Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

155 messages starting Feb 14 14 and ending Feb 20 14
Date index | Thread index | Author index

Aaron Zauner

Critical security flaws in Nagios NRPE client/server crypto Aaron Zauner (Feb 14)

adrianomarciomonteiro

Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 adrianomarciomonteiro (Feb 20)

advisories

CVE-2014-1213 - Denial of Service in Sophos Anti Virus advisories (Feb 03)
CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin advisories (Feb 06)

Andrea Barisani

[oCERT-2014-001] MantisBT input sanitization errors Andrea Barisani (Feb 09)

Andrzej Targosz

#CONFidence 2014- Call for Papers, only 0111 days left to become CONFidence ninja Andrzej Targosz (Feb 10)

Apple Product Security

APPLE-SA-2014-02-25-3 QuickTime 7.7.5 Apple Product Security (Feb 26)
APPLE-SA-2014-02-21-2 iOS 7.0.6 Apple Product Security (Feb 24)
APPLE-SA-2014-02-21-1 iOS 6.1.6 Apple Product Security (Feb 24)
APPLE-SA-2014-02-11-1 Boot Camp 5.1 Apple Product Security (Feb 13)
APPLE-SA-2014-02-21-3 Apple TV 6.0.2 Apple Product Security (Feb 24)
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001 Apple Product Security (Feb 26)
APPLE-SA-2014-02-21-1 iOS 6.1.6 Apple Product Security (Feb 24)
APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2 Apple Product Security (Feb 26)

buqtraq

ASUS router drive-by code execution via XSS and authentication bypass buqtraq (Feb 21)

cfp2014

Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec cfp2014 (Feb 17)

Chris Travers

Security advisory, LedgerSMB 1.3.0-1.3.36 Chris Travers (Feb 03)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Feb 20)
Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Feb 26)
Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Cisco Systems Product Security Incident Response Team (Feb 20)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software Cisco Systems Product Security Incident Response Team (Feb 20)
Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team (Feb 20)

CORE Advisories Team

CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability CORE Advisories Team (Feb 06)

Eric Flokstra

[CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12 Eric Flokstra (Feb 21)

Florian Weimer

[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update Florian Weimer (Feb 09)
[SECURITY] [DSA 2852-1] libgadu security update Florian Weimer (Feb 07)

Hafez Kamal

[HITB-Announce] Haxpo CFP Hafez Kamal (Feb 20)

High-Tech Bridge Security Research

Multiple SQL Injection Vulnerabilities in AuraCMS High-Tech Bridge Security Research (Feb 06)
SQL Injection in doorGets CMS High-Tech Bridge Security Research (Feb 06)
SQL Injection in AdRotate High-Tech Bridge Security Research (Feb 20)
Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin High-Tech Bridge Security Research (Feb 27)

iedb . team

WHMCS Denial of Service Vulnerability iedb . team (Feb 09)
Phpbb Forum Denial of Service Vulnerability iedb . team (Feb 11)
Mybb All Version Denial of Service Vulnerability iedb . team (Feb 13)
phpMyBackupPro-2.4 Cross-Site Scripting vulnerability iedb . team (Feb 17)
Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln iedb . team (Feb 13)

innate

Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher) innate (Feb 26)

ISecAuditors Security Advisories

[ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail ISecAuditors Security Advisories (Feb 06)
[ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com) ISecAuditors Security Advisories (Feb 13)

jakx . ppr

AlienVault OSSIM SQL Injection vulnerability jakx . ppr (Feb 06)

john . fitzpatrick

[mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation john . fitzpatrick (Feb 11)

Julien Ahrens

VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution Julien Ahrens (Feb 20)

kyle Lovett

ASUS RT Series Routers FTP Service - Default anonymous access kyle Lovett (Feb 13)
Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console kyle Lovett (Feb 17)
ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure kyle Lovett (Feb 10)
Re: ASUS RT Series Routers FTP Service - Default anonymous access kyle Lovett (Feb 13)

Larry W. Cashdollar

Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Larry W. Cashdollar (Feb 26)

Luciano Bello

[SECURITY] [DSA 2853-1] horde3 security update Luciano Bello (Feb 06)
[SECURITY] [DSA 2863-1] libtar security update Luciano Bello (Feb 19)

