Bugtraq: by thread
204 messages
starting Oct 01 14 and
ending Oct 31 14
Date index |
Thread index |
Author index
- PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability Vulnerability Lab (Oct 01)
- PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability Vulnerability Lab (Oct 01)
- All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability Vulnerability Lab (Oct 01)
- [security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation security-alert (Oct 01)
- [security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities security-alert (Oct 01)
- [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution security-alert (Oct 01)
- [SECURITY] [DSA 3040-1] rsyslog security update Luciano Bello (Oct 01)
- [security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution security-alert (Oct 01)
- NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities VMware Security Response Center (Oct 01)
- FreePBX (All Versions) RCE rob . thomas (Oct 01)
- Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin High-Tech Bridge Security Research (Oct 01)
- Reflected Cross-Site Scripting (XSS) in Textpattern High-Tech Bridge Security Research (Oct 01)
- [SECURITY] [DSA 3041-1] xen security update Moritz Muehlenhoff (Oct 01)
- [ MDVSA-2014:192 ] perl-Email-Address security (Oct 03)
- [ MDVSA-2014:193 ] xerces-j2 security (Oct 03)
- the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 03)
- [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution security-alert (Oct 03)
- Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities Patrick Webster (Oct 03)
- Elasticsearch vulnerability CVE-2014-6439 Jordan Sissel (Oct 03)
- [security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities security-alert (Oct 03)
- [security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code security-alert (Oct 03)
- [ MDVSA-2014:194 ] phpmyadmin security (Oct 03)
- [ MDVSA-2014:195 ] libvirt security (Oct 03)
- CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway mirko . casadei (Oct 03)
- CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway mirko . casadei (Oct 03)
- BulletProof Security Wordpress v50.8 - POST Inject Vulnerability Vulnerability Lab (Oct 03)
- HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability Vulnerability Lab (Oct 03)
- PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability Vulnerability Lab (Oct 03)
- [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code security-alert (Oct 03)
- [SECURITY] [DSA 3042-1] exuberant-ctags security update Moritz Muehlenhoff (Oct 06)
- [SECURITY] [DSA 3044-1] qemu-kvm security update Moritz Muehlenhoff (Oct 06)
- [SECURITY] [DSA 3045-1] qemu security update Moritz Muehlenhoff (Oct 06)
- [SECURITY] [DSA 3046-1] mediawiki security update Salvatore Bonaccorso (Oct 06)
- Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab (Oct 07)
- PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities Vulnerability Lab (Oct 07)
- Multiple Vulnerabilities in Draytek Vigor 2130 Erik-Paul Dittmer (Oct 07)
- CA20141001-01: Security Notice for Bash Shellshock Vulnerability Williams, James K (Oct 07)
- Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 dkl (Oct 07)
- OWTF 1.0 "Lionheart" released! Abraham Aranguren (Oct 07)
- Multiple vulnerabilities in DrayTek VigorACS SI Erik-Paul Dittmer (Oct 08)
- [security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities security-alert (Oct 08)
- [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! Pedro Ribeiro (Oct 08)
- [security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS) security-alert (Oct 08)
- [SECURITY] [DSA 3047-1] rsyslog security update Luciano Bello (Oct 09)
- Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin High-Tech Bridge Security Research (Oct 09)
- Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin High-Tech Bridge Security Research (Oct 09)
- Two XSS in Contact Form DB WordPress plugin High-Tech Bridge Security Research (Oct 09)
- [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection Onapsis Research Labs (Oct 09)
- [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities Onapsis Research Labs (Oct 09)
- [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check Onapsis Research Labs (Oct 09)
- [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA Onapsis Research Labs (Oct 09)
- [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure Onapsis Research Labs (Oct 09)
- [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA Onapsis Research Labs (Oct 09)
- [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting Onapsis Research Labs (Oct 09)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Cisco Systems Product Security Incident Response Team (Oct 09)
- [SECURITY] [DSA 3048-1] apt security update Thijs Kinkhorst (Oct 09)
- [security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution security-alert (Oct 09)
- [security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code security-alert (Oct 09)
- [security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information security-alert (Oct 09)
- [security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code security-alert (Oct 13)
- [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution security-alert (Oct 13)
- SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer Alexandre Herzog (Oct 13)
- SAP Security Note 1908531 - XXE in BusinessObjects Explorer Alexandre Herzog (Oct 13)
- CSNC-2014-004 neuroML - Multiple Vulnerabilities Alexandre Herzog (Oct 13)
- SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer Alexandre Herzog (Oct 13)
- CSP Bypass in android browser prior to 4.4 evanjjohns (Oct 13)
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015 ML (Oct 13)
- <Possible follow-ups>
- Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015 ML (Oct 27)
- CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik (Oct 14)
- PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability Vulnerability Lab (Oct 14)
- PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability Vulnerability Lab (Oct 14)
- PayPal Inc BB #96 - Persistent Tags Vulnerability Vulnerability Lab (Oct 14)
- Reminder: Passwords14 CFP + registration announcement Per Thorsheim (Oct 14)
- [security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution security-alert (Oct 14)
- [security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution security-alert (Oct 14)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Cisco Systems Product Security Incident Response Team (Oct 14)
- [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery security-alert (Oct 14)
- LiveZilla 5.3.0.7 Security Issue sourav . infosec (Oct 15)
- Re: LiveZilla 5.3.0.7 Security Issue Henri Salo (Oct 20)
- two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other) Michal Zalewski (Oct 15)
- [SECURITY] [DSA 3049-1] wireshark security update Moritz Muehlenhoff (Oct 15)
- [SE-2014-01] Breaking Oracle Database through Java exploits (details) Security Explorations (Oct 15)
- PayPal Inc BB #98 MOS - Persistent Settings Vulnerability Vulnerability Lab (Oct 15)
- PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability Vulnerability Lab (Oct 15)
- Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities Vulnerability Lab (Oct 15)
- Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability Vulnerability Lab (Oct 15)
- Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin High-Tech Bridge Security Research (Oct 15)
- Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin High-Tech Bridge Security Research (Oct 15)
- SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces SEC Consult Vulnerability Lab (Oct 15)
- Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability Cisco Systems Product Security Incident Response Team (Oct 16)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software Cisco Systems Product Security Incident Response Team (Oct 16)
- Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst (Oct 16)
- Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability Cisco Systems Product Security Incident Response Team (Oct 16)
- [SECURITY] [DSA 3051-1] drupal7 security update Moritz Muehlenhoff (Oct 16)
- Bypassing blacklists based on IPy Nicolas Grégoire (Oct 16)
- [slackware-security] openssl (SSA:2014-288-01) Slackware Security Team (Oct 16)
- [security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution security-alert (Oct 16)
- [security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS) security-alert (Oct 16)
- [SECURITY] [DSA 3052-1] wpa security update Michael Gilbert (Oct 16)
- Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Oct 17)
- [SECURITY] [DSA 3053-1] openssl security update Thijs Kinkhorst (Oct 17)
- [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CORE Advisories Team (Oct 17)
- APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 Apple Product Security (Oct 17)
- APPLE-SA-2014-10-16-2 Security Update 2014-005 Apple Product Security (Oct 17)
- APPLE-SA-2014-10-16-3 OS X Server v4.0 Apple Product Security (Oct 17)
- APPLE-SA-2014-10-16-6 iTunes 12.0.1 Apple Product Security (Oct 17)
- APPLE-SA-2014-10-16-4 OS X Server v3.2.2 Apple Product Security (Oct 17)
- APPLE-SA-2014-10-16-5 OS X Server v2.2.5 Apple Product Security (Oct 17)
- Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) simo (Oct 20)
- [SECURITY] [DSA 3050-1] iceweasel security update Moritz Muehlenhoff (Oct 20)
- [security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code security-alert (Oct 20)
- [security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution security-alert (Oct 20)
- [security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Oct 20)
- [security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution security-alert (Oct 20)
- [SECURITY] [DSA 3054-1] mysql-5.5 security update Salvatore Bonaccorso (Oct 20)
- [security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS) security-alert (Oct 20)
- AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk Security Team (Oct 20)
- APPLE-SA-2014-10-20-2 Apple TV 7.0.1 Apple Product Security (Oct 20)
- APPLE-SA-2014-10-20-1 iOS 8.1 Apple Product Security (Oct 20)
- LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183 Onur Yilmaz (Oct 20)
- [security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert (Oct 21)
- [slackware-security] openssh (SSA:2014-293-01) Slackware Security Team (Oct 21)
- [ MDVSA-2014:196 ] rsyslog security (Oct 21)
- Incredible PBX remote command execution exploit simo (Oct 21)
- [ MDVSA-2014:197 ] python security (Oct 21)
- [ MDVSA-2014:198 ] mediawiki security (Oct 21)
- [ MDVSA-2014:199 ] perl security (Oct 21)
- [ MDVSA-2014:200 ] bugzilla security (Oct 21)
- [ MDVSA-2014:201 ] kernel security (Oct 21)
- Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 21)
- Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities Vulnerability Lab (Oct 21)
- FileBug v1.5.1 iOS - Path Traversal Web Vulnerability Vulnerability Lab (Oct 21)
- CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015 icete . secretariat (Oct 21)
- FreeBSD Security Advisory FreeBSD-SA-14:22.namei FreeBSD Security Advisories (Oct 22)
- FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold FreeBSD Security Advisories (Oct 22)
- FreeBSD Security Advisory FreeBSD-SA-14:21.routed FreeBSD Security Advisories (Oct 22)
- FreeBSD Security Advisory FreeBSD-SA-14:23.openssl FreeBSD Security Advisories (Oct 22)
- iFunBox Free v1.1 iOS - File Include Vulnerability Vulnerability Lab (Oct 22)
- File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 22)
- <Possible follow-ups>
- File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 24)
- ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability Security Alert (Oct 24)
- ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability Security Alert (Oct 24)
- ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability Security Alert (Oct 24)
- APPLE-SA-2014-10-22-1 QuickTime 7.7.6 Apple Product Security (Oct 24)
- [ MDVSA-2014:202 ] php security (Oct 24)
- Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability Vulnerability Lab (Oct 24)
- [ MDVSA-2014:204 ] libxml2 security (Oct 24)
- [ MDVSA-2014:203 ] openssl security (Oct 24)
- OpenBSD <= 5.5 Local Kernel Panic Alejandro Hernandez (Oct 24)
- [SECURITY] [DSA 3055-1] pidgin security update Moritz Muehlenhoff (Oct 24)
- [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability Egidio Romano (Oct 24)
- [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness Egidio Romano (Oct 24)
- [slackware-security] pidgin (SSA:2014-296-02) Slackware Security Team (Oct 24)
- [slackware-security] glibc (SSA:2014-296-01) Slackware Security Team (Oct 24)
- [ MDVSA-2014:205 ] lua security (Oct 24)
- [ MDVSA-2014:206 ] ctags security (Oct 24)
- [ MDVSA-2014:207 ] ejabberd security (Oct 24)
- [ MDVSA-2014:208 ] phpmyadmin security (Oct 24)
- [ MDVSA-2014:209 ] java-1.7.0-openjdk security (Oct 24)
- Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1 Stefan Kanthak (Oct 27)
- iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries Stefan Kanthak (Oct 27)
- NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability VMware Security Response Center (Oct 27)
- [CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation g-damore (Oct 27)
- [SECURITY] [DSA 3056-1] libtasn1-3 security update Sebastien Delafond (Oct 27)
- vulnerabilities in libbfd (CVE-2014-beats-me) Michal Zalewski (Oct 27)
- Message not available
- Re: vulnerabilities in libbfd (CVE-2014-beats-me) Mike Frysinger (Oct 28)
- Message not available