Bugtraq: by thread
202 messages
starting Jul 01 13 and
ending Jul 30 13
Date index |
Thread index |
Author index
- GreHack 2013 - CFP EXTENDED TO JULY,16 - Conf: Nov. 15, Grenoble, France F. Duchene (Jul 01)
- [slackware-security] mozilla-thunderbird (SSA:2013-180-02) Slackware Security Team (Jul 01)
- joomla com_football Components Sql Injection vulnerability iedb . team (Jul 01)
- Re: joomla com_football Components Sql Injection vulnerability Packet Storm (Jul 01)
- [slackware-security] mozilla-firefox (SSA:2013-180-01) Slackware Security Team (Jul 01)
- Re: ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability security_alert (Jul 01)
- [security bulletin] HPSBST02846 SSRT100798 rev.2 - HP LeftHand Virtual SAN Appliance hydra, Remote Execution of Arbitrary Code security-alert (Jul 01)
- [security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution security-alert (Jul 01)
- [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure Jarek Gawor (Jul 01)
- [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows Inshell Security (Jul 01)
- [CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference Inshell Security (Jul 01)
- Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access kyle Lovett (Jul 02)
- <Possible follow-ups>
- Re: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access krlovett (Jul 03)
- [ MDVSA-2013:187 ] apache-mod_security security (Jul 02)
- WordPress feed plugin Sql Injection iedb . team (Jul 02)
- Re: WordPress feed plugin Sql Injection Henri Salo (Jul 08)
- [ MDVSA-2013:188 ] otrs security (Jul 02)
- [ MDVSA-2013:189 ] wordpress security (Jul 02)
- [ MDVSA-2013:190 ] autotrace security (Jul 02)
- WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities iedb . team (Jul 02)
- Real player resource exhaustion Vulnerability akshay . vaghela (Jul 02)
- <Possible follow-ups>
- re: Real player resource exhaustion Vulnerability security curmudgeon (Jul 03)
- Re: re: Real player resource exhaustion Vulnerability akshay . vaghela (Jul 09)
- Re: re: Real player resource exhaustion Vulnerability Henri Salo (Jul 09)
- [ MDVSA-2013:191 ] fail2ban security (Jul 02)
- [ MDVSA-2013:192 ] php-radius security (Jul 03)
- [SECURITY] [DSA 2718-1] wordpress security update Yves-Alexis Perez (Jul 03)
- [security bulletin] HPSBUX02893 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS) security-alert (Jul 03)
- [security bulletin] HPSBUX02889 SSRT101252 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Jul 03)
- APPLE-SA-2013-07-02-1 Security Update 2013-003 Apple Product Security (Jul 03)
- Slots open for Security Projects :Open Source Showcase at AppSec Research / EU 2013 Dirk W (Jul 03)
- Multiple Vulnerabilities in Kasseler CMS advisory (Jul 03)
- Multiple Vulnerabilities in OpenX advisory (Jul 03)
- Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability Vulnerability Lab (Jul 04)
- AVAST Internet Security Suite - Persistent Vulnerabilities Vulnerability Lab (Jul 04)
- AVAST Universal Core Installer - Multiple Vulnerabilities Vulnerability Lab (Jul 04)
- Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability Vulnerability Lab (Jul 04)
- AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities Vulnerability Lab (Jul 04)
- LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin LSE Leading Security Experts GmbH (Security Advisories) (Jul 05)
- [SECURITY] [DSA 2720-1] icedove security update Moritz Muehlenhoff (Jul 08)
- OS-Command Injection via UPnP Interface in multiple D-Link devices devnull (Jul 08)
- <Possible follow-ups>
- Re: OS-Command Injection via UPnP Interface in multiple D-Link devices krlovett (Jul 08)
- Re: OS-Command Injection via UPnP Interface in multiple D-Link devices devnull (Jul 08)
- [oCERT-2013-001] File Roller path sanitization errors Daniele Bianco (Jul 08)
- [SECURITY] [DSA 2721-1] nginx security update Nico Golde (Jul 08)
- VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities VUPEN Security Research (Jul 08)
- VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability VUPEN Security Research (Jul 08)
- Avira Analysis Web Service - SQL Injection Vulnerability Vulnerability Lab (Jul 08)
- Authentication bypass in D-Link routers doylej . ia (Jul 08)
- ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability Security Alert (Jul 08)
- ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability Security Alert (Jul 08)
- Authentication bypass in D-Link devices (session cookies not validated) doylej . ia (Jul 08)
- [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification security-alert (Jul 08)
- [HITB-Announce] REMINDER: #HITB2013KUL CFP Closes 25th July Hafez Kamal (Jul 09)
- SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF SEC Consult Vulnerability Lab (Jul 09)
- Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution kyle Lovett (Jul 09)
- (CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability chanam . park (Jul 10)
- [security bulletin] HPSBST02896 rev.1 - HP StoreVirtual Storage, Remote Unauthorized Access security-alert (Jul 10)
- Re: Project Pier Web Vulnerabilities the infinitenigma (Jul 10)
- Re: Cisco/Linksys E1200 N300 Reflected XSS the infinitenigma (Jul 10)
- [slackware-security] dbus (SSA:2013-191-01) Slackware Security Team (Jul 10)
- VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe Stefan Kanthak (Jul 10)
- [Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability Jose Carlos de Arriba (Jul 10)
- Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Jul 10)
- [SECURITY] [DSA 2719-1] poppler security update Michael Gilbert (Jul 11)
- Hard-coded accounts on multiple network cameras roberto . paleari (Jul 11)
- [ MDVSA-2013:193 ] apache security (Jul 11)
- Facebook Url Redirection Vuln. CANSIN YILDIRIM (Jul 11)
- Re: Facebook Url Redirection Vuln. Anthony Dubuissez (Jul 11)
- Re: Facebook Url Redirection Vuln. Jann Horn (Jul 11)
- Re: Facebook Url Redirection Vuln. Anthony Dubuissez (Jul 11)
- Re: Wordpress wp-private-messages Plugin Sql Injection vulnerability Henri Salo (Jul 11)
- [ MDVSA-2013:194 ] kernel security (Jul 11)
- Re: [Full-disclosure] XSS and SQL Injection Vulnerabilities in MiniBB Henri Salo (Jul 11)
- Windows 7/8 admin account installation password stored in the clear in LSA Secrets Dnegel X. (Jul 11)
- CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2 cyoung (Jul 11)
- CVE-2013-3568 - Linksys CSRF + Root Command Injection vuln-report (Jul 12)
- Multiple vulnerabilities in McAfee ePO 4.6.6 NCIRC INFOSEC EVAL (Jul 12)
- <Possible follow-ups>
- Re: Multiple vulnerabilities in McAfee ePO 4.6.6 Harold_Toomey (Jul 16)
- Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95 NCIRC INFOSEC EVAL (Jul 12)
- [security bulletin] HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege security-alert (Jul 12)
- [Foreground Security 2013-002]: Corda Path Disclosure and XSS Adam Willard (Jul 12)
- MiniUPnPd Information Disclosure (CVE-2013-2600) cyoung (Jul 12)
- Re: MiniUPnPd Information Disclosure (CVE-2013-2600) Jeffrey Walton (Jul 12)
- Botconf 2013 - Call for short talks - Deadline Aug 31 2013 Eric Freyssinet (Jul 14)
- Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units kyle Lovett (Jul 14)
- <Possible follow-ups>
- Re: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units krlovett (Jul 17)
- Re: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units krlovett (Jul 17)
- [waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1 come2waraxe (Jul 14)
- [CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce Craig Young (Jul 14)
- Ruxcon 2013 Final Call For Papers cfp (Jul 14)
- [ MDVSA-2013:195 ] php security (Jul 15)
- Re: [ MDVSA-2013:195 ] php Gabriel Maggiotti (Jul 16)
- [ MDVSA-2013:196 ] java-1.6.0-openjdk security (Jul 15)
- Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability Frédéric Basse (Jul 15)
- [CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection Frédéric Basse (Jul 15)
- [SECURITY] [DSA 2722-1] openjdk-7 security update Moritz Muehlenhoff (Jul 15)
- CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco (Jul 15)
- [security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure security-alert (Jul 15)
- Squid-3.3.5 DoS PoC king cope (Jul 15)
- [CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities Craig Young (Jul 15)
