Mail Thread Index

• Date Index

• [security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack, security-alert
• [SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565), matthias . deeg
• SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access, SEC Consult Vulnerability Lab
• [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU, Security Explorations
• [SECURITY] [DSA 3060-1] linux security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3061-1] icedove security update, Moritz Muehlenhoff
• "Aircrack-ng 1.2 Beta 3" multiple vulnerabilities, n . sampanis
• PARSADEV CMS Cross-Site Scripting Vulnerability, iedb . team
• [SECURITY] [DSA 3063-1] quassel security update, Luciano Bello
• [SECURITY] [DSA 3062-1] wget security update, Luciano Bello
• CFP: Fourth World Congress - SEMCMI2015 - Malaysia, Conference Updates
• Ahrareandeysheh CMS Cross-Site Scripting Vulnerability, iedb . team
• Modx CMS CSRF Bypass & XSS Vulnerabilities, bhati . contact
• [slackware-security] seamonkey (SSA:2014-307-04), Slackware Security Team
• [slackware-security] mariadb (SSA:2014-307-01), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-307-02), Slackware Security Team
• [slackware-security] php (SSA:2014-307-03), Slackware Security Team
• [Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform, AppCheck_Advisories
• [SECURITY] [DSA 3064-1] php5 security update, Salvatore Bonaccorso
• Call for Papers - WorldCIST'15 - Best papers published in JCR/SCI journals, ML
• Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer, subs
• [security bulletin] HPSBUX03162 SSRT101767 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack, security-alert
• FreeBSD Security Advisory FreeBSD-SA-14:24.sshd, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:26.ftp, FreeBSD Security Advisories
• KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read, KoreLogic Disclosures
• CVE-2014-6617 Softing FG-100 Backdoor Account, Ingmar Rosenhagen
• CVE-2014-6616 Softing FG-100 Webui XSS, Ingmar Rosenhagen
• Wordpress bulletproof-security <=.51 multiple vulnerabilities, Pietro Oliva
• Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms, High-Tech Bridge Security Research
• Arbitrary File Upload in HelpDEZk, High-Tech Bridge Security Research
• WordPress Wordfence Firewall 5.1.2 Cross Site Scripting, bhati . contact
• ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability, Security Alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers, Cisco Systems Product Security Incident Response Team
• i.Hex Local Crash Poc, metacom27
• i.Mage Local Crash Poc, metacom27
• i-FTP Buffer Overflow SEH, metacom27
• [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser, Pedro Ribeiro
• Cisco RV Series multiple vulnerabilities, Securify B.V.
• SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection, SEC Consult Vulnerability Lab
• [CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper, mdgh9
• [SECURITY] [DSA 3065-1] libxml-security-java security update, Sebastien Delafond
• [SECURITY] [DSA 3066-1] qemu security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3067-1] qemu-kvm security update, Salvatore Bonaccorso
• CA20141103-01: Security Notice for CA Cloud Service Management, Kotas, Kevin J
• ZTE ZXDSL 831CII Direct Object Reference, habte . yibelo
• ZTE 831CII Multiple Vulnerablities, habte . yibelo
• ZTE ZXDSL 831 Multiple Cross Site Scripting, habte . yibelo
• XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities, Larry W. Cashdollar
• Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426], Programa STIC
• FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED], FreeBSD Security Advisories
• [SECURITY] [DSA 3068-1] konversation security update, Moritz Muehlenhoff
• Open-Xchange Security Advisory 2014-11-07, Martin Heiland
• SeasonApps iTransfer 1.1 - Persistent UI Vulnerability, Vulnerability Lab
• BookFresh - Persistent Clients Invite Vulnerability, Vulnerability Lab
• PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3069-1] curl security update, Salvatore Bonaccorso
• CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests, Gordon Sim
• [SECURITY] [DSA 3070-1] kfreebsd-9 security update, Moritz Muehlenhoff
• [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro, Pedro Ribeiro
• [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360, Pedro Ribeiro
• [security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities, security-alert
• Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211], Programa STIC
• [SECURITY] [DSA 3071-1] nss security update, Sebastien Delafond
• [security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities, security-alert
• [security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access, security-alert
• [security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code, security-alert
• [security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information, security-alert
• [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC), ESNC Security
• [SECURITY] [DSA 3072-1] file security update, Thijs Kinkhorst
• CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2, cert
  • <Possible follow-ups>
  • Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2, cert
• CVE-2014-8732, cert
  • <Possible follow-ups>
  • Re: CVE-2014-8732, cert
• Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731], Programa STIC
• [SECURITY] [DSA 3050-3] iceweasel security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution, security-alert
• CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs, Timo Schmid
• CVE-2014-8683 XSS in Gogs Markdown Renderer, Timo Schmid
• [security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3073-1] libgcrypt11 security update, Salvatore Bonaccorso
• [slackware-security] mozilla-thunderbird (SSA:2014-320-01), Slackware Security Team
• APPLE-SA-2014-11-17-1 iOS 8.1.1, Apple Product Security
• APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1, Apple Product Security
• APPLE-SA-2014-11-17-3 Apple TV 7.0.2, Apple Product Security
• [security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information, security-alert
• CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload, Steffen Bauch
• CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload, Steffen Bauch
• CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload, Steffen Bauch
• [ MDVSA-2014:214 ] dbus, security
• [ MDVSA-2014:213 ] curl, security
• [SECURITY] [DSA 3074-1] php5 security update, Yves-Alexis Perez
• [ MDVSA-2014:215 ] gnutls, security
• Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension, High-Tech Bridge Security Research
• [SECURITY] [DSA 3074-2] php5 regression update, Yves-Alexis Perez
• CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM, Portcullis Advisories
• [CORE-2014-0009] - Advantech EKI-6340 Command Injection, CORE Advisories Team
• [CORE-2014-0008] - Advantech AdamView Buffer Overflow, CORE Advisories Team
• [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow, CORE Advisories Team
• [ MDVSA-2014:216 ] php-ZendFramework, security
• [ MDVSA-2014:217 ] clamav, security
• CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin, phi . n . le
• [SECURITY] [DSA 3075-1] drupal7 security update, Salvatore Bonaccorso
• Multiple SQL Injection in SP Client Document Manager plugin, thai . q . dang
• AST-2014-014: High call load may result in hung channels in ConfBridge., Asterisk Security Team
• AST-2014-018: AMI permission escalation through DB dialplan function, Asterisk Security Team
• AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>, Asterisk Security Team
• AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver, Asterisk Security Team
• AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver, Asterisk Security Team
• AST-2014-013: PJSIP ACLs are not loaded on startup, Asterisk Security Team
• AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic., Asterisk Security Team
• WordPress 3 persistent script injection, Jouko Pynnonen
• [ MDVSA-2014:218 ] asterisk, security
• [security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities, security-alert
• [ MDVSA-2014:219 ] srtp, security
• [ MDVSA-2014:220 ] qemu, security
• [ MDVSA-2014:221 ] php-smarty, security
• [ MDVSA-2014:222 ] libvirt, security
• [ MDVSA-2014:223 ] wireshark, security
• [ MDVSA-2014:224 ] krb5, security
• [security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, security-alert
• Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin, Larry W. Cashdollar
• CVE-2014-8419 - CodeMeter Weak Service Permissions, ajs
• Docker 1.3.2 - Security Advisory [24 Nov 2014], Eric Windisch
• [oCERT 2014-008] libFLAC multiple issues, Daniele Bianco
• [ MDVSA-2014:225 ] ruby, security
• [ MDVSA-2014:226 ] imagemagick, security
• [ MDVSA-2014:227 ] ffmpeg, security
• [security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution, security-alert
• Slider Revolution/Showbiz Pro shell upload exploit, simo
• [security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass, security-alert
• [SECURITY] [DSA 3076-1] wireshark security update, Moritz Muehlenhoff
• [ MDVSA-2014:228 ] phpmyadmin, security
• Сross-Site Request Forgery (CSRF) in xEpan, High-Tech Bridge Security Research
• CVE-2014-5439 - Root shell on Sniffit [with exploit], Hector Marco
• [ MDVSA-2014:229 ] libvncserver, security
• [SECURITY] [DSA 3077-1] openjdk-6 security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information, security-alert
• [ MDVSA-2014:230 ] kernel, security
• [ MDVSA-2014:231 ] icecast, security
• [ MDVSA-2014:232 ] glibc, security
• [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability, Egidio Romano
• [SECURITY] [DSA 3078-1] libksba security update, Salvatore Bonaccorso
• [ MDVSA-2014:233 ] wordpress, security
• [security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information, security-alert
• Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used), Stefan Kanthak
• [ MDVSA-2014:234 ] libksba, security
• [ MDVSA-2014:235 ] perl-Plack, security
• [ MDVSA-2014:236 ] file, security
• [ MDVSA-2014:237 ] perl-Mojolicious, security