Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

158 messages starting Jul 07 14 and ending Jul 16 14
Date index | Thread index | Author index

a . blas

Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100) a . blas (Jul 07)

Andrea Barisani

[oCERT-2014-004] Ansible input sanitization errors Andrea Barisani (Jul 22)

andreu . antonio

CVE-2014-4331 OctavoCMS reflected XSS vulnerability andreu . antonio (Jul 09)

audit1

Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 audit1 (Jul 22)
Cross-site Scripting in EventLog Analyzer 9.0 build #9000 audit1 (Jul 22)

Cal Leeming [Simplicity Media Ltd]

Node Browserify RCE vuln (<= 4.2.0) Cal Leeming [Simplicity Media Ltd] (Jul 15)

cfp

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)

Christian Schneider

CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board" Christian Schneider (Jul 02)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Cisco Systems Product Security Incident Response Team (Jul 09)
Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jul 17)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Cisco Systems Product Security Incident Response Team (Jul 09)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Cisco Systems Product Security Incident Response Team (Jul 02)

cseye_ut

Multiple Vulnerabilities in Parallels® Plesk Sitebuilder cseye_ut (Jul 23)

Daniele Bianco

[oCERT-2014-005] LPAR2RRD input sanitization errors Daniele Bianco (Jul 23)

dkl

Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 dkl (Jul 25)

Egidio Romano

[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability Egidio Romano (Jul 14)

Florian Weimer

[SECURITY] [DSA 2976-1] eglibc security update Florian Weimer (Jul 10)

Francesco Chicchiriccò

[SECURITY] CVE-2014-3503 Apache Syncope Francesco Chicchiriccò (Jul 07)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-14:17.kmem FreeBSD Security Advisories (Jul 09)

g-damore

Lime Survey 2-05+ Multiple Vulnerabilities g-damore (Jul 07)

Gynvael Coldwind

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Gynvael Coldwind (Jul 28)

Hafez Kamal

[HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August Hafez Kamal (Jul 17)

High-Tech Bridge Security Research

Improper Access Control in ArticleFR High-Tech Bridge Security Research (Jul 31)
SQL Injection in Е2 High-Tech Bridge Security Research (Jul 23)
Cross-Site Request Forgery (CSRF) in Kanboard High-Tech Bridge Security Research (Jul 02)
Reflected Cross-Site Scripting (XSS) in e107 High-Tech Bridge Security Research (Jul 16)

i amroot

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure i amroot (Jul 21)

info

Kerio Control <= 8.3.1 Boolean-based blind SQL Injection info (Jul 01)

Jan Kechel

Ignore the amount customers confirm is no security vulnerability according to PayPal Jan Kechel (Jul 17)

Joe Souza

RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Joe Souza (Jul 31)

Jordan Sissel

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. Jordan Sissel (Jul 21)

joseph . giron13

Easy file sharing web server - persist XSS in forum msgs joseph . giron13 (Jul 25)

KoreLogic Disclosures

KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation KoreLogic Disclosures (Jul 16)
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures (Jul 21)
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures (Jul 21)

Luciano Bello

[SECURITY] [DSA 2984-1] acpi-support security update Luciano Bello (Jul 23)

Madhu Akula

{CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities. Madhu Akula (Jul 07)

Moritz Muehlenhoff

[SECURITY] [DSA 2973-1] vlc security update Moritz Muehlenhoff (Jul 08)
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update Moritz Muehlenhoff (Jul 21)
[SECURITY] [DSA 2983-1] drupal7 security update Moritz Muehlenhoff (Jul 21)
[SECURITY] [DSA 2978-1] libxml2 security update Moritz Muehlenhoff (Jul 14)
[SECURITY] [DSA 2988-1] transmission security update Moritz Muehlenhoff (Jul 25)
[SECURITY] [DSA 2986-1] iceweasel security update Moritz Muehlenhoff (Jul 24)
[SECURITY] [DSA 2987-1] openjdk-7 security update Moritz Muehlenhoff (Jul 24)
[SECURITY] [DSA 2980-1] openjdk-6 security update Moritz Muehlenhoff (Jul 18)
[SECURITY] [DSA 2977-1] libav security update Moritz Muehlenhoff (Jul 14)
[SECURITY] [DSA 2979-1] fail2ban security update Moritz Muehlenhoff (Jul 18)

nate

OS Command Injection Infoblox Network Automation nate (Jul 09)
Weak Local Database Credentials in Infoblox Network Automation nate (Jul 09)

Onapsis Research Labs

[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication Onapsis Research Labs (Jul 30)
[Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool Onapsis Research Labs (Jul 30)
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS Onapsis Research Labs (Jul 30)
[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass Onapsis Research Labs (Jul 30)
[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service Onapsis Research Labs (Jul 30)
[Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 Onapsis Research Labs (Jul 30)

pocadm

POC2014 Call for Paper pocadm (Jul 03)

Portcullis Advisories

CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX Portcullis Advisories (Jul 08)

president

Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin president (Jul 22)

Programa STIC

Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529] Programa STIC (Jul 30)

Ralf Senderek

Web Encryption Extension security update Ralf Senderek (Jul 28)

roberto . paleari

Backdoor access to Techboard/Syac devices roberto . paleari (Jul 07)

