Buqtraq Archiv Dezember 2013
- [security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution,
security-alert
- [SECURITY] [DSA 2807-1] links2 security update,
Moritz Muehlenhoff
- WorldCIST'14 - Submission deadline: December 7,
WorldCIST
- [Full-disclosure] [ANN] Struts 2.3.15.3 GA release available - security fix,
Lukasz Lenart
- [Full-disclosure] [CVE-2013-4295] Apache Shindig information disclosure vulnerability,
Ryan Baxter
- [Full-disclosure] NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities,
"VMware Security Response Center"
- [Full-disclosure] [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities,
Julien Ahrens
- [Full-disclosure] CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass,
CORE Advisories Team
- Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- [Full-disclosure] Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation,
Stefan Kanthak
D-Link DIR-XXX remote root access exploit.,
ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).,
ScripT setInterval(function(){for( ){alert('fixme')} } 10) /scRIpt
[SECURITY] [DSA 2808-1] openjpeg security update,
Raphael Geissert
bugs in IJG jpeg6b & libjpeg-turbo,
Michal Zalewski
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation,
"VMware Security Response Center"
[PT-2013-63] Hash Length Extension in HTMLPurifier,
noreply
Cross-Site Scripting (XSS) in Jamroom,
High-Tech Bridge Security Research
Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
[SECURITY] [DSA 2809-1] ruby1.8 security update,
Salvatore Bonaccorso
[SECURITY] [DSA 2810-1] ruby1.9.1 security update,
Salvatore Bonaccorso
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day),
Vulnerability Lab
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability,
Egidio Romano
NEW VMSA-2013-0015 VMware ESX updates to third party libraries,
Edward Hawkins
[slackware-security] mozilla-nss (SSA:2013-339-01),
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-339-02),
Slackware Security Team
[slackware-security] seamonkey (SSA:2013-339-03),
Slackware Security Team
[slackware-security] hplip (SSA:2013-339-04),
Slackware Security Team
Opencart Multiple Vulnerabilities,
trueend5
[SECURITY] [DSA 2811-1] chromium-browser security update,
Michael Gilbert
LiveZilla 5.1.0.0 Reflected XSS in translations,
zoczus
Print n Share v5.5 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities,
Security Alert
[SECURITY] [DSA 2812-1] samba security update,
Moritz Muehlenhoff
Vulnerabilities in Apache Solr < 4.6.0,
Nicolas Grégoire
[SECURITY] [DSA 2814-1] varnish security update,
Salvatore Bonaccorso
[SECURITY] [DSA 2813-1] gimp security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2815-1] munin security update,
Salvatore Bonaccorso
[CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application,
Daniel Wood
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution,
nospam
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities,
Vulnerability Lab
LiveZilla 5.1.1.0 Stored XSS in operator clients,
zoczus
[security bulletin] HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
[security bulletin] HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability,
CORE Advisories Team
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS),
security-alert
Android Fragment Injection vulnerability,
Roee Hay
SQL Injection in InstantCMS,
High-Tech Bridge Security Research
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities,
Vulnerability Lab
FlashCanvas 1.5 proxy.php XSS Vulnerability,
code
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting,
advisories
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities,
Security Alert
CORE-2013-0807 - Divide Error in Windows Kernel,
CORE Advisories Team
[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection,
mailing lists
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup),
mailing lists
SAMSPADE 1.14 BUFFER OVERFLOW,
vishal_mishra
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability,
Vulnerability Lab
Microsoft Yammer - Persistent Profile Vulnerabilities,
Vulnerability Lab
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities,
Vulnerability Lab
[SECURITY] [DSA 2816-1] php5 security update,
Thijs Kinkhorst
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution,
security-alert
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF),
security-alert
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS),
security-alert
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update,
security-alert
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS),
security-alert
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities,
Vulnerability Lab
DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013,
Tony Naggs
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability,
Stefan Esser
Call for Papers -YSTS 8 - Information Security Conference, Brazil,
Luiz Eduardo
Last Call - 2sd World Conference on IST; Submission: December 29,
WorldCIST
[SECURITY] [DSA 2817-1] libtar security update,
Luciano Bello
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client,
zoczus
LiveZilla 5.1.2.0 Insecure password storage,
zoczus
Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line,
Larry W. Cashdollar
Command injection vulnerability in Ruby Gem sprout 0.7.246,
Larry W. Cashdollar
LiveZilla 5.1.2.0 PHP Object Injection,
zoczus
Command injection in Ruby Gem Webbynode 1.0.5.3,
Larry W. Cashdollar
User Identity Spoofing in Bitrix Site Manager,
High-Tech Bridge Security Research
[SECURITY] [DSA 2818-1] mysql-5.5 security update,
Salvatore Bonaccorso
[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution,
security-alert
[SECURITY] [DSA 2819-1] End-of-life announcement for iceape,
Moritz Muehlenhoff
XSS and Full Path Disclosure in MijoSearch Joomla Extension,
High-Tech Bridge Security Research
APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1,
Apple Product Security
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1,
Apple Product Security
FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message,
Asterisk Security Team
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation,
Asterisk Security Team
QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability,
Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2013-350-04),
Slackware Security Team
[SECURITY] [DSA 2820-1] nspr security update,
Raphael Geissert
[slackware-security] libiodbc (SSA:2013-350-01),
Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-350-05),
Slackware Security Team
[slackware-security] llvm (SSA:2013-350-03),
Slackware Security Team
[slackware-security] libjpeg (SSA:2013-350-02),
Slackware Security Team
[slackware-security] ruby (SSA:2013-350-06),
Slackware Security Team
[slackware-security] seamonkey (SSA:2013-350-07),
Slackware Security Team
Hancom Office '.hml' file heap-based buffer overflow,
diroverflow
[ MDVSA-2013:287-1 ] drupal,
security
[ MDVSA-2013:288 ] subversion,
security
InfoSec Southwest 2014 CFP now open!,
ISSW CFP
CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability,
CORE Advisories Team
[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms,
Christian Catalano
[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin,
Christian Catalano
[CVE-2013-2764] Secure Entry Server - URL Redirection,
Alexandre Herzog
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities,
Alexandre Herzog
[ MDVSA-2013:291 ] kernel,
security
[ MDVSA-2013:290 ] mediawiki,
security
[ MDVSA-2013:289 ] owncloud,
security
[ MDVSA-2013:292 ] links,
security
[ MDVSA-2013:293 ] gimp,
security
[ MDVSA-2013:294 ] gimp,
security
[SECURITY] [DSA 2821-1] gnupg security update,
Thijs Kinkhorst
[SECURITY] [DSA 2823-1] pixman security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2822-1] xorg-server security update,
Moritz Muehlenhoff
APPLE-SA-2013-12-19-1 Motion 5.1,
Apple Product Security
ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities,
Security Alert
[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS),
security-alert
[ MDVSA-2013:295 ] gnupg,
security
[SECURITY] [DSA 2824-1] curl security update,
Salvatore Bonaccorso
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities,
Vulnerability Lab
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability,
Matteo Beccati
[ MDVSA-2013:296 ] wireshark,
security
[ MDVSA-2013:297 ] munin,
security
[SECURITY] [DSA 2825-1] wireshark security update,
Moritz Muehlenhoff
[ MDVSA-2013:298 ] php,
security
[slackware-security] gnupg (SSA:2013-354-01),
Slackware Security Team
[ MDVSA-2013:299 ] samba,
security
[SECURITY] [DSA 2826-1] denyhosts security update,
Yves-Alexis Perez
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX,
"VMware Security Response Center"
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability,
Security Alert
[ MDVSA-2013:300 ] asterisk,
security
[ MDVSA-2013:301 ] nss,
security
[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update,
Salvatore Bonaccorso
ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability,
Security Alert
ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability,
Security Alert
[ MDVSA-2013:302 ] pixman,
security
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin,
High-Tech Bridge Security Research
Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin,
High-Tech Bridge Security Research
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin,
High-Tech Bridge Security Research
SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection,
SEC Consult Vulnerability Lab
[SECURITY] [DSA 2828-1] drupal6 security update,
Salvatore Bonaccorso
[SECURITY] [DSA 2829-1] hplip security update,
Moritz Muehlenhoff
CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition,
Rodrigo Rubira Branco (BSDaemon)
[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities,
security-alert
[SECURITY] [DSA 2830-1] ruby-i18n security update,
Florian Weimer
Mail converted by MHonArc