Mail Index
- Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
- WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
- From: jesus . ramirez . pichardo
- WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
- From: jesus . ramirez . pichardo
- [SECURITY] [DSA 2987-2] openjdk-7 regression update
- SSH host key fingerprint - through HTTPS
- CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia
- Re: SSH host key fingerprint - through HTTPS
- Avira License Application - Cross Site Request Forgery Vulnerability
- Re: SSH host key fingerprint - through HTTPS
- WWW File Share Pro v7.0 - Denial of Service Vulnerability
- Re: [FD] SSH host key fingerprint - through HTTPS
- [SECURITY] [DSA 3016-1] lua5.2 security update
- [SECURITY] [DSA 3015-1] lua5.1 security update
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: SSH host key fingerprint - through HTTPS
- Re: SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- [ MDVSA-2014:160 ] gpgme
- [ MDVSA-2014:161 ] subversion
- [ MDVSA-2014:162 ] catfish
- [ MDVSA-2014:164 ] phpmyadmin
- [ MDVSA-2014:163 ] python-imaging
- [ MDVSA-2014:165 ] krb5
- [ MDVSA-2014:166 ] serf
- [ MDVSA-2014:167 ] file
- [ MDVSA-2014:168 ] libvncserver
- [ MDVSA-2014:169 ] bugzilla
- [ MDVSA-2014:170 ] jakarta-commons-httpclient
- [ MDVSA-2014:171 ] dhcpcd
- Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
- Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability
- [SECURITY] [DSA 3017-1] php-cas security update
- [security bulletin] HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information
- [CORE-2014-0005] - Advantech WebAccess Vulnerabilities
- From: CORE Advisories Team
- Re: ntopng 1.2.0 XSS injection using monitored network traffic
- [ MDVSA-2014:173 ] busybox
- [ MDVSA-2014:172 ] php
- [SECURITY] [DSA 3018-1] iceweasel security update
- Reflected Cross-Site Scripting (XSS) in BlackCat CMS
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in MyWebSQL
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBMU03083 rev.2 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- Avolve Software ProjectDox Multiple Vulnerability Disclosure
- [ MDVSA-2014:174 ] apache
- Uninit memory disclosure via truncated images in Firefox
- [SECURITY] [DSA 3019-1] procmail security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:175 ] glibc
- [WorldCIST'15]: Call for Workshops Proposals; Best papers published in ISI Journals
- apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error
- [ MDVSA-2014:176 ] libgcrypt
- [ MDVSA-2014:177 ] squid
- [ MDVSA-2014:178 ] ppp
- [ MDVSA-2014:179 ] python-django
- [slackware-security] mozilla-firefox (SSA:2014-247-02)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2014-247-03)
- From: Slackware Security Team
- [slackware-security] php (SSA:2014-247-01)
- From: Slackware Security Team
- [security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities
- Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
- t2’14 Challenge to be released 2014-09-13 10:00 EEST
- CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler"
- From: Christian Schneider
- CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler"
- From: Christian Schneider
- CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"
- From: Christian Schneider
- [security bulletin] HPSBST03106 rev.1 - HP P2000 G3 MSA Array System running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability
- Cisco Security Advisory: Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- FreeBSD Security Advisory FreeBSD-SA-14:18.openssl
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3021-1] file security update
- Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
- NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries
- From: VMware Security Response Center
- [security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code
- [slackware-security] seamonkey (SSA:2014-252-01)
- From: Slackware Security Team
- [SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat
- [SECURITY] [DSA 3020-1] acpi-support security update
- [SECURITY] [DSA 3022-1] curl security update
- [SECURITY] [DSA 3021-2] file regression update
- PhotoSync v2.2 iOS - Command Inject Web Vulnerability
- Photorange v1.0 iOS - File Include Web Vulnerability
- ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability
- Call for Participation: Semantic Web Business and Innovation (SWBI2015) * Switzerland
- NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability
- From: VMware Security Response Center
- [SECURITY] [DSA 3023-1] bind9 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3024-1] gnupg security update
- HttpFileServer 2.3.x Remote Command Execution
- From: danielelinguaglossa
- [security bulletin] HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information
- Re: HttpFileServer 2.3.x Remote Command Execution
- From: danielelinguaglossa
- Multiple Vulnerabilities with Aztech Modem Routers
- From: Federick Joe P Fajardo
- Open-Xchange Security Advisory 2014-09-15
- Passwords^14 Norway - CFP
- Briefcase 4.0 iOS - Code Execution & File Include Vulnerability
- ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
- From: FreeBSD Security Advisories
- Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308
- Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280
- USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability
- [SECURITY] [DSA 3025-1] apt security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3026-1] dbus security update
- [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow
- From: CORE Advisories Team
- Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)
- MIUI Wifi Connection Message Vulnerability
- MIUI Torch Open Vulnerability
- Path Traversal in webEdition
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in MODX Revolution
- From: High-Tech Bridge Security Research
- APPLE-SA-2014-09-17-1 iOS 8
- From: Apple Product Security
- APPLE-SA-2014-09-17-2 Apple TV 7
- From: Apple Product Security
- [SECURITY] [DSA 3027-1] libav security update
- [SECURITY] [DSA 3028-1] icedove security update
- CVE ID Syntax Change - Deadline Approaching
- From: Christey, Steven M.
- APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
- From: Apple Product Security
- APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
- From: Apple Product Security
- APPLE-SA-2014-09-17-5 OS X Server 3.2.1
- From: Apple Product Security
- APPLE-SA-2014-09-17-6 OS X Server 2.2.3
- From: Apple Product Security
- Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
- Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
- Oracle Corporation MyOracle - Persistent Vulnerability
- APPLE-SA-2014-09-17-7 Xcode 6.0.1
- From: Apple Product Security
- CVE ID Syntax Change - Deadline Approaching
- From: Christey, Steven M.
- AST-2014-009: Remote crash based on malformed SIP subscription requests
- From: Asterisk Security Team
- AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations
- From: Asterisk Security Team
- [SECURITY] [DSA 3025-2] apt regression update
- From: Salvatore Bonaccorso
- Re: Multiple Vulnerabilities with Aztech Modem Routers
- From: Federick Joe P Fajardo
- [SECURITY] [DSA 3029-1] nginx security update
- From: Salvatore Bonaccorso
- CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product
- From: Christian Schneider
- [SECURITY] [DSA 3030-1] mantis security update
- TP-LINK WDR4300 - Stored XSS & DoS
- Strength and Weakness of Methods to Confirm SSH Host Key
- Re: TP-LINK WDR4300 - Stored XSS & DoS
- [ MDVSA-2014:180 ] gnupg
- Re: TP-LINK WDR4300 - Stored XSS & DoS
- Glype proxy cookie jar path traversal allows code execution
- Glype proxy privacy settings can be disabled via CSRF
- [security bulletin] HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access
- Glype proxy local address filter bypass
- [KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
- [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability
- CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser
- [SECURITY] [DSA 3031-1] apt security update
- From: Salvatore Bonaccorso
- Two SQL Injections in All In One WP Security WordPress plugin
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3032-1] bash security update
- [ MDVSA-2014:183 ] phpmyadmin
- [ MDVSA-2014:185 ] libgadu
- [ MDVSA-2014:181 ] dump
- [ MDVSA-2014:182 ] zarafa
- [ MDVSA-2014:183 ] phpmyadmin
- [ MDVSA-2014:184 ] net-snmp
- Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2014:186 ] bash
- Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key
- [security bulletin] HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information
- [SECURITY] [DSA 3033-1] nss security update
- CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control
- [SECURITY] [DSA 3034-1] iceweasel security update
- [ MDVSA-2014:188 ] wireshark
- [ MDVSA-2014:187 ] curl
- [ MDVSA-2014:189 ] nss
- LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
- [slackware-security] mozilla-nss (SSA:2014-267-02)
- From: Slackware Security Team
- [slackware-security] bash (SSA:2014-267-01)
- From: Slackware Security Team
- [oCERT-2014-007] libvncserver multiple issues
- [slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)
- From: Slackware Security Team
- Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3035-1] bash security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3036-1] mediawiki security update
- [slackware-security] bash (SSA:2014-268-01)
- From: Slackware Security Team
- [ MDVSA-2014:190 ] bash
- GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability
- Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities
- Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability
- Oracle Corporation MyOracle - Persistent Vulnerability
- SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability
- [SECURITY] [DSA 3037-1] icedove security update
- WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies
- Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon
- [SECURITY] [DSA 3038-1] libvirt security update
- From: Salvatore Bonaccorso
- [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
- [SECURITY] [DSA 3039-1] chromium-browser security update
- [slackware-security] mozilla-firefox (SSA:2014-271-01)
- From: Slackware Security Team
- Moab Authentication Bypass [CVE-2014-5300]
- Moab User Impersonation [CVE-2014-5375]
- Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]
- [ MDVSA-2014:191 ] perl-XML-DT
- [slackware-security] mozilla-thunderbird (SSA:2014-271-02)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-271-03)
- From: Slackware Security Team
- [slackware-security] bash (SSA:2014-272-01)
- From: Slackware Security Team
- London DEFCON - September 30th 2014
Mail converted by MHonArc