Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
192 messages
starting Sep 29 14 and
ending Sep 25 14
Date index |
Thread index |
Author index
Aditya Gupta
Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon Aditya Gupta (Sep 29)
advisories
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow advisories (Sep 25)
Andrea Barisani
[oCERT-2014-007] libvncserver multiple issues Andrea Barisani (Sep 25)
Apple Product Security
APPLE-SA-2014-09-17-5 OS X Server 3.2.1 Apple Product Security (Sep 19)
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 Apple Product Security (Sep 19)
APPLE-SA-2014-09-17-2 Apple TV 7 Apple Product Security (Sep 17)
APPLE-SA-2014-09-17-7 Xcode 6.0.1 Apple Product Security (Sep 19)
APPLE-SA-2014-09-17-6 OS X Server 2.2.3 Apple Product Security (Sep 19)
APPLE-SA-2014-09-17-1 iOS 8 Apple Product Security (Sep 17)
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1 Apple Product Security (Sep 19)
Asterisk Security Team
AST-2014-009: Remote crash based on malformed SIP subscription requests Asterisk Security Team (Sep 19)
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations Asterisk Security Team (Sep 19)
Chris Nehren
Re: SSH host key fingerprint - through HTTPS Chris Nehren (Sep 01)
Christey, Steven M.
CVE ID Syntax Change - Deadline Approaching Christey, Steven M. (Sep 19)
CVE ID Syntax Change - Deadline Approaching Christey, Steven M. (Sep 19)
Christian Schneider
CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler" Christian Schneider (Sep 08)
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product Christian Schneider (Sep 22)
CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler" Christian Schneider (Sep 08)
CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler" Christian Schneider (Sep 08)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability Cisco Systems Product Security Incident Response Team (Sep 26)
Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 25)
Cisco Security Advisory: Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 09)
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 25)
Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability Cisco Systems Product Security Incident Response Team (Sep 25)
Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 25)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 25)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System Cisco Systems Product Security Incident Response Team (Sep 25)
CORE Advisories Team
[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow CORE Advisories Team (Sep 17)
[CORE-2014-0005] - Advantech WebAccess Vulnerabilities CORE Advisories Team (Sep 03)
danielelinguaglossa
HttpFileServer 2.3.x Remote Command Execution danielelinguaglossa (Sep 12)
Re: HttpFileServer 2.3.x Remote Command Execution danielelinguaglossa (Sep 15)
Egidio Romano
[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability Egidio Romano (Sep 24)
[KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability Egidio Romano (Sep 24)
Elar Lang
apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error Elar Lang (Sep 08)
Federick Joe P Fajardo
Multiple Vulnerabilities with Aztech Modem Routers Federick Joe P Fajardo (Sep 15)
Re: Multiple Vulnerabilities with Aztech Modem Routers Federick Joe P Fajardo (Sep 19)
Florian Weimer
[SECURITY] [DSA 3026-1] dbus security update Florian Weimer (Sep 17)
[SECURITY] [DSA 3016-1] lua5.2 security update Florian Weimer (Sep 02)
[SECURITY] [DSA 3015-1] lua5.1 security update Florian Weimer (Sep 02)
[SECURITY] [DSA 2987-2] openjdk-7 regression update Florian Weimer (Sep 01)
[SECURITY] [DSA 3032-1] bash security update Florian Weimer (Sep 25)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:19.tcp FreeBSD Security Advisories (Sep 17)
FreeBSD Security Advisory FreeBSD-SA-14:18.openssl FreeBSD Security Advisories (Sep 09)
Gunnar Wolf
Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key Gunnar Wolf (Sep 25)
High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in MyWebSQL High-Tech Bridge Security Research (Sep 03)
Reflected Cross-Site Scripting (XSS) in MODX Revolution High-Tech Bridge Security Research (Sep 17)
Reflected Cross-Site Scripting (XSS) in BlackCat CMS High-Tech Bridge Security Research (Sep 03)
Two SQL Injections in All In One WP Security WordPress plugin High-Tech Bridge Security Research (Sep 25)
