Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
150 messages
starting Dec 11 13 and
ending Dec 10 13
Date index |
Thread index |
Author index
advisories
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting advisories (Dec 11)
Alexandre Herzog
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities Alexandre Herzog (Dec 18)
[CVE-2013-2764] Secure Entry Server - URL Redirection Alexandre Herzog (Dec 18)
Apple Product Security
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1 Apple Product Security (Dec 17)
APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1 Apple Product Security (Dec 17)
APPLE-SA-2013-12-19-1 Motion 5.1 Apple Product Security (Dec 19)
Asterisk Security Team
AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message Asterisk Security Team (Dec 17)
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation Asterisk Security Team (Dec 17)
Christian Catalano
[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms Christian Catalano (Dec 18)
[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin Christian Catalano (Dec 18)
code
FlashCanvas 1.5 proxy.php XSS Vulnerability code (Dec 11)
CORE Advisories Team
[Full-disclosure] CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass CORE Advisories Team (Dec 02)
CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team (Dec 11)
Re: CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team (Dec 11)
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability CORE Advisories Team (Dec 10)
CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability CORE Advisories Team (Dec 18)
Daniel Wood
[CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application Daniel Wood (Dec 10)
diroverflow
Hancom Office '.hml' file heap-based buffer overflow diroverflow (Dec 17)
Edward Hawkins
NEW VMSA-2013-0015 VMware ESX updates to third party libraries Edward Hawkins (Dec 08)
Egidio Romano
[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability Egidio Romano (Dec 08)
Florian Weimer
[SECURITY] [DSA 2830-1] ruby-i18n security update Florian Weimer (Dec 30)
High-Tech Bridge Security Research
User Identity Spoofing in Bitrix Site Manager High-Tech Bridge Security Research (Dec 16)
Cross-Site Scripting (XSS) in Jamroom High-Tech Bridge Security Research (Dec 06)
XSS and Full Path Disclosure in MijoSearch Joomla Extension High-Tech Bridge Security Research (Dec 16)
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin High-Tech Bridge Security Research (Dec 26)
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin High-Tech Bridge Security Research (Dec 26)
SQL Injection in InstantCMS High-Tech Bridge Security Research (Dec 11)
Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin High-Tech Bridge Security Research (Dec 26)
ISSW CFP
InfoSec Southwest 2014 CFP now open! ISSW CFP (Dec 18)
Julien Ahrens
[Full-disclosure] [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Julien Ahrens (Dec 02)
Larry W. Cashdollar
Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 16)
Command injection vulnerability in Ruby Gem sprout 0.7.246 Larry W. Cashdollar (Dec 16)
Command injection in Ruby Gem Webbynode 1.0.5.3 Larry W. Cashdollar (Dec 16)
Luciano Bello
[SECURITY] [DSA 2817-1] libtar security update Luciano Bello (Dec 16)
Luiz Eduardo
Call for Papers -YSTS 8 - Information Security Conference, Brazil Luiz Eduardo (Dec 16)
Lukasz Lenart
[Full-disclosure] [ANN] Struts 2.3.15.3 GA release available - security fix Lukasz Lenart (Dec 02)
mailing lists
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) mailing lists (Dec 12)
[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection mailing lists (Dec 12)
Matteo Beccati
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability Matteo Beccati (Dec 22)
Michael Gilbert
[SECURITY] [DSA 2811-1] chromium-browser security update Michael Gilbert (Dec 08)
Michal Zalewski
bugs in IJG jpeg6b & libjpeg-turbo Michal Zalewski (Dec 03)
Moritz Muehlenhoff
[SECURITY] [DSA 2819-1] End-of-life announcement for iceape Moritz Muehlenhoff (Dec 16)
[SECURITY] [DSA 2812-1] samba security update Moritz Muehlenhoff (Dec 09)
[SECURITY] [DSA 2807-1] links2 security update Moritz Muehlenhoff (Dec 02)
[SECURITY] [DSA 2829-1] hplip security update Moritz Muehlenhoff (Dec 30)
[SECURITY] [DSA 2813-1] gimp security update Moritz Muehlenhoff (Dec 09)
[SECURITY] [DSA 2822-1] xorg-server security update Moritz Muehlenhoff (Dec 18)
[SECURITY] [DSA 2823-1] pixman security update Moritz Muehlenhoff (Dec 18)
[SECURITY] [DSA 2825-1] wireshark security update Moritz Muehlenhoff (Dec 22)
Nicolas Grégoire
Vulnerabilities in Apache Solr < 4.6.0 Nicolas Grégoire (Dec 09)
noreply
[PT-2013-63] Hash Length Extension in HTMLPurifier noreply (Dec 04)
nospam
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution nospam (Dec 10)
Raphael Geissert
[SECURITY] [DSA 2808-1] openjpeg security update Raphael Geissert (Dec 03)
[SECURITY] [DSA 2820-1] nspr security update Raphael Geissert (Dec 17)
Rodrigo Rubira Branco (BSDaemon)
CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition Rodrigo Rubira Branco (BSDaemon) (Dec 30)
Roee Hay
Android Fragment Injection vulnerability Roee Hay (Dec 10)
Ryan Baxter
[Full-disclosure] [CVE-2013-4295] Apache Shindig information disclosure vulnerability Ryan Baxter (Dec 02)
Salvatore Bonaccorso
[SECURITY] [DSA 2810-1] ruby1.9.1 security update Salvatore Bonaccorso (Dec 08)
[SECURITY] [DSA 2828-1] drupal6 security update Salvatore Bonaccorso (Dec 30)
[SECURITY] [DSA 2815-1] munin security update Salvatore Bonaccorso (Dec 09)
[SECURITY] [DSA 2814-1] varnish security update Salvatore Bonaccorso (Dec 09)
[SECURITY] [DSA 2818-1] mysql-5.5 security update Salvatore Bonaccorso (Dec 16)
[SECURITY] [DSA 2809-1] ruby1.8 security update Salvatore Bonaccorso (Dec 08)
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update Salvatore Bonaccorso (Dec 23)
[SECURITY] [DSA 2824-1] curl security update Salvatore Bonaccorso (Dec 22)
ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt (Dec 03)
D-Link DIR-XXX remote root access exploit. ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt (Dec 03)
SEC Consult Vulnerability Lab
SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection SEC Consult Vulnerability Lab (Dec 27)
security
[ MDVSA-2013:287-1 ] drupal security (Dec 18)
[ MDVSA-2013:293 ] gimp security (Dec 18)
[ MDVSA-2013:290 ] mediawiki security (Dec 18)
[ MDVSA-2013:291 ] kernel security (Dec 18)
[ MDVSA-2013:295 ] gnupg security (Dec 22)
[ MDVSA-2013:294 ] gimp security (Dec 18)
[ MDVSA-2013:298 ] php security (Dec 22)
[ MDVSA-2013:301 ] nss security (Dec 23)
[ MDVSA-2013:300 ] asterisk security (Dec 23)
[ MDVSA-2013:289 ] owncloud security (Dec 18)
[ MDVSA-2013:297 ] munin security (Dec 22)
[ MDVSA-2013:292 ] links security (Dec 18)
[ MDVSA-2013:299 ] samba security (Dec 22)
[ MDVSA-2013:288 ] subversion security (Dec 18)
[ MDVSA-2013:291 ] kernel security (Dec 18)
[ MDVSA-2013:296 ] wireshark security (Dec 22)
[ MDVSA-2013:302 ] pixman security (Dec 26)
Security Alert
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability Security Alert (Dec 22)
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability Security Alert (Dec 24)
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities Security Alert (Dec 11)
ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities Security Alert (Dec 09)
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability Security Alert (Dec 24)
ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities Security Alert (Dec 19)
security-alert
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS) security-alert (Dec 13)
[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities security-alert (Dec 30)
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution security-alert (Dec 13)
[security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 10)
[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution security-alert (Dec 16)
[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) security-alert (Dec 22)
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS) security-alert (Dec 13)
[security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution security-alert (Dec 02)
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) security-alert (Dec 13)
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) security-alert (Dec 10)
[security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 10)
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update security-alert (Dec 13)
Slackware Security Team
[slackware-security] seamonkey (SSA:2013-350-07) Slackware Security Team (Dec 17)
[slackware-security] mozilla-firefox (SSA:2013-350-04) Slackware Security Team (Dec 17)
[slackware-security] mozilla-thunderbird (SSA:2013-339-02) Slackware Security Team (Dec 08)
[slackware-security] llvm (SSA:2013-350-03) Slackware Security Team (Dec 17)
[slackware-security] libiodbc (SSA:2013-350-01) Slackware Security Team (Dec 17)
[slackware-security] gnupg (SSA:2013-354-01) Slackware Security Team (Dec 22)
[slackware-security] mozilla-nss (SSA:2013-339-01) Slackware Security Team (Dec 08)
[slackware-security] seamonkey (SSA:2013-339-03) Slackware Security Team (Dec 08)
[slackware-security] hplip (SSA:2013-339-04) Slackware Security Team (Dec 08)
[slackware-security] mozilla-thunderbird (SSA:2013-350-05) Slackware Security Team (Dec 17)
[slackware-security] libjpeg (SSA:2013-350-02) Slackware Security Team (Dec 17)
[slackware-security] ruby (SSA:2013-350-06) Slackware Security Team (Dec 17)
Stefan Esser
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability Stefan Esser (Dec 16)
Stefan Kanthak
[Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation Stefan Kanthak (Dec 02)
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation Stefan Kanthak (Dec 02)
Thijs Kinkhorst
[SECURITY] [DSA 2816-1] php5 security update Thijs Kinkhorst (Dec 13)
[SECURITY] [DSA 2821-1] gnupg security update Thijs Kinkhorst (Dec 18)
Tony Naggs
DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013 Tony Naggs (Dec 16)
trueend5
Opencart Multiple Vulnerabilities trueend5 (Dec 08)
vishal_mishra
SAMSPADE 1.14 BUFFER OVERFLOW vishal_mishra (Dec 12)
"VMware Security Response Center"
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX "VMware Security Response Center" (Dec 22)
[Full-disclosure] NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities "VMware Security Response Center" (Dec 02)
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation "VMware Security Response Center" (Dec 03)
Vulnerability Lab
QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability Vulnerability Lab (Dec 17)
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability Vulnerability Lab (Dec 13)
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab (Dec 23)
Print n Share v5.5 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 09)
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 08)
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 02)
Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 08)
Microsoft Yammer - Persistent Profile Vulnerabilities Vulnerability Lab (Dec 13)
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities Vulnerability Lab (Dec 16)
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 16)
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) Vulnerability Lab (Dec 08)
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 13)
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 11)
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities Vulnerability Lab (Dec 10)
FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 17)
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab (Dec 22)
WorldCIST
Last Call - 2sd World Conference on IST; Submission: December 29 WorldCIST (Dec 16)
WorldCIST'14 - Submission deadline: December 7 WorldCIST (Dec 02)
Yves-Alexis Perez
[SECURITY] [DSA 2826-1] denyhosts security update Yves-Alexis Perez (Dec 22)
zoczus
LiveZilla 5.1.2.0 Insecure password storage zoczus (Dec 16)
LiveZilla 5.1.0.0 Reflected XSS in translations zoczus (Dec 09)
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client zoczus (Dec 16)
LiveZilla 5.1.2.0 PHP Object Injection zoczus (Dec 16)
LiveZilla 5.1.1.0 Stored XSS in operator clients zoczus (Dec 10)