Salvatore Bonaccorso

[SECURITY] [DSA 2972-1] linux security update Salvatore Bonaccorso (Jul 07)
[SECURITY] [DSA 2991-1] modsecurity-apache security update Salvatore Bonaccorso (Jul 28)
[SECURITY] [DSA 2990-1] cups security update Salvatore Bonaccorso (Jul 28)
[SECURITY] [DSA 2971-1] dbus security update Salvatore Bonaccorso (Jul 03)
[SECURITY] [DSA 2974-1] php5 security update Salvatore Bonaccorso (Jul 09)
[SECURITY] [DSA 2992-1] linux security update Salvatore Bonaccorso (Jul 30)
[SECURITY] [DSA 2981-1] polarssl security update Salvatore Bonaccorso (Jul 21)
[SECURITY] [DSA 2985-1] mysql-5.5 security update Salvatore Bonaccorso (Jul 23)

SEC Consult Vulnerability Lab

SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu SEC Consult Vulnerability Lab (Jul 10)
SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system SEC Consult Vulnerability Lab (Jul 10)
SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" SEC Consult Vulnerability Lab (Jul 16)
SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop SEC Consult Vulnerability Lab (Jul 10)
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone SEC Consult Vulnerability Lab (Jul 16)
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop SEC Consult Vulnerability Lab (Jul 10)
SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition SEC Consult Vulnerability Lab (Jul 16)
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom SEC Consult Vulnerability Lab (Jul 01)
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway SEC Consult Vulnerability Lab (Jul 16)

security

[ MDVSA-2014:140 ] owncloud security (Jul 30)
[ MDVSA-2014:144 ] live security (Jul 31)
[ MDVSA-2014:135 ] python security (Jul 10)
[ MDVSA-2014:138 ] asterisk security (Jul 14)
[ MDVSA-2014:128 ] iodine security (Jul 09)
[ MDVSA-2014:126 ] phpmyadmin security (Jul 08)
[ MDVSA-2014:131 ] file security (Jul 09)
[ MDVSA-2014:142 ] apache security (Jul 31)
[ MDVSA-2014:134 ] liblzo security (Jul 10)
[ MDVSA-2014:143 ] phpmyadmin security (Jul 31)
[ MDVSA-2014:139 ] nss security (Jul 30)
[ MDVSA-2014:137 ] apache-mod_wsgi security (Jul 14)
[ MDVSA-2014:127 ] gnupg security (Jul 09)
[ MDVSA-2014:132 ] libxfont security (Jul 09)
[ MDVSA-2014:141 ] java-1.7.0-openjdk security (Jul 30)
[ MDVSA-2014:130 ] php security (Jul 09)
[ MDVSA-2014:136 ] samba security (Jul 14)
[ MDVSA-2014:129 ] ffmpeg security (Jul 09)
[ MDVSA-2014:133 ] gd security (Jul 10)

Security Alert

ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability Security Alert (Jul 18)
ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability Security Alert (Jul 07)
ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities Security Alert (Jul 07)

security-alert

[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS) security-alert (Jul 28)
[security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information security-alert (Jul 09)
[security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information security-alert (Jul 10)
[security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information security-alert (Jul 10)
[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege security-alert (Jul 15)
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information security-alert (Jul 15)
[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert (Jul 02)
[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities security-alert (Jul 24)
[security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access security-alert (Jul 08)
[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code security-alert (Jul 03)
[security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information security-alert (Jul 22)
[security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Jul 30)
[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert (Jul 24)
[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information security-alert (Jul 23)
[security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information security-alert (Jul 15)
[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code security-alert (Jul 16)
[security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert (Jul 04)
[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass security-alert (Jul 03)

Slackware Security Team

[slackware-security] httpd (SSA:2014-204-01) Slackware Security Team (Jul 24)
[slackware-security] mozilla-firefox (SSA:2014-204-02) Slackware Security Team (Jul 24)
[slackware-security] mozilla-thunderbird (SSA:2014-204-03) Slackware Security Team (Jul 24)
[slackware-security] php (SSA:2014-192-01) Slackware Security Team (Jul 14)

Stefan Fritsch

[SECURITY] [DSA 2989-1] apache2 security update Stefan Fritsch (Jul 25)

Stefan Kanthak

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 28)
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries Stefan Kanthak (Jul 07)
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 30)
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 31)
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 31)
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 30)
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 31)
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 24)

stormhacker

IP.Board 3.4 cross-site scripting in Referer header stormhacker (Jul 17)

Sumit Siddharth

Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit Sumit Siddharth (Jul 08)

Teodor Lupan

CVE-2014-3863 - Stored XSS in JChatSocial Teodor Lupan (Jul 07)

Thijs Kinkhorst

[SECURITY] [DSA 2975-1] phpmyadmin security update Thijs Kinkhorst (Jul 09)
[SECURITY] [DSA 2765-2] davfs regression update Thijs Kinkhorst (Jul 17)

vuln

Android NFC Service Denial of Service vuln (Jul 09)

Vulnerability Lab

Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jul 07)
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability Vulnerability Lab (Jul 07)
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability Vulnerability Lab (Jul 28)
Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability Vulnerability Lab (Jul 07)
WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jul 30)
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab (Jul 25)
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703) Vulnerability Lab (Jul 18)
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398 Vulnerability Lab (Jul 24)
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jul 23)
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities Vulnerability Lab (Jul 30)
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability Vulnerability Lab (Jul 07)
Microsoft MSN HBE - Blind SQL Injection Vulnerability Vulnerability Lab (Jul 18)
Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability Vulnerability Lab (Jul 10)
Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab (Jul 10)
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Vulnerability Lab (Jul 22)

vulns

Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities vulns (Jul 30)
Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities vulns (Jul 30)

VUPEN Security Research

VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014) VUPEN Security Research (Jul 16)
VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014) VUPEN Security Research (Jul 16)
VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014) VUPEN Security Research (Jul 16)
VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014) VUPEN Security Research (Jul 16)

Previous period

Next period