Home page logo
/

150 messages starting Dec 12 13 and ending Dec 16 13
Date index | Thread index | Author index

advisories

[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting advisories (Dec 12)

Alexandre Herzog

[CVE-2013-2764] Secure Entry Server - URL Redirection Alexandre Herzog (Dec 18)
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities Alexandre Herzog (Dec 18)

Apple Product Security

APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1 Apple Product Security (Dec 17)
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1 Apple Product Security (Dec 17)
APPLE-SA-2013-12-19-1 Motion 5.1 Apple Product Security (Dec 19)

Asterisk Security Team

AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message Asterisk Security Team (Dec 17)
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation Asterisk Security Team (Dec 17)

Christian Catalano

[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms Christian Catalano (Dec 18)
[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin Christian Catalano (Dec 18)

code

FlashCanvas 1.5 proxy.php XSS Vulnerability code (Dec 12)

CORE Advisories Team

[Full-disclosure] CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass CORE Advisories Team (Dec 02)
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability CORE Advisories Team (Dec 11)
CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team (Dec 12)
Re: CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team (Dec 12)
CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability CORE Advisories Team (Dec 18)

Daniel Wood

[CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application Daniel Wood (Dec 10)

diroverflow

Hancom Office '.hml' file heap-based buffer overflow diroverflow (Dec 17)

Edward Hawkins

NEW VMSA-2013-0015 VMware ESX updates to third party libraries Edward Hawkins (Dec 09)

Egidio Romano

[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability Egidio Romano (Dec 09)

Florian Weimer

[SECURITY] [DSA 2830-1] ruby-i18n security update Florian Weimer (Dec 31)

High-Tech Bridge Security Research

Cross-Site Scripting (XSS) in Jamroom High-Tech Bridge Security Research (Dec 06)
SQL Injection in InstantCMS High-Tech Bridge Security Research (Dec 11)
User Identity Spoofing in Bitrix Site Manager High-Tech Bridge Security Research (Dec 16)
XSS and Full Path Disclosure in MijoSearch Joomla Extension High-Tech Bridge Security Research (Dec 17)
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin High-Tech Bridge Security Research (Dec 26)
Сross-Site Request Forgery (CSRF) in AskApach e Firefox Adsense Wordpress plugin High-Tech Bridge Security Research (Dec 26)
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin High-Tech Bridge Security Research (Dec 26)

ISSW CFP

InfoSec Southwest 2014 CFP now open! ISSW CFP (Dec 18)

Julien Ahrens

[Full-disclosure] [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Julien Ahrens (Dec 02)

Larry W. Cashdollar

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 16)
Command injection vulnerability in Ruby Gem sprout 0.7.246 Larry W. Cashdollar (Dec 16)
Command injection in Ruby Gem Webbynode 1.0.5.3 Larry W. Cashdollar (Dec 16)

Luciano Bello

[SECURITY] [DSA 2817-1] libtar security update Luciano Bello (Dec 16)

Luiz Eduardo

Call for Papers -YSTS 8 - Information Security Conference, Brazil Luiz Eduardo (Dec 16)

Lukasz Lenart

[Full-disclosure] [ANN] Struts 2.3.15.3 GA release available - security fix Lukasz Lenart (Dec 02)

mailing lists

[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection mailing lists (Dec 13)
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) mailing lists (Dec 13)

Matteo Beccati

[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability Matteo Beccati (Dec 23)

Michael Gilbert

[SECURITY] [DSA 2811-1] chromium-browser security update Michael Gilbert (Dec 09)

Michal Zalewski

bugs in IJG jpeg6b & libjpeg-turbo Michal Zalewski (Dec 04)

Moritz Muehlenhoff

[SECURITY] [DSA 2807-1] links2 security update Moritz Muehlenhoff (Dec 02)
[SECURITY] [DSA 2812-1] samba security update Moritz Muehlenhoff (Dec 10)
[SECURITY] [DSA 2813-1] gimp security update Moritz Muehlenhoff (Dec 10)
[SECURITY] [DSA 2819-1] End-of-life announcement for iceape Moritz Muehlenhoff (Dec 16)
[SECURITY] [DSA 2823-1] pixman security update Moritz Muehlenhoff (Dec 18)
[SECURITY] [DSA 2822-1] xorg-server security update Moritz Muehlenhoff (Dec 18)
[SECURITY] [DSA 2825-1] wireshark security update Moritz Muehlenhoff (Dec 23)
[SECURITY] [DSA 2829-1] hplip security update Moritz Muehlenhoff (Dec 30)

Nicolas Grégoire

Vulnerabilities in Apache Solr < 4.6.0 Nicolas Grégoire (Dec 10)

noreply

[PT-2013-63] Hash Length Extension in HTMLPurifier noreply (Dec 04)

nospam

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution nospam (Dec 10)

Raphael Geissert

[SECURITY] [DSA 2808-1] openjpeg security update Raphael Geissert (Dec 03)
[SECURITY] [DSA 2820-1] nspr security update Raphael Geissert (Dec 17)

Rodrigo Rubira Branco \(BSDaemon\)

CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition Rodrigo Rubira Branco \(BSDaemon\) (Dec 30)

Roee Hay

Android Fragment Injection vulnerability Roee Hay (Dec 11)

Ryan Baxter

[Full-disclosure] [CVE-2013-4295] Apache Shindig information disclosure vulnerability Ryan Baxter (Dec 02)

Salvatore Bonaccorso

[SECURITY] [DSA 2809-1] ruby1.8 security update Salvatore Bonaccorso (Dec 09)
[SECURITY] [DSA 2810-1] ruby1.9.1 security update Salvatore Bonaccorso (Dec 09)
[SECURITY] [DSA 2814-1] varnish security update Salvatore Bonaccorso (Dec 10)
[SECURITY] [DSA 2815-1] munin security update Salvatore Bonaccorso (Dec 10)
[SECURITY] [DSA 2818-1] mysql-5.5 security update Salvatore Bonaccorso (Dec 16)
[SECURITY] [DSA 2824-1] curl security update Salvatore Bonaccorso (Dec 23)
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update Salvatore Bonaccorso (Dec 24)
[SECURITY] [DSA 2828-1] drupal6 security update Salvatore Bonaccorso (Dec 30)

ScripT setInterval\(function\(\){for\( \){alert\('fixme'\)} } 10\) /scRIpt

D-Link DIR-XXX remote root access exploit. ScripT setInterval\(function\(\){for\( \){alert\('fixme'\)} } 10\) /scRIpt (Dec 03)
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). ScripT setInterval\(function\(\){for\( \){alert\('fixme'\)} } 10\) /scRIpt (Dec 03)

SEC Consult Vulnerability Lab

SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection SEC Consult Vulnerability Lab (Dec 27)

security

[ MDVSA-2013:287-1 ] drupal security (Dec 18)
[ MDVSA-2013:288 ] subversion security (Dec 18)
[ MDVSA-2013:291 ] kernel security (Dec 18)
[ MDVSA-2013:290 ] mediawiki security (Dec 18)
[ MDVSA-2013:289 ] owncloud security (Dec 18)
[ MDVSA-2013:291 ] kernel security (Dec 18)
[ MDVSA-2013:292 ] links security (Dec 18)
[ MDVSA-2013:293 ] gimp security (Dec 18)
[ MDVSA-2013:294 ] gimp security (Dec 18)
[ MDVSA-2013:295 ] gnupg security (Dec 23)
[ MDVSA-2013:296 ] wireshark security (Dec 23)
[ MDVSA-2013:297 ] munin security (Dec 23)
[ MDVSA-2013:298 ] php security (Dec 23)
[ MDVSA-2013:299 ] samba security (Dec 23)
[ MDVSA-2013:300 ] asterisk security (Dec 23)
[ MDVSA-2013:301 ] nss security (Dec 23)
[ MDVSA-2013:302 ] pixman security (Dec 26)

Security Alert

ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities Security Alert (Dec 09)
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities Security Alert (Dec 12)
ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Script ing Vulnerabilities Security Alert (Dec 19)
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability Security Alert (Dec 23)
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability Security Alert (Dec 24)
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability Security Alert (Dec 24)

security-alert

[security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution security-alert (Dec 02)
[security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 11)
[security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 11)
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) security-alert (Dec 11)
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution security-alert (Dec 13)
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) security-alert (Dec 13)
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS) security-alert (Dec 13)
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update security-alert (Dec 13)
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS) security-alert (Dec 13)
[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution security-alert (Dec 16)
[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) security-alert (Dec 23)
[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities security-alert (Dec 31)

Slackware Security Team

[slackware-security] mozilla-nss (SSA:2013-339-01) Slackware Security Team (Dec 09)
[slackware-security] mozilla-thunderbird (SSA:2013-339-02) Slackware Security Team (Dec 09)
[slackware-security] seamonkey (SSA:2013-339-03) Slackware Security Team (Dec 09)
[slackware-security] hplip (SSA:2013-339-04) Slackware Security Team (Dec 09)
[slackware-security] mozilla-firefox (SSA:2013-350-04) Slackware Security Team (Dec 17)
[slackware-security] libiodbc (SSA:2013-350-01) Slackware Security Team (Dec 17)
[slackware-security] mozilla-thunderbird (SSA:2013-350-05) Slackware Security Team (Dec 17)
[slackware-security] llvm (SSA:2013-350-03) Slackware Security Team (Dec 17)
[slackware-security] libjpeg (SSA:2013-350-02) Slackware Security Team (Dec 17)
[slackware-security] ruby (SSA:2013-350-06) Slackware Security Team (Dec 17)
[slackware-security] seamonkey (SSA:2013-350-07) Slackware Security Team (Dec 17)
[slackware-security] gnupg (SSA:2013-354-01) Slackware Security Team (Dec 23)

Stefan Esser

Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability Stefan Esser (Dec 16)

Stefan Kanthak

Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation Stefan Kanthak (Dec 02)
[Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation Stefan Kanthak (Dec 02)

Thijs Kinkhorst

[SECURITY] [DSA 2816-1] php5 security update Thijs Kinkhorst (Dec 13)
[SECURITY] [DSA 2821-1] gnupg security update Thijs Kinkhorst (Dec 18)

Tony Naggs

DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013 Tony Naggs (Dec 16)

trueend5

Opencart Multiple Vulnerabilities trueend5 (Dec 09)

vishal_mishra

SAMSPADE 1.14 BUFFER OVERFLOW vishal_mishra (Dec 13)

\"VMware Security Response Center\"

[Full-disclosure] NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities \"VMware Security Response Center\" (Dec 02)
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation \"VMware Security Response Center\" (Dec 04)
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX \"VMware Security Response Center\" (Dec 23)

Vulnerability Lab

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 02)
Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 09)
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) Vulnerability Lab (Dec 09)
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 09)
Print n Share v5.5 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 09)
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities Vulnerability Lab (Dec 10)
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 11)
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability Vulnerability Lab (Dec 13)
Microsoft Yammer - Persistent Profile Vulnerabilities Vulnerability Lab (Dec 13)
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 13)
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities Vulnerability Lab (Dec 16)
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Dec 16)
FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Dec 17)
QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability Vulnerability Lab (Dec 17)
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab (Dec 23)
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab (Dec 23)

WorldCIST

WorldCIST'14 - Submission deadline: December 7 WorldCIST (Dec 02)
Last Call - 2sd World Conference on IST; Submission: December 29 WorldCIST (Dec 16)

Yves-Alexis Perez

[SECURITY] [DSA 2826-1] denyhosts security update Yves-Alexis Perez (Dec 23)

zoczus

LiveZilla 5.1.0.0 Reflected XSS in translations zoczus (Dec 09)
LiveZilla 5.1.1.0 Stored XSS in operator clients zoczus (Dec 10)
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client zoczus (Dec 16)
LiveZilla 5.1.2.0 Insecure password storage zoczus (Dec 16)
LiveZilla 5.1.2.0 PHP Object Injection zoczus (Dec 16)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]