Bugtraq: by date

PreviousPrevious period
Next periodNext

158 messages starting Jul 01 14 and ending Jul 31 14
Date index | Thread index | Author index

Tuesday, 01 July

Kerio Control <= 8.3.1 Boolean-based blind SQL Injection info
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom SEC Consult Vulnerability Lab

Wednesday, 02 July

CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board" Christian Schneider
Cross-Site Request Forgery (CSRF) in Kanboard High-Tech Bridge Security Research
[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Cisco Systems Product Security Incident Response Team

Thursday, 03 July

[SECURITY] [DSA 2971-1] dbus security update Salvatore Bonaccorso
[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code security-alert
[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass security-alert
POC2014 Call for Paper pocadm

Friday, 04 July

[security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert

Monday, 07 July

Lime Survey 2-05+ Multiple Vulnerabilities g-damore
[SECURITY] [DSA 2972-1] linux security update Salvatore Bonaccorso
Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100) a . blas
CVE-2014-3863 - Stored XSS in JChatSocial Teodor Lupan
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries Stefan Kanthak
{CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities. Madhu Akula
Backdoor access to Techboard/Syac devices roberto . paleari
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability Vulnerability Lab
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability Vulnerability Lab
[SECURITY] CVE-2014-3503 Apache Syncope Francesco Chicchiriccò
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability Vulnerability Lab
ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities Security Alert
ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability Security Alert

Tuesday, 08 July

[SECURITY] [DSA 2973-1] vlc security update Moritz Muehlenhoff
[security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access security-alert
Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit Sumit Siddharth
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX Portcullis Advisories
[ MDVSA-2014:126 ] phpmyadmin security

Wednesday, 09 July

[security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information security-alert
[SECURITY] [DSA 2974-1] php5 security update Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-14:17.kmem FreeBSD Security Advisories
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Cisco Systems Product Security Incident Response Team
CVE-2014-4331 OctavoCMS reflected XSS vulnerability andreu . antonio
Android NFC Service Denial of Service vuln
[ MDVSA-2014:127 ] gnupg security
[ MDVSA-2014:128 ] iodine security
[ MDVSA-2014:130 ] php security
[ MDVSA-2014:129 ] ffmpeg security
[ MDVSA-2014:131 ] file security
[ MDVSA-2014:132 ] libxfont security
OS Command Injection Infoblox Network Automation nate
Weak Local Database Credentials in Infoblox Network Automation nate
Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2975-1] phpmyadmin security update Thijs Kinkhorst

Thursday, 10 July

[security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information security-alert
[security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information security-alert
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop SEC Consult Vulnerability Lab
SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system SEC Consult Vulnerability Lab
SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu SEC Consult Vulnerability Lab
[ MDVSA-2014:133 ] gd security
SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop SEC Consult Vulnerability Lab
[ MDVSA-2014:134 ] liblzo security
[ MDVSA-2014:135 ] python security
Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab
Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability Vulnerability Lab
[SECURITY] [DSA 2976-1] eglibc security update Florian Weimer

Monday, 14 July

[ MDVSA-2014:136 ] samba security
[ MDVSA-2014:137 ] apache-mod_wsgi security
[SECURITY] [DSA 2977-1] libav security update Moritz Muehlenhoff
[SECURITY] [DSA 2978-1] libxml2 security update Moritz Muehlenhoff
[ MDVSA-2014:138 ] asterisk security
[slackware-security] php (SSA:2014-192-01) Slackware Security Team
[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability Egidio Romano

Tuesday, 15 July

[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege security-alert
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information security-alert
Ruxcon 2014 Final Call For Presentations cfp
[security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information security-alert
Node Browserify RCE vuln (<= 4.2.0) Cal Leeming [Simplicity Media Ltd]

