Home page logo
/

208 messages starting Aug 01 13 and ending Aug 30 13
Date index | Thread index | Author index

Thursday, 01 August

Open-Xchange Security Advisory 2013-07-31 Martin Braun
SQL Injection in Cotonti advisory
CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras CORE Advisories Team
[security bulletin] HPSBMU02902 rev.1 - HP Integrated Lights-Out iLO3, iLO4 IPMI Cipher Suite 0 Authentication Bypass Vulnerability security-alert
Multiple XSS Vulnerabilities in Jahia xCM advisory
Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
[KIS-2013-05] vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities Egidio Romano
[KIS-2013-07] vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability Egidio Romano
[KIS-2013-08] vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability Egidio Romano
Cisco Security Advisory: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Cisco Systems Product Security Incident Response Team
Update: Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials krlovett
[KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities Egidio Romano

Friday, 02 August

SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598) Rustein, Fara Denise \(LATCO - Buenos Aires\)
Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products Cisco Systems Product Security Incident Response Team
[ MDVSA-2013:205 ] gnupg security
[security bulletin] HPSBUX02907 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
Multiple vulnerabilities on D-Link DIR-645 devices roberto
[security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert

Monday, 05 August

[SECURITY] [DSA 2733-1] otrs2 security update Salvatore Bonaccorso
[SECURITY] [DSA 2732-1] chromium-browser security update Michael Gilbert
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01) Slackware Security Team
withU Music Share v1.3.7 iOS - Command Inject Vulnerability Vulnerability Lab
FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Rgpg 0.2.2 Ruby Gem Remote Command Injection larry0
SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness SEC Consult Vulnerability Lab
PuTTY SSH handshake heap overflow Gergely Eberhardt
Joomla core <= 3.1.5 reflected XSS vulnerability Emilio Pinna
HP LaserJet Pro printers remote admin password extraction michal . sajdak
[ MDVSA-2013:206 ] owncloud security
Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities Matias Fontanini
Joomseller "Events Booking Pro" and "JSE Event" reflected XSS samelat
Huawei B153 3G/UMTS router WPS weakness roberto . paleari
Re: Joomla core <= 3.1.5 reflected XSS vulnerability no

Tuesday, 06 August

[SECURITY] [DSA 2734-1] wireshark security update Moritz Muehlenhoff
Usernoise 3.7.8 WP plugin cross-site scripting vulnerability roguecoder
SocialEngine 4.5 TimeLine 4.2.5p9 upload file "PHP" in the Cover Image Wesley Henrique
Re: Joomla core <= 3.1.5 reflected XSS vulnerability michael . babker
[slackware-security] samba (SSA:2013-218-03) Slackware Security Team
[slackware-security] httpd (SSA:2013-218-02) Slackware Security Team
[slackware-security] bind (SSA:2013-218-01) Slackware Security Team
[ MDVSA-2013:207 ] samba security
[ MDVSA-2013:208 ] libtiff security
[ MDVSA-2013:209 ] subversion security
[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity Chip Childers
Re: XSS vulnerability in guestbook-php-script yjtdgs

Wednesday, 07 August

Attacking Google Accounts with 'weblogin:' Tokens Craig Young
Microsoft Yammer Social Network - oAuth Bypass (Session Token) Vulnerability Vulnerability Lab
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight! Stefan Kanthak
Multiple Vulnerabilities in BigTree CMS advisory
[ MDVSA-2013:210 ] firefox security
[SECURITY] [DSA 2735-1] iceweasel security update Moritz Muehlenhoff
Apache suEXEC privilege elevation / information disclosure king cope
Trustport Webfilter Remote File Access Vulnerability oliver
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure king cope
Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team
CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities CORE Advisories Team
Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity Chip Childers
PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities Matias Fontanini

