Mail Index
- WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034)
- [SECURITY] [DSA 3079-1] ppp security update
- [SECURITY] [DSA 3080-1] openjdk-7 security update
- [SECURITY] [DSA 3083-1] mutt security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3082-1] flac security update
- [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360
- [SECURITY] [DSA 3081-1] libvncserver security update
- CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4
- [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf
- From: RedTeam Pentesting GmbH
- [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure
- From: RedTeam Pentesting GmbH
- [SECURITY] [DSA 3084-1] openvpn security update
- [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
- From: RedTeam Pentesting GmbH
- CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress
- ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability
- ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability
- F5 BIGIP - (OLD!) Persistent XSS in ASM Module
- [SECURITY] [DSA 3085-1] wordpress security update
- [slackware-security] mozilla-thunderbird (SSA:2014-337-01)
- From: Slackware Security Team
- Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360
- Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection
- From: Ewerson Guimarães (Crash) - Dclabs
- [SECURITY] [DSA 3086-1] tcpdump security update
- From: Salvatore Bonaccorso
- APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
- From: Apple Product Security
- CVE-2014-9215 - SQL Injection in PBBoard CMS
- Re: Slider Revolution/Showbiz Pro shell upload exploit
- [SECURITY] [DSA 3087-1] qemu security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3088-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [oCERT-2014-009] JasPer input sanitization errors
- [SECURITY] [DSA 3089-1] jasper security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3090-1] iceweasel security update
- [security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
- Offset2lib: bypassing full ASLR on 64bit Linux
- NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- From: VMware Security Response Center
- NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass)
- [SECURITY] [DSA 3092-1] icedove security update
- [SECURITY] [DSA 3091-1] getmail4 security update
- ***UNCHECKED*** [SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google)
- From: Security Explorations
- ***UNCHECKED*** Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux
- ***UNCHECKED*** CMS Made Simple PHP Code Injection Vulnerability (All versions)
- ***UNCHECKED*** CFP: InfoSec SouthWest 2015 (ISSW)
- ***UNCHECKED*** [ANN] Apache Struts 2.3.20 GA release available with security fix
- [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds
- [SECURITY] [DSA 3094-1] bind9 security update
- [security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3093-1] linux security update
- From: Salvatore Bonaccorso
- Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120
- [security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information
- [CVE-2014-8340] phpTrafficA SQL injection
- NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
- From: VMware Security Response Center
- [security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- [security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
- Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities
- [CVE-2014-7303] SGI Tempo System Database Exposure
- [CVE-2014-7302] SGI SUID Root Privilege Escalation
- [CVE-2014-7301] SGI Tempo System Database Password Exposure
- NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities
- From: VMware Security Response Center
- FreeBSD Security Advisory FreeBSD-SA-14:27.stdio
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:28.file
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:29.bind
- From: FreeBSD Security Advisories
- AST-2014-019: Remote Crash Vulnerability in WebSocket Server
- From: Asterisk Security Team
- [SECURITY] [DSA 3095-1] xorg-server security update
- [SECURITY] [DSA 3096-1] pdns-recursor security update
- [slackware-security] openvpn (SSA:2014-344-04)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2014-344-06)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2014-344-01)
- From: Slackware Security Team
- [slackware-security] pidgin (SSA:2014-344-05)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2014-344-02)
- From: Slackware Security Team
- [slackware-security] wpa_supplicant (SSA:2014-344-07)
- From: Slackware Security Team
- [slackware-security] openssh (SSA:2014-344-03)
- From: Slackware Security Team
- [SECURITY] [DSA 3097-1] unbound security update
- [SECURITY] [DSA 3098-1] graphviz security update
- From: Salvatore Bonaccorso
- APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2
- From: Apple Product Security
- ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities
- [SECURITY] [DSA 3099-1] dbus security update
- Docker 1.3.3 - Security Advisory [11 Dec 2014]
- [security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability
- ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities
- ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability
- [ MDVSA-2014:246 ] openvpn
- [ MDVSA-2014:247 ] jasper
- [ MDVSA-2014:248 ] graphviz
- [ MDVSA-2014:249 ] qemu
- [ MDVSA-2014:250 ] cpio
- [ MDVSA-2014:251 ] rpm
- CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"