- Nikon CoolPix L Series Fw1.0 - Information Disclosure Issue Vulnerability Lab (Jul 16)
- FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability Vulnerability Lab (Jul 16)
- Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jul 16)
- Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities Vulnerability Lab (Jul 16)
- Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Jul 16)
- [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4 醉麻 (Jul 16)
- Voice Logger astTECS - bypass login & arbitrary file download Michał Błaszczak (Jul 16)
- [security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access security-alert (Jul 16)
- [security bulletin] HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information security-alert (Jul 16)
- [slackware-security] php (SSA:2013-197-01) Slackware Security Team (Jul 17)
- XSS Vulnerabilities in OpenCms advisory (Jul 17)
- ESA-2013-055: EMC Avamar Multiple Vulnerabilities Security Alert (Jul 17)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Systems Product Security Incident Response Team (Jul 17)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Intrusion Prevention System Software Cisco Systems Product Security Incident Response Team (Jul 17)
- [security bulletin] HPSBHF02888 rev.2 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution security-alert (Jul 17)
- [SECURITY] [DSA 2723-1] php5 security update Florian Weimer (Jul 17)
- WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jul 18)
- Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Vulnerability Lab (Jul 18)
- Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities (Bug Bounty #17) Vulnerability Lab (Jul 18)
- ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jul 18)
- Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities Vulnerability Lab (Jul 18)
- [security bulletin] HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access security-alert (Jul 18)
- [SE-2012-01] New Reflection API affected by a known 10+ years old attack Security Explorations (Jul 18)
- Re: [Full-disclosure] [SE-2012-01] New Reflection API affected by a known 10+ years old attack Jeffrey Walton (Jul 21)
- Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit th_decoder (Jul 18)
- [security bulletin] HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities security-alert (Jul 18)
- [SECURITY] [DSA 2725-1] tomcat6 security update Moritz Muehlenhoff (Jul 18)
- [SECURITY] [DSA 2724-1] chromium-browser security update Michael Gilbert (Jul 19)
- DeepSec 2013 - Call for Papers - REMINDER deepsec (Jul 19)
- Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials kyle Lovett (Jul 19)
- SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer SEC Consult Vulnerability Lab (Jul 19)
- Re: [Full-disclosure] XSS Vulnerabilities in Serendipity Henri Salo (Jul 19)
- [security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities security-alert (Jul 19)
- Download Lite v4.3 iOS - Persistent File Web Vulnerability Vulnerability Lab (Jul 19)
- Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability Vulnerability Lab (Jul 21)
- Samsung TV - DoS vulnerability malik (Jul 21)
- <Possible follow-ups>
- Re: Samsung TV - DoS vulnerability malik (Jul 23)
- Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Vulnerability Lab (Jul 21)
- DirectShow Arbitrary Memory Overwrite Vulnerability ms13-056 Andres Gomez Ramirez (Jul 22)
- [CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Jacopo Cappellato (Jul 22)
- [CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application Jacopo Cappellato (Jul 22)
- Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability Vulnerability Lab (Jul 22)
- Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials kyle Lovett (Jul 22)
- Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities Vulnerability Lab (Jul 22)
- Juniper Secure Access XSS Vulnerability Anil Pazvant (Jul 22)
- SurgeFtp Server BufferOverflow Vulnerability Anil Pazvant (Jul 22)
- Defense in depth -- the Microsoft way (part 4) Stefan Kanthak (Jul 22)
- Photo Server 2.0 iOS - Multiple Critical Vulnerabilities Vulnerability Lab (Jul 22)
