Home page logo
/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014113155187136
2013132157159192130126202208149164147150
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

APPLE-SA-2014-04-22-2 iOS 7.1.1 Apple Product Security (Apr 22)
APPLE-SA-2014-04-22-2 iOS 7.1.1

iOS 7.1.1 is now available and addresses the following:

CFNetwork HTTPProtocol
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security...

APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple Product Security (Apr 22)
APPLE-SA-2014-04-22-3 Apple TV 6.1.1

Apple TV 6.1.1 is now available and addresses the following:

Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the...

APPLE-SA-2014-04-22-1 Security Update 2014-002 Apple Product Security (Apr 22)
APPLE-SA-2014-04-22-1 Security Update 2014-002

Security Update 2014-002 is now available and addresses the
following:

CFNetwork HTTPProtocol
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line...

[SECURITY] [DSA 2911-1] icedove security update Moritz Muehlenhoff (Apr 22)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2911-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 22, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1493 CVE-2014-1497...

[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information security-alert (Apr 22)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260505

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260505
Version: 1

HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

[security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information security-alert (Apr 22)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260456

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260456
Version: 1

HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-21...

[security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information security-alert (Apr 22)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260353

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260353
Version: 1

HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...

[slackware-security] php (SSA:2014-111-02) Slackware Security Team (Apr 22)
[slackware-security] php (SSA:2014-111-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.27-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue in the in the awk script detector
which allows context-dependent attackers to cause a denial of service
(CPU consumption)...

[slackware-security] libyaml (SSA:2014-111-01) Slackware Security Team (Apr 22)
[slackware-security] libyaml (SSA:2014-111-01)

New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libyaml-0.1.6-i486-1_slack14.1.txz: Upgraded.
This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
where a specially crafted string could cause a heap overflow...

[SECURITY] [DSA 2901-3] wordpress regression update Salvatore Bonaccorso (Apr 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2901-3 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166...

[SECURITY] [DSA 2895-2] prosody regression update Luciano Bello (Apr 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2895-2 security () debian org
http://www.debian.org/security/ Luciano Bello
April 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody
CVE ID : CVE-2014-2744 CVE-2014-2745
Debian...

Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl craig . arendt (Apr 21)
Product description:
============
MODX (originally MODx) is a free, open source content management system and web application framework for publishing
content on the world wide web and intranets.
============

MODX Revolution Blind SQL Injection (CVE-2014-2736)
============
The application is vulnerable to blind SQL injection which is exploitable through the session ID supplied by the user.
This issue is exploitable without authentication....

Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2 craig . arendt (Apr 21)
Product description:
============
KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and
records.
============

KnowledgeTree Blind SQL Injection (CVE-2014-2737)
============

The application is vulnerable to blind SQL injection which is exploitable through
/webservice/clienttools/services/mdownload.php. This issue is exploitable without authentication.

Details:...

[security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information security-alert (Apr 21)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236062

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236062
Version: 2

HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running
OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...

[SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability Brett Porter (Apr 21)
CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Archiva 1.3 to Continuum 1.3.6
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into
the Archiva home page.

Mitigation:
All users are recommended to...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]