Thursday, 08 August

Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal Erik Hjelmvik
HP Data Protector Arbitrary Remote Command Execution alessandro . dipinto
[slackware-security] mozilla-firefox (SSA:2013-219-01) Slackware Security Team
[slackware-security] seamonkey (SSA:2013-219-03) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-219-02) Slackware Security Team
Re: Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Hv5hA5ms
Joomla! redSHOP component v1.2 SQL Injection Matias Fontanini
[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service security-alert
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy Stefan Kanthak

Friday, 09 August

[RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities roguecoder
ReviewBoard Vulnerabilities Craig Young
Re: Apache suEXEC privilege elevation / information disclosure Kingcope
Re: Apache suEXEC privilege elevation / information disclosure Kingcope
RE: [Full-disclosure] Apache suEXEC privilege elevation / Dico Emil
Re: Apache suEXEC privilege elevation / information disclosure Reindl Harald

Saturday, 10 August

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Gichuki John Chuksjonia
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jeffrey Walton
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald

Sunday, 11 August

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Tobias Kreidl
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure terry white
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Ansgar Wiechers
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Michal Zalewski
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Tobias Kreidl

Monday, 12 August

[SECURITY] [DSA 2736-1] putty security update Salvatore Bonaccorso
[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing bugtraq
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
[ MDVSA-2013:211 ] lcms2 security
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Coderaptor
[SECURITY] [DSA 2737-1] swift security update Thijs Kinkhorst
RE: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Peter Gregory
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure George Machitidze
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jeffrey Walton

Tuesday, 13 August

CakePHP AssetDispatcher Local File Inclusion Vulnerability 検査検査
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Brandon M. Graves
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor
Struts2 Prefixed Parameters OGNL Injection Vulnerability 検査検査
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor
Struts2 Prefixed Parameters Open Redirect Vulnerability 検査検査
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Marco Floris
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure terry white
[ MDVSA-2013:212 ] otrs security
[ MDVSA-2013:213 ] xymon security
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure James Birk
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Matthew Caron
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Chris Meisinger
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Mike Ely
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jorge Dorantes

Wednesday, 14 August

[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow bugtraq
Subverting BIND's SRTT Algorithm: Derandomizing NS Selection Roee Hay

Thursday, 15 August

[security bulletin] HPSBMU02915 rev.1 - HP Service Manager, Remote Unauthenticated Access and Elevation of Privilege security-alert
CFP: WorldCIST'14 - World Conference on IST; Best papers published in JCR/ISI Journals WorldCIST

Friday, 16 August

Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access kyle Lovett
Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities Vulnerability Lab
Open-Xchange Security Advisory 2013-08-16 Martin Braun

Monday, 19 August

MS Excel 2002/2003 CRN record 0day PoC geinblues
x90c WOFF Firefox 1day exploit geinblues
Defense in depth -- the Microsoft way (part 7): executable files in data directories Stefan Kanthak
[SECURITY] [DSA 2738-1] ruby1.9.1 security update Thijs Kinkhorst
Multiple vulnerabilities on Sitecom N300/N600 devices roberto . paleari

Tuesday, 20 August

[security bulletin] HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability security-alert
[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow bugtraq
ESA-2013-047: RSA® Authentication Agent for PAM Unlimite d Login Attempts Vulnerability Security Alert
Samsung DVR authentication bypass Andrea Fabrizi
[security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert

Wednesday, 21 August

Path Traversal in DeWeS Web Server (Twilight CMS) High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in BackWPup WordPress Plugin High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Twilight CMS High-Tech Bridge Security Research
CVE-2013-4124 samba nttrans dos private exploit geinblues
[ MDVSA-2013:214 ] python security
Netgear ProSafe switches: Unauthenticated startup-config disclosure and Denial of Service post
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Windows Embedded POSReady 2009: cruft, not craft Stefan Kanthak
[security bulletin] HPSBGN02905 rev.2 - HP LoadRunner, HP Business Process Monitor, Remote Code Execution and Denial of Service (DoS) security-alert
[SECURITY] [DSA 2739-1] cacti security update Moritz Muehlenhoff

Thursday, 22 August

FreeBSD Security Advisory FreeBSD-SA-13:10.sctp FreeBSD Security Advisories
[slackware-security] poppler (SSA:2013-233-03) Slackware Security Team
[slackware-security] hplip (SSA:2013-233-01) Slackware Security Team
[slackware-security] xpdf (SSA:2013-233-02) Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast FreeBSD Security Advisories
[ MDVSA-2013:215 ] cacti security
CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework Pivotal Security Team
Joomla! VirtueMart component <= 2.0.22a - SQL Injection Matias Fontanini
[security bulletin] HPSBST02897 rev.1 - HP StoreOnce D2D Backup System, Remote Denial of Service (DoS) security-alert

Friday, 23 August

CVE-2013-4124 samba dos exploit geinblues
NEW VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability VMware Security Team
[ MDVSA-2013:217 ] spice security
[ MDVSA-2013:216 ] perl-Proc-ProcessTable security
[ MDVSA-2013:218 ] python-django security
[ MDVSA-2013:219 ] libtiff security
Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities iedb . team
PayPal Bug Bounty #110 - Auth Bypass (Session) Vulnerability Vulnerability Lab
[SECURITY] [DSA 2740-1] python-django security update Salvatore Bonaccorso

Monday, 26 August

libtiff <= 3.9.5 integer overflow bug geinblues
Wordpress post-gallery Plugin Xss vulnerabilities iedb . team
Defense in depth -- the Microsoft way (part 8): execute everywhere! Stefan Kanthak
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! Jeffrey Walton
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! Stefan Kanthak
[SECURITY] [DSA 2741-1] chromium-browser security update Michael Gilbert
DC4420 - London DEFCON - August Meet - Tuesday 27th August 2013 Major Malfunction
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! James Lay
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! James Lay
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 8): execute everywhere! Heavenly Avenger
[SECURITY] [DSA 2742-1] php5 security update Florian Weimer

Tuesday, 27 August

[SECURITY] [DSA 2743-1] kfreebsd-9 security update Aurelien Jarno
POC2013 Call for Paper pocadm
[ MDVSA-2013:220 ] lcms security
[ MDVSA-2013:221 ] php security
[SECURITY] [DSA 2744-1] tiff security update Moritz Muehlenhoff
[ MDVSA-2013:222 ] puppet security

Wednesday, 28 August

IBM Lotus iNotes 8.5.x cross-site scripting vulnerabilities danielthomson72
AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request Asterisk Security Team
AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP Asterisk Security Team
Two Instagram Android App Security Vulnerabilities Georg Lukas
[security bulletin] HPSBHF02888 rev.3 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution security-alert
Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
[CORE-2013-0805] Aloaha PDF Suite Buffer Overflow Vulnerability CORE Advisories Team
CORE-2013-0808 - EPS Viewer Buffer Overflow Vulnerability CORE Advisories Team
CORE-2013-0726 - AVTECH DVR multiple vulnerabilities CORE Advisories Team
30C3 Call for Participation fukami

Thursday, 29 August

[SECURITY] [DSA 2745-1] linux security update dann frazier
Drupal Node View Permissions module and Flag module Vulnerabilities danielthomson72
CyberArk User Enumeration - Multiple vulnerabilities moshez
CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability kerem . kocaer
[SECURITY] [DSA 2746-1] icedove security update Moritz Muehlenhoff
UTA EDU University ENG - SQL Injection Vulnerability Vulnerability Lab
Department of Transport UK - SQL Injection Vulnerability Vulnerability Lab
Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability Vulnerability Lab

Friday, 30 August

NEW VMSA-2013-0011 VMware ESXi and ESX address an NFC Protocol Unhandled Exception VMware Security Team
VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059) VUPEN Security Research
[ MDVSA-2013:223 ] asterisk security
[slackware-security] php (SSA:2013-242-02) Slackware Security Team
VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059) VUPEN Security Research
[slackware-security] gnutls (SSA:2013-242-01) Slackware Security Team
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault