178 messages
starting Nov 30 14 and
ending Dec 30 14
Date index |
Thread index |
Author index
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities VMware Security Response Center (Dec 04)
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) Vulnerability Lab (Dec 05)
[SECURITY] [DSA 3092-1] icedove security update Moritz Muehlenhoff (Dec 07)
[SECURITY] [DSA 3091-1] getmail4 security update Giuseppe Iuculano (Dec 07)
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) Security Explorations (Dec 08)
CMS Made Simple PHP Code Injection Vulnerability (All versions) sahm (Dec 08)
CFP: InfoSec SouthWest 2015 (ISSW) Tod Beardsley (Dec 08)
[ANN] Apache Struts 2.3.20 GA release available with security fix Lukasz Lenart (Dec 08)
[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds jlk (Dec 09)
[SECURITY] [DSA 3094-1] bind9 security update Giuseppe Iuculano (Dec 09)
[security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution security-alert (Dec 09)
[SECURITY] [DSA 3093-1] linux security update Salvatore Bonaccorso (Dec 09)
Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 Onur Yilmaz (Dec 09)
[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information security-alert (Dec 09)
[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information security-alert (Dec 09)
[CVE-2014-8340] phpTrafficA SQL injection Daniël Geerts (Dec 09)
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Response Center (Dec 09)
[security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Dec 09)
[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information security-alert (Dec 09)
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities simo (Dec 09)
[CVE-2014-7303] SGI Tempo System Database Exposure john . fitzpatrick (Dec 10)
[CVE-2014-7302] SGI SUID Root Privilege Escalation john . fitzpatrick (Dec 10)
[CVE-2014-7301] SGI Tempo System Database Password Exposure john . fitzpatrick (Dec 10)
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities VMware Security Response Center (Dec 10)
FreeBSD Security Advisory FreeBSD-SA-14:27.stdio FreeBSD Security Advisories (Dec 10)
FreeBSD Security Advisory FreeBSD-SA-14:28.file FreeBSD Security Advisories (Dec 10)
FreeBSD Security Advisory FreeBSD-SA-14:29.bind FreeBSD Security Advisories (Dec 10)
AST-2014-019: Remote Crash Vulnerability in WebSocket Server Asterisk Security Team (Dec 10)
[SECURITY] [DSA 3095-1] xorg-server security update Moritz Muehlenhoff (Dec 10)
[SECURITY] [DSA 3096-1] pdns-recursor security update Sebastien Delafond (Dec 11)
[slackware-security] openvpn (SSA:2014-344-04) Slackware Security Team (Dec 11)
[slackware-security] seamonkey (SSA:2014-344-06) Slackware Security Team (Dec 11)
[slackware-security] bind (SSA:2014-344-01) Slackware Security Team (Dec 11)
[slackware-security] pidgin (SSA:2014-344-05) Slackware Security Team (Dec 11)
[slackware-security] mozilla-firefox (SSA:2014-344-02) Slackware Security Team (Dec 11)
[slackware-security] wpa_supplicant (SSA:2014-344-07) Slackware Security Team (Dec 11)
[slackware-security] openssh (SSA:2014-344-03) Slackware Security Team (Dec 11)
[SECURITY] [DSA 3097-1] unbound security update Yves-Alexis Perez (Dec 11)
[SECURITY] [DSA 3098-1] graphviz security update Salvatore Bonaccorso (Dec 11)
APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Apple Product Security (Dec 11)
ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities petri . iivonen (Dec 11)
[SECURITY] [DSA 3099-1] dbus security update Florian Weimer (Dec 11)
Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch (Dec 11)
[security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert (Dec 11)
ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability Security Alert (Dec 12)
ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert (Dec 12)
ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability Security Alert (Dec 12)
[ MDVSA-2014:246 ] openvpn security (Dec 14)
[ MDVSA-2014:247 ] jasper security (Dec 14)
[ MDVSA-2014:248 ] graphviz security (Dec 14)
[ MDVSA-2014:249 ] qemu security (Dec 14)
[ MDVSA-2014:250 ] cpio security (Dec 14)
[ MDVSA-2014:251 ] rpm security (Dec 14)
CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" Christian Schneider (Dec 14)
CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" Christian Schneider (Dec 14)
[ MDVSA-2014:245 ] mutt security (Dec 14)
[ MDVSA-2014:244 ] openafs security (Dec 14)
[ MDVSA-2014:243 ] phpmyadmin security (Dec 14)
[ MDVSA-2014:239 ] flac security (Dec 14)
[SECURITY] [DSA 3100-1] mediawiki security update Sebastien Delafond (Dec 14)
[SECURITY] [DSA 3101-1] c-icap security update Salvatore Bonaccorso (Dec 14)
[ MDVSA-2014:238 ] bind security (Dec 14)
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... Stefan Kanthak (Dec 14)
[SECURITY] [DSA 3102-1] libyaml security update Salvatore Bonaccorso (Dec 14)
[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update Salvatore Bonaccorso (Dec 14)
[ MDVSA-2014:242 ] yaml security (Dec 14)
Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] modzero (Dec 15)
Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701 steffen . roesemann1986 (Dec 15)
[ MDVSA-2014:253 ] apache-mod_wsgi security (Dec 15)
[ MDVSA-2014:252 ] nss security (Dec 15)
CA20141215-01: Security Notice for CA LISA Release Automation Williams, Ken (Dec 15)
