Home page logo
/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201411315518719815917615814519213
2013132157159192130126202208149164147150
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

[SECURITY] [DSA 3041-1] xen security update Moritz Muehlenhoff (Oct 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3041-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 01, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2013-2072 CVE-2014-7154...

Reflected Cross-Site Scripting (XSS) in Textpattern High-Tech Bridge Security Research (Oct 01)
Advisory ID: HTB23223
Product: Textpattern
Vendor: http://textpattern.com/
Vulnerable Version(s): 4.5.5 and probably prior
Tested Version: 4.5.5
Advisory Publication: July 9, 2014 [without technical details]
Vendor Notification: July 9, 2014
Vendor Patch: September 20, 2014
Public Disclosure: October 1, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-4737
Risk Level: Medium
CVSSv2 Base Score: 4.3...

Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin High-Tech Bridge Security Research (Oct 01)
Advisory ID: HTB23232
Product: Photo Gallery WordPress plugin
Vendor: http://web-dorado.com/
Vulnerable Version(s): 1.1.30 and probably prior
Tested Version: 1.1.30
Advisory Publication: September 10, 2014 [without technical details]
Vendor Notification: September 10, 2014
Vendor Patch: September 10, 2014
Public Disclosure: October 1, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6315
Risk Level: Low
CVSSv2...

FreePBX (All Versions) RCE rob . thomas (Oct 01)
We would like to announce that a significant security vulnerability has been discovered in all current versions of
FreePBX.

A CVE has been requested from Mitre, but has yet to be provided.

Further details as they come to hand will be available from
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions/24536 which should be treated as the
authoritative source of information. The CVE, when provided, will be linked from...

NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities VMware Security Response Center (Oct 01)
VMware Security Advisory

Advisory ID: VMSA-2014-0010
Synopsis: VMware product updates address critical Bash
security vulnerabilities
Issue date: 2014-09-30
Updated on: 2014-09-30 (Initial Advisory)
CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186,
CVE-2014-7187
------------------------------------------------------------------------

1. Summary

VMware product updates address Bash security...

[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution security-alert (Oct 01)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468293

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468293
Version: 1

HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code
Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-09-30
Last...

[SECURITY] [DSA 3040-1] rsyslog security update Luciano Bello (Oct 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3040-1 security () debian org
http://www.debian.org/security/
September 30, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rsyslog
CVE ID : CVE-2014-3634

Rainer Gerhards,...

[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution security-alert (Oct 01)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04467807

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04467807
Version: 1

HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System
(vCAS) running Bash Shell, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...

[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities security-alert (Oct 01)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04463322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04463322
Version: 1

HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows,
Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

[security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation security-alert (Oct 01)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04048122

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04048122
Version: 1

HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution
of Arbitrary Code with Privilege Elevation

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability Vulnerability Lab (Oct 01)
Document Title:
===============
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325

Release Date:
=============
2014-09-29

Vulnerability Laboratory ID (VL-ID):
====================================
1327

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability Vulnerability Lab (Oct 01)
Document Title:
===============
PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=870

PayPal Security UID: Roc83bl

Release Date:
=============
2014-09-24

Vulnerability Laboratory ID (VL-ID):
====================================
870

Common Vulnerability Scoring System:
====================================
3.5

Product & Service...

PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability Vulnerability Lab (Oct 01)
Document Title:
===============
PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=844

PayPal Security UID: CabdfGa

Release Date:
=============
2014-09-23

Vulnerability Laboratory ID (VL-ID):
====================================
844

Common Vulnerability Scoring System:
====================================
3.5

Product & Service...

London DEFCON - September 30th 2014 Major Malfunction (Sep 30)
Yes, that's tonight!

Apologies for the late notice - I've been travelling. A lot.

In the meantime, The Phoenix finished their refurb and is back up and
running, and looking pretty swanky, so I'm looking forward to seeing
what's new... Let's hope they haven't changed the beer! :)

We don't have any specific talks scheduled for this month, but as
always, if you've got something interesting you want to...

[slackware-security] bash (SSA:2014-272-01) Slackware Security Team (Sep 30)
[slackware-security] bash (SSA:2014-272-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bash-4.2.050-i486-1_slack14.1.txz: Upgraded.
Another bash update. Here's some information included with the patch:
"This patch changes the encoding bash uses for...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault