Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
192 messages
starting Sep 01 14 and
ending Sep 30 14
Date index |
Thread index |
Author index
Monday, 01 September
Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities sales
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) jesus . ramirez . pichardo
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) jesus . ramirez . pichardo
[SECURITY] [DSA 2987-2] openjdk-7 regression update Florian Weimer
SSH host key fingerprint - through HTTPS John Leo
CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia liezelle
Re: SSH host key fingerprint - through HTTPS Micha Borrmann
Avira License Application - Cross Site Request Forgery Vulnerability Vulnerability Lab
Re: SSH host key fingerprint - through HTTPS Chris Nehren
WWW File Share Pro v7.0 - Denial of Service Vulnerability Vulnerability Lab
Tuesday, 02 September
Re: [FD] SSH host key fingerprint - through HTTPS maxigas
[SECURITY] [DSA 3016-1] lua5.2 security update Florian Weimer
[SECURITY] [DSA 3015-1] lua5.1 security update Florian Weimer
Re: [FD] SSH host key fingerprint - through HTTPS Jeroen van der Ham
Re: [FD] SSH host key fingerprint - through HTTPS john
Re: SSH host key fingerprint - through HTTPS Lukasz Biegaj
Re: SSH host key fingerprint - through HTTPS Jamie Riden
Re: [FD] SSH host key fingerprint - through HTTPS John Leo
Re: [FD] SSH host key fingerprint - through HTTPS John Leo
Re: SSH host key fingerprint - through HTTPS John Leo
Re: [FD] SSH host key fingerprint - through HTTPS John Leo
[ MDVSA-2014:160 ] gpgme security
[ MDVSA-2014:161 ] subversion security
[ MDVSA-2014:162 ] catfish security
[ MDVSA-2014:164 ] phpmyadmin security
[ MDVSA-2014:163 ] python-imaging security
[ MDVSA-2014:165 ] krb5 security
[ MDVSA-2014:166 ] serf security
[ MDVSA-2014:167 ] file security
[ MDVSA-2014:168 ] libvncserver security
[ MDVSA-2014:169 ] bugzilla security
[ MDVSA-2014:170 ] jakarta-commons-httpclient security
[ MDVSA-2014:171 ] dhcpcd security
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames Stefan Kanthak
Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability Vulnerability Lab
[SECURITY] [DSA 3017-1] php-cas security update Thijs Kinkhorst
Wednesday, 03 September
[security bulletin] HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information security-alert
[CORE-2014-0005] - Advantech WebAccess Vulnerabilities CORE Advisories Team
Re: ntopng 1.2.0 XSS injection using monitored network traffic Steffen Bauch
[ MDVSA-2014:173 ] busybox security
[ MDVSA-2014:172 ] php security
[SECURITY] [DSA 3018-1] iceweasel security update Moritz Muehlenhoff
Reflected Cross-Site Scripting (XSS) in BlackCat CMS High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in MyWebSQL High-Tech Bridge Security Research
Thursday, 04 September
[security bulletin] HPSBMU03083 rev.2 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert
Avolve Software ProjectDox Multiple Vulnerability Disclosure Romano, Christian
[ MDVSA-2014:174 ] apache security
Monday, 08 September
Uninit memory disclosure via truncated images in Firefox Michal Zalewski
[SECURITY] [DSA 3019-1] procmail security update Salvatore Bonaccorso
[ MDVSA-2014:175 ] glibc security
[WorldCIST'15]: Call for Workshops Proposals; Best papers published in ISI Journals ML
apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error Elar Lang
[ MDVSA-2014:176 ] libgcrypt security
[ MDVSA-2014:177 ] squid security
[ MDVSA-2014:178 ] ppp security
[ MDVSA-2014:179 ] python-django security
[slackware-security] mozilla-firefox (SSA:2014-247-02) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2014-247-03) Slackware Security Team
[slackware-security] php (SSA:2014-247-01) Slackware Security Team
[security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities security-alert
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2] Stefan Kanthak
t2’14 Challenge to be released 2014-09-13 10:00 EEST Tomi Tuominen
CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler" Christian Schneider
CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler" Christian Schneider
CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler" Christian Schneider
Tuesday, 09 September
[security bulletin] HPSBST03106 rev.1 - HP P2000 G3 MSA Array System running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert
IBM WebSphere Application Server (WAS) Integrated Solutions Console Login Page username Parameter Reflected XSS Security Vulnerability main
Cisco Security Advisory: Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
FreeBSD Security Advisory FreeBSD-SA-14:18.openssl FreeBSD Security Advisories
[SECURITY] [DSA 3021-1] file security update Luciano Bello
Wednesday, 10 September
Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities sales
NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries VMware Security Response Center
[security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code security-alert
[slackware-security] seamonkey (SSA:2014-252-01) Slackware Security Team
[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat Mark Thomas
[SECURITY] [DSA 3020-1] acpi-support security update Raphael Geissert
Thursday, 11 September
[SECURITY] [DSA 3022-1] curl security update Yves-Alexis Perez
[SECURITY] [DSA 3021-2] file regression update Luciano Bello
PhotoSync v2.2 iOS - Command Inject Web Vulnerability Vulnerability Lab
Photorange v1.0 iOS - File Include Web Vulnerability Vulnerability Lab
ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability Vulnerability Lab
Call for Participation: Semantic Web Business and Innovation (SWBI2015) * Switzerland jackie
Friday, 12 September
NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability VMware Security Response Center
[SECURITY] [DSA 3023-1] bind9 security update Salvatore Bonaccorso
[SECURITY] [DSA 3024-1] gnupg security update Thijs Kinkhorst
HttpFileServer 2.3.x Remote Command Execution danielelinguaglossa
Monday, 15 September
[security bulletin] HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information security-alert
Re: HttpFileServer 2.3.x Remote Command Execution danielelinguaglossa
Multiple Vulnerabilities with Aztech Modem Routers Federick Joe P Fajardo
Open-Xchange Security Advisory 2014-09-15 Martin Heiland
Passwords^14 Norway - CFP Per Thorsheim
Briefcase 4.0 iOS - Code Execution & File Include Vulnerability Vulnerability Lab
Tuesday, 16 September
ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities Security Alert
Wednesday, 17 September
FreeBSD Security Advisory FreeBSD-SA-14:19.tcp FreeBSD Security Advisories
Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308 Onur Yilmaz
Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280 Onur Yilmaz
USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability Vulnerability Lab
[SECURITY] [DSA 3025-1] apt security update Salvatore Bonaccorso
[SECURITY] [DSA 3026-1] dbus security update Florian Weimer
[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow CORE Advisories Team
Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC) vuln
MIUI Wifi Connection Message Vulnerability vuln
MIUI Torch Open Vulnerability vuln
Path Traversal in webEdition High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in MODX Revolution High-Tech Bridge Security Research
APPLE-SA-2014-09-17-1 iOS 8 Apple Product Security
APPLE-SA-2014-09-17-2 Apple TV 7 Apple Product Security
Friday, 19 September
[SECURITY] [DSA 3027-1] libav security update Moritz Muehlenhoff
[SECURITY] [DSA 3028-1] icedove security update Moritz Muehlenhoff
CVE ID Syntax Change - Deadline Approaching Christey, Steven M.
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1 Apple Product Security
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 Apple Product Security
APPLE-SA-2014-09-17-5 OS X Server 3.2.1 Apple Product Security
APPLE-SA-2014-09-17-6 OS X Server 2.2.3 Apple Product Security
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw VSR Advisories
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw VSR Advisories
Oracle Corporation MyOracle - Persistent Vulnerability Vulnerability Lab
APPLE-SA-2014-09-17-7 Xcode 6.0.1 Apple Product Security
CVE ID Syntax Change - Deadline Approaching Christey, Steven M.
AST-2014-009: Remote crash based on malformed SIP subscription requests Asterisk Security Team
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations Asterisk Security Team
[SECURITY] [DSA 3025-2] apt regression update Salvatore Bonaccorso
Re: Multiple Vulnerabilities with Aztech Modem Routers Federick Joe P Fajardo
Monday, 22 September
[SECURITY] [DSA 3029-1] nginx security update Salvatore Bonaccorso
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product Christian Schneider
[SECURITY] [DSA 3030-1] mantis security update Moritz Muehlenhoff
TP-LINK WDR4300 - Stored XSS & DoS ozelisyan
Strength and Weakness of Methods to Confirm SSH Host Key John Leo
Tuesday, 23 September
Re: TP-LINK WDR4300 - Stored XSS & DoS ozelisyan
[ MDVSA-2014:180 ] gnupg security
Re: TP-LINK WDR4300 - Stored XSS & DoS Simon Waters
Glype proxy cookie jar path traversal allows code execution Securify B.V.
Glype proxy privacy settings can be disabled via CSRF Securify B.V.
[security bulletin] HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access security-alert
Glype proxy local address filter bypass Securify B.V.
Wednesday, 24 September
[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability Egidio Romano
[KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability Egidio Romano
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser Steffen Bauch
[SECURITY] [DSA 3031-1] apt security update Salvatore Bonaccorso
Thursday, 25 September
Two SQL Injections in All In One WP Security WordPress plugin High-Tech Bridge Security Research
[SECURITY] [DSA 3032-1] bash security update Florian Weimer
[ MDVSA-2014:183 ] phpmyadmin security
[ MDVSA-2014:185 ] libgadu security
[ MDVSA-2014:181 ] dump security
[ MDVSA-2014:182 ] zarafa security
[ MDVSA-2014:183 ] phpmyadmin security
[ MDVSA-2014:184 ] net-snmp security
Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
[ MDVSA-2014:186 ] bash security
Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key Gunnar Wolf
[security bulletin] HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information security-alert
[SECURITY] [DSA 3033-1] nss security update Yves-Alexis Perez
CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control main
[SECURITY] [DSA 3034-1] iceweasel security update Yves-Alexis Perez
[ MDVSA-2014:188 ] wireshark security
[ MDVSA-2014:187 ] curl security
[ MDVSA-2014:189 ] nss security
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow advisories
[slackware-security] mozilla-nss (SSA:2014-267-02) Slackware Security Team
[slackware-security] bash (SSA:2014-267-01) Slackware Security Team
[oCERT-2014-007] libvncserver multiple issues Andrea Barisani
Friday, 26 September
[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02) Slackware Security Team
Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3035-1] bash security update Salvatore Bonaccorso
[SECURITY] [DSA 3036-1] mediawiki security update Thijs Kinkhorst
[slackware-security] bash (SSA:2014-268-01) Slackware Security Team
[ MDVSA-2014:190 ] bash security
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability Vulnerability Lab
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities Vulnerability Lab
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability Vulnerability Lab
Oracle Corporation MyOracle - Persistent Vulnerability Vulnerability Lab
SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability Vulnerability Lab
Monday, 29 September
[SECURITY] [DSA 3037-1] icedove security update Yves-Alexis Perez
WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies ML
Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon Aditya Gupta
[SECURITY] [DSA 3038-1] libvirt security update Salvatore Bonaccorso
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 Pedro Ribeiro
[SECURITY] [DSA 3039-1] chromium-browser security update Michael Gilbert
[slackware-security] mozilla-firefox (SSA:2014-271-01) Slackware Security Team
Moab Authentication Bypass [CVE-2014-5300] john . fitzpatrick
Moab User Impersonation [CVE-2014-5375] john . fitzpatrick
Moab Authentication Bypass (insecure message signing) [CVE-2014-5376] john . fitzpatrick
Tuesday, 30 September
[ MDVSA-2014:191 ] perl-XML-DT security
[slackware-security] mozilla-thunderbird (SSA:2014-271-02) Slackware Security Team
[slackware-security] seamonkey (SSA:2014-271-03) Slackware Security Team
[slackware-security] bash (SSA:2014-272-01) Slackware Security Team
London DEFCON - September 30th 2014 Major Malfunction