- From: Christian Schneider
- CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"
- From: Christian Schneider
- [ MDVSA-2014:245 ] mutt
- [ MDVSA-2014:244 ] openafs
- [ MDVSA-2014:243 ] phpmyadmin
- [ MDVSA-2014:239 ] flac
- [SECURITY] [DSA 3100-1] mediawiki security update
- [SECURITY] [DSA 3101-1] c-icap security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:238 ] bind
- Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
- [SECURITY] [DSA 3102-1] libyaml security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update
- From: Salvatore Bonaccorso
- [ MDVSA-2014:242 ] yaml
- Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]
- Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701
- From: steffen . roesemann1986
- [ MDVSA-2014:253 ] apache-mod_wsgi
- [ MDVSA-2014:252 ] nss
- CA20141215-01: Security Notice for CA LISA Release Automation
- [SE-2014-02] Google App Engine Java security sandbox bypasses (status update)
- From: Security Explorations
- "Ettercap 8.0 - 8.1" multiple vulnerabilities
- [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA
- From: Onapsis Research Labs
- W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
- [SECURITY] [DSA 3104-1] bsd-mailx security update
- [SECURITY] [DSA 3105-1] heirloom-mailx security update
- iWifi for Chat v1.1 iOS - Denial of Service Vulnerability
- Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability
- Elefant CMS v1.3.9 - Persistent Name Update Vulnerability
- Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability
- RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability
- [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)
- [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities
- [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution
- [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-14:30.unbound
- From: FreeBSD Security Advisories
- secuvera-SA-2014-01: Reflected XSS in W3 Total Cache
- Cross-Site Scripting (XSS) in Revive Adserver
- From: High-Tech Bridge Security Research
- Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability
- Morfy CMS v1.05 - Command Execution Vulnerability
- Jease CMS v2.11 - Persistent UI Web Vulnerability
- Apple iOS v8.x - Message Context & Privacy Vulnerability
- Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability
- E-Journal CMS (ID) - Multiple Web Vulnerabilities
- iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability
- SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted
- From: SEC Consult Vulnerability Lab
- [oCERT-2014-012] JasPer input sanitization errors
- APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3
- From: Apple Product Security
- SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor
- From: SEC Consult Vulnerability Lab
- iBackup v10.0.0.45 - Privilege Escalation Vulnerability
- Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability
- Facebook BB #18 - IDOR Issue & Privacy Vulnerability
- TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325
- TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367
- [SECURITY] [DSA 3106-1] jasper security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3107-1] subversion security update
- [SECURITY] [DSA 3108-1] ntp security update
- [SECURITY] [DSA 3107-2] subversion regression update
- [SECURITY] [DSA 3109-1] firebird2.5 security update
- From: Salvatore Bonaccorso
- VP-2014-004 SysAid Server Arbitrary File Disclosure
- [oCERT-2014-010] SoX input sanitization errors
- [oCERT-2014-011] UnZip input sanitization errors
- APPLE-SA-2014-12-22-1 OS X NTP Security Update
- From: Apple Product Security
- [SECURITY] [DSA 3111-1] cpio security update
- [slackware-security] ntp (SSA:2014-356-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2014-356-02)
- From: Slackware Security Team
- [slackware-security] xorg-server (SSA:2014-356-03)
- From: Slackware Security Team
- Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
- From: steffen . roesemann1986
- [SECURITY] [DSA 3112-1] sox security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3110-1] mediawiki security update
- FreeBSD Security Advisory FreeBSD-SA-14:31.ntp
- From: FreeBSD Security Advisories
- Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5
- From: steffen . roesemann1986
- DRAM unreliable under specific access patern
- Facebook Bug Bounty #17 - Migrate Privacy Vulnerability
- Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability
- ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability
- Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability
- PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability
- Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
- Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability
- [SECURITY] [DSA 3114-1] mime-support security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3113-1] unzip security update
- From: Salvatore Bonaccorso
- nullcon HackIM Challenge 9-11 Jan 2015
- [SECURITY] [DSA 3115-1] pyyaml security update
- Remote Code Execution via Unauthorised File upload in Cforms 14.7
- [SECURITY] [DSA 3116-1] polarssl security update
- ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability
- ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability
- Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
- [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
Mail converted by MHonArc