Mail Thread Index

• Date Index

• WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034), john
• [SECURITY] [DSA 3079-1] ppp security update, Sebastien Delafond
• [SECURITY] [DSA 3080-1] openjdk-7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3083-1] mutt security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3082-1] flac security update, Sebastien Delafond
• [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360, Pedro Ribeiro
  • Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360, Pedro Ribeiro
• [SECURITY] [DSA 3081-1] libvncserver security update, Luciano Bello
• CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4, Stephan.Rickauer
• [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire, RedTeam Pentesting GmbH
• [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf, RedTeam Pentesting GmbH
• [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure, RedTeam Pentesting GmbH
• [SECURITY] [DSA 3084-1] openvpn security update, Florian Weimer
• [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components, RedTeam Pentesting GmbH
• CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress, Henri Salo
• ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability, Security Alert
• ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability, Security Alert
• F5 BIGIP - (OLD!) Persistent XSS in ASM Module, jplopezy
• [SECURITY] [DSA 3085-1] wordpress security update, Yves-Alexis Perez
• [slackware-security] mozilla-thunderbird (SSA:2014-337-01), Slackware Security Team
• Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection, Ewerson Guimarães (Crash) - Dclabs
• [SECURITY] [DSA 3086-1] tcpdump security update, Salvatore Bonaccorso
• APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1, Apple Product Security
• CVE-2014-9215 - SQL Injection in PBBoard CMS, tien . d . tran
• Re: Slider Revolution/Showbiz Pro shell upload exploit, assistenz
• [SECURITY] [DSA 3087-1] qemu security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3088-1] qemu-kvm security update, Salvatore Bonaccorso
• [oCERT-2014-009] JasPer input sanitization errors, Andrea Barisani
• [SECURITY] [DSA 3089-1] jasper security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3090-1] iceweasel security update, Moritz Muehlenhoff
• [security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information, security-alert
• Offset2lib: bypassing full ASLR on 64bit Linux, Hector Marco
  • Message not available
    • ***UNCHECKED*** Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux, Shawn
• NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities, VMware Security Response Center
• NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass), Vulnerability Lab
• [SECURITY] [DSA 3092-1] icedove security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3091-1] getmail4 security update, Giuseppe Iuculano
• ***UNCHECKED*** [SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google), Security Explorations
• ***UNCHECKED*** CMS Made Simple PHP Code Injection Vulnerability (All versions), sahm
• ***UNCHECKED*** CFP: InfoSec SouthWest 2015 (ISSW), Tod Beardsley
• ***UNCHECKED*** [ANN] Apache Struts 2.3.20 GA release available with security fix, Lukasz Lenart
• [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds, jlk
• [SECURITY] [DSA 3094-1] bind9 security update, Giuseppe Iuculano
• [security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution, security-alert
• [SECURITY] [DSA 3093-1] linux security update, Salvatore Bonaccorso
• Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120, Onur Yilmaz
• [security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information, security-alert
• [CVE-2014-8340] phpTrafficA SQL injection, Daniël Geerts
• NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability, VMware Security Response Center
• [security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
• [security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information, security-alert
• Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities, simo
• [CVE-2014-7303] SGI Tempo System Database Exposure, john . fitzpatrick
• [CVE-2014-7302] SGI SUID Root Privilege Escalation, john . fitzpatrick
• [CVE-2014-7301] SGI Tempo System Database Password Exposure, john . fitzpatrick
• NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities, VMware Security Response Center
• FreeBSD Security Advisory FreeBSD-SA-14:27.stdio, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:28.file, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:29.bind, FreeBSD Security Advisories
• AST-2014-019: Remote Crash Vulnerability in WebSocket Server, Asterisk Security Team
• [SECURITY] [DSA 3095-1] xorg-server security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3096-1] pdns-recursor security update, Sebastien Delafond
• [slackware-security] openvpn (SSA:2014-344-04), Slackware Security Team
• [slackware-security] seamonkey (SSA:2014-344-06), Slackware Security Team
• [slackware-security] bind (SSA:2014-344-01), Slackware Security Team
• [slackware-security] pidgin (SSA:2014-344-05), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2014-344-02), Slackware Security Team
• [slackware-security] wpa_supplicant (SSA:2014-344-07), Slackware Security Team
• [slackware-security] openssh (SSA:2014-344-03), Slackware Security Team
• [SECURITY] [DSA 3097-1] unbound security update, Yves-Alexis Perez
• [SECURITY] [DSA 3098-1] graphviz security update, Salvatore Bonaccorso
• APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2, Apple Product Security
• ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities, petri . iivonen
• [SECURITY] [DSA 3099-1] dbus security update, Florian Weimer
• Docker 1.3.3 - Security Advisory [11 Dec 2014], Eric Windisch
• [security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack, security-alert
• ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability, Security Alert
• ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities, Security Alert
• ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability, Security Alert
• [ MDVSA-2014:246 ] openvpn, security
• [ MDVSA-2014:247 ] jasper, security
• [ MDVSA-2014:248 ] graphviz, security
• [ MDVSA-2014:249 ] qemu, security
• [ MDVSA-2014:250 ] cpio, security
• [ MDVSA-2014:251 ] rpm, security
• CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional", Christian Schneider
• CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional", Christian Schneider
• [ MDVSA-2014:245 ] mutt, security
• [ MDVSA-2014:244 ] openafs, security
• [ MDVSA-2014:243 ] phpmyadmin, security
• [ MDVSA-2014:239 ] flac, security
• [SECURITY] [DSA 3100-1] mediawiki security update, Sebastien Delafond
• [SECURITY] [DSA 3101-1] c-icap security update, Salvatore Bonaccorso
• [ MDVSA-2014:238 ] bind, security
• Defense in depth -- the Microsoft way (part 23): two quotes or not to quote..., Stefan Kanthak
• [SECURITY] [DSA 3102-1] libyaml security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update, Salvatore Bonaccorso
• [ MDVSA-2014:242 ] yaml, security
• Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01], modzero
• Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701, steffen . roesemann1986
• [ MDVSA-2014:253 ] apache-mod_wsgi, security
• [ MDVSA-2014:252 ] nss, security
• CA20141215-01: Security Notice for CA LISA Release Automation, Williams, Ken
• [SE-2014-02] Google App Engine Java security sandbox bypasses (status update), Security Explorations
• "Ettercap 8.0 - 8.1" multiple vulnerabilities, Nick Sampanis
• [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA, Onapsis Research Labs
• W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface, Mazin Ahmed
• [SECURITY] [DSA 3104-1] bsd-mailx security update, Florian Weimer
• [SECURITY] [DSA 3105-1] heirloom-mailx security update, Florian Weimer
• iWifi for Chat v1.1 iOS - Denial of Service Vulnerability, Vulnerability Lab
• Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability, Vulnerability Lab
• Elefant CMS v1.3.9 - Persistent Name Update Vulnerability, Vulnerability Lab
• Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability, Vulnerability Lab
• RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability, Vulnerability Lab
• [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution, security-alert
• [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities, Matteo Beccati
• FreeBSD Security Advisory FreeBSD-SA-14:30.unbound, FreeBSD Security Advisories
• secuvera-SA-2014-01: Reflected XSS in W3 Total Cache, Tobias Glemser
• Cross-Site Scripting (XSS) in Revive Adserver, High-Tech Bridge Security Research
• Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability, Vulnerability Lab
• Morfy CMS v1.05 - Command Execution Vulnerability, Vulnerability Lab
• Jease CMS v2.11 - Persistent UI Web Vulnerability, Vulnerability Lab
• Apple iOS v8.x - Message Context & Privacy Vulnerability, Vulnerability Lab
• Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability, Vulnerability Lab
• E-Journal CMS (ID) - Multiple Web Vulnerabilities, Vulnerability Lab
• iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability, Vulnerability Lab
• SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager, SEC Consult Vulnerability Lab
• SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted, SEC Consult Vulnerability Lab
• [oCERT-2014-012] JasPer input sanitization errors, Andrea Barisani
• APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3, Apple Product Security
• SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor, SEC Consult Vulnerability Lab
• iBackup v10.0.0.45 - Privilege Escalation Vulnerability, Vulnerability Lab
• Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability, Vulnerability Lab
• Facebook BB #18 - IDOR Issue & Privacy Vulnerability, Vulnerability Lab
• TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325, Onur Yilmaz
• TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367, Onur Yilmaz
• [SECURITY] [DSA 3106-1] jasper security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3107-1] subversion security update, Florian Weimer
• [SECURITY] [DSA 3108-1] ntp security update, Florian Weimer
• [SECURITY] [DSA 3107-2] subversion regression update, Florian Weimer
• [SECURITY] [DSA 3109-1] firebird2.5 security update, Salvatore Bonaccorso
• VP-2014-004 SysAid Server Arbitrary File Disclosure, Bernhard Mueller
• [oCERT-2014-010] SoX input sanitization errors, Andrea Barisani
• [oCERT-2014-011] UnZip input sanitization errors, Andrea Barisani
• APPLE-SA-2014-12-22-1 OS X NTP Security Update, Apple Product Security
• [SECURITY] [DSA 3111-1] cpio security update, Michael Gilbert
• [slackware-security] ntp (SSA:2014-356-01), Slackware Security Team
• [slackware-security] php (SSA:2014-356-02), Slackware Security Team
• [slackware-security] xorg-server (SSA:2014-356-03), Slackware Security Team
• Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1, steffen . roesemann1986
• [SECURITY] [DSA 3112-1] sox security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3110-1] mediawiki security update, Sebastien Delafond
• FreeBSD Security Advisory FreeBSD-SA-14:31.ntp, FreeBSD Security Advisories
• Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
• Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5, steffen . roesemann1986
• DRAM unreliable under specific access patern, Pavel Machek
• Facebook Bug Bounty #17 - Migrate Privacy Vulnerability, Vulnerability Lab
• Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability, Vulnerability Lab
• ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability, Vulnerability Lab
• Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability, Vulnerability Lab
• PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability, Vulnerability Lab
• Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities, Vulnerability Lab
• Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3114-1] mime-support security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3113-1] unzip security update, Salvatore Bonaccorso
• nullcon HackIM Challenge 9-11 Jan 2015, nullcon
• [SECURITY] [DSA 3115-1] pyyaml security update, Moritz Muehlenhoff
• Remote Code Execution via Unauthorised File upload in Cforms 14.7, z . fedotkin
• [SECURITY] [DSA 3116-1] polarssl security update, Moritz Muehlenhoff
• ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability, Security Alert
• ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability, Security Alert
• Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook, Stefan Kanthak
• [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central, Pedro Ribeiro