Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
155 messages
starting Nov 02 14 and
ending Nov 28 14
Date index |
Thread index |
Author index
Sunday, 02 November
[SECURITY] [DSA 3061-1] icedove security update Moritz Muehlenhoff
"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities n . sampanis
PARSADEV CMS Cross-Site Scripting Vulnerability iedb . team
[SECURITY] [DSA 3063-1] quassel security update Luciano Bello
[SECURITY] [DSA 3062-1] wget security update Luciano Bello
Tuesday, 04 November
CFP: Fourth World Congress - SEMCMI2015 - Malaysia Conference Updates
Ahrareandeysheh CMS Cross-Site Scripting Vulnerability iedb . team
Modx CMS CSRF Bypass & XSS Vulnerabilities bhati . contact
[slackware-security] seamonkey (SSA:2014-307-04) Slackware Security Team
[slackware-security] mariadb (SSA:2014-307-01) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-307-02) Slackware Security Team
[slackware-security] php (SSA:2014-307-03) Slackware Security Team
Wednesday, 05 November
[Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform AppCheck_Advisories
[SECURITY] [DSA 3064-1] php5 security update Salvatore Bonaccorso
Call for Papers - WorldCIST'15 - Best papers published in JCR/SCI journals ML
Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer subs
[security bulletin] HPSBUX03162 SSRT101767 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:26.ftp FreeBSD Security Advisories
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read KoreLogic Disclosures
CVE-2014-6617 Softing FG-100 Backdoor Account Ingmar Rosenhagen
CVE-2014-6616 Softing FG-100 Webui XSS Ingmar Rosenhagen
Wordpress bulletproof-security <=.51 multiple vulnerabilities Pietro Oliva
Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms High-Tech Bridge Security Research
Arbitrary File Upload in HelpDEZk High-Tech Bridge Security Research
WordPress Wordfence Firewall 5.1.2 Cross Site Scripting bhati . contact
ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability Security Alert
Thursday, 06 November
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers Cisco Systems Product Security Incident Response Team
i.Hex Local Crash Poc metacom27
i.Mage Local Crash Poc metacom27
i-FTP Buffer Overflow SEH metacom27
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser Pedro Ribeiro
Cisco RV Series multiple vulnerabilities Securify B.V.
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab
[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper mdgh9
[SECURITY] [DSA 3065-1] libxml-security-java security update Sebastien Delafond
[SECURITY] [DSA 3066-1] qemu security update Salvatore Bonaccorso
[SECURITY] [DSA 3067-1] qemu-kvm security update Salvatore Bonaccorso
CA20141103-01: Security Notice for CA Cloud Service Management Kotas, Kevin J
ZTE ZXDSL 831CII Direct Object Reference habte . yibelo
ZTE 831CII Multiple Vulnerablities habte . yibelo
ZTE ZXDSL 831 Multiple Cross Site Scripting habte . yibelo
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] Programa STIC
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED] FreeBSD Security Advisories
Friday, 07 November
[SECURITY] [DSA 3068-1] konversation security update Moritz Muehlenhoff
Open-Xchange Security Advisory 2014-11-07 Martin Heiland
Sunday, 09 November
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability Vulnerability Lab
BookFresh - Persistent Clients Invite Vulnerability Vulnerability Lab
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability Vulnerability Lab
[SECURITY] [DSA 3069-1] curl security update Salvatore Bonaccorso
CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests Gordon Sim
[SECURITY] [DSA 3070-1] kfreebsd-9 security update Moritz Muehlenhoff
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro Pedro Ribeiro
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 Pedro Ribeiro
Tuesday, 11 November
[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities security-alert
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] Programa STIC
[SECURITY] [DSA 3071-1] nss security update Sebastien Delafond
[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities security-alert
[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access security-alert
[security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code security-alert
[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information security-alert
Wednesday, 12 November
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) ESNC Security
[SECURITY] [DSA 3072-1] file security update Thijs Kinkhorst
CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 cert
CVE-2014-8732 cert
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] Programa STIC
[SECURITY] [DSA 3050-3] iceweasel security update Salvatore Bonaccorso
[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution security-alert
