Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
155 messages
starting Nov 24 14 and
ending Nov 18 14
Date index |
Thread index |
Author index
ajs
CVE-2014-8419 - CodeMeter Weak Service Permissions ajs (Nov 24)
AppCheck_Advisories
[Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform AppCheck_Advisories (Nov 05)
Apple Product Security
APPLE-SA-2014-11-17-1 iOS 8.1.1 Apple Product Security (Nov 17)
APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple Product Security (Nov 17)
APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 Apple Product Security (Nov 17)
Asterisk Security Team
AST-2014-018: AMI permission escalation through DB dialplan function Asterisk Security Team (Nov 20)
AST-2014-014: High call load may result in hung channels in ConfBridge. Asterisk Security Team (Nov 20)
AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. Asterisk Security Team (Nov 20)
AST-2014-013: PJSIP ACLs are not loaded on startup Asterisk Security Team (Nov 20)
AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Nov 20)
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Nov 20)
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> Asterisk Security Team (Nov 20)
bhati . contact
Modx CMS CSRF Bypass & XSS Vulnerabilities bhati . contact (Nov 04)
WordPress Wordfence Firewall 5.1.2 Cross Site Scripting bhati . contact (Nov 05)
cert
Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 cert (Nov 13)
Re: CVE-2014-8732 cert (Nov 13)
CVE-2014-8732 cert (Nov 12)
CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 cert (Nov 12)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers Cisco Systems Product Security Incident Response Team (Nov 06)
Conference Updates
CFP: Fourth World Congress - SEMCMI2015 - Malaysia Conference Updates (Nov 04)
CORE Advisories Team
[CORE-2014-0009] - Advantech EKI-6340 Command Injection CORE Advisories Team (Nov 19)
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow CORE Advisories Team (Nov 19)
[CORE-2014-0008] - Advantech AdamView Buffer Overflow CORE Advisories Team (Nov 19)
Daniele Bianco
[oCERT 2014-008] libFLAC multiple issues Daniele Bianco (Nov 25)
Egidio Romano
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability Egidio Romano (Nov 27)
Eric Windisch
Docker 1.3.2 - Security Advisory [24 Nov 2014] Eric Windisch (Nov 24)
ESNC Security
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) ESNC Security (Nov 12)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin FreeBSD Security Advisories (Nov 05)
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd FreeBSD Security Advisories (Nov 05)
FreeBSD Security Advisory FreeBSD-SA-14:26.ftp FreeBSD Security Advisories (Nov 05)
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED] FreeBSD Security Advisories (Nov 06)
Gordon Sim
CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests Gordon Sim (Nov 09)
habte . yibelo
ZTE ZXDSL 831CII Direct Object Reference habte . yibelo (Nov 06)
ZTE ZXDSL 831 Multiple Cross Site Scripting habte . yibelo (Nov 06)
ZTE 831CII Multiple Vulnerablities habte . yibelo (Nov 06)
Hector Marco
CVE-2014-5439 - Root shell on Sniffit [with exploit] Hector Marco (Nov 26)
High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension High-Tech Bridge Security Research (Nov 19)
Сross-Site Request Forgery (CSRF) in xEpan High-Tech Bridge Security Research (Nov 26)
Arbitrary File Upload in HelpDEZk High-Tech Bridge Security Research (Nov 05)
Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms High-Tech Bridge Security Research (Nov 05)
iedb . team
Ahrareandeysheh CMS Cross-Site Scripting Vulnerability iedb . team (Nov 04)
PARSADEV CMS Cross-Site Scripting Vulnerability iedb . team (Nov 02)
Ingmar Rosenhagen
CVE-2014-6616 Softing FG-100 Webui XSS Ingmar Rosenhagen (Nov 05)
CVE-2014-6617 Softing FG-100 Backdoor Account Ingmar Rosenhagen (Nov 05)
Jouko Pynnonen
WordPress 3 persistent script injection Jouko Pynnonen (Nov 20)
KoreLogic Disclosures
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read KoreLogic Disclosures (Nov 05)
Kotas, Kevin J
CA20141103-01: Security Notice for CA Cloud Service Management Kotas, Kevin J (Nov 06)
Larry W. Cashdollar
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin Larry W. Cashdollar (Nov 23)
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar (Nov 06)
Luciano Bello
[SECURITY] [DSA 3062-1] wget security update Luciano Bello (Nov 02)
[SECURITY] [DSA 3063-1] quassel security update Luciano Bello (Nov 02)
Martin Heiland
Open-Xchange Security Advisory 2014-11-07 Martin Heiland (Nov 07)
mdgh9
[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper mdgh9 (Nov 06)
metacom27
i-FTP Buffer Overflow SEH metacom27 (Nov 06)
i.Mage Local Crash Poc metacom27 (Nov 06)
i.Hex Local Crash Poc metacom27 (Nov 06)
ML
Call for Papers - WorldCIST'15 - Best papers published in JCR/SCI journals ML (Nov 05)
Moritz Muehlenhoff
[SECURITY] [DSA 3061-1] icedove security update Moritz Muehlenhoff (Nov 02)
[SECURITY] [DSA 3076-1] wireshark security update Moritz Muehlenhoff (Nov 25)
[SECURITY] [DSA 3077-1] openjdk-6 security update Moritz Muehlenhoff (Nov 26)
[SECURITY] [DSA 3070-1] kfreebsd-9 security update Moritz Muehlenhoff (Nov 09)
[SECURITY] [DSA 3068-1] konversation security update Moritz Muehlenhoff (Nov 07)
n . sampanis
"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities n . sampanis (Nov 02)
Pedro Ribeiro
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser Pedro Ribeiro (Nov 06)
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro Pedro Ribeiro (Nov 09)
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 Pedro Ribeiro (Nov 09)
phi . n . le
CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin phi . n . le (Nov 20)
Pietro Oliva
Wordpress bulletproof-security <=.51 multiple vulnerabilities Pietro Oliva (Nov 05)
Portcullis Advisories
CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM Portcullis Advisories (Nov 19)
Programa STIC
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] Programa STIC (Nov 06)
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] Programa STIC (Nov 12)
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] Programa STIC (Nov 11)
Salvatore Bonaccorso
[SECURITY] [DSA 3073-1] libgcrypt11 security update Salvatore Bonaccorso (Nov 17)
[SECURITY] [DSA 3078-1] libksba security update Salvatore Bonaccorso (Nov 27)
[SECURITY] [DSA 3066-1] qemu security update Salvatore Bonaccorso (Nov 06)
[SECURITY] [DSA 3069-1] curl security update Salvatore Bonaccorso (Nov 09)
[SECURITY] [DSA 3050-3] iceweasel security update Salvatore Bonaccorso (Nov 12)
[SECURITY] [DSA 3075-1] drupal7 security update Salvatore Bonaccorso (Nov 20)
[SECURITY] [DSA 3067-1] qemu-kvm security update Salvatore Bonaccorso (Nov 06)
[SECURITY] [DSA 3064-1] php5 security update Salvatore Bonaccorso (Nov 05)
Sebastien Delafond
[SECURITY] [DSA 3071-1] nss security update Sebastien Delafond (Nov 11)
[SECURITY] [DSA 3065-1] libxml-security-java security update Sebastien Delafond (Nov 06)
SEC Consult Vulnerability Lab
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab (Nov 06)
Securify B.V.
