Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

178 messages starting Nov 30 14 and ending Dec 30 14
Date index | Thread index | Author index

• WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) john (Nov 30)
• [SECURITY] [DSA 3079-1] ppp security update Sebastien Delafond (Nov 30)
• [SECURITY] [DSA 3080-1] openjdk-7 security update Moritz Muehlenhoff (Nov 30)
• [SECURITY] [DSA 3083-1] mutt security update Salvatore Bonaccorso (Dec 01)
• [SECURITY] [DSA 3082-1] flac security update Sebastien Delafond (Dec 01)
• [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro (Dec 01)
  • Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro (Dec 03)
• [SECURITY] [DSA 3081-1] libvncserver security update Luciano Bello (Dec 01)
• CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 Stephan.Rickauer (Dec 01)
• [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire RedTeam Pentesting GmbH (Dec 01)
• [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf RedTeam Pentesting GmbH (Dec 01)
• [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure RedTeam Pentesting GmbH (Dec 01)
• [SECURITY] [DSA 3084-1] openvpn security update Florian Weimer (Dec 01)
• [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components RedTeam Pentesting GmbH (Dec 02)
• CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress Henri Salo (Dec 02)
• ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability Security Alert (Dec 02)
• ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability Security Alert (Dec 02)
• F5 BIGIP - (OLD!) Persistent XSS in ASM Module jplopezy (Dec 02)
• [SECURITY] [DSA 3085-1] wordpress security update Yves-Alexis Perez (Dec 03)
• [slackware-security] mozilla-thunderbird (SSA:2014-337-01) Slackware Security Team (Dec 03)
• Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection Crash (Dec 03)
• [SECURITY] [DSA 3086-1] tcpdump security update Salvatore Bonaccorso (Dec 03)
• APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 Apple Product Security (Dec 03)
• CVE-2014-9215 - SQL Injection in PBBoard CMS tien . d . tran (Dec 03)
• Re: Slider Revolution/Showbiz Pro shell upload exploit assistenz (Dec 04)
• [SECURITY] [DSA 3087-1] qemu security update Salvatore Bonaccorso (Dec 04)
• [SECURITY] [DSA 3088-1] qemu-kvm security update Salvatore Bonaccorso (Dec 04)
• [oCERT-2014-009] JasPer input sanitization errors Andrea Barisani (Dec 04)
• [SECURITY] [DSA 3089-1] jasper security update Salvatore Bonaccorso (Dec 04)
• [SECURITY] [DSA 3090-1] iceweasel security update Moritz Muehlenhoff (Dec 04)
• [security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 04)
• [security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information security-alert (Dec 04)
• Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 04)
  • Message not available
    • Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Shawn (Dec 08)
• NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities VMware Security Response Center (Dec 04)
• NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) Vulnerability Lab (Dec 05)
• [SECURITY] [DSA 3092-1] icedove security update Moritz Muehlenhoff (Dec 07)
• [SECURITY] [DSA 3091-1] getmail4 security update Giuseppe Iuculano (Dec 07)
• [SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) Security Explorations (Dec 08)
• CMS Made Simple PHP Code Injection Vulnerability (All versions) sahm (Dec 08)
• CFP: InfoSec SouthWest 2015 (ISSW) Tod Beardsley (Dec 08)
• [ANN] Apache Struts 2.3.20 GA release available with security fix Lukasz Lenart (Dec 08)
• [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds jlk (Dec 09)
• [SECURITY] [DSA 3094-1] bind9 security update Giuseppe Iuculano (Dec 09)
• [security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution security-alert (Dec 09)
• [SECURITY] [DSA 3093-1] linux security update Salvatore Bonaccorso (Dec 09)
• Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 Onur Yilmaz (Dec 09)
• [security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information security-alert (Dec 09)
• [security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information security-alert (Dec 09)
• [CVE-2014-8340] phpTrafficA SQL injection Daniël Geerts (Dec 09)
• NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Response Center (Dec 09)
• [security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Dec 09)
• [security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information security-alert (Dec 09)
• Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities simo (Dec 09)
• [CVE-2014-7303] SGI Tempo System Database Exposure john . fitzpatrick (Dec 10)
• [CVE-2014-7302] SGI SUID Root Privilege Escalation john . fitzpatrick (Dec 10)
• [CVE-2014-7301] SGI Tempo System Database Password Exposure john . fitzpatrick (Dec 10)
• NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities VMware Security Response Center (Dec 10)
• FreeBSD Security Advisory FreeBSD-SA-14:27.stdio FreeBSD Security Advisories (Dec 10)
• FreeBSD Security Advisory FreeBSD-SA-14:28.file FreeBSD Security Advisories (Dec 10)
• FreeBSD Security Advisory FreeBSD-SA-14:29.bind FreeBSD Security Advisories (Dec 10)
• AST-2014-019: Remote Crash Vulnerability in WebSocket Server Asterisk Security Team (Dec 10)
• [SECURITY] [DSA 3095-1] xorg-server security update Moritz Muehlenhoff (Dec 10)
• [SECURITY] [DSA 3096-1] pdns-recursor security update Sebastien Delafond (Dec 11)
• [slackware-security] openvpn (SSA:2014-344-04) Slackware Security Team (Dec 11)
• [slackware-security] seamonkey (SSA:2014-344-06) Slackware Security Team (Dec 11)
• [slackware-security] bind (SSA:2014-344-01) Slackware Security Team (Dec 11)
• [slackware-security] pidgin (SSA:2014-344-05) Slackware Security Team (Dec 11)
• [slackware-security] mozilla-firefox (SSA:2014-344-02) Slackware Security Team (Dec 11)
• [slackware-security] wpa_supplicant (SSA:2014-344-07) Slackware Security Team (Dec 11)
• [slackware-security] openssh (SSA:2014-344-03) Slackware Security Team (Dec 11)
• [SECURITY] [DSA 3097-1] unbound security update Yves-Alexis Perez (Dec 11)
• [SECURITY] [DSA 3098-1] graphviz security update Salvatore Bonaccorso (Dec 11)
• APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Apple Product Security (Dec 11)
• ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities petri . iivonen (Dec 11)
• [SECURITY] [DSA 3099-1] dbus security update Florian Weimer (Dec 11)
• Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch (Dec 11)
• [security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert (Dec 11)
• ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability Security Alert (Dec 12)
• ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert (Dec 12)
• ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability Security Alert (Dec 12)
• [ MDVSA-2014:246 ] openvpn security (Dec 14)
• [ MDVSA-2014:247 ] jasper security (Dec 14)
• [ MDVSA-2014:248 ] graphviz security (Dec 14)
• [ MDVSA-2014:249 ] qemu security (Dec 14)
• [ MDVSA-2014:250 ] cpio security (Dec 14)
• [ MDVSA-2014:251 ] rpm security (Dec 14)
• CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" Christian Schneider (Dec 14)
• CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" Christian Schneider (Dec 14)
• [ MDVSA-2014:245 ] mutt security (Dec 14)
• [ MDVSA-2014:244 ] openafs security (Dec 14)
• [ MDVSA-2014:243 ] phpmyadmin security (Dec 14)
• [ MDVSA-2014:239 ] flac security (Dec 14)
• [SECURITY] [DSA 3100-1] mediawiki security update Sebastien Delafond (Dec 14)
• [SECURITY] [DSA 3101-1] c-icap security update Salvatore Bonaccorso (Dec 14)
• [ MDVSA-2014:238 ] bind security (Dec 14)
• Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... Stefan Kanthak (Dec 14)
• [SECURITY] [DSA 3102-1] libyaml security update Salvatore Bonaccorso (Dec 14)
• [SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update Salvatore Bonaccorso (Dec 14)
• [ MDVSA-2014:242 ] yaml security (Dec 14)
• Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] modzero (Dec 15)
• Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701 steffen . roesemann1986 (Dec 15)
• [ MDVSA-2014:253 ] apache-mod_wsgi security (Dec 15)
• [ MDVSA-2014:252 ] nss security (Dec 15)
• CA20141215-01: Security Notice for CA LISA Release Automation Williams, Ken (Dec 15)
• [SE-2014-02] Google App Engine Java security sandbox bypasses (status update) Security Explorations (Dec 16)
• "Ettercap 8.0 - 8.1" multiple vulnerabilities Nick Sampanis (Dec 16)
• [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA Onapsis Research Labs (Dec 16)
• W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Mazin Ahmed (Dec 16)
• [SECURITY] [DSA 3104-1] bsd-mailx security update Florian Weimer (Dec 16)
• [SECURITY] [DSA 3105-1] heirloom-mailx security update Florian Weimer (Dec 16)
• iWifi for Chat v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab (Dec 16)
• Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability Vulnerability Lab (Dec 16)
• Elefant CMS v1.3.9 - Persistent Name Update Vulnerability Vulnerability Lab (Dec 16)
• Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability Vulnerability Lab (Dec 16)
• RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability Vulnerability Lab (Dec 16)
• [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information security-alert (Dec 16)
• [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) security-alert (Dec 16)
