150 messages
starting Dec 02 13 and
ending Dec 30 13
Date index |
Thread index |
Author index
D-Link DIR-XXX remote root access exploit. ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt (Dec 03)
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt (Dec 03)
[SECURITY] [DSA 2808-1] openjpeg security update Raphael Geissert (Dec 03)
bugs in IJG jpeg6b & libjpeg-turbo Michal Zalewski (Dec 03)
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation "VMware Security Response Center" (Dec 03)
[PT-2013-63] Hash Length Extension in HTMLPurifier noreply (Dec 04)
Cross-Site Scripting (XSS) in Jamroom High-Tech Bridge Security Research (Dec 06)
Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 08)
[SECURITY] [DSA 2809-1] ruby1.8 security update Salvatore Bonaccorso (Dec 08)
[SECURITY] [DSA 2810-1] ruby1.9.1 security update Salvatore Bonaccorso (Dec 08)
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) Vulnerability Lab (Dec 08)
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 08)
[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability Egidio Romano (Dec 08)
NEW VMSA-2013-0015 VMware ESX updates to third party libraries Edward Hawkins (Dec 08)
[slackware-security] mozilla-nss (SSA:2013-339-01) Slackware Security Team (Dec 08)
[slackware-security] mozilla-thunderbird (SSA:2013-339-02) Slackware Security Team (Dec 08)
[slackware-security] seamonkey (SSA:2013-339-03) Slackware Security Team (Dec 08)
[slackware-security] hplip (SSA:2013-339-04) Slackware Security Team (Dec 08)
Opencart Multiple Vulnerabilities trueend5 (Dec 08)
[SECURITY] [DSA 2811-1] chromium-browser security update Michael Gilbert (Dec 08)
LiveZilla 5.1.0.0 Reflected XSS in translations zoczus (Dec 09)
Print n Share v5.5 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 09)
ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities Security Alert (Dec 09)
[SECURITY] [DSA 2812-1] samba security update Moritz Muehlenhoff (Dec 09)
Vulnerabilities in Apache Solr < 4.6.0 Nicolas Grégoire (Dec 09)
[SECURITY] [DSA 2814-1] varnish security update Salvatore Bonaccorso (Dec 09)
[SECURITY] [DSA 2813-1] gimp security update Moritz Muehlenhoff (Dec 09)
[SECURITY] [DSA 2815-1] munin security update Salvatore Bonaccorso (Dec 09)
[CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application Daniel Wood (Dec 10)
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution nospam (Dec 10)
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities Vulnerability Lab (Dec 10)
LiveZilla 5.1.1.0 Stored XSS in operator clients zoczus (Dec 10)
[security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 10)
[security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 10)
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability CORE Advisories Team (Dec 10)
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) security-alert (Dec 10)
Android Fragment Injection vulnerability Roee Hay (Dec 10)
SQL Injection in InstantCMS High-Tech Bridge Security Research (Dec 11)
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 11)
FlashCanvas 1.5 proxy.php XSS Vulnerability code (Dec 11)
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting advisories (Dec 11)
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities Security Alert (Dec 11)
CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team (Dec 11)
[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection mailing lists (Dec 12)
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) mailing lists (Dec 12)
SAMSPADE 1.14 BUFFER OVERFLOW vishal_mishra (Dec 12)
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability Vulnerability Lab (Dec 13)
Microsoft Yammer - Persistent Profile Vulnerabilities Vulnerability Lab (Dec 13)
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 13)
[SECURITY] [DSA 2816-1] php5 security update Thijs Kinkhorst (Dec 13)
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution security-alert (Dec 13)
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) security-alert (Dec 13)
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS) security-alert (Dec 13)
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update security-alert (Dec 13)
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS) security-alert (Dec 13)
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities Vulnerability Lab (Dec 16)
DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013 Tony Naggs (Dec 16)
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability Stefan Esser (Dec 16)
Call for Papers -YSTS 8 - Information Security Conference, Brazil Luiz Eduardo (Dec 16)
Last Call - 2sd World Conference on IST; Submission: December 29 WorldCIST (Dec 16)
[SECURITY] [DSA 2817-1] libtar security update Luciano Bello (Dec 16)
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client zoczus (Dec 16)
LiveZilla 5.1.2.0 Insecure password storage zoczus (Dec 16)
Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 16)
Command injection vulnerability in Ruby Gem sprout 0.7.246 Larry W. Cashdollar (Dec 16)
LiveZilla 5.1.2.0 PHP Object Injection zoczus (Dec 16)
