Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

208 messages starting Aug 01 13 and ending Aug 30 13
Date index | Thread index | Author index

• Open-Xchange Security Advisory 2013-07-31 Martin Braun (Aug 01)
• SQL Injection in Cotonti advisory (Aug 01)
• CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras CORE Advisories Team (Aug 01)
• [security bulletin] HPSBMU02902 rev.1 - HP Integrated Lights-Out iLO3, iLO4 IPMI Cipher Suite 0 Authentication Bypass Vulnerability security-alert (Aug 01)
• Multiple XSS Vulnerabilities in Jahia xCM advisory (Aug 01)
• Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Aug 01)
• [KIS-2013-05] vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities Egidio Romano (Aug 01)
• [KIS-2013-07] vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability Egidio Romano (Aug 01)
• [KIS-2013-08] vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability Egidio Romano (Aug 01)
• Cisco Security Advisory: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Cisco Systems Product Security Incident Response Team (Aug 01)
• Update: Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials krlovett (Aug 01)
• [KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities Egidio Romano (Aug 01)
• SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598) Rustein, Fara Denise (LATCO - Buenos Aires) (Aug 02)
• Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products Cisco Systems Product Security Incident Response Team (Aug 02)
• [ MDVSA-2013:205 ] gnupg security (Aug 02)
• [security bulletin] HPSBUX02907 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 02)
• [security bulletin] HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 02)
• Multiple vulnerabilities on D-Link DIR-645 devices roberto (Aug 02)
• [security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert (Aug 02)
• [SECURITY] [DSA 2733-1] otrs2 security update Salvatore Bonaccorso (Aug 04)
• [SECURITY] [DSA 2732-1] chromium-browser security update Michael Gilbert (Aug 04)
• [slackware-security] gnupg / libgcrypt (SSA:2013-215-01) Slackware Security Team (Aug 05)
• withU Music Share v1.3.7 iOS - Command Inject Vulnerability Vulnerability Lab (Aug 05)
• FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Aug 05)
• Rgpg 0.2.2 Ruby Gem Remote Command Injection larry0 (Aug 05)
• SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness SEC Consult Vulnerability Lab (Aug 05)
• PuTTY SSH handshake heap overflow Gergely Eberhardt (Aug 05)
• Joomla core <= 3.1.5 reflected XSS vulnerability Emilio Pinna (Aug 05)
  • <Possible follow-ups>
  • Re: Joomla core <= 3.1.5 reflected XSS vulnerability no (Aug 05)
  • Re: Joomla core <= 3.1.5 reflected XSS vulnerability michael . babker (Aug 06)
• HP LaserJet Pro printers remote admin password extraction michal . sajdak (Aug 05)
• [ MDVSA-2013:206 ] owncloud security (Aug 05)
• Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities Matias Fontanini (Aug 05)
• Joomseller "Events Booking Pro" and "JSE Event" reflected XSS samelat (Aug 05)
• Huawei B153 3G/UMTS router WPS weakness roberto . paleari (Aug 05)
• [SECURITY] [DSA 2734-1] wireshark security update Moritz Muehlenhoff (Aug 06)
• Usernoise 3.7.8 WP plugin cross-site scripting vulnerability roguecoder (Aug 06)
• SocialEngine 4.5 TimeLine 4.2.5p9 upload file "PHP" in the Cover Image Wesley Henrique (Aug 06)
• [slackware-security] samba (SSA:2013-218-03) Slackware Security Team (Aug 06)
• [slackware-security] httpd (SSA:2013-218-02) Slackware Security Team (Aug 06)
• [slackware-security] bind (SSA:2013-218-01) Slackware Security Team (Aug 06)
• [ MDVSA-2013:207 ] samba security (Aug 06)
• [ MDVSA-2013:208 ] libtiff security (Aug 06)
• [ MDVSA-2013:209 ] subversion security (Aug 06)
• [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity Chip Childers (Aug 06)
• Re: XSS vulnerability in guestbook-php-script yjtdgs (Aug 06)
• Attacking Google Accounts with 'weblogin:' Tokens Craig Young (Aug 06)
• Microsoft Yammer Social Network - oAuth Bypass (Session Token) Vulnerability Vulnerability Lab (Aug 07)
• Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight! Stefan Kanthak (Aug 07)
• Multiple Vulnerabilities in BigTree CMS advisory (Aug 07)
• [ MDVSA-2013:210 ] firefox security (Aug 07)
• [SECURITY] [DSA 2735-1] iceweasel security update Moritz Muehlenhoff (Aug 07)
• Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
  • Message not available
    • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
      • Message not available
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Michal Zalewski (Aug 11)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Tobias Kreidl (Aug 11)
  • Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
    • Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
      • RE: [Full-disclosure] Apache suEXEC privilege elevation / Dico Emil (Aug 09)
      • Message not available
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Gichuki John Chuksjonia (Aug 10)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jeffrey Walton (Aug 10)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 10)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure terry white (Aug 11)
    • Re: Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 09)
• Trustport Webfilter Remote File Access Vulnerability oliver (Aug 07)
• Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team (Aug 07)
• CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities CORE Advisories Team (Aug 07)
• Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity Chip Childers (Aug 07)
• PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities Matias Fontanini (Aug 07)
• Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal Erik Hjelmvik (Aug 08)
• HP Data Protector Arbitrary Remote Command Execution alessandro . dipinto (Aug 08)
• [slackware-security] mozilla-firefox (SSA:2013-219-01) Slackware Security Team (Aug 08)
• [slackware-security] seamonkey (SSA:2013-219-03) Slackware Security Team (Aug 08)
• [slackware-security] mozilla-thunderbird (SSA:2013-219-02) Slackware Security Team (Aug 08)
• Re: Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Hv5hA5ms (Aug 08)
  • <Possible follow-ups>
  • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Tobias Kreidl (Aug 11)
    • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 11)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Ansgar Wiechers (Aug 11)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 11)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak (Aug 11)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Coderaptor (Aug 12)
      • RE: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Peter Gregory (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Brandon M. Graves (Aug 12)
      • Re: Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Marco Floris (Aug 13)
      • Message not available
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure George Machitidze (Aug 12)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jeffrey Walton (Aug 12)
      • Message not available
      • Message not available
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure terry white (Aug 13)
      • Message not available
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Chris Meisinger (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jorge Dorantes (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure James Birk (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Mike Ely (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Matthew Caron (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak (Aug 13)
      • Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
• Joomla! redSHOP component v1.2 SQL Injection Matias Fontanini (Aug 08)
• [security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service security-alert (Aug 08)
• OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy Stefan Kanthak (Aug 08)
• [RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities roguecoder (Aug 09)
• ReviewBoard Vulnerabilities Craig Young (Aug 09)
• [SECURITY] [DSA 2736-1] putty security update Salvatore Bonaccorso (Aug 11)
• [PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing bugtraq (Aug 11)
• [ MDVSA-2013:211 ] lcms2 security (Aug 12)
• [SECURITY] [DSA 2737-1] swift security update Thijs Kinkhorst (Aug 12)
• CakePHP AssetDispatcher Local File Inclusion Vulnerability 検査検査 (Aug 12)
• Struts2 Prefixed Parameters OGNL Injection Vulnerability 検査検査 (Aug 13)
• Struts2 Prefixed Parameters Open Redirect Vulnerability 検査検査 (Aug 13)
• [ MDVSA-2013:212 ] otrs security (Aug 13)
• [ MDVSA-2013:213 ] xymon security (Aug 13)
• [PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow bugtraq (Aug 13)
• Subverting BIND's SRTT Algorithm: Derandomizing NS Selection Roee Hay (Aug 14)
• [security bulletin] HPSBMU02915 rev.1 - HP Service Manager, Remote Unauthenticated Access and Elevation of Privilege security-alert (Aug 15)
• CFP: WorldCIST'14 - World Conference on IST; Best papers published in JCR/ISI Journals WorldCIST (Aug 15)
• Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Aug 15)
• Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access kyle Lovett (Aug 15)
• Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities Vulnerability Lab (Aug 15)
• Open-Xchange Security Advisory 2013-08-16 Martin Braun (Aug 15)
• MS Excel 2002/2003 CRN record 0day PoC geinblues (Aug 19)
• x90c WOFF Firefox 1day exploit geinblues (Aug 19)
• Defense in depth -- the Microsoft way (part 7): executable files in data directories Stefan Kanthak (Aug 19)
• [SECURITY] [DSA 2738-1] ruby1.9.1 security update Thijs Kinkhorst (Aug 19)
• Multiple vulnerabilities on Sitecom N300/N600 devices roberto . paleari (Aug 19)
• [security bulletin] HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability security-alert (Aug 20)
• [PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow bugtraq (Aug 20)
• ESA-2013-047: RSA® Authentication Agent for PAM Unlimited Login Attempts Vulnerability Security Alert (Aug 20)
• Samsung DVR authentication bypass Andrea Fabrizi (Aug 20)
• [security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 20)
• Path Traversal in DeWeS Web Server (Twilight CMS) High-Tech Bridge Security Research (Aug 21)
• Cross-Site Scripting (XSS) in BackWPup WordPress Plugin High-Tech Bridge Security Research (Aug 21)
• Cross-Site Scripting (XSS) in Twilight CMS High-Tech Bridge Security Research (Aug 21)
• CVE-2013-4124 samba nttrans dos private exploit geinblues (Aug 21)
• [ MDVSA-2013:214 ] python security (Aug 21)
• Netgear ProSafe switches: Unauthenticated startup-config disclosure and Denial of Service post (Aug 21)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Systems Product Security Incident Response Team (Aug 21)
• Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 21)
• Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (Aug 21)
• Windows Embedded POSReady 2009: cruft, not craft Stefan Kanthak (Aug 21)
• [security bulletin] HPSBGN02905 rev.2 - HP LoadRunner, HP Business Process Monitor, Remote Code Execution and Denial of Service (DoS) security-alert (Aug 21)
• [SECURITY] [DSA 2739-1] cacti security update Moritz Muehlenhoff (Aug 21)
• FreeBSD Security Advisory FreeBSD-SA-13:10.sctp FreeBSD Security Advisories (Aug 22)
• [slackware-security] poppler (SSA:2013-233-03) Slackware Security Team (Aug 22)
• [slackware-security] hplip (SSA:2013-233-01) Slackware Security Team (Aug 22)
• [slackware-security] xpdf (SSA:2013-233-02) Slackware Security Team (Aug 22)
• FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast FreeBSD Security Advisories (Aug 22)
• [ MDVSA-2013:215 ] cacti security (Aug 22)
• CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework Pivotal Security Team (Aug 22)
• Joomla! VirtueMart component <= 2.0.22a - SQL Injection Matias Fontanini (Aug 22)
• [security bulletin] HPSBST02897 rev.1 - HP StoreOnce D2D Backup System, Remote Denial of Service (DoS) security-alert (Aug 22)
• CVE-2013-4124 samba dos exploit geinblues (Aug 23)
• NEW VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability VMware Security Team (Aug 23)
• [ MDVSA-2013:217 ] spice security (Aug 23)
• [ MDVSA-2013:216 ] perl-Proc-ProcessTable security (Aug 23)
• [ MDVSA-2013:218 ] python-django security (Aug 23)
• [ MDVSA-2013:219 ] libtiff security (Aug 23)
• Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities iedb . team (Aug 23)
• PayPal Bug Bounty #110 - Auth Bypass (Session) Vulnerability Vulnerability Lab (Aug 23)
• [SECURITY] [DSA 2740-1] python-django security update Salvatore Bonaccorso (Aug 23)
• libtiff <= 3.9.5 integer overflow bug geinblues (Aug 26)
• Wordpress post-gallery Plugin Xss vulnerabilities iedb . team (Aug 26)
• Defense in depth -- the Microsoft way (part 8): execute everywhere! Stefan Kanthak (Aug 26)
  • Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! Jeffrey Walton (Aug 26)
    • Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! Stefan Kanthak (Aug 26)
    • Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! James Lay (Aug 26)
      • Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! Heavenly Avenger (Aug 26)
    • Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! James Lay (Aug 26)
• [SECURITY] [DSA 2741-1] chromium-browser security update Michael Gilbert (Aug 26)
• DC4420 - London DEFCON - August Meet - Tuesday 27th August 2013 Major Malfunction (Aug 26)
• [SECURITY] [DSA 2742-1] php5 security update Florian Weimer (Aug 26)
• [SECURITY] [DSA 2743-1] kfreebsd-9 security update Aurelien Jarno (Aug 27)
• POC2013 Call for Paper pocadm (Aug 27)
• [ MDVSA-2013:220 ] lcms security (Aug 27)
• [ MDVSA-2013:221 ] php security (Aug 27)
• [SECURITY] [DSA 2744-1] tiff security update Moritz Muehlenhoff (Aug 27)
• [ MDVSA-2013:222 ] puppet security (Aug 27)
• IBM Lotus iNotes 8.5.x cross-site scripting vulnerabilities danielthomson72 (Aug 27)
• AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request Asterisk Security Team (Aug 27)
• AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP Asterisk Security Team (Aug 27)
• Two Instagram Android App Security Vulnerabilities Georg Lukas (Aug 28)
• [security bulletin] HPSBHF02888 rev.3 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution security-alert (Aug 28)
• Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Aug 28)
• [CORE-2013-0805] Aloaha PDF Suite Buffer Overflow Vulnerability CORE Advisories Team (Aug 28)
• CORE-2013-0808 - EPS Viewer Buffer Overflow Vulnerability CORE Advisories Team (Aug 28)
• CORE-2013-0726 - AVTECH DVR multiple vulnerabilities CORE Advisories Team (Aug 28)
• 30C3 Call for Participation fukami (Aug 28)
• [SECURITY] [DSA 2745-1] linux security update dann frazier (Aug 28)
• Drupal Node View Permissions module and Flag module Vulnerabilities danielthomson72 (Aug 28)
• CyberArk User Enumeration - Multiple vulnerabilities moshez (Aug 29)
• CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability kerem . kocaer (Aug 29)
• [SECURITY] [DSA 2746-1] icedove security update Moritz Muehlenhoff (Aug 29)
• UTA EDU University ENG - SQL Injection Vulnerability Vulnerability Lab (Aug 29)
• Department of Transport UK - SQL Injection Vulnerability Vulnerability Lab (Aug 29)
• Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability Vulnerability Lab (Aug 29)
• NEW VMSA-2013-0011 VMware ESXi and ESX address an NFC Protocol Unhandled Exception VMware Security Team (Aug 30)
• VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063) VUPEN Security Research (Aug 30)
• VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059) VUPEN Security Research (Aug 30)
• [ MDVSA-2013:223 ] asterisk security (Aug 30)
• [slackware-security] php (SSA:2013-242-02) Slackware Security Team (Aug 30)
• VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059) VUPEN Security Research (Aug 30)
• [slackware-security] gnutls (SSA:2013-242-01) Slackware Security Team (Aug 30)

Previous period

Next period