Thursday, 13 November
Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 cert
Re: CVE-2014-8732 cert
Sunday, 16 November
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs Timo Schmid
CVE-2014-8683 XSS in Gogs Markdown Renderer Timo Schmid
[security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information security-alert
Monday, 17 November
[SECURITY] [DSA 3073-1] libgcrypt11 security update Salvatore Bonaccorso
[slackware-security] mozilla-thunderbird (SSA:2014-320-01) Slackware Security Team
APPLE-SA-2014-11-17-1 iOS 8.1.1 Apple Product Security
APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 Apple Product Security
APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple Product Security
[security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information security-alert
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload Steffen Bauch
CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload Steffen Bauch
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload Steffen Bauch
Tuesday, 18 November
[ MDVSA-2014:214 ] dbus security
[ MDVSA-2014:213 ] curl security
[SECURITY] [DSA 3074-1] php5 security update Yves-Alexis Perez
Wednesday, 19 November
[ MDVSA-2014:215 ] gnutls security
Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension High-Tech Bridge Security Research
[SECURITY] [DSA 3074-2] php5 regression update Yves-Alexis Perez
CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM Portcullis Advisories
[CORE-2014-0009] - Advantech EKI-6340 Command Injection CORE Advisories Team
[CORE-2014-0008] - Advantech AdamView Buffer Overflow CORE Advisories Team
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow CORE Advisories Team
Thursday, 20 November
[ MDVSA-2014:216 ] php-ZendFramework security
[ MDVSA-2014:217 ] clamav security
CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin phi . n . le
[SECURITY] [DSA 3075-1] drupal7 security update Salvatore Bonaccorso
Multiple SQL Injection in SP Client Document Manager plugin thai . q . dang
AST-2014-014: High call load may result in hung channels in ConfBridge. Asterisk Security Team
AST-2014-018: AMI permission escalation through DB dialplan function Asterisk Security Team
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> Asterisk Security Team
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team
AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team
AST-2014-013: PJSIP ACLs are not loaded on startup Asterisk Security Team
AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. Asterisk Security Team
WordPress 3 persistent script injection Jouko Pynnonen
Friday, 21 November
[ MDVSA-2014:218 ] asterisk security
[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities security-alert
[ MDVSA-2014:219 ] srtp security
[ MDVSA-2014:220 ] qemu security
[ MDVSA-2014:221 ] php-smarty security
[ MDVSA-2014:222 ] libvirt security
[ MDVSA-2014:223 ] wireshark security
[ MDVSA-2014:224 ] krb5 security
[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access security-alert
Sunday, 23 November
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin Larry W. Cashdollar
Monday, 24 November
CVE-2014-8419 - CodeMeter Weak Service Permissions ajs
Docker 1.3.2 - Security Advisory [24 Nov 2014] Eric Windisch
Tuesday, 25 November
[oCERT 2014-008] libFLAC multiple issues Daniele Bianco
[ MDVSA-2014:225 ] ruby security
[ MDVSA-2014:226 ] imagemagick security
[ MDVSA-2014:227 ] ffmpeg security
[security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution security-alert
Slider Revolution/Showbiz Pro shell upload exploit simo
[security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass security-alert
[SECURITY] [DSA 3076-1] wireshark security update Moritz Muehlenhoff
Wednesday, 26 November
[ MDVSA-2014:228 ] phpmyadmin security
Сross-Site Request Forgery (CSRF) in xEpan High-Tech Bridge Security Research
CVE-2014-5439 - Root shell on Sniffit [with exploit] Hector Marco
[ MDVSA-2014:229 ] libvncserver security
[SECURITY] [DSA 3077-1] openjdk-6 security update Moritz Muehlenhoff
[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information security-alert
Thursday, 27 November
[ MDVSA-2014:230 ] kernel security
[ MDVSA-2014:231 ] icecast security
[ MDVSA-2014:232 ] glibc security
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability Egidio Romano
[SECURITY] [DSA 3078-1] libksba security update Salvatore Bonaccorso
[ MDVSA-2014:233 ] wordpress security
[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information security-alert
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) Stefan Kanthak
Friday, 28 November
[ MDVSA-2014:234 ] libksba security
[ MDVSA-2014:235 ] perl-Plack security
[ MDVSA-2014:236 ] file security
[ MDVSA-2014:237 ] perl-Mojolicious security