Command injection in Ruby Gem Webbynode 1.0.5.3 Larry W. Cashdollar (Dec 16)
User Identity Spoofing in Bitrix Site Manager High-Tech Bridge Security Research (Dec 16)
[SECURITY] [DSA 2818-1] mysql-5.5 security update Salvatore Bonaccorso (Dec 16)
[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution security-alert (Dec 16)
[SECURITY] [DSA 2819-1] End-of-life announcement for iceape Moritz Muehlenhoff (Dec 16)
XSS and Full Path Disclosure in MijoSearch Joomla Extension High-Tech Bridge Security Research (Dec 16)
APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1 Apple Product Security (Dec 17)
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1 Apple Product Security (Dec 17)
FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 17)
AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message Asterisk Security Team (Dec 17)
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation Asterisk Security Team (Dec 17)
QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability Vulnerability Lab (Dec 17)
[slackware-security] mozilla-firefox (SSA:2013-350-04) Slackware Security Team (Dec 17)
[SECURITY] [DSA 2820-1] nspr security update Raphael Geissert (Dec 17)
[slackware-security] libiodbc (SSA:2013-350-01) Slackware Security Team (Dec 17)
[slackware-security] mozilla-thunderbird (SSA:2013-350-05) Slackware Security Team (Dec 17)
[slackware-security] llvm (SSA:2013-350-03) Slackware Security Team (Dec 17)
[slackware-security] libjpeg (SSA:2013-350-02) Slackware Security Team (Dec 17)
[slackware-security] ruby (SSA:2013-350-06) Slackware Security Team (Dec 17)
[slackware-security] seamonkey (SSA:2013-350-07) Slackware Security Team (Dec 17)
Hancom Office '.hml' file heap-based buffer overflow diroverflow (Dec 17)
[ MDVSA-2013:287-1 ] drupal security (Dec 18)
[ MDVSA-2013:288 ] subversion security (Dec 18)
InfoSec Southwest 2014 CFP now open! ISSW CFP (Dec 18)
CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability CORE Advisories Team (Dec 18)
[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms Christian Catalano (Dec 18)
[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin Christian Catalano (Dec 18)
[CVE-2013-2764] Secure Entry Server - URL Redirection Alexandre Herzog (Dec 18)
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities Alexandre Herzog (Dec 18)
[ MDVSA-2013:291 ] kernel security (Dec 18)
[ MDVSA-2013:290 ] mediawiki security (Dec 18)
[ MDVSA-2013:289 ] owncloud security (Dec 18)
[ MDVSA-2013:292 ] links security (Dec 18)
[ MDVSA-2013:293 ] gimp security (Dec 18)
[ MDVSA-2013:294 ] gimp security (Dec 18)
[SECURITY] [DSA 2821-1] gnupg security update Thijs Kinkhorst (Dec 18)
[SECURITY] [DSA 2823-1] pixman security update Moritz Muehlenhoff (Dec 18)
[SECURITY] [DSA 2822-1] xorg-server security update Moritz Muehlenhoff (Dec 18)
APPLE-SA-2013-12-19-1 Motion 5.1 Apple Product Security (Dec 19)
ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities Security Alert (Dec 19)
[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) security-alert (Dec 22)
[ MDVSA-2013:295 ] gnupg security (Dec 22)
[SECURITY] [DSA 2824-1] curl security update Salvatore Bonaccorso (Dec 22)
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab (Dec 22)
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability Matteo Beccati (Dec 22)
[ MDVSA-2013:296 ] wireshark security (Dec 22)
[ MDVSA-2013:297 ] munin security (Dec 22)
[SECURITY] [DSA 2825-1] wireshark security update Moritz Muehlenhoff (Dec 22)
[ MDVSA-2013:298 ] php security (Dec 22)
[slackware-security] gnupg (SSA:2013-354-01) Slackware Security Team (Dec 22)
[ MDVSA-2013:299 ] samba security (Dec 22)
[SECURITY] [DSA 2826-1] denyhosts security update Yves-Alexis Perez (Dec 22)
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX "VMware Security Response Center" (Dec 22)
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability Security Alert (Dec 22)
[ MDVSA-2013:300 ] asterisk security (Dec 23)
[ MDVSA-2013:301 ] nss security (Dec 23)
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update Salvatore Bonaccorso (Dec 23)
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability Security Alert (Dec 24)
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability Security Alert (Dec 24)
[ MDVSA-2013:302 ] pixman security (Dec 26)
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin High-Tech Bridge Security Research (Dec 26)
Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin High-Tech Bridge Security Research (Dec 26)
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin High-Tech Bridge Security Research (Dec 26)
SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection SEC Consult Vulnerability Lab (Dec 27)
[SECURITY] [DSA 2828-1] drupal6 security update Salvatore Bonaccorso (Dec 30)
[SECURITY] [DSA 2829-1] hplip security update Moritz Muehlenhoff (Dec 30)
CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition Rodrigo Rubira Branco (BSDaemon) (Dec 30)
[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities security-alert (Dec 30)
[SECURITY] [DSA 2830-1] ruby-i18n security update Florian Weimer (Dec 30)