Path Traversal in webEdition High-Tech Bridge Security Research (Sep 17)
jackie
Call for Participation: Semantic Web Business and Innovation (SWBI2015) * Switzerland jackie (Sep 11)
Jamie Riden
Re: SSH host key fingerprint - through HTTPS Jamie Riden (Sep 02)
Jeroen van der Ham
Re: [FD] SSH host key fingerprint - through HTTPS Jeroen van der Ham (Sep 02)
jesus . ramirez . pichardo
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) jesus . ramirez . pichardo (Sep 01)
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) jesus . ramirez . pichardo (Sep 01)
john
Re: [FD] SSH host key fingerprint - through HTTPS john (Sep 02)
john . fitzpatrick
Moab User Impersonation [CVE-2014-5375] john . fitzpatrick (Sep 29)
Moab Authentication Bypass (insecure message signing) [CVE-2014-5376] john . fitzpatrick (Sep 29)
Moab Authentication Bypass [CVE-2014-5300] john . fitzpatrick (Sep 29)
John Leo
SSH host key fingerprint - through HTTPS John Leo (Sep 01)
Re: [FD] SSH host key fingerprint - through HTTPS John Leo (Sep 02)
Re: [FD] SSH host key fingerprint - through HTTPS John Leo (Sep 02)
Strength and Weakness of Methods to Confirm SSH Host Key John Leo (Sep 22)
Re: SSH host key fingerprint - through HTTPS John Leo (Sep 02)
Re: [FD] SSH host key fingerprint - through HTTPS John Leo (Sep 02)
liezelle
CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia liezelle (Sep 01)
Luciano Bello
[SECURITY] [DSA 3021-1] file security update Luciano Bello (Sep 09)
[SECURITY] [DSA 3021-2] file regression update Luciano Bello (Sep 11)
Lukasz Biegaj
Re: SSH host key fingerprint - through HTTPS Lukasz Biegaj (Sep 02)
main
CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control main (Sep 25)
IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability main (Sep 09)
Major Malfunction
London DEFCON - September 30th 2014 Major Malfunction (Sep 30)
Mark Thomas
[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat Mark Thomas (Sep 10)
Martin Heiland
Open-Xchange Security Advisory 2014-09-15 Martin Heiland (Sep 15)
maxigas
Re: [FD] SSH host key fingerprint - through HTTPS maxigas (Sep 02)
Micha Borrmann
Re: SSH host key fingerprint - through HTTPS Micha Borrmann (Sep 01)
Michael Gilbert
[SECURITY] [DSA 3039-1] chromium-browser security update Michael Gilbert (Sep 29)
Michal Zalewski
Uninit memory disclosure via truncated images in Firefox Michal Zalewski (Sep 08)
ML
[WorldCIST'15]: Call for Workshops Proposals; Best papers published in ISI Journals ML (Sep 08)
WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies ML (Sep 29)
Moritz Muehlenhoff
[SECURITY] [DSA 3018-1] iceweasel security update Moritz Muehlenhoff (Sep 03)
[SECURITY] [DSA 3030-1] mantis security update Moritz Muehlenhoff (Sep 22)
[SECURITY] [DSA 3028-1] icedove security update Moritz Muehlenhoff (Sep 19)
[SECURITY] [DSA 3027-1] libav security update Moritz Muehlenhoff (Sep 19)
Onur Yilmaz
Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280 Onur Yilmaz (Sep 17)
Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308 Onur Yilmaz (Sep 17)
ozelisyan
Re: TP-LINK WDR4300 - Stored XSS & DoS ozelisyan (Sep 23)
TP-LINK WDR4300 - Stored XSS & DoS ozelisyan (Sep 22)
Pedro Ribeiro
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 Pedro Ribeiro (Sep 29)
Per Thorsheim
Passwords^14 Norway - CFP Per Thorsheim (Sep 15)
Raphael Geissert
[SECURITY] [DSA 3020-1] acpi-support security update Raphael Geissert (Sep 10)
Romano, Christian
Avolve Software ProjectDox Multiple Vulnerability Disclosure Romano, Christian (Sep 04)
sales
Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities sales (Sep 01)
Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities sales (Sep 10)
Salvatore Bonaccorso
[SECURITY] [DSA 3019-1] procmail security update Salvatore Bonaccorso (Sep 08)
[SECURITY] [DSA 3038-1] libvirt security update Salvatore Bonaccorso (Sep 29)
[SECURITY] [DSA 3025-2] apt regression update Salvatore Bonaccorso (Sep 19)
[SECURITY] [DSA 3025-1] apt security update Salvatore Bonaccorso (Sep 17)
[SECURITY] [DSA 3023-1] bind9 security update Salvatore Bonaccorso (Sep 12)
[SECURITY] [DSA 3031-1] apt security update Salvatore Bonaccorso (Sep 24)
[SECURITY] [DSA 3029-1] nginx security update Salvatore Bonaccorso (Sep 22)
[SECURITY] [DSA 3035-1] bash security update Salvatore Bonaccorso (Sep 26)
Securify B.V.
Glype proxy privacy settings can be disabled via CSRF Securify B.V. (Sep 23)
Glype proxy local address filter bypass Securify B.V. (Sep 23)
Glype proxy cookie jar path traversal allows code execution Securify B.V. (Sep 23)
security
[ MDVSA-2014:172 ] php security (Sep 03)
[ MDVSA-2014:191 ] perl-XML-DT security (Sep 30)
[ MDVSA-2014:165 ] krb5 security (Sep 02)
[ MDVSA-2014:171 ] dhcpcd security (Sep 02)
[ MDVSA-2014:162 ] catfish security (Sep 02)
[ MDVSA-2014:178 ] ppp security (Sep 08)
[ MDVSA-2014:161 ] subversion security (Sep 02)
[ MDVSA-2014:169 ] bugzilla security (Sep 02)
[ MDVSA-2014:160 ] gpgme security (Sep 02)
[ MDVSA-2014:186 ] bash security (Sep 25)
[ MDVSA-2014:184 ] net-snmp security (Sep 25)
[ MDVSA-2014:164 ] phpmyadmin security (Sep 02)
[ MDVSA-2014:175 ] glibc security (Sep 08)
[ MDVSA-2014:179 ] python-django security (Sep 08)
[ MDVSA-2014:168 ] libvncserver security (Sep 02)
[ MDVSA-2014:177 ] squid security (Sep 08)
[ MDVSA-2014:185 ] libgadu security (Sep 25)
[ MDVSA-2014:190 ] bash security (Sep 26)
[ MDVSA-2014:174 ] apache security (Sep 04)
[ MDVSA-2014:167 ] file security (Sep 02)
[ MDVSA-2014:166 ] serf security (Sep 02)
[ MDVSA-2014:183 ] phpmyadmin security (Sep 25)
[ MDVSA-2014:170 ] jakarta-commons-httpclient security (Sep 02)
[ MDVSA-2014:176 ] libgcrypt security (Sep 08)
[ MDVSA-2014:189 ] nss security (Sep 25)
[ MDVSA-2014:173 ] busybox security (Sep 03)
[ MDVSA-2014:187 ] curl security (Sep 25)
[ MDVSA-2014:163 ] python-imaging security (Sep 02)
[ MDVSA-2014:181 ] dump security (Sep 25)
[ MDVSA-2014:188 ] wireshark security (Sep 25)
[ MDVSA-2014:180 ] gnupg security (Sep 23)
[ MDVSA-2014:183 ] phpmyadmin security (Sep 25)
[ MDVSA-2014:182 ] zarafa security (Sep 25)
Security Alert
ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities Security Alert (Sep 16)
security-alert
[security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities security-alert (Sep 08)
[security bulletin] HPSBST03106 rev.1 - HP P2000 G3 MSA Array System running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Sep 09)
[security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code security-alert (Sep 10)
[security bulletin] HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information security-alert (Sep 25)
[security bulletin] HPSBMU03083 rev.2 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Sep 04)
[security bulletin] HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information security-alert (Sep 15)
[security bulletin] HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access security-alert (Sep 23)
[security bulletin] HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information security-alert (Sep 03)
Simon Waters
Re: TP-LINK WDR4300 - Stored XSS & DoS Simon Waters (Sep 23)
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2014-271-02) Slackware Security Team (Sep 30)
[slackware-security] seamonkey (SSA:2014-271-03) Slackware Security Team (Sep 30)
[slackware-security] bash (SSA:2014-272-01) Slackware Security Team (Sep 30)
[slackware-security] php (SSA:2014-247-01) Slackware Security Team (Sep 08)
[slackware-security] bash (SSA:2014-268-01) Slackware Security Team (Sep 26)
[slackware-security] mozilla-nss (SSA:2014-267-02) Slackware Security Team (Sep 25)
[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02) Slackware Security Team (Sep 26)
[slackware-security] mozilla-thunderbird (SSA:2014-247-03) Slackware Security Team (Sep 08)
[slackware-security] bash (SSA:2014-267-01) Slackware Security Team (Sep 25)
[slackware-security] mozilla-firefox (SSA:2014-271-01) Slackware Security Team (Sep 29)
[slackware-security] mozilla-firefox (SSA:2014-247-02) Slackware Security Team (Sep 08)
[slackware-security] seamonkey (SSA:2014-252-01) Slackware Security Team (Sep 10)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2] Stefan Kanthak (Sep 08)
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames Stefan Kanthak (Sep 02)
Steffen Bauch
Re: ntopng 1.2.0 XSS injection using monitored network traffic Steffen Bauch (Sep 03)
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser Steffen Bauch (Sep 24)
Thijs Kinkhorst
[SECURITY] [DSA 3017-1] php-cas security update Thijs Kinkhorst (Sep 02)
[SECURITY] [DSA 3036-1] mediawiki security update Thijs Kinkhorst (Sep 26)
[SECURITY] [DSA 3024-1] gnupg security update Thijs Kinkhorst (Sep 12)
Tomi Tuominen
t2’14 Challenge to be released 2014-09-13 10:00 EEST Tomi Tuominen (Sep 08)
VMware Security Response Center
NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability VMware Security Response Center (Sep 12)
NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries VMware Security Response Center (Sep 10)
VSR Advisories
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw VSR Advisories (Sep 19)
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw VSR Advisories (Sep 19)
vuln
Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC) vuln (Sep 17)
MIUI Torch Open Vulnerability vuln (Sep 17)
MIUI Wifi Connection Message Vulnerability vuln (Sep 17)
Vulnerability Lab
USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability Vulnerability Lab (Sep 17)
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability Vulnerability Lab (Sep 26)
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities Vulnerability Lab (Sep 26)
Oracle Corporation MyOracle - Persistent Vulnerability Vulnerability Lab (Sep 26)
Avira License Application - Cross Site Request Forgery Vulnerability Vulnerability Lab (Sep 01)
ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability Vulnerability Lab (Sep 11)
Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability Vulnerability Lab (Sep 02)
WWW File Share Pro v7.0 - Denial of Service Vulnerability Vulnerability Lab (Sep 01)
Photorange v1.0 iOS - File Include Web Vulnerability Vulnerability Lab (Sep 11)
Oracle Corporation MyOracle - Persistent Vulnerability Vulnerability Lab (Sep 19)
SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability Vulnerability Lab (Sep 26)
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability Vulnerability Lab (Sep 26)
PhotoSync v2.2 iOS - Command Inject Web Vulnerability Vulnerability Lab (Sep 11)
Briefcase 4.0 iOS - Code Execution & File Include Vulnerability Vulnerability Lab (Sep 15)
Yves-Alexis Perez
[SECURITY] [DSA 3037-1] icedove security update Yves-Alexis Perez (Sep 29)
[SECURITY] [DSA 3034-1] iceweasel security update Yves-Alexis Perez (Sep 25)
[SECURITY] [DSA 3022-1] curl security update Yves-Alexis Perez (Sep 11)
[SECURITY] [DSA 3033-1] nss security update Yves-Alexis Perez (Sep 25)