Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
204 messages
starting Oct 01 14 and
ending Oct 31 14
Date index |
Thread index |
Author index
Wednesday, 01 October
PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability Vulnerability Lab
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability Vulnerability Lab
[security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation security-alert
[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities security-alert
[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution security-alert
[SECURITY] [DSA 3040-1] rsyslog security update Luciano Bello
[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution security-alert
NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities VMware Security Response Center
FreePBX (All Versions) RCE rob . thomas
Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in Textpattern High-Tech Bridge Security Research
[SECURITY] [DSA 3041-1] xen security update Moritz Muehlenhoff
Friday, 03 October
[ MDVSA-2014:192 ] perl-Email-Address security
[ MDVSA-2014:193 ] xerces-j2 security
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski
[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution security-alert
Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities Patrick Webster
Elasticsearch vulnerability CVE-2014-6439 Jordan Sissel
[security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities security-alert
[security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code security-alert
[ MDVSA-2014:194 ] phpmyadmin security
[ MDVSA-2014:195 ] libvirt security
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway mirko . casadei
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway mirko . casadei
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability Vulnerability Lab
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability Vulnerability Lab
[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code security-alert
Monday, 06 October
[SECURITY] [DSA 3042-1] exuberant-ctags security update Moritz Muehlenhoff
[SECURITY] [DSA 3044-1] qemu-kvm security update Moritz Muehlenhoff
[SECURITY] [DSA 3045-1] qemu security update Moritz Muehlenhoff
[SECURITY] [DSA 3046-1] mediawiki security update Salvatore Bonaccorso
Tuesday, 07 October
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities Vulnerability Lab
Multiple Vulnerabilities in Draytek Vigor 2130 Erik-Paul Dittmer
CA20141001-01: Security Notice for Bash Shellshock Vulnerability Williams, James K
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 dkl
OWTF 1.0 "Lionheart" released! Abraham Aranguren
Wednesday, 08 October
Multiple vulnerabilities in DrayTek VigorACS SI Erik-Paul Dittmer
[security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities security-alert
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! Pedro Ribeiro
[security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS) security-alert
Thursday, 09 October
[SECURITY] [DSA 3047-1] rsyslog security update Luciano Bello
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin High-Tech Bridge Security Research
Two XSS in Contact Form DB WordPress plugin High-Tech Bridge Security Research
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection Onapsis Research Labs
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities Onapsis Research Labs
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check Onapsis Research Labs
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure Onapsis Research Labs
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting Onapsis Research Labs
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3048-1] apt security update Thijs Kinkhorst
[security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution security-alert
[security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code security-alert
[security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information security-alert
Monday, 13 October
[security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code security-alert
[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution security-alert
SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer Alexandre Herzog
SAP Security Note 1908531 - XXE in BusinessObjects Explorer Alexandre Herzog
CSNC-2014-004 neuroML - Multiple Vulnerabilities Alexandre Herzog
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer Alexandre Herzog
CSP Bypass in android browser prior to 4.4 evanjjohns
Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015 ML
Tuesday, 14 October
CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik
PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability Vulnerability Lab
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability Vulnerability Lab
PayPal Inc BB #96 - Persistent Tags Vulnerability Vulnerability Lab
Reminder: Passwords14 CFP + registration announcement Per Thorsheim
[security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution security-alert
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery security-alert
Wednesday, 15 October
LiveZilla 5.3.0.7 Security Issue sourav . infosec
two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other) Michal Zalewski
[SECURITY] [DSA 3049-1] wireshark security update Moritz Muehlenhoff
[SE-2014-01] Breaking Oracle Database through Java exploits (details) Security Explorations
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability Vulnerability Lab
PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability Vulnerability Lab
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities Vulnerability Lab
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability Vulnerability Lab
Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin High-Tech Bridge Security Research
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces SEC Consult Vulnerability Lab
Thursday, 16 October
Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software Cisco Systems Product Security Incident Response Team
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst
Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3051-1] drupal7 security update Moritz Muehlenhoff
Bypassing blacklists based on IPy Nicolas Grégoire
[slackware-security] openssl (SSA:2014-288-01) Slackware Security Team
[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS) security-alert
[SECURITY] [DSA 3052-1] wpa security update Michael Gilbert
Friday, 17 October
Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3053-1] openssl security update Thijs Kinkhorst
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CORE Advisories Team
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 Apple Product Security
APPLE-SA-2014-10-16-2 Security Update 2014-005 Apple Product Security
APPLE-SA-2014-10-16-3 OS X Server v4.0 Apple Product Security
APPLE-SA-2014-10-16-6 iTunes 12.0.1 Apple Product Security
APPLE-SA-2014-10-16-4 OS X Server v3.2.2 Apple Product Security
APPLE-SA-2014-10-16-5 OS X Server v2.2.5 Apple Product Security
Monday, 20 October
Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) simo
Re: LiveZilla 5.3.0.7 Security Issue Henri Salo
[SECURITY] [DSA 3050-1] iceweasel security update Moritz Muehlenhoff
[security bulletin] HPSBHF03084 rev.2 - HP PCs with UEFI Firmware, Execution of Arbitrary Code security-alert
[security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution security-alert
[security bulletin] HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert
[security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution security-alert
[SECURITY] [DSA 3054-1] mysql-5.5 security update Salvatore Bonaccorso
[security bulletin] HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site Scripting (XSS) security-alert
AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk Security Team
APPLE-SA-2014-10-20-2 Apple TV 7.0.1 Apple Product Security
APPLE-SA-2014-10-20-1 iOS 8.1 Apple Product Security
LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183 Onur Yilmaz
Tuesday, 21 October
[security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert
[slackware-security] openssh (SSA:2014-293-01) Slackware Security Team
[ MDVSA-2014:196 ] rsyslog security
Incredible PBX remote command execution exploit simo
[ MDVSA-2014:197 ] python security
[ MDVSA-2014:198 ] mediawiki security
[ MDVSA-2014:199 ] perl security
[ MDVSA-2014:200 ] bugzilla security
[ MDVSA-2014:201 ] kernel security
Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities Vulnerability Lab
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability Vulnerability Lab
CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015 icete . secretariat
Wednesday, 22 October
FreeBSD Security Advisory FreeBSD-SA-14:22.namei FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:21.routed FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:23.openssl FreeBSD Security Advisories
iFunBox Free v1.1 iOS - File Include Vulnerability Vulnerability Lab
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab
Friday, 24 October
ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability Security Alert
ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability Security Alert
ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability Security Alert
APPLE-SA-2014-10-22-1 QuickTime 7.7.6 Apple Product Security
[ MDVSA-2014:202 ] php security
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability Vulnerability Lab
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab
[ MDVSA-2014:204 ] libxml2 security
[ MDVSA-2014:203 ] openssl security
OpenBSD <= 5.5 Local Kernel Panic Alejandro Hernandez
[SECURITY] [DSA 3055-1] pidgin security update Moritz Muehlenhoff
[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability Egidio Romano
[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness Egidio Romano
[slackware-security] pidgin (SSA:2014-296-02) Slackware Security Team
[slackware-security] glibc (SSA:2014-296-01) Slackware Security Team
[ MDVSA-2014:205 ] lua security
[ MDVSA-2014:206 ] ctags security
[ MDVSA-2014:207 ] ejabberd security
[ MDVSA-2014:208 ] phpmyadmin security
[ MDVSA-2014:209 ] java-1.7.0-openjdk security
Monday, 27 October
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1 Stefan Kanthak
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries Stefan Kanthak
NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability VMware Security Response Center
[CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation g-damore
Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015 ML
[SECURITY] [DSA 3056-1] libtasn1-3 security update Sebastien Delafond
vulnerabilities in libbfd (CVE-2014-beats-me) Michal Zalewski
[SECURITY] [DSA 3057-1] libxml2 security update Thijs Kinkhorst
Tuesday, 28 October
[security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution security-alert
[SECURITY] [DSA 3058-1] torque security update Salvatore Bonaccorso
WebDisk+ v2.1 iOS - Code Execution Vulnerability Vulnerability Lab
iFileExplorer v6.51 iOS - File Include Web Vulnerability Vulnerability Lab
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability Vulnerability Lab
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability Vulnerability Lab
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration) Vulnerability Lab
Re: vulnerabilities in libbfd (CVE-2014-beats-me) Mike Frysinger
[security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information security-alert
[security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code security-alert
IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA liezelle
[ MDVSA-2014:210 ] mariadb security
phpfusion (Search Page) Denial of Service Vulnerability iedb . team
Wednesday, 29 October
[SECURITY] [DSA 3050-2] xulrunner update Moritz Muehlenhoff
[security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS) security-alert
[ MDVSA-2014:211 ] wpa_supplicant security
[ MDVSA-2014:212 ] wget security
Multiple vulnerabilities in EspoCRM High-Tech Bridge Security Research
SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab
SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab
CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare research
Thursday, 30 October
[SECURITY] [DSA 3059-1] dokuwiki security update Moritz Muehlenhoff
[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS) security-alert
[slackware-security] wget (SSA:2014-302-01) Slackware Security Team
Call for Papers - WorldCIST'15 - Azores, Deadline: November 23 ML
Friday, 31 October
[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS) security-alert
[security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert
[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565) matthias . deeg
SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access SEC Consult Vulnerability Lab
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU Security Explorations
[SECURITY] [DSA 3060-1] linux security update Salvatore Bonaccorso