Mail Index
- [SECURITY] [DSA 3117-1] php5 security update
- From: Salvatore Bonaccorso
- [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
- [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
- [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
- [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
- [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
- [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360
- [ MDVSA-2015:004 ] php
- [ MDVSA-2015:003 ] ntp
- [SECURITY] [DSA 3118-1] strongswan security update
- Open-Xchange Security Advisory 2015-01-05
- [ MDVSA-2015:002 ] pcre
- [ MDVSA-2015:001 ] c-icap
- [SECURITY] [DSA 3119-1] libevent security update
- From: Salvatore Bonaccorso
- ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities
- Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
- [ MDVSA-2015:005 ] subversion
- ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities
- Self-XSS in Microsoft Dynamics CRM 2013 SP1
- From: High-Tech Bridge Security Research
- Brother MFC Administration Reflected Cross-Site Scripting
- [SECURITY] [DSA 3120-1] mantis security update
- [security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
- [ MDVSA-2015:006 ] mediawiki
- [ MDVSA-2015:007 ] unrtf
- [ MDVSA-2015:008 ] pwgen
- [ MDVSA-2015:009 ] krb5
- [ MDVSA-2015:010 ] file
- [ MDVSA-2015:011 ] nail
- [ MDVSA-2015:012 ] jasper
- [ MDVSA-2015:013 ] znc
- [ MDVSA-2015:014 ] libjpeg
- [ MDVSA-2015:015 ] sox
- [ MDVSA-2015:016 ] unzip
- [ MDVSA-2015:017 ] libevent
- [ MDVSA-2015:018 ] asterisk
- Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada
- [SECURITY] [DSA 3121-1] file security update
- [SECURITY] [DSA 3122-1] curl security update
- From: Salvatore Bonaccorso
- Re: [SECURITY] [DSA 3122-1] curl security update
- Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities
- [ MDVSA-2015:019 ] openssl
- [security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
- Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
- [SECURITY] [DSA 3124-1] otrs2 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3125-1] openssl security update
- From: Salvatore Bonaccorso
- Blitz CMS Community - SQL Injection Web Vulnerability
- Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability
- Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability
- ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities
- [ MDVSA-2015:020 ] libssh
- [ MDVSA-2015:021 ] curl
- [ MDVSA-2015:022 ] wireshark
- [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
- From: RedTeam Pentesting GmbH
- CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0
- From: RedTeam Pentesting GmbH
- Corel Software DLL Hijacking
- From: CORE Advisories Team
- [SECURITY] [DSA 3126-1] php5 security update
- Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
- [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
- [security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution
- MS14-080 CVE-2014-6365 Technical Details Without "Nonsense"
- SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones
- From: SEC Consult Vulnerability Lab
- CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user
- SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information
- Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities
- Sitefinity Enterprise v7.2.53 - Persistent Vulnerability
- [SECURITY] [DSA 3123-2] binutils-mingw-w64 security update
- [security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information
- AusCERT2015 Call for Papers: closes 18th January
- MS14-080 CVE-2014-6365 Code
- Two XSS vulnerabilities in Simple Security WordPress Plugin
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3127-1] iceweasel security update
- FreeBSD Security Advisory FreeBSD-SA-15:01.openssl
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3128-1] linux security update
- From: Salvatore Bonaccorso
- [ MDVSA-2015:023 ] libvirt
- [ MDVSA-2015:024 ] libsndfile
- [ MDVSA-2015:026 ] untrf
- [ MDVSA-2015:025 ] mpfr
- Alienvault OSSIM/USM Command Execution Vulnerability
- [SECURITY] [DSA 3129-1] rpm security update
- CatBot v0.4.2 (PHP) - SQL Injection Vulnerability
- VeryPhoto v3.0 iOS - Command Injection Vulnerability
- WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability
- Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability
- From: admin@xxxxxxxxxxxxxxxxx
- File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities
- Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability
- [ MDVSA-2015:027 ] kernel
- [slackware-security] mozilla-thunderbird (SSA:2015-016-03)
- From: Slackware Security Team
- [slackware-security] freetype (SSA:2015-016-01)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2015-016-02)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2015-016-04)
- From: Slackware Security Team
- CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability
- [SECURITY] [DSA 3131-1] xdg-utils security update
- MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities
- [SECURITY] [DSA 3132-1] icedove security update
- CVE-2015-1175-xss-prestashop
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
- [SECURITY] [DSA 3133-1] privoxy security update
- [SECURITY] [DSA 3134-1] sympa security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [oCERT-2015-001] JasPer input sanitization errors
- PhotoSync v1.1.3 Android - Command Inject Vulnerability
- [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass
- From: RedTeam Pentesting GmbH
- iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll
- Remote Desktop v0.9.4 Android - Multiple Vulnerabilities
- [slackware-security] samba (SSA:2015-020-01)
- From: Slackware Security Team
- CVE-2015-1176-xss-osticket
- SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP
- From: SEC Consult Vulnerability Lab
- CVE-2015-1177-xss-exponent
- CVE-2015-1178-xss-x-cart-ecommerce
- CVE-2015-1179-xss-mango-automation-scada
- CVE-2015-1180-xss-eventsentry
- Program-O v2.4.6 - Multiple Web Vulnerabilities
- PhotoSync 1.1.3 Android - Command Inject Vulnerability
- [HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days
- REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability
- From: Rewterz - Research Group
- REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability
- From: Rewterz - Research Group
- Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
- From: Rewterz - Research Group
- WebKitGTK+ Security Advisory WSA-2015-0001
- From: Carlos Alberto Lopez Perez
- [CORE-2015-0002] - Android WiFi-Direct Denial of Service
- From: CORE Advisories Team
- CVE-2015-0224: qpidd can be crashed by unauthenticated user
- CVE-2015-0223: anonymous access to qpidd cannot be prevented
- [SYSS-2014-012] FancyFon FAMOC - Session Fixation
- [SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting
- [SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt
- [SECURITY] [DSA 3140-1] xen security update
- [SYSS-2014-010] FancyFon FAMOC - SQL Injection
- [SECURITY] [DSA 3141-1] wireshark security update
- [SECURITY] [DSA 3142-1] eglibc security update
- Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- From: Qualys Security Advisory
- APPLE-SA-2015-01-27-1 Apple TV 7.0.3
- From: Apple Product Security
- APPLE-SA-2015-01-27-2 iOS 8.1.3
- From: Apple Product Security
- APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
- From: Apple Product Security
- APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
- From: Apple Product Security
- FreeBSD Security Advisory FreeBSD-SA-15:02.kmem
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:03.sctp
- From: FreeBSD Security Advisories
- [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities
- From: CORE Advisories Team
- NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues
- From: VMware Security Response Center
- [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability
- From: Amplia Security Advisories
- [CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8
- [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8
- Two XSS Vulnerabilities in SupportCenter Plus
- From: High-Tech Bridge Security Research
- Multiple vulnerabilities in MantisBT
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3143-1] virtualbox security update
- [slackware-security] glibc (SSA:2015-028-01)
- From: Slackware Security Team
- AST-2015-001: File descriptor leak when incompatible codecs are offered
- From: Asterisk Security Team
- Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)
- CVE-2014-8779: SSH Host keys on Pexip Infinity
- Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385
- ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
- Reflected XSS vulnarbility in Asus RT-N10 Plus Router
- Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router
- Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection
- NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability
- From: VMware Security Response Center
- [SECURITY] [DSA 3144-1] openjdk-7 security update
- [SECURITY] [DSA 3145-1] privoxy security update
- From: Salvatore Bonaccorso
- ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability
- [SECURITY] [DSA 3146-1] requests security update
- [SECURITY] [DSA 3147-1] openjdk-6 security update
- [security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities
Mail converted by MHonArc