Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
178 messages
starting Nov 30 14 and
ending Dec 30 14
Date index |
Thread index |
Author index
Sunday, 30 November
WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) john
[SECURITY] [DSA 3079-1] ppp security update Sebastien Delafond
[SECURITY] [DSA 3080-1] openjdk-7 security update Moritz Muehlenhoff
Monday, 01 December
[SECURITY] [DSA 3083-1] mutt security update Salvatore Bonaccorso
[SECURITY] [DSA 3082-1] flac security update Sebastien Delafond
[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro
[SECURITY] [DSA 3081-1] libvncserver security update Luciano Bello
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 Stephan.Rickauer
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire RedTeam Pentesting GmbH
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf RedTeam Pentesting GmbH
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure RedTeam Pentesting GmbH
[SECURITY] [DSA 3084-1] openvpn security update Florian Weimer
Tuesday, 02 December
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components RedTeam Pentesting GmbH
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress Henri Salo
ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability Security Alert
ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability Security Alert
F5 BIGIP - (OLD!) Persistent XSS in ASM Module jplopezy
Wednesday, 03 December
[SECURITY] [DSA 3085-1] wordpress security update Yves-Alexis Perez
[slackware-security] mozilla-thunderbird (SSA:2014-337-01) Slackware Security Team
Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro
Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection Crash
[SECURITY] [DSA 3086-1] tcpdump security update Salvatore Bonaccorso
APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 Apple Product Security
CVE-2014-9215 - SQL Injection in PBBoard CMS tien . d . tran
Thursday, 04 December
Re: Slider Revolution/Showbiz Pro shell upload exploit assistenz
[SECURITY] [DSA 3087-1] qemu security update Salvatore Bonaccorso
[SECURITY] [DSA 3088-1] qemu-kvm security update Salvatore Bonaccorso
[oCERT-2014-009] JasPer input sanitization errors Andrea Barisani
[SECURITY] [DSA 3089-1] jasper security update Salvatore Bonaccorso
[SECURITY] [DSA 3090-1] iceweasel security update Moritz Muehlenhoff
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information security-alert
Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities VMware Security Response Center
Friday, 05 December
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) Vulnerability Lab
Sunday, 07 December
[SECURITY] [DSA 3092-1] icedove security update Moritz Muehlenhoff
[SECURITY] [DSA 3091-1] getmail4 security update Giuseppe Iuculano
Monday, 08 December
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) Security Explorations
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Shawn
CMS Made Simple PHP Code Injection Vulnerability (All versions) sahm
CFP: InfoSec SouthWest 2015 (ISSW) Tod Beardsley
[ANN] Apache Struts 2.3.20 GA release available with security fix Lukasz Lenart
Tuesday, 09 December
[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds jlk
[SECURITY] [DSA 3094-1] bind9 security update Giuseppe Iuculano
[security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution security-alert
[SECURITY] [DSA 3093-1] linux security update Salvatore Bonaccorso
Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 Onur Yilmaz
[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information security-alert
[CVE-2014-8340] phpTrafficA SQL injection Daniël Geerts
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Response Center
[security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert
[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information security-alert
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities simo
Wednesday, 10 December
[CVE-2014-7303] SGI Tempo System Database Exposure john . fitzpatrick
[CVE-2014-7302] SGI SUID Root Privilege Escalation john . fitzpatrick
[CVE-2014-7301] SGI Tempo System Database Password Exposure john . fitzpatrick
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities VMware Security Response Center
FreeBSD Security Advisory FreeBSD-SA-14:27.stdio FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:28.file FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:29.bind FreeBSD Security Advisories
AST-2014-019: Remote Crash Vulnerability in WebSocket Server Asterisk Security Team
[SECURITY] [DSA 3095-1] xorg-server security update Moritz Muehlenhoff
Thursday, 11 December
[SECURITY] [DSA 3096-1] pdns-recursor security update Sebastien Delafond
[slackware-security] openvpn (SSA:2014-344-04) Slackware Security Team
[slackware-security] seamonkey (SSA:2014-344-06) Slackware Security Team
[slackware-security] bind (SSA:2014-344-01) Slackware Security Team
[slackware-security] pidgin (SSA:2014-344-05) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-344-02) Slackware Security Team
[slackware-security] wpa_supplicant (SSA:2014-344-07) Slackware Security Team
[slackware-security] openssh (SSA:2014-344-03) Slackware Security Team
[SECURITY] [DSA 3097-1] unbound security update Yves-Alexis Perez
[SECURITY] [DSA 3098-1] graphviz security update Salvatore Bonaccorso
APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Apple Product Security
ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities petri . iivonen
[SECURITY] [DSA 3099-1] dbus security update Florian Weimer
Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch
[security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert
Friday, 12 December
ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability Security Alert
ESA-2014-163: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert
ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability Security Alert
Sunday, 14 December
[ MDVSA-2014:246 ] openvpn security
[ MDVSA-2014:247 ] jasper security
[ MDVSA-2014:248 ] graphviz security
[ MDVSA-2014:249 ] qemu security
[ MDVSA-2014:250 ] cpio security
[ MDVSA-2014:251 ] rpm security
CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" Christian Schneider
CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" Christian Schneider
[ MDVSA-2014:245 ] mutt security
[ MDVSA-2014:244 ] openafs security
[ MDVSA-2014:243 ] phpmyadmin security
[ MDVSA-2014:239 ] flac security
[SECURITY] [DSA 3100-1] mediawiki security update Sebastien Delafond
[SECURITY] [DSA 3101-1] c-icap security update Salvatore Bonaccorso
[ MDVSA-2014:238 ] bind security
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... Stefan Kanthak
[SECURITY] [DSA 3102-1] libyaml security update Salvatore Bonaccorso
[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update Salvatore Bonaccorso
[ MDVSA-2014:242 ] yaml security
Monday, 15 December
Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] modzero
Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701 steffen . roesemann1986
[ MDVSA-2014:253 ] apache-mod_wsgi security
[ MDVSA-2014:252 ] nss security
CA20141215-01: Security Notice for CA LISA Release Automation Williams, Ken
Tuesday, 16 December
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) Security Explorations
"Ettercap 8.0 - 8.1" multiple vulnerabilities Nick Sampanis
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA Onapsis Research Labs
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Mazin Ahmed
[SECURITY] [DSA 3104-1] bsd-mailx security update Florian Weimer
[SECURITY] [DSA 3105-1] heirloom-mailx security update Florian Weimer
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability Vulnerability Lab
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability Vulnerability Lab
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability Vulnerability Lab
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability Vulnerability Lab
[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities security-alert
[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution security-alert
Wednesday, 17 December
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities Matteo Beccati
FreeBSD Security Advisory FreeBSD-SA-14:30.unbound FreeBSD Security Advisories
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache Tobias Glemser
Cross-Site Scripting (XSS) in Revive Adserver High-Tech Bridge Security Research
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability Vulnerability Lab
Morfy CMS v1.05 - Command Execution Vulnerability Vulnerability Lab
Jease CMS v2.11 - Persistent UI Web Vulnerability Vulnerability Lab
Thursday, 18 December
Apple iOS v8.x - Message Context & Privacy Vulnerability Vulnerability Lab
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability Vulnerability Lab
E-Journal CMS (ID) - Multiple Web Vulnerabilities Vulnerability Lab
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability Vulnerability Lab
Friday, 19 December
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager SEC Consult Vulnerability Lab
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted SEC Consult Vulnerability Lab
[oCERT-2014-012] JasPer input sanitization errors Andrea Barisani
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Apple Product Security
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor SEC Consult Vulnerability Lab
iBackup v10.0.0.45 - Privilege Escalation Vulnerability Vulnerability Lab
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability Vulnerability Lab
Facebook BB #18 - IDOR Issue & Privacy Vulnerability Vulnerability Lab
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 Onur Yilmaz
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 Onur Yilmaz
Sunday, 21 December
[SECURITY] [DSA 3106-1] jasper security update Salvatore Bonaccorso
[SECURITY] [DSA 3107-1] subversion security update Florian Weimer
[SECURITY] [DSA 3108-1] ntp security update Florian Weimer
[SECURITY] [DSA 3107-2] subversion regression update Florian Weimer
[SECURITY] [DSA 3109-1] firebird2.5 security update Salvatore Bonaccorso
VP-2014-004 SysAid Server Arbitrary File Disclosure Bernhard Mueller
Monday, 22 December
[oCERT-2014-010] SoX input sanitization errors Andrea Barisani
[oCERT-2014-011] UnZip input sanitization errors Andrea Barisani
APPLE-SA-2014-12-22-1 OS X NTP Security Update Apple Product Security
[SECURITY] [DSA 3111-1] cpio security update Michael Gilbert
[slackware-security] ntp (SSA:2014-356-01) Slackware Security Team
[slackware-security] php (SSA:2014-356-02) Slackware Security Team
Tuesday, 23 December
[slackware-security] xorg-server (SSA:2014-356-03) Slackware Security Team
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 steffen . roesemann1986
[SECURITY] [DSA 3112-1] sox security update Salvatore Bonaccorso
[SECURITY] [DSA 3110-1] mediawiki security update Sebastien Delafond
FreeBSD Security Advisory FreeBSD-SA-14:31.ntp FreeBSD Security Advisories
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Cisco Systems Product Security Incident Response Team
Wednesday, 24 December
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 steffen . roesemann1986
DRAM unreliable under specific access patern Pavel Machek
Thursday, 25 December
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability Vulnerability Lab
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability Vulnerability Lab
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability Vulnerability Lab
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability Vulnerability Lab
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability Vulnerability Lab
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities Vulnerability Lab
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab
Monday, 29 December
[SECURITY] [DSA 3114-1] mime-support security update Salvatore Bonaccorso
[SECURITY] [DSA 3113-1] unzip security update Salvatore Bonaccorso
nullcon HackIM Challenge 9-11 Jan 2015 nullcon
[SECURITY] [DSA 3115-1] pyyaml security update Moritz Muehlenhoff
Remote Code Execution via Unauthorised File upload in Cforms 14.7 z . fedotkin
[SECURITY] [DSA 3116-1] polarssl security update Moritz Muehlenhoff
Tuesday, 30 December
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability Security Alert
ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability Security Alert
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro