Mail Index

• Thread Index

• [ MDVSA-2014:145 ] php-ZendFramework
  • From: security
• [ MDVSA-2014:146 ] file
  • From: security
• [SECURITY] [DSA 2993-1] tor security update
  • From: Salvatore Bonaccorso
• TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [SECURITY] [DSA 2994-1] nss security update
  • From: Raphael Geissert
• [ MDVSA-2014:147 ] sendmail
  • From: security
• [ MDVSA-2014:148 ] dbus
  • From: security
• [security bulletin] HPSBMU03081 rev.1 - HP Enterprise Maps, Remote Information Disclosure
  • From: security-alert
• C++11 <regex> insecure by default
  • From: submit
• Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• Microsoft Exchange Multiple Vulnerabilities
  • From: np
• [slackware-security] samba (SSA:2014-213-01)
  • From: Slackware Security Team
• [slackware-security] dhcpcd (SSA:2014-213-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 2995-1] lzo2 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2996-1] icedove security update
  • From: Moritz Muehlenhoff
• ownCloud Unencrypted Private Key Exposure
  • From: Senderek Web Security
• Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• FreeDisk v1.01 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Frank Stanek
• CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall
  • From: Portcullis Advisories
• [security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
  • From: security-alert
• [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
  • From: Mike Antcliffe
• Apache Cordova 3.5.1
  • From: Marcel Kinard
• SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director
  • From: SEC Consult Vulnerability Lab
• Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
  • From: mike . manzotti
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Anthony Dubuissez
• RE: ownCloud Unencrypted Private Key Exposure - version (6.0.4) reported not vulnerable
  • From: Choulat, Trace
• CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java
  • From: Georg Lukas
• [SECURITY] [DSA 2997-1] reportbug security update
  • From: Salvatore Bonaccorso
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Jack Brennan
• [security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege
  • From: security-alert
• PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:149 ] php
  • From: security
• PhotoSync v2.2 iOS - Command Inject Web Vulnerability
  • From: Vulnerability Lab
• [ MDVSA-2014:150 ] tor
  • From: security
• nullcon CFP is open
  • From: nullcon
• TomatoCart v1.x (latest-stable) Multiple Vulnerabilities
  • From: Kenny Mathis
• Re: ownCloud Unencrypted Private Key Exposure
  • From: Frank Stanek
• RE: ownCloud Unencrypted Private Key Exposure
  • From: Mikhail A. Utin
• RE: ownCloud Unencrypted Private Key Exposure
  • From: Mikhail A. Utin
• Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:151 ] cups
  • From: security
• [ MDVSA-2014:153 ] mediawiki
  • From: security
• [ MDVSA-2014:154 ] readline
  • From: security
• [ MDVSA-2014:152 ] glibc
  • From: security
• [SECURITY] [DSA 2998-1] openssl security update
  • From: Raphael Geissert
• (CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities
  • From: David Kaplan
• [ MDVSA-2014:155 ] kernel
  • From: security
• (kind of) new tool: american fuzzy lop
  • From: Michal Zalewski
• [ MDVSA-2014:156 ] ocsinventory
  • From: security
• Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities
  • From: Vulnerability Lab
• [security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege
  • From: security-alert
• Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
  • From: Stefan Kanthak
• [security bulletin] HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
  • From: security-alert
• [WorldCIST'15]: Call for Workshops Proposals - Proceedings by Springer
  • From: ML
• [ MDVSA-2014:157 ] ipython
  • From: security
• ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability
  • From: Security Alert
• [ MDVSA-2014:159 ] wireshark
  • From: security
• [ MDVSA-2014:158 ] openssl
  • From: security
• [security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• [slackware-security] openssl (SSA:2014-220-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 2999-1] drupal7 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3000-1] krb5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3001-1] wordpress security update
  • From: Salvatore Bonaccorso
• MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend
  • From: Benjamin Kaduk
• [SECURITY] [DSA 3002-1] wireshark security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3003-1] libav security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3004-1] kde4libs security update
  • From: Moritz Muehlenhoff
• IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)
  • From: Jamie Riden
• [SECURITY] [DSA 2984-2] acpi-support regression update
  • From: Raphael Geissert
• [security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information
  • From: security-alert
• Apache Cordova 3.5.1: CVE-2014-3502 update
  • From: Marcel Kinard
• CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service
  • From: Gregory Pickett
• BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04]
  • From: security
• [oCERT-2014-006] Ganeti insecure archive permission
  • From: Andrea Barisani
• Reflected Cross-Site Scripting (XSS) in Jamroom
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code
  • From: security-alert
• APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6
  • From: Apple Product Security
• [SECURITY] [DSA 3005-1] gpgme1.0 security update
  • From: Salvatore Bonaccorso
• Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
  • From: Stefan Kanthak
• Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
  • From: Stefan Kanthak
• Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
  • From: Stefan Kanthak
• CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request
  • From: tekwizz123
• Outlook.com for Android fails to validate server certificates
  • From: Securify B.V.
• CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
  • From: Dirk-Willem van Gulik
• [SECURITY] [DSA 3006-1] xen security update
  • From: Moritz Muehlenhoff
• ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities
  • From: Security Alert
• ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities
  • From: Security Alert
• ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability
  • From: Security Alert
• ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
  • From: Security Alert
• [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability
  • From: Jacopo Cappellato
• ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities
  • From: Security Alert
• [Call For Papers] RiseCON - Rosario, Argentina
  • From: Info RiseCON
• [security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• ICETC2014 - IEEE Extended Submission until Aug. 28, 2014
  • From: jackie
• Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
  • From: CERT
• [SECURITY] [DSA 3007-1] cacti security update
  • From: Moritz Muehlenhoff
• CVE-2014-5307 - Privilege Escalation in Panda Security Products
  • From: Portcullis Advisories
• SQL Injection Vulnerability in ArticleFR
  • From: High-Tech Bridge Security Research
• CVE-2014-4973 - Privilege Escalation in ESET Windows Products
  • From: Portcullis Advisories
• ArcGIS for Server Vulnerability Disclosure
  • From: Romano, Christian
• ToorCon 16 Call For Papers!
  • From: h1kari
• [SECURITY] [DSA 3008-1] php5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2940-1] libstruts1.2-java security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3008-2] php5 regression update
  • From: Salvatore Bonaccorso
• [CVE-2014-5335] CSRF in Innovaphone PBX
  • From: rg
• CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects
  • From: Herbert Duerr
• CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability
  • From: Herbert Duerr
• [SECURITY] [DSA 3009-1] python-imaging security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information
  • From: security-alert
• DoS attacks (ICMPv6-based) resulting from IPv6 EH drops
  • From: Fernando Gont
• [security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 3010-1] python-django security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3011-1] mediawiki security update
  • From: Salvatore Bonaccorso
• Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707)
  • From: Vulnerability Lab
• Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)
  • From: Vulnerability Lab
• DNN(DotNetNukeŽ) Iconbar Control Panel Bad Access Level config
  • From: cseye_ut
• DNN(DotNetNukeŽ) Ribbon Bar Control Panel Bad Access Level config
  • From: cseye_ut
• MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
  • From: cseye_ut
• [WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc.
  • From: WorldCIST
• [security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
  • From: security-alert
• ntopng 1.2.0 XSS injection using monitored network traffic
  • From: Steffen Bauch
• LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification
  • From: advisories
• ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability
  • From: Security Alert
• Encore Discovery Solution Multiple Vulnerability Disclosure
  • From: Romano, Christian
• Mathematica10.0.0 on Linux /tmp/MathLink vulnerability
  • From: paul . szabo
• Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
  • From: Fernando Gont
• SaaS Marketing platform Hubspot export vulnerability
  • From: ehoward
• [SECURITY] [DSA 3012-1] eglibc security update
  • From: Florian Weimer
• Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30)
  • From: jackie
• [SECURITY] [DSA 3013-1] s3ql security update
  • From: Florian Weimer
• [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
  • From: Pedro Ribeiro
• Aerohive Hive Manager and Hive OS Multiple Vulnerabilities
  • From: Disclosure
• SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 3014-1] squid3 security update
  • From: Salvatore Bonaccorso
• Re: SaaS Marketing platform Hubspot export vulnerability
  • From: security
• Sierra Library Services Platform Multiple Vulnerability Disclosure
  • From: Romano, Christian