Mail Index

• Thread Index

• [security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
  • From: security-alert
• [SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)
  • From: matthias . deeg
• SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access
  • From: SEC Consult Vulnerability Lab
• [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU
  • From: Security Explorations
• [SECURITY] [DSA 3060-1] linux security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3061-1] icedove security update
  • From: Moritz Muehlenhoff
• "Aircrack-ng 1.2 Beta 3" multiple vulnerabilities
  • From: n . sampanis
• PARSADEV CMS Cross-Site Scripting Vulnerability
  • From: iedb . team
• [SECURITY] [DSA 3063-1] quassel security update
  • From: Luciano Bello
• [SECURITY] [DSA 3062-1] wget security update
  • From: Luciano Bello
• CFP: Fourth World Congress - SEMCMI2015 - Malaysia
  • From: Conference Updates
• Ahrareandeysheh CMS Cross-Site Scripting Vulnerability
  • From: iedb . team
• Modx CMS CSRF Bypass & XSS Vulnerabilities
  • From: bhati . contact
• [slackware-security] seamonkey (SSA:2014-307-04)
  • From: Slackware Security Team
• [slackware-security] mariadb (SSA:2014-307-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-307-02)
  • From: Slackware Security Team
• [slackware-security] php (SSA:2014-307-03)
  • From: Slackware Security Team
• [Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform
  • From: AppCheck_Advisories
• [SECURITY] [DSA 3064-1] php5 security update
  • From: Salvatore Bonaccorso
• Call for Papers - WorldCIST'15 - Best papers published in JCR/SCI journals
  • From: ML
• Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer
  • From: subs
• [security bulletin] HPSBUX03162 SSRT101767 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-14:24.sshd
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:26.ftp
  • From: FreeBSD Security Advisories
• KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read
  • From: KoreLogic Disclosures
• CVE-2014-6617 Softing FG-100 Backdoor Account
  • From: Ingmar Rosenhagen
• CVE-2014-6616 Softing FG-100 Webui XSS
  • From: Ingmar Rosenhagen
• Wordpress bulletproof-security <=.51 multiple vulnerabilities
  • From: Pietro Oliva
• Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms
  • From: High-Tech Bridge Security Research
• Arbitrary File Upload in HelpDEZk
  • From: High-Tech Bridge Security Research
• WordPress Wordfence Firewall 5.1.2 Cross Site Scripting
  • From: bhati . contact
• ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability
  • From: Security Alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers
  • From: Cisco Systems Product Security Incident Response Team
• i.Hex Local Crash Poc
  • From: metacom27
• i.Mage Local Crash Poc
  • From: metacom27
• i-FTP Buffer Overflow SEH
  • From: metacom27
• [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser
  • From: Pedro Ribeiro
• Cisco RV Series multiple vulnerabilities
  • From: Securify B.V.
• SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
  • From: SEC Consult Vulnerability Lab
• [CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper
  • From: mdgh9
• [SECURITY] [DSA 3065-1] libxml-security-java security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3066-1] qemu security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3067-1] qemu-kvm security update
  • From: Salvatore Bonaccorso
• CA20141103-01: Security Notice for CA Cloud Service Management
  • From: Kotas, Kevin J
• ZTE ZXDSL 831CII Direct Object Reference
  • From: habte . yibelo
• ZTE 831CII Multiple Vulnerablities
  • From: habte . yibelo
• ZTE ZXDSL 831 Multiple Cross Site Scripting
  • From: habte . yibelo
• XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
  • From: Larry W. Cashdollar
• Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]
  • From: Programa STIC
• FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED]
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 3068-1] konversation security update
  • From: Moritz Muehlenhoff
• Open-Xchange Security Advisory 2014-11-07
  • From: Martin Heiland
• SeasonApps iTransfer 1.1 - Persistent UI Vulnerability
  • From: Vulnerability Lab
• BookFresh - Persistent Clients Invite Vulnerability
  • From: Vulnerability Lab
• PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3069-1] curl security update
  • From: Salvatore Bonaccorso
• CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests
  • From: Gordon Sim
• [SECURITY] [DSA 3070-1] kfreebsd-9 security update
  • From: Moritz Muehlenhoff
• [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro
  • From: Pedro Ribeiro
• [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360
  • From: Pedro Ribeiro
• [security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities
  • From: security-alert
• Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211]
  • From: Programa STIC
• [SECURITY] [DSA 3071-1] nss security update
  • From: Sebastien Delafond
• [security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access
  • From: security-alert
• [security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code
  • From: security-alert
• [security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)
  • From: ESNC Security
• [SECURITY] [DSA 3072-1] file security update
  • From: Thijs Kinkhorst
• CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
  • From: cert
• CVE-2014-8732
  • From: cert
• Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]
  • From: Programa STIC
• [SECURITY] [DSA 3050-3] iceweasel security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution
  • From: security-alert
• Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
  • From: cert
• Re: CVE-2014-8732
  • From: cert
• CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs
  • From: Timo Schmid
• CVE-2014-8683 XSS in Gogs Markdown Renderer
  • From: Timo Schmid
• [security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 3073-1] libgcrypt11 security update
  • From: Salvatore Bonaccorso
• [slackware-security] mozilla-thunderbird (SSA:2014-320-01)
  • From: Slackware Security Team
• APPLE-SA-2014-11-17-1 iOS 8.1.1
  • From: Apple Product Security
• APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1
  • From: Apple Product Security
• APPLE-SA-2014-11-17-3 Apple TV 7.0.2
  • From: Apple Product Security
• [security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information
  • From: security-alert
• CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload
  • From: Steffen Bauch
• CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload
  • From: Steffen Bauch
• CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload
  • From: Steffen Bauch
• [ MDVSA-2014:214 ] dbus
  • From: security
• [ MDVSA-2014:213 ] curl
  • From: security
• [SECURITY] [DSA 3074-1] php5 security update
  • From: Yves-Alexis Perez
• [ MDVSA-2014:215 ] gnutls
  • From: security
• Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 3074-2] php5 regression update
  • From: Yves-Alexis Perez
• CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM
  • From: Portcullis Advisories
• [CORE-2014-0009] - Advantech EKI-6340 Command Injection
  • From: CORE Advisories Team
• [CORE-2014-0008] - Advantech AdamView Buffer Overflow
  • From: CORE Advisories Team
• [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow
  • From: CORE Advisories Team
• [ MDVSA-2014:216 ] php-ZendFramework
  • From: security
• [ MDVSA-2014:217 ] clamav
  • From: security
• CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin
  • From: phi . n . le
• [SECURITY] [DSA 3075-1] drupal7 security update
  • From: Salvatore Bonaccorso
• Multiple SQL Injection in SP Client Document Manager plugin
  • From: thai . q . dang
• AST-2014-014: High call load may result in hung channels in ConfBridge.
  • From: Asterisk Security Team
• AST-2014-018: AMI permission escalation through DB dialplan function
  • From: Asterisk Security Team
• AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
  • From: Asterisk Security Team
• AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver
  • From: Asterisk Security Team
• AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver
  • From: Asterisk Security Team
• AST-2014-013: PJSIP ACLs are not loaded on startup
  • From: Asterisk Security Team
• AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.
  • From: Asterisk Security Team
• WordPress 3 persistent script injection
  • From: Jouko Pynnonen
• [ MDVSA-2014:218 ] asterisk
  • From: security
• [security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities
  • From: security-alert
• [ MDVSA-2014:219 ] srtp
  • From: security
• [ MDVSA-2014:220 ] qemu
  • From: security
• [ MDVSA-2014:221 ] php-smarty
  • From: security
• [ MDVSA-2014:222 ] libvirt
  • From: security
• [ MDVSA-2014:223 ] wireshark
  • From: security
• [ MDVSA-2014:224 ] krb5
  • From: security
• [security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
  • From: security-alert
• Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin
  • From: Larry W. Cashdollar
• CVE-2014-8419 - CodeMeter Weak Service Permissions
  • From: ajs
• Docker 1.3.2 - Security Advisory [24 Nov 2014]
  • From: Eric Windisch
• [oCERT 2014-008] libFLAC multiple issues
  • From: Daniele Bianco
• [ MDVSA-2014:225 ] ruby
  • From: security
• [ MDVSA-2014:226 ] imagemagick
  • From: security
• [ MDVSA-2014:227 ] ffmpeg
  • From: security
• [security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution
  • From: security-alert
• Slider Revolution/Showbiz Pro shell upload exploit
  • From: simo
• [security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
  • From: security-alert
• [SECURITY] [DSA 3076-1] wireshark security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2014:228 ] phpmyadmin
  • From: security
• Сross-Site Request Forgery (CSRF) in xEpan
  • From: High-Tech Bridge Security Research
• CVE-2014-5439 - Root shell on Sniffit [with exploit]
  • From: Hector Marco
• [ MDVSA-2014:229 ] libvncserver
  • From: security
• [SECURITY] [DSA 3077-1] openjdk-6 security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [ MDVSA-2014:230 ] kernel
  • From: security
• [ MDVSA-2014:231 ] icecast
  • From: security
• [ MDVSA-2014:232 ] glibc
  • From: security
• [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [SECURITY] [DSA 3078-1] libksba security update
  • From: Salvatore Bonaccorso
• [ MDVSA-2014:233 ] wordpress
  • From: security
• [security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information
  • From: security-alert
• Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
  • From: Stefan Kanthak
• [ MDVSA-2014:234 ] libksba
  • From: security
• [ MDVSA-2014:235 ] perl-Plack
  • From: security
• [ MDVSA-2014:236 ] file
  • From: security
• [ MDVSA-2014:237 ] perl-Mojolicious
  • From: security