Bugtraq: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

198 messages starting Apr 01 14 and ending Apr 30 14
Date index | Thread index | Author index

Tuesday, 01 April

[SECURITY] [DSA 2892-1] a2ps security update Salvatore Bonaccorso
[SECURITY] [DSA 2893-1] openswan security update Yves-Alexis Perez
Regarding attacks and exploits of the physical body stephen
[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details) Security Explorations
Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Bipin Gautam
Re: [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details) Security Explorations
ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities Security Alert

Wednesday, 02 April

[IMF 2014] Call for Participation Oliver Goebel
APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Apple Product Security
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab
SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager SEC Consult Vulnerability Lab
Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin High-Tech Bridge Security Research
[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability Florent Daigniere

Thursday, 03 April

0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day] 0a29 40
Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability Vulnerability Lab
[softScheck] Denial of Service in Microsoft Office 2007-2013 Lubomir Stroetmann
[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) security-alert
ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities Security Alert
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities Security Alert

Friday, 04 April

CA20140403-01: Security Notice for CA Erwin Web Portal Kotas, Kevin J

Monday, 07 April

[security bulletin] HPSBGN02986 rev.1 - HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload, Remote Denial of Service (DoS) security-alert
Phrack Security Advisory 2014-001 - Paper leak on release timeout Phrack Staff
[SECURITY] [DSA 2891-3] mediawiki regression update Thijs Kinkhorst
Vulnerability in PHPFox v3.7.3, v3.7.4 and v3.7.5 all build [ CVE-2013-7195, CVE-2013-7196 ] Wesley Henrique
Call for Papers education
[SECURITY] [DSA 2894-1] openssh security update Salvatore Bonaccorso
[SECURITY] [DSA 2895-1] prosody security update Luciano Bello
Pearson eSIS Enterprise Student Information System Stored XSS tudor . enache
Pearson eSIS Enterprise Student Information System SQL Injection tudor . enache
MacOSX/XNU HFS Multiple Vulnerabilities submit

Tuesday, 08 April

[security bulletin] HPSBST02980 rev.1 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege security-alert
[SECURITY] [DSA 2896-1] openssl security update Salvatore Bonaccorso
Open-Xchange Security Advisory 2014-04-08 Martin Braun
Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability Vulnerability Lab
[SECURITY] [DSA 2896-2] openssl security update Salvatore Bonaccorso
BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05] modzero security
[SECURITY] [DSA 2897-1] tomcat7 security update Moritz Muehlenhoff

Wednesday, 09 April

[slackware-security] openssl (SSA:2014-098-01) Slackware Security Team
Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss) Ipstenu (Mika Epstein)
FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:06.openssl FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED] FreeBSD Security Advisories
Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products Cisco Systems Product Security Incident Response Team
[ MDVSA-2014:067 ] openssl security
CVE-2014-0160 mitigation using iptables Fabien Bourdaire
Сross-Site Request Forgery (CSRF) in XCloner Standalone High-Tech Bridge Security Research
SQL Injection in Orbit Open Ad Server High-Tech Bridge Security Research
[ MDVSA-2014:068 ] openssh security
[ MDVSA-2014:069 ] perl-YAML-LibYAML security
[ MDVSA-2014:071 ] yaml security
[ MDVSA-2014:072 ] php-ZendFramework security
[ MDVSA-2014:070 ] yaml security
[ MDVSA-2014:073 ] file security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2898-1] imagemagick security update Moritz Muehlenhoff

Thursday, 10 April

[SECURITY] [DSA 2899-1] openafs security update Thijs Kinkhorst
AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability Vulnerability Lab
iVault Private P&V 1.1 iOS - Path Traversal Vulnerability Vulnerability Lab
BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability Vulnerability Lab
[ MDVSA-2014:075 ] php security
Sendy 1.1.9.1 - SQL Injection Vulnerability marduk369
OWASP ZAP 2.3.0 psiinon

Friday, 11 April

[ MDVSA-2014:076 ] a2ps security
[SECURITY] [DSA 2900-1] jbigkit security update Moritz Muehlenhoff
[security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information security-alert
SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server SEC Consult Vulnerability Lab
CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player Portcullis Advisories
Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue Vulnerability Lab
ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability Security Alert
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability Security Alert
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks Security Alert
ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability Security Alert

Tuesday, 15 April

[ MDVSA-2014:077 ] jbigkit security
[SECURITY] [DSA 2901-1] wordpress security update Salvatore Bonaccorso
[SECURITY] [DSA 2902-1] curl security update Salvatore Bonaccorso
Adobe Reader for Android exposes insecure Javascript interfaces Securify B.V.
[security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information security-alert
CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux Portcullis Advisories
PDF Album v1.7 iOS - File Include Web Vulnerability Vulnerability Lab
[SECURITY] [DSA 2903-1] strongswan security update Moritz Muehlenhoff
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own) VUPEN Security Research
RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160 Ruckus Product Security Team
[SECURITY] CVE-2014-0111 Apache Syncope Francesco Chicchiriccò
[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2904-1] virtualbox security update Moritz Muehlenhoff

Wednesday, 16 April

[security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk security-alert
[SECURITY] [DSA 2905-1] chromium-browser security update Michael Gilbert
CVE-2014-2735 - WinSCP: missing X.509 validation Micha Borrmann
SQL Injection in mAdserve High-Tech Bridge Security Research
[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information security-alert
ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities Security Alert
[Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7 webmaster
[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7 webmaster
[CORE-2014-0003] - SAP Router Password Timing Attack CORE Advisories Team
[ MDVSA-2014:078 ] asterisk security
[SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable Moritz Muehlenhoff

Thursday, 17 April

CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server Portcullis Advisories
Buggy insecure "security" software executes rogue binary during installation and uninstallation Stefan Kanthak
[security bulletin] HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code security-alert
[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information security-alert
[security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information security-alert
[security bulletin] HPSBMU02987 rev.1 - HP Universal Configuration Management Database Integration Service, Remote Code Execution security-alert
[security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information security-alert
D-Link DAP-1320 Wireless Range Extender Directory Traversal and XSS Vulnerabilities kyle Lovett
[ MDVSA-2014:079 ] json-c security
[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) security-alert
[security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert

Monday, 21 April

Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12 LpSolit
[SECURITY] [DSA 2908-1] openssl security update Raphael Geissert
[SECURITY] [DSA 2909-1] qemu security update Salvatore Bonaccorso
[SECURITY] [DSA 2910-1] qemu-kvm security update Salvatore Bonaccorso
Remote Command Injection in Ruby Gem sfpagent 0.4.14 Larry W. Cashdollar
[security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2901-2] wordpress regression update Thijs Kinkhorst
[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution Brett Porter
[SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability Brett Porter
[security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information security-alert
Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2 craig . arendt
Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl craig . arendt
[SECURITY] [DSA 2895-2] prosody regression update Luciano Bello
[SECURITY] [DSA 2901-3] wordpress regression update Salvatore Bonaccorso

Tuesday, 22 April

[slackware-security] libyaml (SSA:2014-111-01) Slackware Security Team
[slackware-security] php (SSA:2014-111-02) Slackware Security Team
[security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2911-1] icedove security update Moritz Muehlenhoff
APPLE-SA-2014-04-22-1 Security Update 2014-002 Apple Product Security
APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple Product Security
APPLE-SA-2014-04-22-2 iOS 7.1.1 Apple Product Security

Wednesday, 23 April

[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information security-alert
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 Apple Product Security
[security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2808-2] openjpeg regression update Raphael Geissert
SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances SEC Consult Vulnerability Lab
CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive Portcullis Advisories
CVE-2014-2383 - Arbitrary file read in dompdf Portcullis Advisories
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability Vulnerability Lab
CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive Portcullis Advisories
[security bulletin] HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02997 rev.2 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information security-alert

Thursday, 24 April

[security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information security-alert
[security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information security-alert
Weak firmware encryption and predictable WPA key on Sitecom routers roberto . paleari
Misli.com Android App SSL certificate validation weakness harun . esur
Birebin.com Android App SSL certificate validation weakness harun . esur
[security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service security-alert
[security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information security-alert

Friday, 25 April

[security bulletin] HPSBMU02895 SSRT101253 rev.2 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code security-alert
[security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage Remote Disclosure of Information security-alert
[SECURITY] [DSA 2912-1] openjdk-6 security update Moritz Muehlenhoff
[SECURITY] [DSA 2906-1] linux-2.6 security update dann frazier
Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper mdgh9
[security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information security-alert

Monday, 28 April

[security bulletin] HPSBGN03010 rev.2 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2914-1] drupal6 security update Salvatore Bonaccorso
[SECURITY] [DSA 2913-1] drupal7 security update Salvatore Bonaccorso
[security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information security-alert
[ANN] Struts 2.3.16.2 GA release available - security fix Lukasz Lenart
[SECURITY] [DSA 2915-1] dpkg security update Raphael Geissert
[SECURITY] [DSA 2916-1] libmms security update Moritz Muehlenhoff
[SECURITY] [DSA 2917-1] super security update Florian Weimer
[security bulletin] HPSBMU02995 rev.6 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBUX02963 SSRT101297 rev.2 - HP-UX m4(1), Local Unauthorized Access security-alert

Tuesday, 29 April

[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114 Rene Gielen
[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information security-alert

Wednesday, 30 April

FreeBSD Security Advisory FreeBSD-SA-14:07.devfs FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:08.tcp FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:09.openssl FreeBSD Security Advisories
[slackware-security] mozilla-firefox (SSA:2014-119-01) Slackware Security Team
SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex SEC Consult Vulnerability Lab
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Felipe Daragon
Heartbleed Testing Server Ivan Buetler
[SECURITY] [DSA 2918-1] iceweasel security update Moritz Muehlenhoff
[security bulletin] HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information security-alert
[slackware-security] mozilla-thunderbird (SSA:2014-119-02) Slackware Security Team
LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access LSE Leading Security Experts GmbH (Security Advisories)
ESA-2014-029: RSA® Access Manager Sensitive Information Disclosure Vulnerability Security Alert
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence System MXP Series Cisco Systems Product Security Incident Response Team
FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED] FreeBSD Security Advisories
[security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information security-alert
[SECURITY] [DSA 2915-2] dpkg security update Raphael Geissert
[security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information security-alert
[security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information security-alert

Previous period

Next period