Home page logo
/

159 messages starting May 20 14 and ending May 05 14
Date index | Thread index | Author index

Alexandre Herzog

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001] Alexandre Herzog (May 20)

Apple Product Security

APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3 Apple Product Security (May 15)
APPLE-SA-2014-05-15-2 iTunes 11.2 Apple Product Security (May 16)
APPLE-SA-2014-05-16-1 iTunes 11.2.1 Apple Product Security (May 19)
APPLE-SA-2014-15-20-1 OS X Server 3.1.2 Apple Product Security (May 21)
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Apple Product Security (May 22)

cfp

Ruxcon 2014 Call For Papers cfp (May 05)
Breakpoint 2014 Call For Presentations cfp (May 07)

cfp-conf2014.org

call for papers- CSSE2014 cfp-conf2014.org (May 27)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players Cisco Systems Product Security Incident Response Team (May 07)
Cisco Security Advisory: Cisco Wide Area Application Services Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (May 22)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Products Cisco Systems Product Security Incident Response Team (May 22)

dann frazier

[SECURITY] [DSA 2928-1] linux-2.6 security update dann frazier (May 15)

Dolev Farhi

Multiple Stored XSS in FOG Image deployment system - FD Dolev Farhi (May 13)
FD - Cobbler Arbitrary File Read CVE-2014-3225 Dolev Farhi (May 13)

edge

Construtiva CIS Manager CMS POST SQLi edge (May 20)

Egidio Romano

[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability Egidio Romano (May 22)
[KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability Egidio Romano (May 22)
[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability Egidio Romano (May 22)

Eric Reed

Re: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact Eric Reed (May 02)

Florian Weimer

[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update Florian Weimer (May 16)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-14:10.openssl FreeBSD Security Advisories (May 15)

Giuseppe Iuculano

[SECURITY] [DSA 2932-1] qemu security update Giuseppe Iuculano (May 19)
[SECURITY] [DSA 2933-1] qemu-kvm security update Giuseppe Iuculano (May 20)

harun . esur

Bilyoner mobile apps prone to various SSL/TLS attacks harun . esur (May 15)

High-Tech Bridge Security Research

Cross-Site Scripting (XSS) in Offiria High-Tech Bridge Security Research (May 07)
CSRF and Remote Code Execution in EGroupware High-Tech Bridge Security Research (May 15)
Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel High-Tech Bridge Security Research (May 16)
Multiple vulnerabilities in Sharetronix High-Tech Bridge Security Research (May 28)

iedb . team

OpenCart 1.5.6.4 Directory Traversal Vulnerability iedb . team (May 29)
Mybb Sendthread Page Denial of Service Vulnerability iedb . team (May 29)

info sec

Wordpress Booking System (Booking Calendar) plugin SQL Injection info sec (May 21)

James Renken

SSH key cloning problem in OnApp templates James Renken (May 09)

john . fitzpatrick

[CVE-2014-0749] TORQUE Buffer Overflow john . fitzpatrick (May 15)

jpecou

Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier jpecou (May 08)

kyle Lovett

Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure kyle Lovett (May 22)

LSE Leading Security Experts GmbH \(Security Advisories\)

LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability LSE Leading Security Experts GmbH \(Security Advisories\) (May 28)

Lukasz Lenart

[ANN] Struts 2.3.16.3 GA release available - security fix Lukasz Lenart (May 05)

Mark Thomas

[SECURITY] CVE-2014-0075 Apache Tomcat denial of service Mark Thomas (May 28)
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure Mark Thomas (May 28)
[SECURITY] CVE-2014-0095 Apache Tomcat denial of service Mark Thomas (May 28)
[SECURITY] CVE-2014-0097 Apache Tomcat information disclosure Mark Thomas (May 28)
[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure Mark Thomas (May 28)
Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure Mark Thomas (May 28)

Matteo Beccati

[REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability Matteo Beccati (May 15)

Micha Borrmann

CVE-2014-2845 - Cyberduck (Windows): Failure validating some certificates (using FTP-SSL) with untrusted root certificate authority Micha Borrmann (May 06)
FTP Rush: missing X.509 validation (FTP with TLS) Micha Borrmann (May 20)

Michael Gilbert

[SECURITY] [DSA 2920-1] chromium-browser security update Michael Gilbert (May 05)
[SECURITY] [DSA 2930-1] chromium-browser security update Michael Gilbert (May 19)

Moritz Muehlenhoff

[SECURITY] [DSA 2923-1] openjdk-7 security update Moritz Muehlenhoff (May 05)
[SECURITY] [DSA 2924-1] icedove security update Moritz Muehlenhoff (May 05)
[SECURITY] [DSA 2925-1] rxvt-unicode security update Moritz Muehlenhoff (May 08)
[SECURITY] [DSA 2926-1] linux security update Moritz Muehlenhoff (May 12)
[SECURITY] [DSA 2931-1] openssl security update Moritz Muehlenhoff (May 19)
[SECURITY] [DSA 2935-1] libgadu security update Moritz Muehlenhoff (May 22)
[SECURITY] [DSA 2937-1] mod-wsgi security update Moritz Muehlenhoff (May 28)
[SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze Moritz Muehlenhoff (May 28)

Portcullis Advisories

CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler Portcullis Advisories (May 06)
CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler Portcullis Advisories (May 06)
CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX Portcullis Advisories (May 06)
CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 Portcullis Advisories (May 13)
CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS Portcullis Advisories (May 21)
CVE-2014-3450 - Privilege Escalation in Panda Security Portcullis Advisories (May 21)
CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS Portcullis Advisories (May 21)
CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS Portcullis Advisories (May 21)
CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages Portcullis Advisories (May 28)

