Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
145 messages
starting Aug 26 14 and
ending Aug 25 14
Date index |
Thread index |
Author index
advisories
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification advisories (Aug 26)
Andrea Barisani
[oCERT-2014-006] Ganeti insecure archive permission Andrea Barisani (Aug 13)
Anthony Dubuissez
Re: ownCloud Unencrypted Private Key Exposure Anthony Dubuissez (Aug 06)
Apple Product Security
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 Apple Product Security (Aug 14)
Benjamin Kaduk
MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend Benjamin Kaduk (Aug 11)
CERT
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities CERT (Aug 20)
Choulat, Trace
RE: ownCloud Unencrypted Private Key Exposure - version (6.0.4) reported not vulnerable Choulat, Trace (Aug 06)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 07)
cseye_ut
DNN(DotNetNuke�) Ribbon Bar Control Panel Bad Access Level config cseye_ut (Aug 25)
DNN(DotNetNuke�) Iconbar Control Panel Bad Access Level config cseye_ut (Aug 25)
MEHR Automation System Arbitrary File Download Vulnerability(persian portal) cseye_ut (Aug 25)
David Kaplan
(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities David Kaplan (Aug 07)
Dirk-Willem van Gulik
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack Dirk-Willem van Gulik (Aug 18)
Disclosure
Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Disclosure (Aug 28)
ehoward
SaaS Marketing platform Hubspot export vulnerability ehoward (Aug 27)
Fernando Gont
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks Fernando Gont (Aug 27)
DoS attacks (ICMPv6-based) resulting from IPv6 EH drops Fernando Gont (Aug 22)
Florian Weimer
[SECURITY] [DSA 3013-1] s3ql security update Florian Weimer (Aug 28)
[SECURITY] [DSA 3012-1] eglibc security update Florian Weimer (Aug 27)
Frank Stanek
Re: ownCloud Unencrypted Private Key Exposure Frank Stanek (Aug 07)
Re: ownCloud Unencrypted Private Key Exposure Frank Stanek (Aug 05)
Georg Lukas
CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java Georg Lukas (Aug 06)
Gregory Pickett
CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service Gregory Pickett (Aug 12)
h1kari
ToorCon 16 Call For Papers! h1kari (Aug 21)
Herbert Duerr
CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability Herbert Duerr (Aug 22)
CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects Herbert Duerr (Aug 22)
High-Tech Bridge Security Research
Reflected Cross-Site Scripting (XSS) in Jamroom High-Tech Bridge Security Research (Aug 13)
SQL Injection Vulnerability in ArticleFR High-Tech Bridge Security Research (Aug 20)
Info RiseCON
[Call For Papers] RiseCON - Rosario, Argentina Info RiseCON (Aug 20)
Jack Brennan
Re: ownCloud Unencrypted Private Key Exposure Jack Brennan (Aug 06)
jackie
Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30) jackie (Aug 27)
ICETC2014 - IEEE Extended Submission until Aug. 28, 2014 jackie (Aug 20)
Jacopo Cappellato
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability Jacopo Cappellato (Aug 19)
Jamie Riden
IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915) Jamie Riden (Aug 12)
Kenny Mathis
TomatoCart v1.x (latest-stable) Multiple Vulnerabilities Kenny Mathis (Aug 07)
Marcel Kinard
Apache Cordova 3.5.1 Marcel Kinard (Aug 05)
Apache Cordova 3.5.1: CVE-2014-3502 update Marcel Kinard (Aug 12)
Michal Zalewski
(kind of) new tool: american fuzzy lop Michal Zalewski (Aug 07)
Mike Antcliffe
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities] Mike Antcliffe (Aug 05)
mike . manzotti
Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities mike . manzotti (Aug 05)
Mikhail A. Utin
RE: ownCloud Unencrypted Private Key Exposure Mikhail A. Utin (Aug 07)
RE: ownCloud Unencrypted Private Key Exposure Mikhail A. Utin (Aug 07)
ML
[WorldCIST'15]: Call for Workshops Proposals - Proceedings by Springer ML (Aug 08)
Moritz Muehlenhoff
[SECURITY] [DSA 3009-1] python-imaging security update Moritz Muehlenhoff (Aug 22)
[SECURITY] [DSA 3006-1] xen security update Moritz Muehlenhoff (Aug 18)
[SECURITY] [DSA 3002-1] wireshark security update Moritz Muehlenhoff (Aug 11)
[SECURITY] [DSA 2940-1] libstruts1.2-java security update Moritz Muehlenhoff (Aug 21)
[SECURITY] [DSA 2996-1] icedove security update Moritz Muehlenhoff (Aug 04)
[SECURITY] [DSA 3007-1] cacti security update Moritz Muehlenhoff (Aug 20)
[SECURITY] [DSA 3003-1] libav security update Moritz Muehlenhoff (Aug 11)
[SECURITY] [DSA 3004-1] kde4libs security update Moritz Muehlenhoff (Aug 11)
np
Microsoft Exchange Multiple Vulnerabilities np (Aug 04)
nullcon
nullcon CFP is open nullcon (Aug 07)
paul . szabo
Mathematica10.0.0 on Linux /tmp/MathLink vulnerability paul . szabo (Aug 27)
Pedro Ribeiro
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro (Aug 28)
Portcullis Advisories
CVE-2014-4973 - Privilege Escalation in ESET Windows Products Portcullis Advisories (Aug 20)
CVE-2014-5307 - Privilege Escalation in Panda Security Products Portcullis Advisories (Aug 20)
CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall Portcullis Advisories (Aug 05)
Raphael Geissert
[SECURITY] [DSA 2994-1] nss security update Raphael Geissert (Aug 01)
[SECURITY] [DSA 2984-2] acpi-support regression update Raphael Geissert (Aug 12)
[SECURITY] [DSA 2998-1] openssl security update Raphael Geissert (Aug 07)
rg
[CVE-2014-5335] CSRF in Innovaphone PBX rg (Aug 22)
Romano, Christian
Sierra Library Services Platform Multiple Vulnerability Disclosure Romano, Christian (Aug 29)
ArcGIS for Server Vulnerability Disclosure Romano, Christian (Aug 21)
Encore Discovery Solution Multiple Vulnerability Disclosure Romano, Christian (Aug 27)
Salvatore Bonaccorso
[SECURITY] [DSA 3011-1] mediawiki security update Salvatore Bonaccorso (Aug 25)
[SECURITY] [DSA 3010-1] python-django security update Salvatore Bonaccorso (Aug 25)
[SECURITY] [DSA 3005-1] gpgme1.0 security update Salvatore Bonaccorso (Aug 14)
[SECURITY] [DSA 2993-1] tor security update Salvatore Bonaccorso (Aug 01)
[SECURITY] [DSA 3008-2] php5 regression update Salvatore Bonaccorso (Aug 22)
[SECURITY] [DSA 2997-1] reportbug security update Salvatore Bonaccorso (Aug 06)
[SECURITY] [DSA 2995-1] lzo2 security update Salvatore Bonaccorso (Aug 04)
[SECURITY] [DSA 3014-1] squid3 security update Salvatore Bonaccorso (Aug 28)
[SECURITY] [DSA 2999-1] drupal7 security update Salvatore Bonaccorso (Aug 11)
[SECURITY] [DSA 3008-1] php5 security update Salvatore Bonaccorso (Aug 21)
[SECURITY] [DSA 3001-1] wordpress security update Salvatore Bonaccorso (Aug 11)
[SECURITY] [DSA 3000-1] krb5 security update Salvatore Bonaccorso (Aug 11)
SEC Consult Vulnerability Lab
SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director SEC Consult Vulnerability Lab (Aug 05)
SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting SEC Consult Vulnerability Lab (Aug 28)
Securify B.V.
Outlook.com for Android fails to validate server certificates Securify B.V. (Aug 18)
security
[ MDVSA-2014:151 ] cups security (Aug 07)
[ MDVSA-2014:150 ] tor security (Aug 07)
[ MDVSA-2014:149 ] php security (Aug 06)
[ MDVSA-2014:158 ] openssl security (Aug 08)
[ MDVSA-2014:156 ] ocsinventory security (Aug 08)
[ MDVSA-2014:152 ] glibc security (Aug 07)
[ MDVSA-2014:157 ] ipython security (Aug 08)
BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04] security (Aug 13)
[ MDVSA-2014:153 ] mediawiki security (Aug 07)
[ MDVSA-2014:155 ] kernel security (Aug 07)
[ MDVSA-2014:147 ] sendmail security (Aug 01)
[ MDVSA-2014:145 ] php-ZendFramework security (Aug 01)
[ MDVSA-2014:148 ] dbus security (Aug 01)
[ MDVSA-2014:154 ] readline security (Aug 07)
[ MDVSA-2014:159 ] wireshark security (Aug 08)
Re: SaaS Marketing platform Hubspot export vulnerability security (Aug 28)
[ MDVSA-2014:146 ] file security (Aug 01)
Security Alert
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities Security Alert (Aug 19)
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities Security Alert (Aug 19)
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability Security Alert (Aug 19)
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities Security Alert (Aug 19)
ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability Security Alert (Aug 26)
ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability Security Alert (Aug 08)
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities Security Alert (Aug 19)
security-alert
[security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information security-alert (Aug 12)
[security bulletin] HPSBMU03081 rev.1 - HP Enterprise Maps, Remote Information Disclosure security-alert (Aug 01)
[security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege security-alert (Aug 06)
[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 20)
[security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities security-alert (Aug 08)
[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities security-alert (Aug 26)
[security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information security-alert (Aug 05)
[security bulletin] HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Aug 05)
[security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access security-alert (Aug 20)
[security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access security-alert (Aug 20)
[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 20)
[security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Aug 22)
[security bulletin] HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code security-alert (Aug 08)
[security bulletin] HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege security-alert (Aug 08)
[security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information security-alert (Aug 13)
[security bulletin] HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access security-alert (Aug 08)
[security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities security-alert (Aug 20)
[security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities security-alert (Aug 25)
[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code security-alert (Aug 14)
Senderek Web Security
ownCloud Unencrypted Private Key Exposure Senderek Web Security (Aug 04)
Slackware Security Team
[slackware-security] dhcpcd (SSA:2014-213-02) Slackware Security Team (Aug 04)
[slackware-security] openssl (SSA:2014-220-01) Slackware Security Team (Aug 11)
[slackware-security] samba (SSA:2014-213-01) Slackware Security Team (Aug 04)
Stefan Kanthak
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more) Stefan Kanthak (Aug 18)
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs Stefan Kanthak (Aug 18)
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more) Stefan Kanthak (Aug 18)
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files Stefan Kanthak (Aug 08)
Steffen Bauch
ntopng 1.2.0 XSS injection using monitored network traffic Steffen Bauch (Aug 26)
submit
C++11 <regex> insecure by default submit (Aug 01)
tekwizz123
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request tekwizz123 (Aug 18)
Vulnerability Lab
Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability Vulnerability Lab (Aug 05)
Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707) Vulnerability Lab (Aug 25)
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Aug 04)
Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability Vulnerability Lab (Aug 01)
Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699) Vulnerability Lab (Aug 25)
PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability Vulnerability Lab (Aug 06)
Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities Vulnerability Lab (Aug 08)
TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities Vulnerability Lab (Aug 01)
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability Vulnerability Lab (Aug 04)
PhotoSync v2.2 iOS - Command Inject Web Vulnerability Vulnerability Lab (Aug 06)
WorldCIST
[WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc. WorldCIST (Aug 25)