Bugtraq: by date

PreviousPrevious period
Next periodNext

176 messages starting Jun 03 14 and ending Jun 30 14
Date index | Thread index | Author index

Tuesday, 03 June

[SECURITY] [DSA 2939-1] chromium-browser security update Michael Gilbert
[SECURITY] [DSA 2943-1] php5 security update Moritz Muehlenhoff
[SECURITY] [DSA 2941-1] lxml security update Moritz Muehlenhoff
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress Yarubo Internet Security Scan
[SECURITY] [DSA 2944-1] gnutls26 security update Moritz Muehlenhoff
[SECURITY] [DSA 2942-1] typo3-src security update Moritz Muehlenhoff
Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability Henri Salo
[slackware-security] mariadb (SSA:2014-152-01) Slackware Security Team
CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite" Christian Schneider
CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite" Christian Schneider
CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite" Christian Schneider
ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability Security Alert
[FD] CVE-2013-6876 s3dvt Root shell Hector Marco
VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own) VUPEN Security Research
FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS) Robin Bailey
CVE-2014-1226 s3dvt Root shell (still) Hector Marco
CVE-2013-6825 DCMTK Root Privilege escalation Hector Marco
LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues advisories
NG WifiTransfer Pro 1.1 - File Include Vulnerability Vulnerability Lab
Files Desk Pro v1.4 iOS - File Include Web Vulnerability Vulnerability Lab
AllReader v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability Vulnerability Lab
TigerCom My Assistant v1.1 iOS - File Include Vulnerability Vulnerability Lab
Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability Vulnerability Lab

Wednesday, 04 June

CVE-2013-6876 s3dvt Root shell Hector Marco
CVE-2013-6825 DCMTK Root Privilege escalation Hector Marco
CVE-2014-1226 s3dvt Root shell (still) Hector Marco
Bug in bash <= 4.3 [security feature bypassed] Hector Marco
CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 Portcullis Advisories
FreeBSD Security Advisory FreeBSD-SA-14:13.pam FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:12.ktrace FreeBSD Security Advisories
[SECURITY] [DSA 2945-1] chkrootkit security update Giuseppe Iuculano
[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies Fran
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran

Thursday, 05 June

ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability Security Alert
[SECURITY] [DSA 2947-1] libav security update Moritz Muehlenhoff
[SECURITY] [DSA 2948-1] python-bottle security update Moritz Muehlenhoff
[SECURITY] [DSA 2946-1] python-gnupg security update Moritz Muehlenhoff
[security bulletin] HPSBMU03033 rev.3 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information security-alert
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists
Re: Bug in bash <= 4.3 [security feature bypassed] Daryl Tester
[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager RedTeam Pentesting GmbH
[SECURITY] [DSA 2950-1] openssl security update Moritz Muehlenhoff
[SECURITY] [DSA 2949-1] linux security update Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-14:14.openssl FreeBSD Security Advisories
multiple Vulnerability in "WahmShoppes eStore" cseye_ut
[security bulletin] HPSBMU03028 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information security-alert
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities Security Alert
[security bulletin] HPSBMU03029 rev.2 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information security-alert
Details for CVE-2014-0220 tucu

Friday, 06 June

[SECURITY] [DSA 2951-1] mupdf security update Moritz Muehlenhoff
Re: Bug in bash <= 4.3 [security feature bypassed] Hector Marco
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2952-1] kfreebsd-9 security update Nico Golde
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton
[slackware-security] libtasn1 (SSA:2014-156-02) Slackware Security Team
[slackware-security] gnutls (SSA:2014-156-01) Slackware Security Team
SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan SEC Consult Vulnerability Lab
[slackware-security] sendmail (SSA:2014-156-04) Slackware Security Team
[slackware-security] openssl (SSA:2014-156-03) Slackware Security Team
[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering Onapsis Research Labs
[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components Onapsis Research Labs

Monday, 09 June

NeginGroup CMS Multiple Vulnerability iedb . team
CVE-2014-3740 - SpiceWorks Cross-site scripting Dolev Farhi
[slackware-security] mozilla-firefox (SSA:2014-157-01) Slackware Security Team
[SECURITY] [DSA 2953-1] dpkg security update Raphael Geissert
DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability cseye_ut
DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability cseye_ut
DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability cseye_ut
DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability cseye_ut
DNN (DotNetNuke®) responsivesidebar Module Arbitrary File Download Vulnerability cseye_ut
DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability cseye_ut
[security bulletin] HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information security-alert

Tuesday, 10 June

[ MDVSA-2014:105 ] openssl security
[SECURITY] [DSA 2954-1] dovecot security update Salvatore Bonaccorso
[ MDVSA-2014:106 ] openssl security
[ MDVSA-2014:107 ] libtasn1 security
[ MDVSA-2014:109 ] gnutls security
[ MDVSA-2014:108 ] gnutls security
[slackware-security] php (SSA:2014-160-01) Slackware Security Team
[ MDVSA-2014:111 ] otrs security
[ MDVSA-2014:112 ] python-django security
[ MDVSA-2014:110 ] curl security

Wednesday, 11 June

Re: MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service Pavel Machek
[ MDVSA-2014:113 ] python-django security
[ MDVSA-2014:114 ] squid security
[ MDVSA-2014:115 ] php security
[ MDVSA-2014:116 ] file security
[ MDVSA-2014:117 ] libcap-ng security
CodeIgniter <= 2.1.4 Session Decoding Vulnerability Robin Bailey
[ MDVSA-2014:119 ] mediawiki security
[ MDVSA-2014:121 ] libgadu security
[ MDVSA-2014:118 ] emacs security
[ MDVSA-2014:120 ] miniupnpc security
[security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution security-alert
NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities "VMware Security Response Center"
CVE-2014-3977 - Privilege Escalation in IBM AIX Portcullis Advisories

Thursday, 12 June

[ MDVSA-2014:123 ] tor security
[ MDVSA-2014:122 ] chkrootkit security
[SECURITY] [DSA 2956-1] icinga security update Moritz Muehlenhoff
[SECURITY] [DSA 2955-1] iceweasel security update Moritz Muehlenhoff
Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team

Friday, 13 June

CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones J. Oquendo
[slackware-security] mozilla-thunderbird (SSA:2014-163-01) Slackware Security Team
[SECURITY] [DSA 2957-1] mediawiki security update Thijs Kinkhorst
[SECURITY] [DSA 2958-1] apt security update Thijs Kinkhorst
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Asterisk Security Team
AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections Asterisk Security Team
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions Asterisk Security Team
[security bulletin] HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information security-alert
CVE-2014-0228: Apache Hive Authorization vulnerability Thejas Nair
AST-2014-006: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team
[security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access security-alert
[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution Brett Porter
[ MDVSA-2014:124 ] kernel security

Monday, 16 June

[ MDVSA-2014:125 ] nspr security
ClipBucket CMS Xss Vulnerability iedb . team
[SECURITY] [DSA 2959-1] chromium-browser security update Michael Gilbert
[SE-2014-01] Security vulnerabilities in Oracle Database Java VM Security Explorations
[CFP] Hacktivity 2014 CFP is open ferenc . spala
[SECURITY] [DSA 2960-1] icedove security update Moritz Muehlenhoff

Tuesday, 17 June

[SECURITY] [DSA 2950-2] openssl update Moritz Muehlenhoff
[SECURITY] [DSA 2961-1] php5 security update Salvatore Bonaccorso

Wednesday, 18 June

[SECURITY] [DSA 2962-1] nspr security update Moritz Muehlenhoff
[security bulletin] HPSBUX03046 SSRT101590 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access security-alert
[SECURITY] [DSA 2963-1] lucene-solr security update Moritz Muehlenhoff
[security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal security-alert
SQL Injection in Dolphin High-Tech Bridge Security Research
Multiple SQL Injection Vulnerabilities in web2Project High-Tech Bridge Security Research
Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability Vulnerability Lab
Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Vulnerability Lab

Thursday, 19 June

[security bulletin] HPSBOV03047 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert

Monday, 23 June

[SECURITY] [DSA 2964-1] iodine security update Salvatore Bonaccorso
[SECURITY] [DSA 2965-1] tiff security update Michael Gilbert
[SECURITY] [DSA 2966-1] samba security update Yves-Alexis Perez
[security bulletin] HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information security-alert

Tuesday, 24 June

Android KeyStore Stack Buffer Overflow (CVE-2014-3100) Roee Hay
Boolean algebra and CSS history theft Michal Zalewski

Wednesday, 25 June

[security bulletin] HPSBMU03051 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert
[HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week Hafez Kamal
[security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information security-alert
FreeBSD Security Advisory FreeBSD-SA-14:15.iconv FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:16.file FreeBSD Security Advisories
[slackware-security] gnupg2 (SSA:2014-175-03) Slackware Security Team
[slackware-security] gnupg (SSA:2014-175-02) Slackware Security Team
[slackware-security] bind (SSA:2014-175-01) Slackware Security Team
[slackware-security] samba (SSA:2014-175-04) Slackware Security Team
[slackware-security] seamonkey (SSA:2014-175-05) Slackware Security Team
NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library "VMware Security Response Center"
Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite High-Tech Bridge Security Research
[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting GmbH
[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting RedTeam Pentesting GmbH
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux) Portcullis Advisories
CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014 Portcullis Advisories
[SECURITY] [DSA 2967-1] gnupg security update Salvatore Bonaccorso

Friday, 27 June

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution RedTeam Pentesting GmbH
CFP 1st International Conference on Information Systems Security and Privacy - ICISSP 2015 calendarsites
[security bulletin] HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2968-1] gnupg2 security update Salvatore Bonaccorso
[security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege security-alert
[security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert
[security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert
[SECURITY] [DSA 2969-1] libemail-address-perl security update Salvatore Bonaccorso

Monday, 30 June

[SECURITY] [DSA 2970-1] cacti security update Moritz Muehlenhoff
ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability Security Alert
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities Security Alert
SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS SEC Consult Vulnerability Lab
APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Apple Product Security
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 Apple Product Security
[security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information security-alert
APPLE-SA-2014-06-30-3 iOS 7.1.2 Apple Product Security
APPLE-SA-2014-06-30-4 Apple TV 6.1.2 Apple Product Security
ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities Security Alert
PreviousPrevious period
Next periodNext