Major Malfunction

DC4420 - London DEFCON - meeting Tuesday, 25th February 2014 Major Malfunction (Feb 24)

marcel . mangold

Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14 marcel . mangold (Feb 05)

Mark Thomas

[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled Mark Thomas (Feb 25)
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) Mark Thomas (Feb 25)
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service) Mark Thomas (Feb 25)
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Mark Thomas (Feb 06)
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications Mark Thomas (Feb 25)

Martin Braun

Open-Xchange Security Advisory 2014-02-10 Martin Braun (Feb 11)

Matthew Daley

Information on recently-fixed Oracle VM VirtualBox vulnerabilities Matthew Daley (Feb 07)

Michael Gilbert

[SECURITY] [DSA 2862-1] chromium-browser security update Michael Gilbert (Feb 17)

Mihaela Popescu-Stanesti

APPLE-SA-2014-02-21-3 Apple TV 6.0.2 Mihaela Popescu-Stanesti (Feb 24)
APPLE-SA-2014-02-21-2 iOS 7.0.6 Mihaela Popescu-Stanesti (Feb 24)

ML

CISTI'2014: List of Workshops ML (Feb 17)
[CISTI'2014]: Iberian Conference on IST; Barcelona; Deadline: February 28 ML (Feb 24)

Moritz Muehlenhoff

[SECURITY] [DSA 2858-1] iceweasel security update Moritz Muehlenhoff (Feb 11)
[SECURITY] [DSA 2855-1] libav security update Moritz Muehlenhoff (Feb 06)
[SECURITY] [DSA 2865-1] postgresql-9.1 security update Moritz Muehlenhoff (Feb 21)
[SECURITY] [DSA 2857-1] libspring-java security update Moritz Muehlenhoff (Feb 10)
[SECURITY] [DSA 2859-1] pidgin security update Moritz Muehlenhoff (Feb 11)
[SECURITY] [DSA 2864-1] postgresql-8.4 security update Moritz Muehlenhoff (Feb 21)

no-reply

[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection no-reply (Feb 17)

Oei, Géry

Office 365 - Account Hijacking Cookie Re-Use Flaw, extended Oei, Géry (Feb 27)

Pietro Oliva

Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability Pietro Oliva (Feb 13)
Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability Pietro Oliva (Feb 13)

Pivotal Security Team

Update: CVE-2014-0053 Information Disclosure when using Grails Pivotal Security Team (Feb 27)

Portcullis Advisories

CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server Portcullis Advisories (Feb 19)
CVE-2014-1223 - Cross-site Scripting in Telligent Evolution Portcullis Advisories (Feb 24)

post

Inteno DG301 Command Injection post (Feb 06)

RedTeam Pentesting GmbH

[RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard RedTeam Pentesting GmbH (Feb 25)

rob . thomas

[CVE-2014-1903] FreePBX 2.9 through 12 RCE rob . thomas (Feb 13)

Ronen Z

Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE Ronen Z (Feb 17)

Salvatore Bonaccorso

[SECURITY] [DSA 2861-1] file security update Salvatore Bonaccorso (Feb 17)
[SECURITY] [DSA 2851-1] drupal6 security update Salvatore Bonaccorso (Feb 03)
[SECURITY] [DSA 2867-1] otrs2 security update Salvatore Bonaccorso (Feb 24)
[SECURITY] [DSA 2850-1] libyaml security update Salvatore Bonaccorso (Feb 03)
[SECURITY] [DSA 2866-1] gnutls26 security update Salvatore Bonaccorso (Feb 24)
[SECURITY] [DSA 2860-1] parcimonie security update Salvatore Bonaccorso (Feb 13)
[SECURITY] [DSA 2850-2] libyaml regression update Salvatore Bonaccorso (Feb 13)