RedTeam Pentesting GmbH

[RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW RedTeam Pentesting GmbH (May 08)
[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script RedTeam Pentesting GmbH (May 29)
[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script RedTeam Pentesting GmbH (May 29)

Rene Gielen

[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact Rene Gielen (May 02)

Salvatore Bonaccorso

[SECURITY] [DSA 2919-1] mysql-5.5 security update Salvatore Bonaccorso (May 05)
[SECURITY] [DSA 2927-1] libxfont security update Salvatore Bonaccorso (May 15)
[SECURITY] [DSA 2934-1] python-django security update Salvatore Bonaccorso (May 20)
[SECURITY] [DSA 2936-1] torque security update Salvatore Bonaccorso (May 23)

Scott T. Cameron

Google Compute Engine - Lateral Compromise Scott T. Cameron (May 30)
Google Compute Engine Multiple DOS Vulnerabilities Scott T. Cameron (May 30)

SEC Consult Vulnerability Lab

SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration SEC Consult Vulnerability Lab (May 08)
SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4 SEC Consult Vulnerability Lab (May 22)
SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress SEC Consult Vulnerability Lab (May 28)

security

[ MDVSA-2014:081 ] apache-mod_security security (May 08)
[ MDVSA-2014:080 ] openssl security (May 08)
[ MDVSA-2014:082 ] python-imaging security (May 08)
[ MDVSA-2014:083 ] mediawiki security (May 08)
[ MDVSA-2014:084 ] libpng security (May 12)
[ MDVSA-2014:085 ] ldns security (May 12)
[ MDVSA-2014:086 ] libxml2 security (May 12)
[ MDVSA-2014:087 ] php security (May 15)
[ MDVSA-2014:088 ] python-lxml security (May 15)
[ MDVSA-2014:089 ] nagios security (May 16)
[ MDVSA-2014:092 ] cups security (May 16)
[ MDVSA-2014:095 ] struts security (May 16)
[ MDVSA-2014:098 ] rawtherapee security (May 16)
[ MDVSA-2014:094 ] rxvt-unicode security (May 16)
[ MDVSA-2014:096 ] python-jinja2 security (May 16)
[ MDVSA-2014:102 ] mariadb security (May 16)
[ MDVSA-2014:100 ] java-1.7.0-openjdk security (May 16)
[ MDVSA-2014:103 ] wordpress security (May 16)
[ MDVSA-2014:091 ] cups security (May 16)
[ MDVSA-2014:097 ] libvirt security (May 16)
[ MDVSA-2014:099 ] dovecot security (May 16)
[ MDVSA-2014:093 ] couchdb security (May 16)
[ MDVSA-2014:101 ] owncloud security (May 16)
[ MDVSA-2014:104 ] egroupware security (May 16)

Security Alert

ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities Security Alert (May 05)
ESA-2014-027: RSA® NetWitness and RSA® Security Analyt ics Authentication Bypass Vulnerability Security Alert (May 12)
ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability Security Alert (May 13)
ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability Security Alert (May 23)
ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Script ing Vulnerabilities Security Alert (May 23)

security-alert

[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU02998 rev.3 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) security-alert (May 02)
[security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges security-alert (May 02)
[security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information security-alert (May 02)
[security bulletin] HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution security-alert (May 02)
[security bulletin] HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information security-alert (May 05)
[security bulletin] HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information security-alert (May 05)
[security bulletin] HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information security-alert (May 05)
[security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information security-alert (May 06)
[security bulletin] HPSBMU02994 rev.4 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information security-alert (May 07)
[security bulletin] HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information security-alert (May 07)
[security bulletin] HPSBMU02935 rev.3 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information security-alert (May 08)
[security bulletin] HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information security-alert (May 09)
[security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS) security-alert (May 09)
[security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information security-alert (May 09)
[security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege security-alert (May 09)
[security bulletin] HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information security-alert (May 12)
[security bulletin] HPSBMU02931 rev.6 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS) security-alert (May 12)
[security bulletin] HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information security-alert (May 13)
[security bulletin] HPSBMU02964 rev.2 - HP Service Manager, Cross-Site Scripting (XSS), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues security-alert (May 13)
[security bulletin] HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) security-alert (May 13)
[security bulletin] HPSBMU03022 rev.2 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information security-alert (May 13)
[security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remote Disclosure of Information security-alert (May 15)
[security bulletin] HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert (May 15)
[security bulletin] HPSBHF02946 rev.2 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege security-alert (May 19)
[security bulletin] HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information security-alert (May 20)
[security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS) security-alert (May 20)
[security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code security-alert (May 22)
[security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information security-alert (May 22)
[security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information security-alert (May 23)
[security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information security-alert (May 23)
[security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information security-alert (May 26)
[security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS) security-alert (May 26)
[security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code security-alert (May 27)

Slackware Security Team

[slackware-security] seamonkey (SSA:2014-131-01) Slackware Security Team (May 12)

Stefan Kanthak

Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Stefan Kanthak (May 21)
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines Stefan Kanthak (May 29)

Tomi Tuominen

t2'14: Call for Papers 2014 (Helsinki / Finland) Tomi Tuominen (May 20)

\"VMware Security Response Center\"

NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation \"VMware Security Response Center\" (May 30)

Vulnerability Lab

Paypal Inc Bug Bounty #109 MOS - Bypass & Persistent Vulnerability Vulnerability Lab (May 15)

VUPEN Security Research

VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own) VUPEN Security Research (May 26)

Williams, James K

CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability Williams, James K (May 16)

Yves-Alexis Perez

[SECURITY] [DSA 2921-1] xbuffy security update Yves-Alexis Perez (May 05)
[SECURITY] [DSA 2922-1] strongswan security update Yves-Alexis Perez (May 05)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault