Home page logo
/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014113155187198159176158145192201
2013132157159192130126202208149164147150
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565) matthias . deeg (Oct 31)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Advisory ID: SYSS-2014-008
Product(s): McAfee Endpoint Encryption for Files and Folders (EEFF)
McAfee File and Removable Media Protection (FRP)
Vendor: McAfee, Inc.
Affected Version(s): EEFF 3.2.x, 4.0.x, 4.1.x, 4.2.x; FRP 4.3.0.x
Tested Version(s): 4.2.0.164
Vulnerability Type: Insufficient Entropy (CWE-331)
Use of a One-Way Hash...

[security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack security-alert (Oct 31)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04492722

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04492722
Version: 1

HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack

NOTICE: The information in this Security Bulletin should be acted upon...

[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS) security-alert (Oct 31)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04483249

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04483249
Version: 1

HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized
Access, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...

Call for Papers - WorldCIST'15 - Azores, Deadline: November 23 ML (Oct 30)
------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...

[slackware-security] wget (SSA:2014-302-01) Slackware Security Team (Oct 30)
[slackware-security] wget (SSA:2014-302-01)

New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/wget-1.14-i486-3_slack14.1.txz: Rebuilt.
This update fixes a symlink vulnerability that could allow an attacker
to write outside of the expected directory.
For more information,...

[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS) security-alert (Oct 30)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 2

HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...

[SECURITY] [DSA 3059-1] dokuwiki security update Moritz Muehlenhoff (Oct 30)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3059-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 29, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dokuwiki
CVE ID : CVE-2014-8761 CVE-2014-8762...

CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare research (Oct 29)
Nuevolabs Nuevoplayer for clipshare SQL Injection
=======================================================================

:: ADVISORY SUMMARY ::
Title: Nuevolabs Nuevoplayer for clipshare Sql Injection
Vendor: NUEVOLABS (www.nuevolabs.com)
Product: NUEVOPLAYER for clipshare
Credits: Cory Marsh - protectlogic.com
Discovery: 2014-10-10
Release: 2014-10-28

Nueovplayer is a popular flash video player with integration into multiple...

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20141029-1 >
=======================================================================
title: Persistent cross site scripting
product: Confluence RefinedWiki Original Theme
vulnerable version: 3.x - 4.0.x
fixed version: 4.0.12
impact: high
homepage: http://www.refinedwiki.com/
found: 2014-08-07
by: Manuel...

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20141029-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Vizensoft Admin Panel
vulnerable version: 2014
fixed version: -
impact: critical
homepage: http://www.vizensoft.com
found: 2014-07-10
by: A. Antukh, A. Baranov...

Multiple vulnerabilities in EspoCRM High-Tech Bridge Security Research (Oct 29)
Advisory ID: HTB23238
Product: EspoCRM
Vendor: http://www.espocrm.com
Vulnerable Version(s): 2.5.2 and probably prior
Tested Version: 2.5.2
Advisory Publication: October 8, 2014 [without technical details]
Vendor Notification: October 8, 2014
Vendor Patch: October 10, 2014
Public Disclosure: October 29, 2014
Vulnerability Type: PHP File Inclusion [CWE-98], Improper Access Control [CWE-284], Cross-Site Scripting [CWE-79]
CVE References:...

[ MDVSA-2014:212 ] wget security (Oct 29)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:212
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wget
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...

[ MDVSA-2014:211 ] wpa_supplicant security (Oct 29)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:211
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wpa_supplicant
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...

[security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS) security-alert (Oct 29)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 1

HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...

[SECURITY] [DSA 3050-2] xulrunner update Moritz Muehlenhoff (Oct 29)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3050-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1574 CVE-2014-1576...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]