SEC Consult Vulnerability Lab

SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab (Feb 18)
SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server SEC Consult Vulnerability Lab (Feb 28)
SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System) SEC Consult Vulnerability Lab (Feb 27)
SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch SEC Consult Vulnerability Lab (Feb 28)

security

[ MDVSA-2014:037 ] ffmpeg security (Feb 17)
[ MDVSA-2014:032 ] flite security (Feb 17)
[ MDVSA-2014:034 ] yaml security (Feb 17)
[ MDVSA-2014:035 ] libpng security (Feb 17)
[ MDVSA-2014:047 ] postgresql security (Feb 24)
[ MDVSA-2014:042 ] tomcat6 security (Feb 20)
[ MDVSA-2014:033 ] socat security (Feb 17)
[ MDVSA-2014:039 ] libgadu security (Feb 19)
[ MDVSA-2014:040 ] puppet security (Feb 19)
[ MDVSA-2014:029 ] mysql security (Feb 14)
[ MDVSA-2014:036 ] varnish security (Feb 17)
[ MDVSA-2014:044 ] zarafa security (Feb 20)
[ MDVSA-2014:031 ] drupal security (Feb 17)
[ MDVSA-2014:025 ] pidgin security (Feb 13)
[ MDVSA-2014:043 ] gnutls security (Feb 20)
[ MDVSA-2014:046 ] phpmyadmin security (Feb 21)
[ MDVSA-2014:041 ] python security (Feb 20)
[ MDVSA-2014:038 ] kernel security (Feb 17)
[ MDVSA-2014:045 ] libtar security (Feb 20)
[ MDVSA-2014:026 ] openldap security (Feb 13)
[ MDVSA-2014:028 ] mariadb security (Feb 14)
[ MDVSA-2014:027 ] php security (Feb 13)

Security Alert

ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability Security Alert (Feb 05)
ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities Security Alert (Feb 17)

security-alert

[security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure security-alert (Feb 25)
[security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information security-alert (Feb 26)
[security bulletin] HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code security-alert (Feb 25)
[security bulletin] HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert (Feb 26)
[security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues security-alert (Feb 24)
[security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates security-alert (Feb 26)

Slackware Security Team

[slackware-security] kernel (SSA:2014-050-03) Slackware Security Team (Feb 20)
[slackware-security] mozilla-firefox (SSA:2014-039-01) Slackware Security Team (Feb 10)
[slackware-security] curl (SSA:2014-044-01) Slackware Security Team (Feb 14)
[slackware-security] mariadb, mysql (SSA:2014-050-02) Slackware Security Team (Feb 20)
[slackware-security] ntp (SSA:2014-044-02) Slackware Security Team (Feb 14)
[slackware-security] seamonkey (SSA:2014-039-03) Slackware Security Team (Feb 10)
[slackware-security] pidgin (SSA:2014-034-01) Slackware Security Team (Feb 04)
[slackware-security] mozilla-thunderbird (SSA:2014-039-02) Slackware Security Team (Feb 10)
[slackware-security] subversion (SSA:2014-058-01) Slackware Security Team (Feb 28)
[slackware-security] gnutls (SSA:2014-050-01) Slackware Security Team (Feb 21)

Steve

44CON 2014 September 11th - 12th CFP Open Steve (Feb 24)

Tim Brown

Re: [Full-disclosure] CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger Tim Brown (Feb 18)

Vulnerability Lab

Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability Vulnerability Lab (Feb 21)
German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability Vulnerability Lab (Feb 06)
Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability Vulnerability Lab (Feb 24)
mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 17)
gpEasy v4.3.x CMS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 09)
My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities Vulnerability Lab (Feb 17)
File Hub v1.9.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 17)
jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 13)
Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability Vulnerability Lab (Feb 26)
German Telekom Bug Bounty #9 - Code Execution Vulnerability Vulnerability Lab (Feb 06)
CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab (Feb 21)
WiFiles HD v1.3 iOS - File Include Web Vulnerability Vulnerability Lab (Feb 24)
Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities Vulnerability Lab (Feb 25)
Office Assistant Pro v2.2.2 iOS - File Include Vulnerability Vulnerability Lab (Feb 17)
WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Feb 13)
Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability Vulnerability Lab (Feb 27)
Barracuda Message Archiver 650 - Persistent Web Vulnerability Vulnerability Lab (Feb 20)
German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability Vulnerability Lab (Feb 06)
Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability Vulnerability Lab (Feb 09)

Williams, James K

RE: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option Williams, James K (Feb 14)
CA20140218-01: Security Notice for CA 2E Web Option Williams, James K (Feb 19)

xys3c team

Android & iOS Hands-on Exploitation at SyScan 2014 xys3c team (Feb 20)

Previous period

Next period