Home page logo
/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014113155187198159176125
2013132157159192130126202208149164147150
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab (Jul 25)
Document Title:
===============
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1065

Barracuda Networks Security ID (BNSEC): BNSEC-2067
https://www.barracuda.com/support/knowledgebase/501600000013oia

Video: http://www.vulnerability-lab.com/get_content.php?id=1208

View Video:...

Easy file sharing web server - persist XSS in forum msgs joseph . giron13 (Jul 25)
I saw a posting a month or 2 ago for a BOF in an FTP server belonging to EFS Software here:
http://www.securityfocus.com/bid/19243
At first there was no additional details provided and I hunted up and down before finding it after some fuzzing (stack
smash in password).

While on the hunt, I found one not listed.

Easy file sharing web server - XSS in forum messages.

Its persistent XSS. Don't see that much these days. The BB code (which...

[SECURITY] [DSA 2989-1] apache2 security update Stefan Fritsch (Jul 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2989-1 security () debian org
http://www.debian.org/security/ Stefan Fritsch
July 24, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2014-0118 CVE-2014-0226...

Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 dkl (Jul 25)
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* An attacker can get access to some bug information using
the victim's credentials using a specially crafted HTML page.

All affected installations are encouraged to upgrade as soon as
possible.

Vulnerability Details
=====================

Class: Cross Site Request...

[SECURITY] [DSA 2988-1] transmission security update Moritz Muehlenhoff (Jul 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2988-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 24, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : transmission
CVE ID : CVE-2014-4909

Ben Hawkes...

[slackware-security] mozilla-thunderbird (SSA:2014-204-03) Slackware Security Team (Jul 24)
[slackware-security] mozilla-thunderbird (SSA:2014-204-03)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398 Vulnerability Lab (Jul 24)
Document Title:
===============
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1102

Barracuda Networks Security ID (BNSEC): BNSEC-2398
https://www.barracuda.com/support/knowledgebase/501600000013m1P

Video: http://www.vulnerability-lab.com/get_content.php?id=1210

Vulnerability Magazine:...

[slackware-security] mozilla-firefox (SSA:2014-204-02) Slackware Security Team (Jul 24)
[slackware-security] mozilla-firefox (SSA:2014-204-02)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] httpd (SSA:2014-204-01) Slackware Security Team (Jul 24)
[slackware-security] httpd (SSA:2014-204-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.10-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection...

[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities security-alert (Jul 24)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04379485

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04379485
Version: 1

HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows
running OpenSSL, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

[SECURITY] [DSA 2987-1] openjdk-7 security update Moritz Muehlenhoff (Jul 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2987-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2014-2483 CVE-2014-2490...

[SECURITY] [DSA 2986-1] iceweasel security update Moritz Muehlenhoff (Jul 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2986-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1544 CVE-2014-1547...

Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak (Jul 24)
Hi @ll,

the import function of Windows Mail executes a rogue program C:\Program.exe
with the credentials of another account, resulting in a privilege escalation!

1. Fetch <http://home.arcor.de/skanthak/download/SENTINEL.EXE> and save it as
C:\Program.exe

2. Start Windows Mail (part of Windows Vista and Windows Server 2008)

3. On the File menu, click Identities

4. On the entry page of the wizard click [ Continue > ]

5. Select...

[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information security-alert (Jul 24)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04378799

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04378799
Version: 1

HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows
running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized
Access, Disclosure of Information

NOTICE: The...

[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information security-alert (Jul 23)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04374202

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04374202
Version: 1

HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code,
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]