Home page logo
/

150 messages starting Dec 02 13 and ending Dec 31 13
Date index | Thread index | Author index

Monday, 02 December

[security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution security-alert
[SECURITY] [DSA 2807-1] links2 security update Moritz Muehlenhoff
WorldCIST'14 - Submission deadline: December 7 WorldCIST
[Full-disclosure] [ANN] Struts 2.3.15.3 GA release available - security fix Lukasz Lenart
[Full-disclosure] [CVE-2013-4295] Apache Shindig information disclosure vulnerability Ryan Baxter
[Full-disclosure] NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities \"VMware Security Response Center\"
[Full-disclosure] [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Julien Ahrens
[Full-disclosure] CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass CORE Advisories Team
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Re: [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation Stefan Kanthak
[Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation Stefan Kanthak

Tuesday, 03 December

D-Link DIR-XXX remote root access exploit. ScripT setInterval\(function\(\){for\( \){alert\('fixme'\)} } 10\) /scRIpt
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). ScripT setInterval\(function\(\){for\( \){alert\('fixme'\)} } 10\) /scRIpt
[SECURITY] [DSA 2808-1] openjpeg security update Raphael Geissert

Wednesday, 04 December

bugs in IJG jpeg6b & libjpeg-turbo Michal Zalewski
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation \"VMware Security Response Center\"
[PT-2013-63] Hash Length Extension in HTMLPurifier noreply

Friday, 06 December

Cross-Site Scripting (XSS) in Jamroom High-Tech Bridge Security Research

Monday, 09 December

Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 2809-1] ruby1.8 security update Salvatore Bonaccorso
[SECURITY] [DSA 2810-1] ruby1.9.1 security update Salvatore Bonaccorso
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) Vulnerability Lab
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability Egidio Romano
NEW VMSA-2013-0015 VMware ESX updates to third party libraries Edward Hawkins
[slackware-security] mozilla-nss (SSA:2013-339-01) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-339-02) Slackware Security Team
[slackware-security] seamonkey (SSA:2013-339-03) Slackware Security Team
[slackware-security] hplip (SSA:2013-339-04) Slackware Security Team
Opencart Multiple Vulnerabilities trueend5
[SECURITY] [DSA 2811-1] chromium-browser security update Michael Gilbert
LiveZilla 5.1.0.0 Reflected XSS in translations zoczus
Print n Share v5.5 iOS - Multiple Web Vulnerabilities Vulnerability Lab
ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities Security Alert

Tuesday, 10 December

[SECURITY] [DSA 2812-1] samba security update Moritz Muehlenhoff
Vulnerabilities in Apache Solr < 4.6.0 Nicolas Grégoire
[SECURITY] [DSA 2814-1] varnish security update Salvatore Bonaccorso
[SECURITY] [DSA 2813-1] gimp security update Moritz Muehlenhoff
[SECURITY] [DSA 2815-1] munin security update Salvatore Bonaccorso
[CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application Daniel Wood
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution nospam
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities Vulnerability Lab
LiveZilla 5.1.1.0 Stored XSS in operator clients zoczus

Wednesday, 11 December

[security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability CORE Advisories Team
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) security-alert
Android Fragment Injection vulnerability Roee Hay
SQL Injection in InstantCMS High-Tech Bridge Security Research
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab

Thursday, 12 December

FlashCanvas 1.5 proxy.php XSS Vulnerability code
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting advisories
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities Security Alert
CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team
Re: CORE-2013-0807 - Divide Error in Windows Kernel CORE Advisories Team

Friday, 13 December

[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection mailing lists
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) mailing lists
SAMSPADE 1.14 BUFFER OVERFLOW vishal_mishra
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability Vulnerability Lab
Microsoft Yammer - Persistent Profile Vulnerabilities Vulnerability Lab
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 2816-1] php5 security update Thijs Kinkhorst
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution security-alert
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) security-alert
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update security-alert
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS) security-alert

Monday, 16 December

Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities Vulnerability Lab
DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013 Tony Naggs
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability Stefan Esser
Call for Papers -YSTS 8 - Information Security Conference, Brazil Luiz Eduardo
Last Call - 2sd World Conference on IST; Submission: December 29 WorldCIST
[SECURITY] [DSA 2817-1] libtar security update Luciano Bello
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client zoczus
LiveZilla 5.1.2.0 Insecure password storage zoczus
Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar
Command injection vulnerability in Ruby Gem sprout 0.7.246 Larry W. Cashdollar
LiveZilla 5.1.2.0 PHP Object Injection zoczus
Command injection in Ruby Gem Webbynode 1.0.5.3 Larry W. Cashdollar
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities Vulnerability Lab
User Identity Spoofing in Bitrix Site Manager High-Tech Bridge Security Research
[SECURITY] [DSA 2818-1] mysql-5.5 security update Salvatore Bonaccorso
[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution security-alert
[SECURITY] [DSA 2819-1] End-of-life announcement for iceape Moritz Muehlenhoff

Tuesday, 17 December

XSS and Full Path Disclosure in MijoSearch Joomla Extension High-Tech Bridge Security Research
APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1 Apple Product Security
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1 Apple Product Security
FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab
AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message Asterisk Security Team
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation Asterisk Security Team
QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2013-350-04) Slackware Security Team
[SECURITY] [DSA 2820-1] nspr security update Raphael Geissert
[slackware-security] libiodbc (SSA:2013-350-01) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-350-05) Slackware Security Team
[slackware-security] llvm (SSA:2013-350-03) Slackware Security Team
[slackware-security] libjpeg (SSA:2013-350-02) Slackware Security Team
[slackware-security] ruby (SSA:2013-350-06) Slackware Security Team
[slackware-security] seamonkey (SSA:2013-350-07) Slackware Security Team
Hancom Office '.hml' file heap-based buffer overflow diroverflow

Wednesday, 18 December

[ MDVSA-2013:287-1 ] drupal security
[ MDVSA-2013:288 ] subversion security
InfoSec Southwest 2014 CFP now open! ISSW CFP
CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability CORE Advisories Team
[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms Christian Catalano
[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin Christian Catalano
[CVE-2013-2764] Secure Entry Server - URL Redirection Alexandre Herzog
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities Alexandre Herzog
[ MDVSA-2013:291 ] kernel security
[ MDVSA-2013:290 ] mediawiki security
[ MDVSA-2013:289 ] owncloud security
[ MDVSA-2013:291 ] kernel security
[ MDVSA-2013:292 ] links security
[ MDVSA-2013:293 ] gimp security
[ MDVSA-2013:294 ] gimp security
[SECURITY] [DSA 2821-1] gnupg security update Thijs Kinkhorst
[SECURITY] [DSA 2823-1] pixman security update Moritz Muehlenhoff
[SECURITY] [DSA 2822-1] xorg-server security update Moritz Muehlenhoff

Thursday, 19 December

APPLE-SA-2013-12-19-1 Motion 5.1 Apple Product Security
ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Script ing Vulnerabilities Security Alert

Monday, 23 December

[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) security-alert
[ MDVSA-2013:295 ] gnupg security
[SECURITY] [DSA 2824-1] curl security update Salvatore Bonaccorso
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability Matteo Beccati
[ MDVSA-2013:296 ] wireshark security
[ MDVSA-2013:297 ] munin security
[SECURITY] [DSA 2825-1] wireshark security update Moritz Muehlenhoff
[ MDVSA-2013:298 ] php security
[slackware-security] gnupg (SSA:2013-354-01) Slackware Security Team
[ MDVSA-2013:299 ] samba security
[SECURITY] [DSA 2826-1] denyhosts security update Yves-Alexis Perez
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX \"VMware Security Response Center\"
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability Security Alert
[ MDVSA-2013:300 ] asterisk security
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities Vulnerability Lab
[ MDVSA-2013:301 ] nss security

Tuesday, 24 December

[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update Salvatore Bonaccorso
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability Security Alert
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability Security Alert

Thursday, 26 December

[ MDVSA-2013:302 ] pixman security
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin High-Tech Bridge Security Research
Сross-Site Request Forgery (CSRF) in AskApach e Firefox Adsense Wordpress plugin High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin High-Tech Bridge Security Research

Friday, 27 December

SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection SEC Consult Vulnerability Lab

Monday, 30 December

[SECURITY] [DSA 2828-1] drupal6 security update Salvatore Bonaccorso
[SECURITY] [DSA 2829-1] hplip security update Moritz Muehlenhoff
CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition Rodrigo Rubira Branco \(BSDaemon\)

Tuesday, 31 December

[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities security-alert
[SECURITY] [DSA 2830-1] ruby-i18n security update Florian Weimer
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]