Mail Index

• Thread Index

• Firefox for Android - Same-origin bypass through symbolic links
  • From: Takeshi Terada
• Open-Xchange Security Advisory 2013-09-30
  • From: Martin Braun
• [ MDVSA-2013:244 ] davfs2
  • From: security
• CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.
  • From: Dennis Jenkins
• CFP: WorldCIST'14 - World Conference on IST, at Madeira Island
  • From: Maria Lemos
• iOS: List of available trusted root certificates
  • From: Jeffrey Walton
• Re: iOS: List of available trusted root certificates
  • From: Jason Hellenthal
• CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure
  • From: CORE Advisories Team
• CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability
  • From: CORE Advisories Team
• Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
  • From: Stefan Kanthak
• Remote Code Execution in GLPI
  • From: High-Tech Bridge Security Research
• Multiple Vulnerabilities in Gnew
  • From: High-Tech Bridge Security Research
• All in One SEO Pack Plugin for WordPress 1.3.6.4 - 2.0.3 XSS
  • From: Charlie Briggs
• Cisco Security Advisory: Cisco IOS XR Software Memory Exhaustion Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• RootedCON 2014 - Call For Papers
  • From: Javier Olascoaga
• Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• WebAssist PowerCMS PHP - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability
  • From: Vulnerability Lab
• SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler
  • From: SEC Consult Vulnerability Lab
• [ MDVSA-2013:245 ] proftpd
  • From: security
• [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities
  • From: advisories
• ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability
  • From: Security Alert
• [security bulletin] HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information
  • From: security-alert
• APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update
  • From: Apple Product Security
• SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 2768-1] icedtea-web security update
  • From: Salvatore Bonaccorso
• [KIS-2013-09] Vanilla Forums <= 2.0.18.5 (class.utilitycontroller.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• Apple Motion Integer Overflow Vulnerability
  • From: pereira
• [ MDVSA-2013:246 ] openjpa
  • From: security
• NotSoSecure CTF (in partnership with Appsec USA)
  • From: sid
• [SECURITY] [DSA-2769-1] kfreebsd-9 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection
  • From: security-alert
• Cross-Site Scripting (XSS) in Feng Office
  • From: High-Tech Bridge Security Research
• [ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11
  • From: ISecAuditors Security Advisories
• [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5
  • From: ISecAuditors Security Advisories
• [SECURITY] [DSA 2770-1] torque security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Software
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2771-1] nas security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2775-1] ejabberd security update
  • From: Thijs Kinkhorst
• [ MDVSA-2013:248 ] xinetd
  • From: security
• [SECURITY] [DSA 2772-1] typo3-src security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2013:247 ] gnupg
  • From: security
• [ MDVSA-2013:249 ] libraw
  • From: security
• [SECURITY] [DSA 2774-1] gnupg security update
  • From: Thijs Kinkhorst
• [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2773-1] gnupg security update
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 2776-1] drupal6 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2777-1] systemd security update
  • From: Moritz Muehlenhoff
• Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities
  • From: jsibley1
• [SECURITY] [DSA 2778-1] libapache2-mod-fcgid security update
  • From: Salvatore Bonaccorso
• Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities
  • From: jsibley1
• [CISTI'2014]: Call for Workshops
  • From: Maria Lemos
• CFP: Passwords^13 Bergen (Norway), December 2-3 2013
  • From: Per Thorsheim
• [SECURITY] [DSA 2779-1] libxml2 security update
  • From: Michael Gilbert
• [slackware-security] libgpg-error (SSA:2013-287-04)
  • From: Slackware Security Team
• [slackware-security] gnutls (SSA:2013-287-03)
  • From: Slackware Security Team
• [slackware-security] gnupg (SSA:2013-287-01)
  • From: Slackware Security Team
• [slackware-security] xorg-server (SSA:2013-287-05)
  • From: Slackware Security Team
• [slackware-security] gnupg2 (SSA:2013-287-02)
  • From: Slackware Security Team
• Critical vulnerabilities discovered in Gazelle and TBDEV.net
  • From: Bogdan Calin
• Training : Advanced Android & iOS Hands-on Exploitation at Toorcon San Diego [16th-17th Oct,2013]
  • From: xys3c team
• OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• SEC Consult SA-20131015-0 :: Multiple vulnerabilities in SpamTitan
  • From: SEC Consult Vulnerability Lab
• My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Paypal Inc Bug Bounty #105 MOS - Multiple Persistent Print Layout Vulnerabilities
  • From: Vulnerability Lab
• Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability
  • From: Vulnerability Lab
• DornCMS Application v1.4 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Training : Advanced Android & iOS Hands-on Exploitation at Toorcon San Diego [16th-17th Oct,2013]
  • From: xys3c team
• ZAPms v1.42 CMS - Client Side Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
  • From: security-alert
• APPLE-SA-2013-10-15-1 Java for OS X 2013-005 and Mac OS X v10.6 Update 17
  • From: Apple Product Security
• [ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart
  • From: ISecAuditors Security Advisories
• Remote Code Execution in Microweber
  • From: High-Tech Bridge Security Research
• [SE-2012-01] Issue 69 details and IBM Java vulnerabilities
  • From: Security Explorations
• PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
  • From: security-alert
• [ MDVSA-2013:250 ] mysql
  • From: security
• Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
  • From: LpSolit
• Zikula CMS v1.3.5 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• [ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn
  • From: ISecAuditors Security Advisories
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
  • From: Cisco Systems Product Security Incident Response Team
• [ANN] Struts 2.3.15.3 GA release available - security fix
  • From: Lukasz Lenart
• Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
  • From: "VMware Security Response Center"
• [ MDVSA-2013:253 ] libtar
  • From: security
• [ MDVSA-2013:251 ] aircrack-ng
  • From: security
• [ MDVSA-2013:252 ] torque
  • From: security
• [ MDVSA-2013:254 ] quagga
  • From: security
• [ MDVSA-2013:255 ] clutter
  • From: security
• [ MDVSA-2013:256 ] apache-mod_fcgid
  • From: security
• [SECURITY] [DSA 2780-1] mysql-5.1 security update
  • From: Moritz Muehlenhoff
• OWASP Vulnerable Web Applications Directory Project
  • From: psiinon
• [SECURITY] [DSA 2781-1] python-crypto security update
  • From: Yves-Alexis Perez
• [slackware-security] libtiff (SSA:2013-290-01)
  • From: Slackware Security Team
• Wordpress videowall Plugin Xss vulnerabilities
  • From: iedb . team
• [slackware-security] hplip (SSA:2013-291-01)
  • From: Slackware Security Team
• Defense in depth -- the Microsoft way (part 12): NOOP security fixes
  • From: Stefan Kanthak
• [Article] Linux Kernel Patches For Linux Kernel Security
  • From: geinblues
• glibc 2.5 <= reloc types to crash bug
  • From: geinblues
• [SECURITY] [DSA 2782-1] polarssl security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2783-1] librack-ruby security update
  • From: Thijs Kinkhorst
• [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities
  • From: Julien Ahrens
• [CVE-2013-4295] Apache Shindig information disclosure vulnerability
  • From: Ryan Baxter
• [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root
  • From: Craig Young
• [SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting
  • From: advisories
• [SECURITY] [DSA 2784-1] xorg-server security update
  • From: Moritz Muehlenhoff
• AusCERT2014: Call for Presentations NOW OPEN
  • From: auto-bulletins
• [Article] The Audit DSOs of the rtld
  • From: geinblues
• [ MDVSA-2013:257 ] nss
  • From: security
• Cross-Site Scripting (XSS) in GuppY
  • From: High-Tech Bridge Security Research
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Identity Services Engine
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability
  • From: Security Alert
• RPS/APS vulnerability in snom/yealink and others
  • From: Cal Leeming [Simplicity Media Ltd]
• [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30
  • From: ISecAuditors Security Advisories
• [WorldCIST'14]: World Conference on IST; Proceedings by Springer
  • From: Maria Lemos
• Re: RPS/APS vulnerability in snom/yealink and others
  • From: god
• CA20131024-01: Security Notice for CA SiteMinder
  • From: Kotas, Kevin J
• Re: RPS/APS vulnerability in snom/yealink and others
  • From: Cal Leeming [Simplicity Media Ltd]
• [SECURITY] [DSA 2783-2] librack-ruby regression update
  • From: Salvatore Bonaccorso
• DC4420 - London DEFCON - October meet - Tuesday 29th October 2013
  • From: Major Malfunction
• Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution
  • From: nospam
• Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability
  • From: Vulnerability Lab
• Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 2785-1] chromium-browser security update
  • From: Michael Gilbert
• [SECURITY] [DSA 2787-1] roundcube security update
  • From: Salvatore Bonaccorso
• Call for Papers, 2014 Symposium on Cryptography and Authentication (SCA2014) , Suzhou, China
  • From: 2014 Symposium on Cryptography and Authentication (SCA2014)
• [CVE-2012-6297] DD-WRT v24-sp2 Command Injection
  • From: Craig Young
• Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014)
  • From: 2014 Symposium on Protocols and Rules for Security (SPRS2014)
• [SECURITY] [DSA 2786-1] icu security update
  • From: Michael Gilbert
• Multiple CSRF Horde Groupware Web mail Edition 5.1.2
  • From: m . benetrix
• vBulletin remote admin injection exploit
  • From: simo
• [ISecAuditors Security Advisories] XSS vulnerability in LinkedIn
  • From: ISecAuditors Security Advisories
• [scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting
  • From: Marc Ruef
• [PT-2013-46] Local File Include in Nagios Looking Glass
  • From: noreply
• Re: Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014)
  • From: Brandon Butterworth
• ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability
  • From: Vulnerability Lab
• CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View
  • From: J. Oquendo
• [ MDVSA-2013:258 ] icu
  • From: security
• [ MDVSA-2013:259 ] x11-server
  • From: security
• [ MDVSA-2013:260 ] x11-server
  • From: security
• [ MDVSA-2013:261 ] dropbear
  • From: security
• [ MDVSA-2013:262 ] python-pycrypto
  • From: security
• Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236)
  • From: Mark Stanislav
• [PSA-2013-1022-1] Microsoft Silverlight Invalid Typecast / Memory Disclosure
  • From: bugtraq
• CVE-2013-5694 Blind SQL Injection in Ops View
  • From: J. Oquendo
• ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability
  • From: Security Alert
• GTX CMS 2013 Optima - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2013:263 ] roundcubemail
  • From: security
• Apache PHP Remote Exploit - apache-magika.c
  • From: king cope
• ESA-2013-074: EMC Unisphere for VMAX Information Disclosure Vulnerability
  • From: Security Alert
• Unicorn Router WB-3300NR CSRF (Factory Reset/DNS Change)
  • From: jsibley1
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
  • From: Cisco Systems Product Security Incident Response Team
• [CVE-2013-4484] DoS vulnerability in Varnish HTTP cache
  • From: Poul-Henning Kamp
• nullcon Goa V First Speaker list and CFP closes soon
  • From: nullcon
• [SECURITY] [DSA 2788-1] iceweasel security update
  • From: Raphael Geissert