Home page logo
/

273 messages starting Feb 01 14 and ending Feb 28 14
Date index | Thread index | Author index

Saturday, 01 February

Vulnerabilities in Contact Form 7 for WordPress MustLive

Sunday, 02 February

CVE-2014-1213 - Denial of Service in Sophos Anti Virus advisories
CVE-2014-1610 description incorrect Brandon Perry
Bypass the Stop User Enumeration WordPress Plugin Andrew Horton
Router D-Link DIR-100 Multiple Vulnerabilities root
[CVE-2014-1403] DOM XSS in EasyXDM 2.4.18 Krzysztof Kotowicz
MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610) Pichaya Morimoto
Revision 1 (PoC added): MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610) Pichaya Morimoto
[SECURITY] [DSA 2851-1] drupal6 security update Salvatore Bonaccorso
Jetro Cockpit Secure Browsing vulnerability - remote code execution on all enterprise workstations simultaneously Ronen Z

Tuesday, 04 February

pMap v1.10 Gregory Pickett
Various Vulnerabilities - SiteCore CMS / Mura CMS / Ektron CMS / SmarterMail / Yahoo / Paypal Mark Litchfield
Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield
[CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Pedro Ribeiro
[CVE-2014-1836] Arbitrary file deletion in ImpressCMS < 1.3.6 and two XSS issues Pedro Ribeiro
XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 (CVE-2013-7181) William Costa
Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ( CVE-2013-7182) William Costa
H2HC 10 - FX Keynote Video is Up Rodrigo Rubira Branco (BSDaemon)

Wednesday, 05 February

Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration security curmudgeon
Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration security curmudgeon
Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration security curmudgeon
Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield
Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield
Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield
Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield
Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Benji
CVE-2014-1237 (XSS in i-doit Pro) Stephan Rickauer
Happy chines new year kaveh ghaemmaghami
[SECURITY] [DSA 2854-1] mumble security update Salvatore Bonaccorso
[SECURITY] [DSA 2855-1] libav security update Moritz Muehlenhoff
[Security-news] SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure security-news
[Security-news] SA-CONTRIB-2014-010 Services - Access Bypass and Privilege Escalation security-news
[Security-news] SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure security-news
Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Randal T. Rioux
CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability CORE Advisories Team
[Security-news] SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS) security-news

Thursday, 06 February

[SECURITY] [DSA 2853-1] horde3 security update Luciano Bello
[ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail ISecAuditors Security Advisories
[CVE-2013-2055] Apache Wicket information disclosure vulnerability Martin Grigorov
Core FTP Server Vulnerabilities Rustein, Fara Denise (LATCO - Buenos Aires)
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Egidio Romano
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Mark Thomas
German Telekom Bug Bounty #9 - Code Execution Vulnerability Vulnerability Lab
German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability Vulnerability Lab
German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability Vulnerability Lab
[SECURITY] [DSA 2852-1] libgadu security update Florian Weimer

Friday, 07 February

CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin advisories
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Egidio Romano
Information on recently-fixed Oracle VM VirtualBox vulnerabilities Matthew Daley
Visa (Europe) XSS Vulnerability Nicholas Lemonias.
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Mario Vilas
gpEasy v4.3.x CMS - Multiple Web Vulnerabilities Vulnerability Lab
Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability Vulnerability Lab
New vulnerabilities in Google Maps plugin for Joomla MustLive
[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update Florian Weimer

Saturday, 08 February

Bank of the West security contact? Kristian Erik Hermansen
Re: Bank of the West security contact? Jeffrey Walton
Re: Bank of the West security contact? Jeffrey Walton
Re: Bank of the West security contact? Justin Ferguson
Re: Bank of the West security contact? Jann Horn
Re: Bank of the West security contact? Jeffrey Walton
Re: Bank of the West security contact? Justin Ferguson
Re: Bank of the West security contact? Jeffrey Walton
Re: Bank of the West security contact? Justin Ferguson
Re: Bank of the West security contact? Jeffrey Walton
Re: Bank of the West security contact? Justin Ferguson
Re: Bank of the West security contact? Jeffrey Walton
Re: Bank of the West security contact? Justin Ferguson
Re: Bank of the West security contact? Justin Ferguson
Re: Bank of the West security contact? Jeffrey Walton
Re: extension for Firefox to force HTTPS always? Kristian Erik Hermansen
[SECURITY] [DSA 2857-1] libspring-java security update Moritz Muehlenhoff
Re: Bank of the West security contact? Daniel Wood
Re: Bank of the West security contact? Justin Ferguson
Fwd: Re: Bank of the West security contact? Justin Ferguson
Fwd: Re: [CVE-2013-6986] Insecure Data Storage in Subway Ordering Justin Ferguson
Fwd: Fwd: Re: [CVE-2013-6986] Insecure Data Storage in Subway Ordering kaveh ghaemmaghami
Re: Bank of the West security contact? Jeffrey Walton

Sunday, 09 February

Re: Fwd: Re: Bank of the West security contact? doxingtheidiots
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Egidio Romano
Re: Fwd: Re: Bank of the West security contact? Justin Ferguson
Re: Fwd: Re: Bank of the West security contact? Justin Ferguson
Re: Fwd: Re: Bank of the West security contact? Jeffrey Walton
Re: Fwd: Re: Bank of the West security contact? Justin Ferguson

Monday, 10 February

DoS via tables corruption in WordPress MustLive
Re: DoS via tables corruption in WordPress Aris Adamantiadis
Re: DoS via tables corruption in WordPress Harry Metcalfe
[SECURITY] [DSA 2858-1] iceweasel security update Moritz Muehlenhoff
OT 11.Feb.2014 declared 'The Day we Fight Back' against NSA et al Georgi Guninski
Re: OT 11.Feb.2014 declared 'The Day we Fight Back' against NSA et al Georgi Guninski
Re: OT 11.Feb.2014 declared 'The Day we Fight Back' against NSA et al Georgi Guninski
[SECURITY] [DSA 2859-1] pidgin security update Moritz Muehlenhoff

Tuesday, 11 February

Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843] Rustein, Fara Denise (LATCO - Buenos Aires)
TWSL2014-003: Blind SQL Injection Vulnerability in Tableau Server Trustwave Advisories
Reflected XSS Attacks vulnerabilities in Symantec WEB Gateway 5.1.1.24 (CVE-2013-5013) William Costa
WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Re: DoS via tables corruption in WordPress Andrew Nacin
Freepbx , php code execution exploit 0u7 5m4r7
Re: DoS via tables corruption in WordPress Aris Adamantiadis
[ MDVSA-2014:025 ] pidgin security
0x07 SEC-T.org 2014 CALL FOR PAPERS Process Start Mattias Bååth
[SECURITY] [DSA 2860-1] parcimonie security update Salvatore Bonaccorso

Wednesday, 12 February

[Call for Papers] (And Call for Mentors) Proving Ground Speaker Development Program BSidesLV Info
[SECURITY] [DSA 2850-2] libyaml regression update Salvatore Bonaccorso
Multiple vulnerabilities in NETGEAR N300 WIRELESS ADSL2+ MODEM ROUTER DGN2200 Horton, Andrew (AU Melbourne)
Barracuda Load Balancer Remote Authenticated Root Brandon Perry
Work Practices of Cyber Security Professionals Muhammad Adnan
Re: DoS via tables corruption in WordPress Timothy Goddard
Reflected XSS Attacks vulnerabilities in DELL SonicWALL Universal Management Suite v7.1 (CVE-2014-0332) William Costa
jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014 Shay Chen
List Charter John Cartwright
Re: Freepbx , php code execution exploit Rob Thomas
[ MDVSA-2014:026 ] openldap security
Re: DoS via tables corruption in WordPress (Timothy Goddard) Mikhail A. Utin
Re: DoS via tables corruption in WordPress MustLive
Re: DoS via tables corruption in WordPress Harry Metcalfe
CVE-2014-1221 - Local Code Execution in Dameware Mini Remote Control Portcullis Advisories
CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option Portcullis Advisories
yahoo open redirect vulnerability full disclosur Jing Wang
Re: DoS via tables corruption in WordPress Aris Adamantiadis
Re: DoS via tables corruption in WordPress MustLive
[ MDVSA-2014:027 ] php security
Ebay, Inc Bug Bounty - GoStoreGo Administrative Authentication Bypass to all online stores Mark Litchfield
Re: DoS via tables corruption in WordPress jen140
[Security-news] SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass security-news
[Security-news] SA-CONTRIB-2014-015 - FileField - Access Bypass security-news
[Security-news] SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability security-news
[Security-news] SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS) security-news
[Security-news] SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS) security-news

Thursday, 13 February

[ MDVSA-2014:028 ] mariadb security
[ MDVSA-2014:029 ] mysql security
DAVOSET v.1.1.7 MustLive

Friday, 14 February

[ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com) ISecAuditors Security Advisories
Critical security flaws in Nagios NRPE client/server crypto Aaron Zauner
CVE-2012-2627 not *really* fixed Brandon Perry
Re: yahoo open redirect vulnerability full disclosur Ronny Vasquez
Re: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option Williams, James K
[ MDVSA-2014:031 ] drupal security
[ MDVSA-2014:032 ] flite security
[ MDVSA-2014:033 ] socat security
[ MDVSA-2014:034 ] yaml security

Saturday, 15 February

CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger Portcullis Advisories
CVE-2014-1220 - Disclosure Of Database Credentials in IT2 Workstation Portcullis Advisories
Office Assistant Pro v2.2.2 iOS - File Include Vulnerability Vulnerability Lab
mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab
File Hub v1.9.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab

Sunday, 16 February

XSS and CS vulnerabilities in DSMS MustLive
[SECURITY] [DSA 2861-1] file security update Salvatore Bonaccorso

Monday, 17 February

Shopify (Bug Bounty) - XML External Entity Vulnerability Mark Litchfield
[SECURITY] [DSA 2862-1] chromium-browser security update Michael Gilbert
SQL Injection i-doit Pro (CVE-2014-1597) Stephan Rickauer
Re: DoS via tables corruption in WordPress Harry Metcalfe
[ MDVSA-2014:035 ] libpng security
My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities Vulnerability Lab
Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec cfp2014
[ MDVSA-2014:036 ] varnish security
[ MDVSA-2014:037 ] ffmpeg security
[ MDVSA-2014:038 ] kernel security

Tuesday, 18 February

Re: CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger Tim Brown
My experiences with the GiftCards.com Bug Bounty Program Stefan Schurtz
SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab
[WooYun-2014-00049] Mac osx & ios Kernel Module Uninitialization En.wooyun.org
RootedArena 2014: Information Omar Benbouazza
Re: 0x07 SEC-T.org 2014 CALL FOR PAPERS Process Start NEW CONFERENCE DATES! Mattias Bååth
[ MDVSA-2014:039 ] libgadu security
[ MDVSA-2014:040 ] puppet security
Three vulnerabilities in BP Group Documents 1.2.1 (WordPress plugin) Harry Metcalfe
Directory traversal in NextGEN Gallery 2.0.0 (WordPress plugin) Harry Metcalfe

Wednesday, 19 February

CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server Portcullis Advisories
[SECURITY] [DSA 2863-1] libtar security update Luciano Bello
CA20140218-01: Security Notice for CA 2E Web Option Williams, James K
Sinopec Ltd. (XSS) Web App Vulnerabilities Nicholas Lemonias.
CISCO Systems Inc. Security Report, Web App Vulnerabilities (XSS) Nicholas Lemonias.
[ MDVSA-2014:041 ] python security
[ MDVSA-2014:042 ] tomcat6 security
Barracuda Message Archiver 650 - Persistent Web Vulnerability Vulnerability Lab
[ MDVSA-2014:043 ] gnutls security
Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Cisco Systems Product Security Incident Response Team
A question for the list - WordPress plugin inspections Harry Metcalfe
VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution Julien Ahrens
[Security-news] SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2014-022 - Slickgrid - Access bypass security-news
Re: A question for the list - WordPress plugin inspections Seth Arnold
[ MDVSA-2014:044 ] zarafa security
Re: A question for the list - WordPress plugin inspections Harry Metcalfe
GrrCON 2014 CFP chris.payne
Re: A question for the list - WordPress plugin inspections Thomas MacKenzie
CVE-2014-0053 Information Disclosure when using Grails Pivotal Security Team
RC Trojan 1.1d (Undetected) ICSS Security

Thursday, 20 February

[HITB-Announce] Haxpo CFP Hafez Kamal
Re: A question for the list - WordPress plugin inspections Henri Salo
Re: RC Trojan 1.1d (Undetected) Źmicier Januszkiewicz
Re: A question for the list - WordPress plugin inspections Jerome Athias
Re: A question for the list - WordPress plugin inspections Harry Metcalfe
[CVE-2014-2027] PHP objection insertion / arbitrary file deletion / possible RCE in egroupware <= 1.8.005 Pedro Ribeiro
Re: A question for the list - WordPress plugin inspections Jerome Athias
Barracuda Bug Bounty #30 Firewall - Multiple Persistent Web Vulnerabilities Vulnerability Lab
[ MDVSA-2014:045 ] libtar security
Re: RC Trojan 1.1d (Undetected) ICSS Security
[SECURITY] [DSA 2864-1] postgresql-8.4 security update Moritz Muehlenhoff
[SECURITY] [DSA 2865-1] postgresql-9.1 security update Moritz Muehlenhoff
[OT] pls ignore Gaurang Pandya

Friday, 21 February

Re: [OT] pls ignore Pedro Worcel
DC4420 meeting Tuesday, 25th February 2014 Tony Naggs
Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability Vulnerability Lab
[ MDVSA-2014:046 ] phpmyadmin security
CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab
44CON 2014 September 11th - 12th CFP Steve
[ MDVSA-2014:047 ] postgresql security
Google XXE Vulnerability Mark Litchfield
Re: DoS via tables corruption in WordPress MustLive

Saturday, 22 February

CVE-2014-1223 - Cross-site Scripting in Telligent Evolution Portcullis Advisories
[CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files peng . deng
ASUS router drive-by code execution via XSS and authentication bypass Harry Sintonen
Re: [OT] pls ignore Trevor Bergeron
temporary file creation vulnerability in Redis Matthew Hall
[SECURITY] [DSA 2866-1] gnutls26 security update Salvatore Bonaccorso
Apple SSL fail imipak
Re: Apple SSL fail Reed Black

Sunday, 23 February

Re: [OT] pls ignore Rick Olson
Re: [OT] pls ignore Michal Zalewski
Multiple vulnerabilities in JoomLeague for Joomla MustLive
[SECURITY] [DSA 2867-1] otrs2 security update Salvatore Bonaccorso

Monday, 24 February

Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Larry W. Cashdollar
Re: [SECURITY] [DSA 2867-1] otrs2 security update Milan Berger
Re: [OT] pls ignore Gynvael Coldwind
Freepbx 2.x , Command Execution vuln 0u7 5m4r7
Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability Vulnerability Lab
JORJWEB Ltda (all versions) - SQL Injection Vulnerability Vulnerability Lab
WiFiles HD v1.3 iOS - File Include Web Vulnerability Vulnerability Lab
Re: Freepbx 2.x , Command Execution vuln Rob Thomas

Tuesday, 25 February

[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled Mark Thomas
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service) Mark Thomas
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) Mark Thomas
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications Mark Thomas
Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities Vulnerability Lab
Private Camera Pro v5.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
[RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard RedTeam Pentesting GmbH
MS 2k8 DNS server trivial DDoS contributor Pedro Luis Karrasquillo
Re: MS 2k8 DNS server trivial DDoS contributor Georgi Guninski
Hacking in Schools Pete Herzog
Multiple vulnerabilities in Joomla-Base MustLive
Re: Hacking in Schools Brandon Perry
Re: Hacking in Schools Hinky Dink
Re: Hacking in Schools Benji

Wednesday, 26 February

Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability Vulnerability Lab
Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
[Security-news] SA-CONTRIB-2014-023 - Project Issue File Review - XSS security-news
[Security-news] SA-CONTRIB-2014-025 - Open Omega - Access Bypass security-news
[Security-news] SA-CONTRIB-2014-024 - Content Lock - CSRF security-news
Microsoft DNS server unwitting DDoS contributor Pedro Luis Karrasquillo
Re: Hacking in Schools Paul Ammann
British Sky Broadcasting Corporation - Web App vulnerabilities (XSS) Nicholas Lemonias.
Re: Hacking in Schools Dan Ballance
Re: Hacking in Schools Sanguinarious Rose
[Security-news] SA-CONTRIB-2014-026 - Mime Mail - Access bypass security-news
Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability Vulnerability Lab

Thursday, 27 February

SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System) SEC Consult Vulnerability Lab
Bluetooth Photo Share Pro v2.0 iOS - Multiple Vulnerabilities Vulnerability Lab
Telekom Bug Bounty #12 - File Include Web Vulnerability Vulnerability Lab
Update: CVE-2014-0053 Information Disclosure when using Grails Pivotal Security Team
Web App Sec: (AT&T Corporation) former American Telecommunication & Telegraph Vulnerabilities (Cross-Site Scripting / OWASP Top 10) Nicholas Lemonias.

Friday, 28 February

SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch SEC Consult Vulnerability Lab
SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server SEC Consult Vulnerability Lab
Whonix Anonymous Operating System Version 8 Released! Patrick Schleizer
Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability Vulnerability Lab
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]