Mail Thread Index

• Date Index

• [ MDVSA-2014:145 ] php-ZendFramework, security
• [ MDVSA-2014:146 ] file, security
• [SECURITY] [DSA 2993-1] tor security update, Salvatore Bonaccorso
• TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 2994-1] nss security update, Raphael Geissert
• [ MDVSA-2014:147 ] sendmail, security
• [ MDVSA-2014:148 ] dbus, security
• [security bulletin] HPSBMU03081 rev.1 - HP Enterprise Maps, Remote Information Disclosure, security-alert
• C++11 <regex> insecure by default, submit
• Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability, Vulnerability Lab
• Microsoft Exchange Multiple Vulnerabilities, np
• [slackware-security] samba (SSA:2014-213-01), Slackware Security Team
• [slackware-security] dhcpcd (SSA:2014-213-02), Slackware Security Team
• [SECURITY] [DSA 2995-1] lzo2 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2996-1] icedove security update, Moritz Muehlenhoff
• ownCloud Unencrypted Private Key Exposure, Senderek Web Security
  • Re: ownCloud Unencrypted Private Key Exposure, Frank Stanek
    • Re: ownCloud Unencrypted Private Key Exposure, Anthony Dubuissez
      • RE: ownCloud Unencrypted Private Key Exposure, Mikhail A. Utin
    • RE: ownCloud Unencrypted Private Key Exposure - version (6.0.4) reported not vulnerable, Choulat, Trace
    • Re: ownCloud Unencrypted Private Key Exposure, Jack Brennan
      • Re: ownCloud Unencrypted Private Key Exposure, Frank Stanek
      • RE: ownCloud Unencrypted Private Key Exposure, Mikhail A. Utin
• Video WiFi Transfer 1.01 - Directory Traversal Vulnerability, Vulnerability Lab
• FreeDisk v1.01 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability, Vulnerability Lab
• [security bulletin] HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
• CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall, Portcullis Advisories
• [security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information, security-alert
• [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities], Mike Antcliffe
• Apache Cordova 3.5.1, Marcel Kinard
• SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director, SEC Consult Vulnerability Lab
• Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities, mike . manzotti
• CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java, Georg Lukas
• [SECURITY] [DSA 2997-1] reportbug security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege, security-alert
• PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability, Vulnerability Lab
• [ MDVSA-2014:149 ] php, security
• PhotoSync v2.2 iOS - Command Inject Web Vulnerability, Vulnerability Lab
• [ MDVSA-2014:150 ] tor, security
• nullcon CFP is open, nullcon
• TomatoCart v1.x (latest-stable) Multiple Vulnerabilities, Kenny Mathis
• Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2014:151 ] cups, security
• [ MDVSA-2014:153 ] mediawiki, security
• [ MDVSA-2014:154 ] readline, security
• [ MDVSA-2014:152 ] glibc, security
• [SECURITY] [DSA 2998-1] openssl security update, Raphael Geissert
• (CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities, David Kaplan
• [ MDVSA-2014:155 ] kernel, security
• (kind of) new tool: american fuzzy lop, Michal Zalewski
• [ MDVSA-2014:156 ] ocsinventory, security
• Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege, security-alert
• Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files, Stefan Kanthak
• [security bulletin] HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, security-alert
• [WorldCIST'15]: Call for Workshops Proposals - Proceedings by Springer, ML
• [ MDVSA-2014:157 ] ipython, security
• ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability, Security Alert
• [ MDVSA-2014:159 ] wireshark, security
• [ MDVSA-2014:158 ] openssl, security
• [security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities, security-alert
• [slackware-security] openssl (SSA:2014-220-01), Slackware Security Team
• [SECURITY] [DSA 2999-1] drupal7 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3000-1] krb5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3001-1] wordpress security update, Salvatore Bonaccorso
• MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend, Benjamin Kaduk
• [SECURITY] [DSA 3002-1] wireshark security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3003-1] libav security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3004-1] kde4libs security update, Moritz Muehlenhoff
• IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915), Jamie Riden
• [SECURITY] [DSA 2984-2] acpi-support regression update, Raphael Geissert
• [security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information, security-alert
• Apache Cordova 3.5.1: CVE-2014-3502 update, Marcel Kinard
• CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service, Gregory Pickett
• BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04], security
• [oCERT-2014-006] Ganeti insecure archive permission, Andrea Barisani
• Reflected Cross-Site Scripting (XSS) in Jamroom, High-Tech Bridge Security Research
• [security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
• [security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code, security-alert
• APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6, Apple Product Security
• [SECURITY] [DSA 3005-1] gpgme1.0 security update, Salvatore Bonaccorso
• Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more), Stefan Kanthak
• Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs, Stefan Kanthak
• Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more), Stefan Kanthak
• CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request, tekwizz123
• Outlook.com for Android fails to validate server certificates, Securify B.V.
• CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack, Dirk-Willem van Gulik
• [SECURITY] [DSA 3006-1] xen security update, Moritz Muehlenhoff
• ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities, Security Alert
• ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities, Security Alert
• ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability, Security Alert
• ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
• [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability, Jacopo Cappellato
• ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities, Security Alert
• [Call For Papers] RiseCON - Rosario, Argentina, Info RiseCON
• [security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access, security-alert
• [security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access, security-alert
• [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities, security-alert
• ICETC2014 - IEEE Extended Submission until Aug. 28, 2014, jackie
• Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities, CERT
• [SECURITY] [DSA 3007-1] cacti security update, Moritz Muehlenhoff
• CVE-2014-5307 - Privilege Escalation in Panda Security Products, Portcullis Advisories
• SQL Injection Vulnerability in ArticleFR, High-Tech Bridge Security Research
• CVE-2014-4973 - Privilege Escalation in ESET Windows Products, Portcullis Advisories
• ArcGIS for Server Vulnerability Disclosure, Romano, Christian
• ToorCon 16 Call For Papers!, h1kari
• [SECURITY] [DSA 3008-1] php5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2940-1] libstruts1.2-java security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3008-2] php5 regression update, Salvatore Bonaccorso
• [CVE-2014-5335] CSRF in Innovaphone PBX, rg
• CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects, Herbert Duerr
• CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability, Herbert Duerr
• [SECURITY] [DSA 3009-1] python-imaging security update, Moritz Muehlenhoff
• [security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
• DoS attacks (ICMPv6-based) resulting from IPv6 EH drops, Fernando Gont
• [security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities, security-alert
• [SECURITY] [DSA 3010-1] python-django security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3011-1] mediawiki security update, Salvatore Bonaccorso
• Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707), Vulnerability Lab
• Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699), Vulnerability Lab
• DNN(DotNetNukeŽ) Iconbar Control Panel Bad Access Level config, cseye_ut
• DNN(DotNetNukeŽ) Ribbon Bar Control Panel Bad Access Level config, cseye_ut
• MEHR Automation System Arbitrary File Download Vulnerability(persian portal), cseye_ut
• [WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc., WorldCIST
• [security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities, security-alert
• ntopng 1.2.0 XSS injection using monitored network traffic, Steffen Bauch
• LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification, advisories
• ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability, Security Alert
• Encore Discovery Solution Multiple Vulnerability Disclosure, Romano, Christian
• Mathematica10.0.0 on Linux /tmp/MathLink vulnerability, paul . szabo
• Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks, Fernando Gont
• SaaS Marketing platform Hubspot export vulnerability, ehoward
  • <Possible follow-ups>
  • Re: SaaS Marketing platform Hubspot export vulnerability, security
• [SECURITY] [DSA 3012-1] eglibc security update, Florian Weimer
• Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30), jackie
• [SECURITY] [DSA 3013-1] s3ql security update, Florian Weimer
• [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert, Pedro Ribeiro
• Aerohive Hive Manager and Hive OS Multiple Vulnerabilities, Disclosure
• SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 3014-1] squid3 security update, Salvatore Bonaccorso
• Sierra Library Services Platform Multiple Vulnerability Disclosure, Romano, Christian