition, SEC Consult Vulnerability Lab
• VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014), VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014), VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014), VUPEN Security Research
• VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014), VUPEN Security Research
• Reflected Cross-Site Scripting (XSS) in e107, High-Tech Bridge Security Research
• SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client", SEC Consult Vulnerability Lab
• SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway, SEC Consult Vulnerability Lab
• SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone, SEC Consult Vulnerability Lab
• Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2765-2] davfs regression update, Thijs Kinkhorst
• IP.Board 3.4 cross-site scripting in Referer header, stormhacker
• [HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August, Hafez Kamal
• Ignore the amount customers confirm is no security vulnerability according to PayPal, Jan Kechel
• [SECURITY] [DSA 2979-1] fail2ban security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2980-1] openjdk-6 security update, Moritz Muehlenhoff
• Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703), Vulnerability Lab
• Microsoft MSN HBE - Blind SQL Injection Vulnerability, Vulnerability Lab
• ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability, Security Alert
• CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure, i amroot
• [SECURITY] [DSA 2981-1] polarssl security update, Salvatore Bonaccorso
• CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs., Jordan Sissel
• KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• [SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2983-1] drupal7 security update, Moritz Muehlenhoff
• Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin, president
• [oCERT-2014-004] Ansible input sanitization errors, Andrea Barisani
• Cross-site Scripting in EventLog Analyzer 9.0 build #9000, audit1
• Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080, audit1
• Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability, Vulnerability Lab
• [security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information, security-alert
• Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2984-1] acpi-support security update, Luciano Bello
• [SECURITY] [DSA 2985-1] mysql-5.5 security update, Salvatore Bonaccorso
• Multiple Vulnerabilities in Parallels® Plesk Sitebuilder, cseye_ut
• [oCERT-2014-005] LPAR2RRD input sanitization errors, Daniele Bianco
• SQL Injection in Е2 , High-Tech Bridge Security Research
• [security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information, security-alert
• [security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
  • Message not available
    • Message not available
      • Message not available
        • Message not available
          • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Gynvael Coldwind
            • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
• [SECURITY] [DSA 2986-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2987-1] openjdk-7 security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities, security-alert
• [slackware-security] httpd (SSA:2014-204-01), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-204-02), Slackware Security Team
• Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398, Vulnerability Lab
• [slackware-security] mozilla-thunderbird (SSA:2014-204-03), Slackware Security Team
• [SECURITY] [DSA 2988-1] transmission security update, Moritz Muehlenhoff
• Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14, dkl
• [SECURITY] [DSA 2989-1] apache2 security update, Stefan Fritsch
• Easy file sharing web server - persist XSS in forum msgs, joseph . giron13
• Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities, Vulnerability Lab
• Web Encryption Extension security update, Ralf Senderek
• [security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 2990-1] cups security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2991-1] modsecurity-apache security update, Salvatore Bonaccorso
• Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability, Vulnerability Lab
• Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities, vulns
• Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities, vulns
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
  • <Possible follow-ups>
  • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
    • Message not available
      • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
        • Message not available
          • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
            • RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Joe Souza
              • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
• [SECURITY] [DSA 2992-1] linux security update, Salvatore Bonaccorso
• WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities, Vulnerability Lab
• [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication, Onapsis Research Labs
• [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool, Onapsis Research Labs
• [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4, Onapsis Research Labs
• [ MDVSA-2014:139 ] nss, security
• [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass, Onapsis Research Labs
• [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service, Onapsis Research Labs
• [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS, Onapsis Research Labs
• [ MDVSA-2014:141 ] java-1.7.0-openjdk, security
• [security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
• [ MDVSA-2014:140 ] owncloud, security
• Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529], Programa STIC
• Improper Access Control in ArticleFR, High-Tech Bridge Security Research
• [ MDVSA-2014:142 ] apache, security
• [ MDVSA-2014:143 ] phpmyadmin, security
• [ MDVSA-2014:144 ] live, security