Mail Index
- PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability
- PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability
- All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
- [security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation
- [security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
- [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3040-1] rsyslog security update
- [security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution
- NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
- From: VMware Security Response Center
- FreePBX (All Versions) RCE
- Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in Textpattern
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3041-1] xen security update
- [ MDVSA-2014:192 ] perl-Email-Address
- [ MDVSA-2014:193 ] xerces-j2
- the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
- [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution
- Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities
- Elasticsearch vulnerability CVE-2014-6439
- [security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
- [security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
- [ MDVSA-2014:194 ] phpmyadmin
- [ MDVSA-2014:195 ] libvirt
- CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway
- CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway
- BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
- HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability
- PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability
- [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code
- [SECURITY] [DSA 3042-1] exuberant-ctags security update
- [SECURITY] [DSA 3044-1] qemu-kvm security update
- [SECURITY] [DSA 3045-1] qemu security update
- [SECURITY] [DSA 3046-1] mediawiki security update
- From: Salvatore Bonaccorso
- Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities
- PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities
- Multiple Vulnerabilities in Draytek Vigor 2130
- CA20141001-01: Security Notice for Bash Shellshock Vulnerability
- Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
- OWTF 1.0 "Lionheart" released!
- Multiple vulnerabilities in DrayTek VigorACS SI
- [security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
- [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!
- [security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS)
- [SECURITY] [DSA 3047-1] rsyslog security update
- Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin
- From: High-Tech Bridge Security Research
- Two XSS in Contact Form DB WordPress plugin
- From: High-Tech Bridge Security Research
- [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting
- From: Onapsis Research Labs
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3048-1] apt security update
- [security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution
- [security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code
- [security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
- [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution
- SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer
- SAP Security Note 1908531 - XXE in BusinessObjects Explorer
- CSNC-2014-004 neuroML - Multiple Vulnerabilities
- SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer
- CSP Bypass in android browser prior to 4.4
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015
- CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)
- From: Dirk-Willem van Gulik
- PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability
- PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability
- PayPal Inc BB #96 - Persistent Tags Vulnerability
- Reminder: Passwords14 CFP + registration announcement
- [security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
- [security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
- LiveZilla 5.3.0.7 Security Issue
- two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)
- [SECURITY] [DSA 3049-1] wireshark security update
- [SE-2014-01] Breaking Oracle Database through Java exploits (details)
- From: Security Explorations
- PayPal Inc BB #98 MOS - Persistent Settings Vulnerability
- PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability
- Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
- Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability
- Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
- From: High-Tech Bridge Security Research
- SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces
- From: SEC Consult Vulnerability Lab
- Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
- From: Cisco Systems Product Security Incident Response Team
- Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability
- Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3051-1] drupal7 security update
- Bypassing blacklists based on IPy
- [slackware-security] openssl (SSA:2014-288-01)
- From: Slackware Security Team
- [security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)
- [SECURITY] [DSA 3052-1] wpa security update
- Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3053-1] openssl security update
- [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
- From: CORE Advisories Team
- APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
- From: Apple Product Security
- APPLE-SA-2014-10-16-2 Security Update 2014-005
- From: Apple Product Security
- APPLE-SA-2014-10-16-3 OS X Server v4.0
- From: Apple Product Security
- APPLE-SA-2014-10-16-6 iTunes 12.0.1
- From: Apple Product Security
- APPLE-SA-2014-10-16-4 OS X Server v3.2.2
- From: Apple Product Security
- APPLE-SA-2014-10-16-5 OS X Server v2.2.5
- From: Apple Product Security
- Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)
- Re: LiveZilla 5.3.0.7 Security Issue
- [SECURITY] [DSA 3050-1] iceweasel security update
- [security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code
- [security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution
- [security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution
- [security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution
- [security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution
- [security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution
- [security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information
- [security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3054-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS)
- AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
- From: Asterisk Security Team
- APPLE-SA-2014-10-20-2 Apple TV 7.0.1
- From: Apple Product Security
- APPLE-SA-2014-10-20-1 iOS 8.1
- From: Apple Product Security
- LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183
- [security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- [slackware-security] openssh (SSA:2014-293-01)
- From: Slackware Security Team
- [ MDVSA-2014:196 ] rsyslog
- Incredible PBX remote command execution exploit
- [ MDVSA-2014:197 ] python
- [ MDVSA-2014:198 ] mediawiki
- [ MDVSA-2014:199 ] perl
- [ MDVSA-2014:200 ] bugzilla
- [ MDVSA-2014:201 ] kernel
- Vulnerabilities in WordPress Database Manager v2.7.1
- From: Larry W. Cashdollar
- Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities
- FileBug v1.5.1 iOS - Path Traversal Web Vulnerability
- CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015
- From: icete . secretariat
- FreeBSD Security Advisory FreeBSD-SA-14:22.namei
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:21.routed
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-14:23.openssl
- From: FreeBSD Security Advisories
- iFunBox Free v1.1 iOS - File Include Vulnerability
- File Manager v4.2.10 iOS - Code Execution Vulnerability
- ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability
- ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability
- ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability
- APPLE-SA-2014-10-22-1 QuickTime 7.7.6
- From: Apple Product Security
- [ MDVSA-2014:202 ] php
- Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability
- File Manager v4.2.10 iOS - Code Execution Vulnerability
- [ MDVSA-2014:204 ] libxml2
- [ MDVSA-2014:203 ] openssl
- OpenBSD <= 5.5 Local Kernel Panic
- From: Alejandro Hernandez
- [SECURITY] [DSA 3055-1] pidgin security update
- [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
- [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
- [slackware-security] pidgin (SSA:2014-296-02)
- From: Slackware Security Team
- [slackware-security] glibc (SSA:2014-296-01)
- From: Slackware Security Team
- [ MDVSA-2014:205 ] lua
- [ MDVSA-2014:206 ] ctags
- [ MDVSA-2014:207 ] ejabberd
- [ MDVSA-2014:208 ] phpmyadmin
- [ MDVSA-2014:209 ] java-1.7.0-openjdk
- Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
- iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
- NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability
- From: VMware Security Response Center
- [CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015
- [SECURITY] [DSA 3056-1] libtasn1-3 security update
- vulnerabilities in libbfd (CVE-2014-beats-me)
- [SECURITY] [DSA 3057-1] libxml2 security update
- [security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information
- [security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3058-1] torque security update
- From: Salvatore Bonaccorso
- WebDisk+ v2.1 iOS - Code Execution Vulnerability
- iFileExplorer v6.51 iOS - File Include Web Vulnerability
- Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability
- Folder Plus v2.5.1 iOS - Persistent Item Vulnerability
- Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)
- Re: vulnerabilities in libbfd (CVE-2014-beats-me)
- [security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information
- [security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code
- IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA
- [ MDVSA-2014:210 ] mariadb
- phpfusion (Search Page) Denial of Service Vulnerability
- [SECURITY] [DSA 3050-2] xulrunner update
- [security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)
- [ MDVSA-2014:211 ] wpa_supplicant
- [ MDVSA-2014:212 ] wget
- Multiple vulnerabilities in EspoCRM
- From: High-Tech Bridge Security Research
- SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme
- From: SEC Consult Vulnerability Lab
- CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare
- [SECURITY] [DSA 3059-1] dokuwiki security update
- [security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)
- [slackware-security] wget (SSA:2014-302-01)
- From: Slackware Security Team
- Call for Papers - WorldCIST'15 - Azores, Deadline: November 23
Mail converted by MHonArc