• [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities security-alert (Dec 16)
• [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution security-alert (Dec 16)
• [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities Matteo Beccati (Dec 17)
• FreeBSD Security Advisory FreeBSD-SA-14:30.unbound FreeBSD Security Advisories (Dec 17)
• secuvera-SA-2014-01: Reflected XSS in W3 Total Cache Tobias Glemser (Dec 17)
• Cross-Site Scripting (XSS) in Revive Adserver High-Tech Bridge Security Research (Dec 17)
• Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability Vulnerability Lab (Dec 17)
• Morfy CMS v1.05 - Command Execution Vulnerability Vulnerability Lab (Dec 17)
• Jease CMS v2.11 - Persistent UI Web Vulnerability Vulnerability Lab (Dec 17)
• Apple iOS v8.x - Message Context & Privacy Vulnerability Vulnerability Lab (Dec 18)
• Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability Vulnerability Lab (Dec 18)
• E-Journal CMS (ID) - Multiple Web Vulnerabilities Vulnerability Lab (Dec 18)
• iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability Vulnerability Lab (Dec 18)
• SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager SEC Consult Vulnerability Lab (Dec 19)
• SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted SEC Consult Vulnerability Lab (Dec 19)
• [oCERT-2014-012] JasPer input sanitization errors Andrea Barisani (Dec 19)
• APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Apple Product Security (Dec 19)
• SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor SEC Consult Vulnerability Lab (Dec 19)
• iBackup v10.0.0.45 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
• Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
• Facebook BB #18 - IDOR Issue & Privacy Vulnerability Vulnerability Lab (Dec 19)
• TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 Onur Yilmaz (Dec 19)
• TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 Onur Yilmaz (Dec 19)
• [SECURITY] [DSA 3106-1] jasper security update Salvatore Bonaccorso (Dec 21)
• [SECURITY] [DSA 3107-1] subversion security update Florian Weimer (Dec 21)
• [SECURITY] [DSA 3108-1] ntp security update Florian Weimer (Dec 21)
• [SECURITY] [DSA 3107-2] subversion regression update Florian Weimer (Dec 21)
• [SECURITY] [DSA 3109-1] firebird2.5 security update Salvatore Bonaccorso (Dec 21)
• VP-2014-004 SysAid Server Arbitrary File Disclosure Bernhard Mueller (Dec 21)
• [oCERT-2014-010] SoX input sanitization errors Andrea Barisani (Dec 22)
• [oCERT-2014-011] UnZip input sanitization errors Andrea Barisani (Dec 22)
• APPLE-SA-2014-12-22-1 OS X NTP Security Update Apple Product Security (Dec 22)
• [SECURITY] [DSA 3111-1] cpio security update Michael Gilbert (Dec 22)
• [slackware-security] ntp (SSA:2014-356-01) Slackware Security Team (Dec 22)
• [slackware-security] php (SSA:2014-356-02) Slackware Security Team (Dec 22)
• [slackware-security] xorg-server (SSA:2014-356-03) Slackware Security Team (Dec 23)
• Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 steffen . roesemann1986 (Dec 23)
• [SECURITY] [DSA 3112-1] sox security update Salvatore Bonaccorso (Dec 23)
• [SECURITY] [DSA 3110-1] mediawiki security update Sebastien Delafond (Dec 23)
• FreeBSD Security Advisory FreeBSD-SA-14:31.ntp FreeBSD Security Advisories (Dec 23)
• Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Dec 23)
• Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 steffen . roesemann1986 (Dec 24)
• DRAM unreliable under specific access patern Pavel Machek (Dec 24)
• Facebook Bug Bounty #17 - Migrate Privacy Vulnerability Vulnerability Lab (Dec 25)
• Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
• ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
• Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
• PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
• Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities Vulnerability Lab (Dec 25)
• Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
• [SECURITY] [DSA 3114-1] mime-support security update Salvatore Bonaccorso (Dec 29)
• [SECURITY] [DSA 3113-1] unzip security update Salvatore Bonaccorso (Dec 29)
• nullcon HackIM Challenge 9-11 Jan 2015 nullcon (Dec 29)
• [SECURITY] [DSA 3115-1] pyyaml security update Moritz Muehlenhoff (Dec 29)
• Remote Code Execution via Unauthorised File upload in Cforms 14.7 z . fedotkin (Dec 29)
• [SECURITY] [DSA 3116-1] polarssl security update Moritz Muehlenhoff (Dec 29)
• ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability Security Alert (Dec 30)
• ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability Security Alert (Dec 30)
• Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak (Dec 30)
• [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Dec 30)

Previous period

Next period