Home page logo
/

187 messages starting Mar 03 14 and ending Mar 31 14
Date index | Thread index | Author index

Monday, 03 March

Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability Vulnerability Lab
CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki Portcullis Advisories
CVE-2014-5880 - Authentication Bypass in Oracle Demantra Portcullis Advisories
Re: CVE-2014-5795 - Database Credentials Leak in Oracle Demantra Arron Dowdeswell
Re: CVE-2014-5880 - Authentication Bypass in Oracle Demantra Arron Dowdeswell
CVE-2014-0372 - SQL Injection in Oracle Demantra Portcullis Advisories
CVE-2014-5795 - Database Credentials Leak in Oracle Demantra Portcullis Advisories
[CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0 Christian Catalano
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability Security Alert
WordPress thecotton Themes Remote File Upload Vulnerability iedb . team
[CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0 Christian Catalano
[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0 Christian Catalano
[CVE-2013-6234] XSS File Upload in SpagoBI v4.0 Christian Catalano
[CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution Julien Ahrens
[SECURITY] [DSA 2868-1] php5 security update Salvatore Bonaccorso
CFP: Passwords^14, Las Vegas, August 5-6 Per Thorsheim
[SECURITY] [DSA 2869-1] gnutls26 security update Yves-Alexis Perez

Tuesday, 04 March

[slackware-security] gnutls (SSA:2014-062-01) Slackware Security Team
[CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation iclelland
JOIDS (Java OpenID Server) multiple vulnerabilities Bartlomiej Balcerek
[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults iclelland

Wednesday, 05 March

Public disclosure of Buffer Overflow Dassault Systems 0xnanoquetz9l
(Added CVE) Dassault Systemes Catia Stack Buffer Overflow 0xnanoquetz9l
PHP: patch to make session handling with default config more secure against local attackers Jann Horn
[security bulletin] HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) security-alert
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS) security-alert
[security bulletin] HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity security-alert
CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box alejandr0.w3b.p0wn3r
Cross-Site Scripting (XSS) in Ilch CMS High-Tech Bridge Security Research
Multiple Vulnerabilities in OpenDocMan High-Tech Bridge Security Research
ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities Security Alert
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure Gustavo Speranza
Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure Gustavo Speranza

Thursday, 06 March

[slackware-security] sudo (SSA:2014-064-01) Slackware Security Team
[ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart
SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
CVE-2014-2044 - Remote Code Execution in ownCloud Portcullis Advisories

Friday, 07 March

SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot SEC Consult Vulnerability Lab
[security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access security-alert
[HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability contact

Monday, 10 March

E-Store (1.0 & 2.0) <= SQL Injection Vulnerability Alkeraithe
[SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update Salvatore Bonaccorso
[ MDVSA-2014:048 ] gnutls security
[ MDVSA-2014:049 ] subversion security
[SECURITY] [DSA 2871-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 2872-1] udisks security update Moritz Muehlenhoff
[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability security-alert
Android Vulnerability: Install App Without User Explicit Consent Daniel Divricean
APPLE-SA-2014-03-10-1 iOS 7.1 Apple Product Security
[ MDVSA-2014:050 ] wireshark security
APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple Product Security

Tuesday, 11 March

AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers. Asterisk Security Team
AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Asterisk Security Team
AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team
AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Asterisk Security Team
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information security-alert
[security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF) security-alert
[security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS) security-alert
[CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue Guillaume Ross
[slackware-security] udisks, udisks2 (SSA:2014-070-01) Slackware Security Team

Wednesday, 12 March

CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities CORE Advisories Team
Medium severity flaw in BlackBerry QNX Neutrino RTOS Tim Brown
[SECURITY] [DSA 2873-1] file security update Salvatore Bonaccorso
CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE) Pivotal Security Team
CVE-2014-1904 XSS when using Spring MVC Pivotal Security Team
CVE-2014-0097 Spring Security Blank password may bypass user authentication Pivotal Security Team
NEW VMSA-2014-0002 VMware vSphere updates to third party libraries \"VMware Security Response Center\"
CVE-2014-1222 - Local File Inclusion in Vtiger CRM Portcullis Advisories
CVE-2014-2043 - SQL Injection in Procentia IntelliPen Portcullis Advisories
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Larry W. Cashdollar
Cross-Site Scripting (XSS) in Open Classifieds High-Tech Bridge Security Research
[SECURITY] [DSA 2876-1] cups security update Moritz Muehlenhoff
[SECURITY] [DSA 2874-1] mutt security update Moritz Muehlenhoff
[SECURITY] [DSA 2875-1] cups-filters security update Moritz Muehlenhoff

Thursday, 13 March

PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319) Hanno Böck
Synology DSM4 Blind SQL Injection Michael Wisniewski
[SECURITY] [DSA 2877-1] lighttpd security update Michael Gilbert
[slackware-security] mutt (SSA:2014-071-01) Slackware Security Team
[ MDVSA-2014:051 ] file security
[ MDVSA-2014:052 ] net-snmp security
[ MDVSA-2014:053 ] libssh security
[ MDVSA-2014:055 ] owncloud security
[ MDVSA-2014:054 ] otrs security
Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS Tim Brown
[ MDVSA-2014:056 ] apache-commons-fileupload security
[ MDVSA-2014:057 ] mediawiki security
[security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code security-alert

Friday, 14 March

[SECURITY] [DSA 2878-1] virtualbox security update Moritz Muehlenhoff
[security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges security-alert
[ MDVSA-2014:058 ] freeradius security
ActiVPN launches its security bug bounty Ninja ActiVPN
[CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution Julien Ahrens
[SECURITY] [DSA 2879-1] libssh security update Raphael Geissert
[slackware-security] samba (SSA:2014-072-01) Slackware Security Team
NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode NCC Group Research
Multiple Vulnerabilities in SeedDMS < = 4.3.3 craig . arendt
[ MDVSA-2014:059 ] php security
[ MDVSA-2014:060 ] imapsync security

Monday, 17 March

[ MDVSA-2014:061 ] oath-toolkit security
[slackware-security] php (SSA:2014-074-01) Slackware Security Team
exploit for old rlpdaemon bug Nomen Nescio
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service submit
Open-Xchange Security Advisory 2014-03-17 Martin Braun
[ MDVSA-2014:062 ] webmin security
[ MDVSA-2014:064 ] udisks security
[ MDVSA-2014:063 ] x2goserver security
[SECURITY] [DSA 2880-1] python2.7 security update Moritz Muehlenhoff

Tuesday, 18 March

=?utf-7?Q?Microsoft Forefront Protection for Exchange Server detected a virus?= ForefrontServerProtection
2014 World Conference on IST - Madeira Island, April 15-17 ML

Wednesday, 19 March

ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability Security Alert
(CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE) Fernando Gont
Cross-Site Scripting (XSS) in CMSimple High-Tech Bridge Security Research
[SECURITY] [DSA 2881-1] iceweasel security update Moritz Muehlenhoff
Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability Cisco Systems Product Security Incident Response Team

Thursday, 20 March

[SECURITY] [DSA 2859-2] pidgin security update Raphael Geissert
Shakacon 2014: Call for Papers - Deadline April 11th Shakacon
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[ MDVSA-2014:065 ] apache security
[SECURITY] [DSA 2882-1] extplorer security update Giuseppe Iuculano
[ MDVSA-2014:066 ] nss security

Friday, 21 March

NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation NCC Group Research

Monday, 24 March

[SECURITY] [DSA 2883-1] chromium-browser security update Michael Gilbert
c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference
CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting Daniel Marques
ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Cras h Vulnerability Security Alert
Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti CERT
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga CERT
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk CERT
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability CERT
[SECURITY] [DSA 2873-2] file regression update Salvatore Bonaccorso

Tuesday, 25 March

[oCERT-2014-002] Xalan-Java insufficient secure processing Andrea Barisani
MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently) Dieyu
[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13 Eric Flokstra
CVE-2013-6955 Synology DSM remote code execution tiamat451
[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code security-alert

Wednesday, 26 March

Web Egg Hunting Game - Hacky Easter Ivan Buetler
[security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access security-alert
VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own) VUPEN Security Research
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) VUPEN Security Research
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own) VUPEN Security Research
ESA-2014-015: RSA® Authentication Manager Cross Frame Sc ripting Vulnerability Security Alert
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) Roee Hay
[SECURITY] [DSA 2884-1] libyaml security update Salvatore Bonaccorso
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update Salvatore Bonaccorso
[SECURITY] [DSA 2886-1] libxalan2-java security update Florian Weimer

Friday, 28 March

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities Security Alert
[oCERT-2014-003] LibYAML input sanitization errors Andrea Barisani
Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities Vulnerability Lab
Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability Vulnerability Lab
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab
Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab
My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability Vulnerability Lab
ES746 DELL Support-Bulletin - EMS Vulnerability Resolved Vulnerability Lab
ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[security bulletin] HPSBST02968 rev.2 - HP StoreOnce, Remote Unauthorized Access security-alert
[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update Moritz Muehlenhoff
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update Moritz Muehlenhoff
[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration RedTeam Pentesting GmbH
[SECURITY] [DSA 2889-1] postfixadmin security update Thijs Kinkhorst
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator SEC Consult Vulnerability Lab
iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk CERT

Monday, 31 March

[slackware-security] mozilla-thunderbird (SSA:2014-086-05) Slackware Security Team
[slackware-security] mozilla-nss (SSA:2014-086-04) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2014-086-03) Slackware Security Team
[slackware-security] openssh (SSA:2014-086-06) Slackware Security Team
[slackware-security] curl (SSA:2014-086-01) Slackware Security Team
[slackware-security] seamonkey (SSA:2014-086-07) Slackware Security Team
[slackware-security] httpd (SSA:2014-086-02) Slackware Security Team
[SECURITY] [DSA 2890-1] libspring-java security update Florian Weimer
[SECURITY] [DSA 2891-1] mediawiki security update Thijs Kinkhorst
PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities Vulnerability Lab
PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560) Jason Ostrom
[SECURITY] [DSA 2891-2] mediawiki regression update Thijs Kinkhorst
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault