Home page logo
/

187 messages starting Mar 05 14 and ending Mar 03 14
Date index | Thread index | Author index

0xnanoquetz9l

Public disclosure of Buffer Overflow Dassault Systems 0xnanoquetz9l (Mar 05)
(Added CVE) Dassault Systemes Catia Stack Buffer Overflow 0xnanoquetz9l (Mar 05)

alejandr0.w3b.p0wn3r

CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box alejandr0.w3b.p0wn3r (Mar 05)

Alkeraithe

E-Store (1.0 & 2.0) <= SQL Injection Vulnerability Alkeraithe (Mar 10)

Andrea Barisani

[oCERT-2014-002] Xalan-Java insufficient secure processing Andrea Barisani (Mar 25)
[oCERT-2014-003] LibYAML input sanitization errors Andrea Barisani (Mar 28)

Apple Product Security

APPLE-SA-2014-03-10-1 iOS 7.1 Apple Product Security (Mar 10)
APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple Product Security (Mar 10)

Arron Dowdeswell

Re: CVE-2014-5795 - Database Credentials Leak in Oracle Demantra Arron Dowdeswell (Mar 03)
Re: CVE-2014-5880 - Authentication Bypass in Oracle Demantra Arron Dowdeswell (Mar 03)

Asterisk Security Team

AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers. Asterisk Security Team (Mar 11)
AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Asterisk Security Team (Mar 11)
AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Mar 11)
AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Asterisk Security Team (Mar 11)

Bartlomiej Balcerek

JOIDS (Java OpenID Server) multiple vulnerabilities Bartlomiej Balcerek (Mar 04)

c0c0n International Information Security Conference

c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference (Mar 24)

CERT

Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability CERT (Mar 24)
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk CERT (Mar 28)

Christian Catalano

[CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0 Christian Catalano (Mar 03)
[CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0 Christian Catalano (Mar 03)
[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0 Christian Catalano (Mar 03)
[CVE-2013-6234] XSS File Upload in SpagoBI v4.0 Christian Catalano (Mar 03)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability Cisco Systems Product Security Incident Response Team (Mar 05)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team (Mar 05)
Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Mar 19)
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 26)

contact

[HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability contact (Mar 07)

CORE Advisories Team

CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities CORE Advisories Team (Mar 12)

craig . arendt

Multiple Vulnerabilities in SeedDMS < = 4.3.3 craig . arendt (Mar 14)

Daniel Divricean

Android Vulnerability: Install App Without User Explicit Consent Daniel Divricean (Mar 10)

Daniel Marques

CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting Daniel Marques (Mar 24)

Dieyu

MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently) Dieyu (Mar 25)

Eric Flokstra

[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13 Eric Flokstra (Mar 25)

Fernando Gont

(CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE) Fernando Gont (Mar 19)

Florian Weimer

[SECURITY] [DSA 2886-1] libxalan2-java security update Florian Weimer (Mar 26)
[SECURITY] [DSA 2890-1] libspring-java security update Florian Weimer (Mar 31)

ForefrontServerProtection

=?utf-7?Q?Microsoft Forefront Protection for Exchange Server detected a virus?= ForefrontServerProtection (Mar 18)

Giuseppe Iuculano

[SECURITY] [DSA 2882-1] extplorer security update Giuseppe Iuculano (Mar 20)

Guillaume Ross

[CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue Guillaume Ross (Mar 11)

Gustavo Speranza

[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure Gustavo Speranza (Mar 05)
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure Gustavo Speranza (Mar 05)

Hanno Böck

PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319) Hanno Böck (Mar 13)

High-Tech Bridge Security Research

Cross-Site Scripting (XSS) in Ilch CMS High-Tech Bridge Security Research (Mar 05)
Multiple Vulnerabilities in OpenDocMan High-Tech Bridge Security Research (Mar 05)
Cross-Site Scripting (XSS) in Open Classifieds High-Tech Bridge Security Research (Mar 12)
Cross-Site Scripting (XSS) in CMSimple High-Tech Bridge Security Research (Mar 19)

iclelland

[CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation iclelland (Mar 04)
[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults iclelland (Mar 04)

iedb . team

WordPress thecotton Themes Remote File Upload Vulnerability iedb . team (Mar 03)

Ivan Buetler

Web Egg Hunting Game - Hacky Easter Ivan Buetler (Mar 26)

Jann Horn

PHP: patch to make session handling with default config more secure against local attackers Jann Horn (Mar 05)

Jason Ostrom

PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560) Jason Ostrom (Mar 31)

Julien Ahrens

[CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution Julien Ahrens (Mar 03)
[CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution Julien Ahrens (Mar 14)

Larry W. Cashdollar

Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Larry W. Cashdollar (Mar 12)

Lukasz Lenart

[ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart (Mar 06)

Martin Braun

Open-Xchange Security Advisory 2014-03-17 Martin Braun (Mar 17)

Michael Gilbert

[SECURITY] [DSA 2877-1] lighttpd security update Michael Gilbert (Mar 13)
[SECURITY] [DSA 2883-1] chromium-browser security update Michael Gilbert (Mar 24)

Michael Wisniewski

Synology DSM4 Blind SQL Injection Michael Wisniewski (Mar 13)

ML

2014 World Conference on IST - Madeira Island, April 15-17 ML (Mar 18)

Moritz Muehlenhoff

[SECURITY] [DSA 2871-1] wireshark security update Moritz Muehlenhoff (Mar 10)
[SECURITY] [DSA 2872-1] udisks security update Moritz Muehlenhoff (Mar 10)
[SECURITY] [DSA 2876-1] cups security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2874-1] mutt security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2875-1] cups-filters security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2878-1] virtualbox security update Moritz Muehlenhoff (Mar 14)
[SECURITY] [DSA 2880-1] python2.7 security update Moritz Muehlenhoff (Mar 17)
[SECURITY] [DSA 2881-1] iceweasel security update Moritz Muehlenhoff (Mar 19)
[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update Moritz Muehlenhoff (Mar 28)
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update Moritz Muehlenhoff (Mar 28)

NCC Group Research

NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode NCC Group Research (Mar 14)
NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation NCC Group Research (Mar 21)

Ninja ActiVPN

ActiVPN launches its security bug bounty Ninja ActiVPN (Mar 14)

Nomen Nescio

exploit for old rlpdaemon bug Nomen Nescio (Mar 17)

Per Thorsheim

CFP: Passwords^14, Las Vegas, August 5-6 Per Thorsheim (Mar 03)

Pivotal Security Team

CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE) Pivotal Security Team (Mar 12)
CVE-2014-1904 XSS when using Spring MVC Pivotal Security Team (Mar 12)
CVE-2014-0097 Spring Security Blank password may bypass user authentication Pivotal Security Team (Mar 12)

Portcullis Advisories

CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki Portcullis Advisories (Mar 03)
CVE-2014-5880 - Authentication Bypass in Oracle Demantra Portcullis Advisories (Mar 03)
CVE-2014-0372 - SQL Injection in Oracle Demantra Portcullis Advisories (Mar 03)
CVE-2014-5795 - Database Credentials Leak in Oracle Demantra Portcullis Advisories (Mar 03)
CVE-2014-2044 - Remote Code Execution in ownCloud Portcullis Advisories (Mar 06)
CVE-2014-1222 - Local File Inclusion in Vtiger CRM Portcullis Advisories (Mar 12)
CVE-2014-2043 - SQL Injection in Procentia IntelliPen Portcullis Advisories (Mar 12)

Raphael Geissert

[SECURITY] [DSA 2879-1] libssh security update Raphael Geissert (Mar 14)
[SECURITY] [DSA 2859-2] pidgin security update Raphael Geissert (Mar 20)

RedTeam Pentesting GmbH

[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration RedTeam Pentesting GmbH (Mar 28)

Roee Hay

Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) Roee Hay (Mar 26)

Salvatore Bonaccorso

[SECURITY] [DSA 2868-1] php5 security update Salvatore Bonaccorso (Mar 03)
[SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update Salvatore Bonaccorso (Mar 10)
[SECURITY] [DSA 2873-1] file security update Salvatore Bonaccorso (Mar 12)
[SECURITY] [DSA 2873-2] file regression update Salvatore Bonaccorso (Mar 24)
[SECURITY] [DSA 2884-1] libyaml security update Salvatore Bonaccorso (Mar 26)
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update Salvatore Bonaccorso (Mar 26)

SEC Consult Vulnerability Lab

SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot SEC Consult Vulnerability Lab (Mar 07)
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator SEC Consult Vulnerability Lab (Mar 28)

security

[ MDVSA-2014:048 ] gnutls security (Mar 10)
[ MDVSA-2014:049 ] subversion security (Mar 10)
[ MDVSA-2014:050 ] wireshark security (Mar 10)
[ MDVSA-2014:051 ] file security (Mar 13)
[ MDVSA-2014:052 ] net-snmp security (Mar 13)
[ MDVSA-2014:053 ] libssh security (Mar 13)
[ MDVSA-2014:055 ] owncloud security (Mar 13)
[ MDVSA-2014:054 ] otrs security (Mar 13)
[ MDVSA-2014:056 ] apache-commons-fileupload security (Mar 13)
[ MDVSA-2014:057 ] mediawiki security (Mar 13)
[ MDVSA-2014:058 ] freeradius security (Mar 14)
[ MDVSA-2014:059 ] php security (Mar 14)
[ MDVSA-2014:060 ] imapsync security (Mar 14)
[ MDVSA-2014:061 ] oath-toolkit security (Mar 17)
[ MDVSA-2014:062 ] webmin security (Mar 17)
[ MDVSA-2014:064 ] udisks security (Mar 17)
[ MDVSA-2014:063 ] x2goserver security (Mar 17)
[ MDVSA-2014:065 ] apache security (Mar 20)
[ MDVSA-2014:066 ] nss security (Mar 20)

Security Alert

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability Security Alert (Mar 03)
ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities Security Alert (Mar 05)
ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability Security Alert (Mar 19)
ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Cras h Vulnerability Security Alert (Mar 24)
ESA-2014-015: RSA® Authentication Manager Cross Frame Sc ripting Vulnerability Security Alert (Mar 26)
ESA-2014-016: EMC VPLEX Multiple Vulnerabilities Security Alert (Mar 28)

security-alert

[security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Mar 05)
[security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Mar 05)
[security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code security-alert (Mar 05)
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) security-alert (Mar 05)
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) security-alert (Mar 05)
[security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity security-alert (Mar 05)
[security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access security-alert (Mar 07)
[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability security-alert (Mar 10)
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information security-alert (Mar 11)
[security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF) security-alert (Mar 11)
[security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS) security-alert (Mar 11)
[security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code security-alert (Mar 13)
[security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges security-alert (Mar 14)
[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code security-alert (Mar 25)
[security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access security-alert (Mar 26)
[security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access security-alert (Mar 28)

Shakacon

Shakacon 2014: Call for Papers - Deadline April 11th Shakacon (Mar 20)

Slackware Security Team

[slackware-security] gnutls (SSA:2014-062-01) Slackware Security Team (Mar 04)
[slackware-security] sudo (SSA:2014-064-01) Slackware Security Team (Mar 06)
[slackware-security] udisks, udisks2 (SSA:2014-070-01) Slackware Security Team (Mar 11)
[slackware-security] mutt (SSA:2014-071-01) Slackware Security Team (Mar 13)
[slackware-security] samba (SSA:2014-072-01) Slackware Security Team (Mar 14)
[slackware-security] php (SSA:2014-074-01) Slackware Security Team (Mar 17)
[slackware-security] mozilla-thunderbird (SSA:2014-086-05) Slackware Security Team (Mar 31)
[slackware-security] mozilla-nss (SSA:2014-086-04) Slackware Security Team (Mar 31)
[slackware-security] mozilla-firefox (SSA:2014-086-03) Slackware Security Team (Mar 31)
[slackware-security] openssh (SSA:2014-086-06) Slackware Security Team (Mar 31)
[slackware-security] curl (SSA:2014-086-01) Slackware Security Team (Mar 31)
[slackware-security] seamonkey (SSA:2014-086-07) Slackware Security Team (Mar 31)
[slackware-security] httpd (SSA:2014-086-02) Slackware Security Team (Mar 31)

submit

MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service submit (Mar 17)

Thijs Kinkhorst

[SECURITY] [DSA 2889-1] postfixadmin security update Thijs Kinkhorst (Mar 28)
[SECURITY] [DSA 2891-1] mediawiki security update Thijs Kinkhorst (Mar 31)
[SECURITY] [DSA 2891-2] mediawiki regression update Thijs Kinkhorst (Mar 31)

tiamat451

CVE-2013-6955 Synology DSM remote code execution tiamat451 (Mar 25)

Tim Brown

Medium severity flaw in BlackBerry QNX Neutrino RTOS Tim Brown (Mar 12)
Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS Tim Brown (Mar 13)

\"VMware Security Response Center\"

NEW VMSA-2014-0002 VMware vSphere updates to third party libraries \"VMware Security Response Center\" (Mar 12)

Vulnerability Lab

Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability Vulnerability Lab (Mar 03)
SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Mar 06)
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 20)
Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities Vulnerability Lab (Mar 28)
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability Vulnerability Lab (Mar 28)
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab (Mar 28)
Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability Vulnerability Lab (Mar 28)
ES746 DELL Support-Bulletin - EMS Vulnerability Resolved Vulnerability Lab (Mar 28)
ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 28)
PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Mar 31)
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities Vulnerability Lab (Mar 31)

VUPEN Security Research

VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own) VUPEN Security Research (Mar 26)
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) VUPEN Security Research (Mar 26)
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own) VUPEN Security Research (Mar 26)

Yves-Alexis Perez

[SECURITY] [DSA 2869-1] gnutls26 security update Yves-Alexis Perez (Mar 03)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault