Mail Thread Index

• Date Index

• PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
• PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability, Vulnerability Lab
• All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability, Vulnerability Lab
• [security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation, security-alert
• [security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities, security-alert
• [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution, security-alert
• [SECURITY] [DSA 3040-1] rsyslog security update, Luciano Bello
• [security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution, security-alert
• NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities, VMware Security Response Center
• FreePBX (All Versions) RCE, rob . thomas
• Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin, High-Tech Bridge Security Research
• Reflected Cross-Site Scripting (XSS) in Textpattern, High-Tech Bridge Security Research
• [SECURITY] [DSA 3041-1] xen security update, Moritz Muehlenhoff
• [ MDVSA-2014:192 ] perl-Email-Address, security
• [ MDVSA-2014:193 ] xerces-j2, security
• the other bash RCEs (CVE-2014-6277 and CVE-2014-6278), Michal Zalewski
• [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution, security-alert
• Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities, Patrick Webster
• Elasticsearch vulnerability CVE-2014-6439, Jordan Sissel
• [security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• [ MDVSA-2014:194 ] phpmyadmin, security
• [ MDVSA-2014:195 ] libvirt, security
• CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway, mirko . casadei
• CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway, mirko . casadei
• BulletProof Security Wordpress v50.8 - POST Inject Vulnerability, Vulnerability Lab
• HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability, Vulnerability Lab
• PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability, Vulnerability Lab
• [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code, security-alert
• [SECURITY] [DSA 3042-1] exuberant-ctags security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3044-1] qemu-kvm security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3045-1] qemu security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3046-1] mediawiki security update, Salvatore Bonaccorso
• Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities, Vulnerability Lab
• PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities, Vulnerability Lab
• Multiple Vulnerabilities in Draytek Vigor 2130, Erik-Paul Dittmer
• CA20141001-01: Security Notice for Bash Shellshock Vulnerability, Williams, James K
• Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15, dkl
• OWTF 1.0 "Lionheart" released!, Abraham Aranguren
• Multiple vulnerabilities in DrayTek VigorACS SI, Erik-Paul Dittmer
• [security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities, security-alert
• [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!, Pedro Ribeiro
• [security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS), security-alert
• [SECURITY] [DSA 3047-1] rsyslog security update, Luciano Bello
• Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin, High-Tech Bridge Security Research
• Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin, High-Tech Bridge Security Research
• Two XSS in Contact Form DB WordPress plugin, High-Tech Bridge Security Research
• [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection, Onapsis Research Labs
• [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities, Onapsis Research Labs
• [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check, Onapsis Research Labs
• [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA, Onapsis Research Labs
• [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure, Onapsis Research Labs
• [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA, Onapsis Research Labs
• [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting, Onapsis Research Labs
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3048-1] apt security update, Thijs Kinkhorst
• [security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution, security-alert
• [security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code, security-alert
• [security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution, security-alert
• SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer, Alexandre Herzog
• SAP Security Note 1908531 - XXE in BusinessObjects Explorer, Alexandre Herzog
• CSNC-2014-004 neuroML - Multiple Vulnerabilities, Alexandre Herzog
• SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer, Alexandre Herzog
• CSP Bypass in android browser prior to 4.4, evanjjohns
• Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015, ML
  • <Possible follow-ups>
  • Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015, ML
• CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.), Dirk-Willem van Gulik
• PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability, Vulnerability Lab
• PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability, Vulnerability Lab
• PayPal Inc BB #96 - Persistent Tags Vulnerability, Vulnerability Lab
• Reminder: Passwords14 CFP + registration announcement, Per Thorsheim
• [security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution, security-alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery, security-alert
• LiveZilla 5.3.0.7 Security Issue, sourav . infosec
  • Re: LiveZilla 5.3.0.7 Security Issue, Henri Salo
• two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other), Michal Zalewski
• [SECURITY] [DSA 3049-1] wireshark security update, Moritz Muehlenhoff
• [SE-2014-01] Breaking Oracle Database through Java exploits (details), Security Explorations
• PayPal Inc BB #98 MOS - Persistent Settings Vulnerability, Vulnerability Lab
• PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability, Vulnerability Lab
• Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities, Vulnerability Lab
• Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability, Vulnerability Lab
• Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin, High-Tech Bridge Security Research
• Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin, High-Tech Bridge Security Research
• SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces, SEC Consult Vulnerability Lab
• Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software, Cisco Systems Product Security Incident Response Team
• Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability, Stefan Horst
• Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3051-1] drupal7 security update, Moritz Muehlenhoff
• Bypassing blacklists based on IPy, Nicolas Grégoire
• [slackware-security] openssl (SSA:2014-288-01), Slackware Security Team
• [security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS), security-alert
• [SECURITY] [DSA 3052-1] wpa security update, Michael Gilbert
• Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3053-1] openssl security update, Thijs Kinkhorst
• [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability, CORE Advisories Team
• APPLE-SA-2014-10-16-1 OS X Yosemite v10.10, Apple Product Security
• APPLE-SA-2014-10-16-2 Security Update 2014-005, Apple Product Security
• APPLE-SA-2014-10-16-3 OS X Server v4.0, Apple Product Security
• APPLE-SA-2014-10-16-6 iTunes 12.0.1, Apple Product Security
• APPLE-SA-2014-10-16-4 OS X Server v3.2.2, Apple Product Security
• APPLE-SA-2014-10-16-5 OS X Server v2.2.5, Apple Product Security
• Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF), simo
• [SECURITY] [DSA 3050-1] iceweasel security update, Moritz Muehlenhoff
• [security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution, security-alert
• [security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information, security-alert
• [security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution, security-alert
• [SECURITY] [DSA 3054-1] mysql-5.5 security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS), security-alert
• AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability, Asterisk Security Team
• APPLE-SA-2014-10-20-2 Apple TV 7.0.1, Apple Product Security
• APPLE-SA-2014-10-20-1 iOS 8.1, Apple Product Security
• LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183, Onur Yilmaz
• [security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
• [slackware-security] openssh (SSA:2014-293-01), Slackware Security Team
• [ MDVSA-2014:196 ] rsyslog, security
• Incredible PBX remote command execution exploit, simo
• [ MDVSA-2014:197 ] python, security
• [ MDVSA-2014:198 ] mediawiki, security
• [ MDVSA-2014:199 ] perl, security
• [ MDVSA-2014:200 ] bugzilla, security
• [ MDVSA-2014:201 ] kernel, security
• Vulnerabilities in WordPress Database Manager v2.7.1, Larry W. Cashdollar
• Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities, Vulnerability Lab
• FileBug v1.5.1 iOS - Path Traversal Web Vulnerability, Vulnerability Lab
• CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015, icete . secretariat
• FreeBSD Security Advisory FreeBSD-SA-14:22.namei, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:21.routed, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-14:23.openssl, FreeBSD Security Advisories
• iFunBox Free v1.1 iOS - File Include Vulnerability, Vulnerability Lab
• File Manager v4.2.10 iOS - Code Execution Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • File Manager v4.2.10 iOS - Code Execution Vulnerability, Vulnerability Lab
• ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability, Security Alert
• ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability, Security Alert
• ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability, Security Alert
• APPLE-SA-2014-10-22-1 QuickTime 7.7.6, Apple Product Security
• [ MDVSA-2014:202 ] php, security
• Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability, Vulnerability Lab
• [ MDVSA-2014:204 ] libxml2, security
• [ MDVSA-2014:203 ] openssl, security
• OpenBSD <= 5.5 Local Kernel Panic, Alejandro Hernandez
• [SECURITY] [DSA 3055-1] pidgin security update, Moritz Muehlenhoff
• [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability, Egidio Romano
• [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness, Egidio Romano
• [slackware-security] pidgin (SSA:2014-296-02), Slackware Security Team
• [slackware-security] glibc (SSA:2014-296-01), Slackware Security Team
• [ MDVSA-2014:205 ] lua, security
• [ MDVSA-2014:206 ] ctags, security
• [ MDVSA-2014:207 ] ejabberd, security
• [ MDVSA-2014:208 ] phpmyadmin, security
• [ MDVSA-2014:209 ] java-1.7.0-openjdk, security
• Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1, Stefan Kanthak
• iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries, Stefan Kanthak
• NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability, VMware Security Response Center
• [CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation, g-damore
• [SECURITY] [DSA 3056-1] libtasn1-3 security update, Sebastien Delafond
• vulnerabilities in libbfd (CVE-2014-beats-me), Michal Zalewski
  • Message not available
    • Re: vulnerabilities in libbfd (CVE-2014-beats-me), Mike Frysinger
• [SECURITY] [DSA 3057-1] libxml2 security update, Thijs Kinkhorst
• [security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution, security-alert
• [SECURITY] [DSA 3058-1] torque security update, Salvatore Bonaccorso
• WebDisk+ v2.1 iOS - Code Execution Vulnerability, Vulnerability Lab
• iFileExplorer v6.51 iOS - File Include Web Vulnerability, Vulnerability Lab
• Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability, Vulnerability Lab
• Folder Plus v2.5.1 iOS - Persistent Item Vulnerability, Vulnerability Lab
• Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration), Vulnerability Lab
• [security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code, security-alert
• IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA, liezelle
• [ MDVSA-2014:210 ] mariadb, security
• phpfusion (Search Page) Denial of Service Vulnerability, iedb . team
• [SECURITY] [DSA 3050-2] xulrunner update, Moritz Muehlenhoff
• [security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS), security-alert
• [ MDVSA-2014:211 ] wpa_supplicant, security
• [ MDVSA-2014:212 ] wget, security
• Multiple vulnerabilities in EspoCRM, High-Tech Bridge Security Research
• SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel, SEC Consult Vulnerability Lab
• SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme, SEC Consult Vulnerability Lab
• CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare, research
• [SECURITY] [DSA 3059-1] dokuwiki security update, Moritz Muehlenhoff
• [security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS), security-alert
• [slackware-security] wget (SSA:2014-302-01), Slackware Security Team
• Call for Papers - WorldCIST'15 - Azores, Deadline: November 23, ML