- CORE-2013-0705 - XnView Buffer Overflow Vulnerability CORE Advisories Team (Jul 23)
- CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability CORE Advisories Team (Jul 23)
- [ MDVSA-2013:197 ] mysql security (Jul 23)
- Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions! bhadresh . k . patel (Jul 23)
- CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions CORE Advisories Team (Jul 23)
- [ MDVSA-2013:198 ] libxml2 security (Jul 24)
- Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets Albert Puigsech Galicia (Jul 24)
- Cross-Site Scripting (XSS) in Magnolia CMS advisory (Jul 24)
- Cross-Site Scripting (XSS) in Duplicator WordPress Plugin advisory (Jul 24)
- Easy Blog by JM LLC - Multiple Vulnerabilities Sp3ctrecore (Jul 24)
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Video Surveillance Manager Cisco Systems Product Security Incident Response Team (Jul 24)
- Basic Forum by JM LLC - Multiple Vulnerabilities Sp3ctrecore (Jul 24)
- iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability Vulnerability Lab (Jul 24)
- [security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service (DoS) security-alert (Jul 24)
- [security bulletin] HPSBGN02906 rev.1 - HP Application Lifecycle Management Quality Center (ALM), Remote Cross Site Scripting (XSS) security-alert (Jul 24)
- [ MDVSA-2013:199 ] squid security (Jul 26)
- [SECURITY] [DSA 2726-1] php-radius security update Thijs Kinkhorst (Jul 26)
- Xymon Systems and Network Monitor - remote file deletion vulnerability Henrik Størner (Jul 26)
- [security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code security-alert (Jul 26)
- [SECURITY] [DSA 2727-1] openjdk-6 security update Moritz Muehlenhoff (Jul 26)
- CA20130725-01: Security Notice for CA Service Desk Manager Kotas, Kevin J (Jul 26)
- CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability Herbert Duerr (Jul 26)
- CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability Herbert Duerr (Jul 26)
- Meet the folks of ws-attacker, BeEF, WAHH, sqlmap, Zed Attack Proxy, OWASP Top10, DOMinator, Minion, Mallodroid, and the inglorious bastards aka HackPra Allstars Dirk Wetter (Jul 26)
- SEC Consult SA-20130726-0 :: Multiple vulnerabilities - Surveillance via Symantec Web Gateway SEC Consult Vulnerability Lab (Jul 26)
- [ MDVSA-2013:200 ] ruby security (Jul 26)
- [ MDVSA-2013:201 ] ruby security (Jul 26)
- FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver FreeBSD Security Advisories (Jul 29)
- [SECURITY] [DSA 2728-1] bind9 security update Salvatore Bonaccorso (Jul 29)
- FreeBSD Security Advisory FreeBSD-SA-13:07.bind FreeBSD Security Advisories (Jul 29)
- Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities Stefan Kanthak (Jul 29)
- [Announcement] CHMag - Call for Articles abhijeet (Jul 29)
- [SECURITY] [DSA 2729-1] openafs security update Moritz Muehlenhoff (Jul 29)
- Private Photos v1.0 iOS - Persistent Path Web Vulnerability Vulnerability Lab (Jul 29)
- <Possible follow-ups>
- Private Photos v1.0 iOS - Persistent Path Web Vulnerability Vulnerability Lab (Jul 29)
- WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability Vulnerability Lab (Jul 29)
- [ MDVSA-2013:202 ] bind security (Jul 29)
- DEFCON London - DC4420 July - social event - Tuesday 30th July 2013 Tony Naggs (Jul 29)
- Re: DEFCON London - DC4420 July - social event - Tuesday 30th July 2013 Tony Naggs (Jul 29)
- ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability Security Alert (Jul 29)
- WorldCIST'14 - World Conference on IST, 15 - 18 April 2014, at Madeira Island maria Lemos (Jul 30)
- [security bulletin] HPSBGN02904 rev.1 - HP SiteScope running SOAP, Remote Code Execution security-alert (Jul 30)
- [SECURITY] [DSA 2731-1] libgcrypt11 security update Thijs Kinkhorst (Jul 30)
- [SECURITY] [DSA 2730-1] gnupg security update Thijs Kinkhorst (Jul 30)
- [ MDVSA-2013:203 ] phpmyadmin security (Jul 30)
- [ MDVSA-2013:204 ] wireshark security (Jul 30)
- MojoPortal XSS vulns (Jul 30)
- NGS00434 Technical Advisory: Oracle Hyperion 11 Directory Traversal NCC Group Research (Jul 30)
- NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE NCC Group Research (Jul 30)