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) Security Explorations (Dec 16)
"Ettercap 8.0 - 8.1" multiple vulnerabilities Nick Sampanis (Dec 16)
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA Onapsis Research Labs (Dec 16)
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Mazin Ahmed (Dec 16)
[SECURITY] [DSA 3104-1] bsd-mailx security update Florian Weimer (Dec 16)
[SECURITY] [DSA 3105-1] heirloom-mailx security update Florian Weimer (Dec 16)
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab (Dec 16)
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability Vulnerability Lab (Dec 16)
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability Vulnerability Lab (Dec 16)
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability Vulnerability Lab (Dec 16)
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability Vulnerability Lab (Dec 16)
[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information security-alert (Dec 16)
[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities security-alert (Dec 16)
[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution security-alert (Dec 16)
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities Matteo Beccati (Dec 17)
FreeBSD Security Advisory FreeBSD-SA-14:30.unbound FreeBSD Security Advisories (Dec 17)
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache Tobias Glemser (Dec 17)
Cross-Site Scripting (XSS) in Revive Adserver High-Tech Bridge Security Research (Dec 17)
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability Vulnerability Lab (Dec 17)
Morfy CMS v1.05 - Command Execution Vulnerability Vulnerability Lab (Dec 17)
Jease CMS v2.11 - Persistent UI Web Vulnerability Vulnerability Lab (Dec 17)
Apple iOS v8.x - Message Context & Privacy Vulnerability Vulnerability Lab (Dec 18)
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability Vulnerability Lab (Dec 18)
E-Journal CMS (ID) - Multiple Web Vulnerabilities Vulnerability Lab (Dec 18)
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability Vulnerability Lab (Dec 18)
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager SEC Consult Vulnerability Lab (Dec 19)
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted SEC Consult Vulnerability Lab (Dec 19)
[oCERT-2014-012] JasPer input sanitization errors Andrea Barisani (Dec 19)
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Apple Product Security (Dec 19)
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor SEC Consult Vulnerability Lab (Dec 19)
iBackup v10.0.0.45 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
Facebook BB #18 - IDOR Issue & Privacy Vulnerability Vulnerability Lab (Dec 19)
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 Onur Yilmaz (Dec 19)
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 Onur Yilmaz (Dec 19)
[SECURITY] [DSA 3106-1] jasper security update Salvatore Bonaccorso (Dec 21)
[SECURITY] [DSA 3107-1] subversion security update Florian Weimer (Dec 21)
[SECURITY] [DSA 3108-1] ntp security update Florian Weimer (Dec 21)
[SECURITY] [DSA 3107-2] subversion regression update Florian Weimer (Dec 21)
[SECURITY] [DSA 3109-1] firebird2.5 security update Salvatore Bonaccorso (Dec 21)
VP-2014-004 SysAid Server Arbitrary File Disclosure Bernhard Mueller (Dec 21)
[oCERT-2014-010] SoX input sanitization errors Andrea Barisani (Dec 22)
[oCERT-2014-011] UnZip input sanitization errors Andrea Barisani (Dec 22)
APPLE-SA-2014-12-22-1 OS X NTP Security Update Apple Product Security (Dec 22)
[SECURITY] [DSA 3111-1] cpio security update Michael Gilbert (Dec 22)
[slackware-security] ntp (SSA:2014-356-01) Slackware Security Team (Dec 22)
[slackware-security] php (SSA:2014-356-02) Slackware Security Team (Dec 22)
[slackware-security] xorg-server (SSA:2014-356-03) Slackware Security Team (Dec 23)
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 steffen . roesemann1986 (Dec 23)
[SECURITY] [DSA 3112-1] sox security update Salvatore Bonaccorso (Dec 23)
[SECURITY] [DSA 3110-1] mediawiki security update Sebastien Delafond (Dec 23)
FreeBSD Security Advisory FreeBSD-SA-14:31.ntp FreeBSD Security Advisories (Dec 23)
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Cisco Systems Product Security Incident Response Team (Dec 23)
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 steffen . roesemann1986 (Dec 24)
DRAM unreliable under specific access patern Pavel Machek (Dec 24)
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability Vulnerability Lab (Dec 25)
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities Vulnerability Lab (Dec 25)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
[SECURITY] [DSA 3114-1] mime-support security update Salvatore Bonaccorso (Dec 29)
[SECURITY] [DSA 3113-1] unzip security update Salvatore Bonaccorso (Dec 29)
nullcon HackIM Challenge 9-11 Jan 2015 nullcon (Dec 29)
[SECURITY] [DSA 3115-1] pyyaml security update Moritz Muehlenhoff (Dec 29)
Remote Code Execution via Unauthorised File upload in Cforms 14.7 z . fedotkin (Dec 29)
[SECURITY] [DSA 3116-1] polarssl security update Moritz Muehlenhoff (Dec 29)
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability Security Alert (Dec 30)
ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability Security Alert (Dec 30)
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak (Dec 30)
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Dec 30)