Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
187 messages
starting Mar 05 14 and
ending Mar 03 14
Date index |
Thread index |
Author index
0xnanoquetz9l
(Added CVE) Dassault Systemes Catia Stack Buffer Overflow 0xnanoquetz9l (Mar 05)
Public disclosure of Buffer Overflow Dassault Systems 0xnanoquetz9l (Mar 05)
alejandr0.w3b.p0wn3r
CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box alejandr0.w3b.p0wn3r (Mar 05)
Alkeraithe
E-Store (1.0 & 2.0) <= SQL Injection Vulnerability Alkeraithe (Mar 10)
Andrea Barisani
[oCERT-2014-002] Xalan-Java insufficient secure processing Andrea Barisani (Mar 25)
[oCERT-2014-003] LibYAML input sanitization errors Andrea Barisani (Mar 28)
Apple Product Security
APPLE-SA-2014-03-10-1 iOS 7.1 Apple Product Security (Mar 10)
APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple Product Security (Mar 10)
Arron Dowdeswell
Re: CVE-2014-5880 - Authentication Bypass in Oracle Demantra Arron Dowdeswell (Mar 03)
Re: CVE-2014-5795 - Database Credentials Leak in Oracle Demantra Arron Dowdeswell (Mar 03)
Asterisk Security Team
AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Mar 11)
AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Asterisk Security Team (Mar 11)
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers. Asterisk Security Team (Mar 11)
AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Asterisk Security Team (Mar 11)
Bartlomiej Balcerek
JOIDS (Java OpenID Server) multiple vulnerabilities Bartlomiej Balcerek (Mar 04)
c0c0n International Information Security Conference
c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference (Mar 24)
CERT
Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk CERT (Mar 28)
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability CERT (Mar 24)
Christian Catalano
[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0 Christian Catalano (Mar 03)
[CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0 Christian Catalano (Mar 03)
[CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0 Christian Catalano (Mar 03)
[CVE-2013-6234] XSS File Upload in SpagoBI v4.0 Christian Catalano (Mar 03)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team (Mar 05)
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Mar 19)
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability Cisco Systems Product Security Incident Response Team (Mar 05)
contact
[HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability contact (Mar 07)
CORE Advisories Team
CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities CORE Advisories Team (Mar 12)
craig . arendt
Multiple Vulnerabilities in SeedDMS < = 4.3.3 craig . arendt (Mar 14)
Daniel Divricean
Android Vulnerability: Install App Without User Explicit Consent Daniel Divricean (Mar 10)
Daniel Marques
CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting Daniel Marques (Mar 24)
Dieyu
MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently) Dieyu (Mar 25)
Eric Flokstra
[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13 Eric Flokstra (Mar 25)
Fernando Gont
(CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE) Fernando Gont (Mar 19)
Florian Weimer
[SECURITY] [DSA 2890-1] libspring-java security update Florian Weimer (Mar 31)
[SECURITY] [DSA 2886-1] libxalan2-java security update Florian Weimer (Mar 26)
ForefrontServerProtection
Microsoft Forefront Protection for Exchange Server detected a virus ForefrontServerProtection (Mar 18)
Giuseppe Iuculano
[SECURITY] [DSA 2882-1] extplorer security update Giuseppe Iuculano (Mar 20)
Guillaume Ross
[CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue Guillaume Ross (Mar 11)
Gustavo Speranza
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure Gustavo Speranza (Mar 05)
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure Gustavo Speranza (Mar 05)
Hanno Böck
PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319) Hanno Böck (Mar 13)
High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Open Classifieds High-Tech Bridge Security Research (Mar 12)
Multiple Vulnerabilities in OpenDocMan High-Tech Bridge Security Research (Mar 05)
Cross-Site Scripting (XSS) in Ilch CMS High-Tech Bridge Security Research (Mar 05)
Cross-Site Scripting (XSS) in CMSimple High-Tech Bridge Security Research (Mar 19)
iclelland
[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults iclelland (Mar 04)
[CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation iclelland (Mar 04)
iedb . team
WordPress thecotton Themes Remote File Upload Vulnerability iedb . team (Mar 03)
Ivan Buetler
Web Egg Hunting Game - Hacky Easter Ivan Buetler (Mar 26)
Jann Horn
PHP: patch to make session handling with default config more secure against local attackers Jann Horn (Mar 05)
Jason Ostrom
PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560) Jason Ostrom (Mar 31)
Julien Ahrens
[CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution Julien Ahrens (Mar 03)
[CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution Julien Ahrens (Mar 14)
Larry W. Cashdollar
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Larry W. Cashdollar (Mar 12)
Lukasz Lenart
[ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart (Mar 06)
Martin Braun
Open-Xchange Security Advisory 2014-03-17 Martin Braun (Mar 17)
Michael Gilbert
[SECURITY] [DSA 2883-1] chromium-browser security update Michael Gilbert (Mar 24)
[SECURITY] [DSA 2877-1] lighttpd security update Michael Gilbert (Mar 13)
Michael Wisniewski
Synology DSM4 Blind SQL Injection Michael Wisniewski (Mar 13)
ML
2014 World Conference on IST - Madeira Island, April 15-17 ML (Mar 18)
Moritz Muehlenhoff
[SECURITY] [DSA 2874-1] mutt security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update Moritz Muehlenhoff (Mar 28)
[SECURITY] [DSA 2872-1] udisks security update Moritz Muehlenhoff (Mar 10)
[SECURITY] [DSA 2880-1] python2.7 security update Moritz Muehlenhoff (Mar 17)
[SECURITY] [DSA 2871-1] wireshark security update Moritz Muehlenhoff (Mar 10)
[SECURITY] [DSA 2881-1] iceweasel security update Moritz Muehlenhoff (Mar 19)
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update Moritz Muehlenhoff (Mar 28)
[SECURITY] [DSA 2875-1] cups-filters security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2876-1] cups security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2878-1] virtualbox security update Moritz Muehlenhoff (Mar 14)
NCC Group Research
NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation NCC Group Research (Mar 21)
NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode NCC Group Research (Mar 14)
Ninja ActiVPN
ActiVPN launches its security bug bounty Ninja ActiVPN (Mar 14)
Nomen Nescio
exploit for old rlpdaemon bug Nomen Nescio (Mar 17)
Per Thorsheim
CFP: Passwords^14, Las Vegas, August 5-6 Per Thorsheim (Mar 03)
Pivotal Security Team
CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE) Pivotal Security Team (Mar 12)
CVE-2014-1904 XSS when using Spring MVC Pivotal Security Team (Mar 12)
CVE-2014-0097 Spring Security Blank password may bypass user authentication Pivotal Security Team (Mar 12)
Portcullis Advisories
CVE-2014-5880 - Authentication Bypass in Oracle Demantra Portcullis Advisories (Mar 03)
CVE-2014-2043 - SQL Injection in Procentia IntelliPen Portcullis Advisories (Mar 12)
CVE-2014-5795 - Database Credentials Leak in Oracle Demantra Portcullis Advisories (Mar 03)
CVE-2014-2044 - Remote Code Execution in ownCloud Portcullis Advisories (Mar 06)
CVE-2014-0372 - SQL Injection in Oracle Demantra Portcullis Advisories (Mar 03)
CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki Portcullis Advisories (Mar 03)
CVE-2014-1222 - Local File Inclusion in Vtiger CRM Portcullis Advisories (Mar 12)
Raphael Geissert
[SECURITY] [DSA 2859-2] pidgin security update Raphael Geissert (Mar 20)
[SECURITY] [DSA 2879-1] libssh security update Raphael Geissert (Mar 14)
RedTeam Pentesting GmbH
[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration RedTeam Pentesting GmbH (Mar 28)
Roee Hay
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) Roee Hay (Mar 26)
Salvatore Bonaccorso
[SECURITY] [DSA 2868-1] php5 security update Salvatore Bonaccorso (Mar 03)
[SECURITY] [DSA 2884-1] libyaml security update Salvatore Bonaccorso (Mar 26)
[SECURITY] [DSA 2873-2] file regression update Salvatore Bonaccorso (Mar 24)
[SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update Salvatore Bonaccorso (Mar 10)
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update Salvatore Bonaccorso (Mar 26)
[SECURITY] [DSA 2873-1] file security update Salvatore Bonaccorso (Mar 12)
SEC Consult Vulnerability Lab
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator SEC Consult Vulnerability Lab (Mar 28)
SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot SEC Consult Vulnerability Lab (Mar 07)
security
[ MDVSA-2014:058 ] freeradius security (Mar 14)
[ MDVSA-2014:066 ] nss security (Mar 20)
[ MDVSA-2014:061 ] oath-toolkit security (Mar 17)
[ MDVSA-2014:049 ] subversion security (Mar 10)
[ MDVSA-2014:048 ] gnutls security (Mar 10)
[ MDVSA-2014:059 ] php security (Mar 14)
[ MDVSA-2014:053 ] libssh security (Mar 13)
[ MDVSA-2014:052 ] net-snmp security (Mar 13)
[ MDVSA-2014:055 ] owncloud security (Mar 13)
[ MDVSA-2014:062 ] webmin security (Mar 17)
[ MDVSA-2014:054 ] otrs security (Mar 13)
[ MDVSA-2014:064 ] udisks security (Mar 17)
[ MDVSA-2014:051 ] file security (Mar 13)
[ MDVSA-2014:056 ] apache-commons-fileupload security (Mar 13)
[ MDVSA-2014:050 ] wireshark security (Mar 10)
[ MDVSA-2014:057 ] mediawiki security (Mar 13)
[ MDVSA-2014:060 ] imapsync security (Mar 14)
[ MDVSA-2014:063 ] x2goserver security (Mar 17)
[ MDVSA-2014:065 ] apache security (Mar 20)
Security Alert
ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability Security Alert (Mar 19)
ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability Security Alert (Mar 26)
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability Security Alert (Mar 03)
ESA-2014-016: EMC VPLEX Multiple Vulnerabilities Security Alert (Mar 28)
ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities Security Alert (Mar 05)
ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability Security Alert (Mar 24)
security-alert
[security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity security-alert (Mar 05)
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) security-alert (Mar 05)
[security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Mar 05)
[security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code security-alert (Mar 13)
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) security-alert (Mar 05)
[security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS) security-alert (Mar 11)
[security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges security-alert (Mar 14)
[security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access security-alert (Mar 07)
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information security-alert (Mar 11)
[security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access security-alert (Mar 26)
[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability security-alert (Mar 10)
[security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF) security-alert (Mar 11)
[security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access security-alert (Mar 28)
[security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code security-alert (Mar 05)
[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code security-alert (Mar 25)
[security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Mar 05)
Shakacon
Shakacon 2014: Call for Papers - Deadline April 11th Shakacon (Mar 20)
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2014-086-05) Slackware Security Team (Mar 31)
[slackware-security] samba (SSA:2014-072-01) Slackware Security Team (Mar 14)
[slackware-security] udisks, udisks2 (SSA:2014-070-01) Slackware Security Team (Mar 11)
[slackware-security] openssh (SSA:2014-086-06) Slackware Security Team (Mar 31)
[slackware-security] gnutls (SSA:2014-062-01) Slackware Security Team (Mar 04)
[slackware-security] php (SSA:2014-074-01) Slackware Security Team (Mar 17)
[slackware-security] seamonkey (SSA:2014-086-07) Slackware Security Team (Mar 31)
[slackware-security] sudo (SSA:2014-064-01) Slackware Security Team (Mar 06)
[slackware-security] curl (SSA:2014-086-01) Slackware Security Team (Mar 31)
[slackware-security] httpd (SSA:2014-086-02) Slackware Security Team (Mar 31)
[slackware-security] mozilla-firefox (SSA:2014-086-03) Slackware Security Team (Mar 31)
[slackware-security] mutt (SSA:2014-071-01) Slackware Security Team (Mar 13)
[slackware-security] mozilla-nss (SSA:2014-086-04) Slackware Security Team (Mar 31)
submit
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service submit (Mar 17)
Thijs Kinkhorst
[SECURITY] [DSA 2891-1] mediawiki security update Thijs Kinkhorst (Mar 31)
[SECURITY] [DSA 2889-1] postfixadmin security update Thijs Kinkhorst (Mar 28)
[SECURITY] [DSA 2891-2] mediawiki regression update Thijs Kinkhorst (Mar 31)
tiamat451
CVE-2013-6955 Synology DSM remote code execution tiamat451 (Mar 25)
Tim Brown
Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS Tim Brown (Mar 13)
Medium severity flaw in BlackBerry QNX Neutrino RTOS Tim Brown (Mar 12)
"VMware Security Response Center"
NEW VMSA-2014-0002 VMware vSphere updates to third party libraries "VMware Security Response Center" (Mar 12)
Vulnerability Lab
iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability Vulnerability Lab (Mar 28)
ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 20)
SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Mar 06)
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Mar 31)
Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities Vulnerability Lab (Mar 28)
ES746 DELL Support-Bulletin - EMS Vulnerability Resolved Vulnerability Lab (Mar 28)
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab (Mar 28)
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability Vulnerability Lab (Mar 28)
Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability Vulnerability Lab (Mar 03)
PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 31)
Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
VUPEN Security Research
VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own) VUPEN Security Research (Mar 26)
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own) VUPEN Security Research (Mar 26)
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) VUPEN Security Research (Mar 26)
Yves-Alexis Perez
[SECURITY] [DSA 2869-1] gnutls26 security update Yves-Alexis Perez (Mar 03)