Cisco RV Series multiple vulnerabilities Securify B.V. (Nov 06)
security
[ MDVSA-2014:235 ] perl-Plack security (Nov 28)
[ MDVSA-2014:226 ] imagemagick security (Nov 25)
[ MDVSA-2014:219 ] srtp security (Nov 21)
[ MDVSA-2014:234 ] libksba security (Nov 28)
[ MDVSA-2014:224 ] krb5 security (Nov 21)
[ MDVSA-2014:214 ] dbus security (Nov 18)
[ MDVSA-2014:231 ] icecast security (Nov 27)
[ MDVSA-2014:215 ] gnutls security (Nov 19)
[ MDVSA-2014:220 ] qemu security (Nov 21)
[ MDVSA-2014:218 ] asterisk security (Nov 21)
[ MDVSA-2014:216 ] php-ZendFramework security (Nov 20)
[ MDVSA-2014:233 ] wordpress security (Nov 27)
[ MDVSA-2014:222 ] libvirt security (Nov 21)
[ MDVSA-2014:217 ] clamav security (Nov 20)
[ MDVSA-2014:225 ] ruby security (Nov 25)
[ MDVSA-2014:230 ] kernel security (Nov 27)
[ MDVSA-2014:227 ] ffmpeg security (Nov 25)
[ MDVSA-2014:237 ] perl-Mojolicious security (Nov 28)
[ MDVSA-2014:223 ] wireshark security (Nov 21)
[ MDVSA-2014:232 ] glibc security (Nov 27)
[ MDVSA-2014:213 ] curl security (Nov 18)
[ MDVSA-2014:221 ] php-smarty security (Nov 21)
[ MDVSA-2014:236 ] file security (Nov 28)
[ MDVSA-2014:228 ] phpmyadmin security (Nov 26)
[ MDVSA-2014:229 ] libvncserver security (Nov 26)
Security Alert
ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability Security Alert (Nov 05)
security-alert
[security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information security-alert (Nov 11)
[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution security-alert (Nov 25)
[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access security-alert (Nov 11)
[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution security-alert (Nov 12)
[security bulletin] HPSBUX03162 SSRT101767 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert (Nov 05)
[security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information security-alert (Nov 17)
[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution security-alert (Nov 11)
[security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information security-alert (Nov 16)
[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information security-alert (Nov 26)
[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution security-alert (Nov 11)
[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information security-alert (Nov 27)
[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution security-alert (Nov 11)
[security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information security-alert (Nov 11)
[security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code security-alert (Nov 17)
[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution security-alert (Nov 11)
[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities security-alert (Nov 11)
[security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information security-alert (Nov 25)
[security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code security-alert (Nov 11)
[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities security-alert (Nov 21)
[security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass security-alert (Nov 25)
[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution security-alert (Nov 11)
[security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information security-alert (Nov 25)
[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access security-alert (Nov 21)
[security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information security-alert (Nov 25)
[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities security-alert (Nov 11)
simo
Slider Revolution/Showbiz Pro shell upload exploit simo (Nov 25)
Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-307-02) Slackware Security Team (Nov 04)
[slackware-security] mozilla-thunderbird (SSA:2014-320-01) Slackware Security Team (Nov 17)
[slackware-security] mariadb (SSA:2014-307-01) Slackware Security Team (Nov 04)
[slackware-security] php (SSA:2014-307-03) Slackware Security Team (Nov 04)
[slackware-security] seamonkey (SSA:2014-307-04) Slackware Security Team (Nov 04)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) Stefan Kanthak (Nov 27)
Steffen Bauch
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload Steffen Bauch (Nov 17)
CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload Steffen Bauch (Nov 17)
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload Steffen Bauch (Nov 17)
subs
Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer subs (Nov 05)
thai . q . dang
Multiple SQL Injection in SP Client Document Manager plugin thai . q . dang (Nov 20)
Thijs Kinkhorst
[SECURITY] [DSA 3072-1] file security update Thijs Kinkhorst (Nov 12)
Timo Schmid
CVE-2014-8683 XSS in Gogs Markdown Renderer Timo Schmid (Nov 16)
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs Timo Schmid (Nov 16)
Vulnerability Lab
BookFresh - Persistent Clients Invite Vulnerability Vulnerability Lab (Nov 09)
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability Vulnerability Lab (Nov 09)
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability Vulnerability Lab (Nov 09)
Yves-Alexis Perez
[SECURITY] [DSA 3074-2] php5 regression update Yves-Alexis Perez (Nov 19)
[SECURITY] [DSA 3074-1] php5 security update Yves-Alexis Perez (Nov 18)