Wednesday, 16 July

[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code security-alert
KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation KoreLogic Disclosures
SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition SEC Consult Vulnerability Lab
VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014) VUPEN Security Research
VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014) VUPEN Security Research
Reflected Cross-Site Scripting (XSS) in e107 High-Tech Bridge Security Research
SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" SEC Consult Vulnerability Lab
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway SEC Consult Vulnerability Lab
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone SEC Consult Vulnerability Lab

Thursday, 17 July

Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2765-2] davfs regression update Thijs Kinkhorst
IP.Board 3.4 cross-site scripting in Referer header stormhacker
[HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August Hafez Kamal
Ignore the amount customers confirm is no security vulnerability according to PayPal Jan Kechel

Friday, 18 July

[SECURITY] [DSA 2979-1] fail2ban security update Moritz Muehlenhoff
[SECURITY] [DSA 2980-1] openjdk-6 security update Moritz Muehlenhoff
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703) Vulnerability Lab
Microsoft MSN HBE - Blind SQL Injection Vulnerability Vulnerability Lab
ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability Security Alert

Monday, 21 July

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure i amroot
[SECURITY] [DSA 2981-1] polarssl security update Salvatore Bonaccorso
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. Jordan Sissel
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update Moritz Muehlenhoff
[SECURITY] [DSA 2983-1] drupal7 security update Moritz Muehlenhoff

Tuesday, 22 July

Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin president
[oCERT-2014-004] Ansible input sanitization errors Andrea Barisani
Cross-site Scripting in EventLog Analyzer 9.0 build #9000 audit1
Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 audit1
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Vulnerability Lab
[security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information security-alert

Wednesday, 23 July

Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
[SECURITY] [DSA 2984-1] acpi-support security update Luciano Bello
[SECURITY] [DSA 2985-1] mysql-5.5 security update Salvatore Bonaccorso
Multiple Vulnerabilities in Parallels® Plesk Sitebuilder cseye_ut
[oCERT-2014-005] LPAR2RRD input sanitization errors Daniele Bianco
SQL Injection in Е2 High-Tech Bridge Security Research
[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information security-alert

Thursday, 24 July

[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
[SECURITY] [DSA 2986-1] iceweasel security update Moritz Muehlenhoff
[SECURITY] [DSA 2987-1] openjdk-7 security update Moritz Muehlenhoff
[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities security-alert
[slackware-security] httpd (SSA:2014-204-01) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-204-02) Slackware Security Team
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398 Vulnerability Lab
[slackware-security] mozilla-thunderbird (SSA:2014-204-03) Slackware Security Team

Friday, 25 July

[SECURITY] [DSA 2988-1] transmission security update Moritz Muehlenhoff
Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 dkl
[SECURITY] [DSA 2989-1] apache2 security update Stefan Fritsch
Easy file sharing web server - persist XSS in forum msgs joseph . giron13
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab

Monday, 28 July

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Gynvael Coldwind
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Web Encryption Extension security update Ralf Senderek
[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS) security-alert
[SECURITY] [DSA 2990-1] cups security update Salvatore Bonaccorso
[SECURITY] [DSA 2991-1] modsecurity-apache security update Salvatore Bonaccorso
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability Vulnerability Lab

Wednesday, 30 July

Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities vulns
Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities vulns
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
[SECURITY] [DSA 2992-1] linux security update Salvatore Bonaccorso
WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities Vulnerability Lab
[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication Onapsis Research Labs
[Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool Onapsis Research Labs
[Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 Onapsis Research Labs
[ MDVSA-2014:139 ] nss security
[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass Onapsis Research Labs
[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service Onapsis Research Labs
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS Onapsis Research Labs
[ MDVSA-2014:141 ] java-1.7.0-openjdk security
[security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert
[ MDVSA-2014:140 ] owncloud security
Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529] Programa STIC

Thursday, 31 July

Improper Access Control in ArticleFR High-Tech Bridge Security Research
[ MDVSA-2014:142 ] apache security
[ MDVSA-2014:143 ] phpmyadmin security
[ MDVSA-2014:144 ] live security
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Joe Souza
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
PreviousPrevious period
Next periodNext