Re: SaaS Marketing platform Hubspot export vulnerability

We at HubSpot take the concerns of the security community seriously, and continuously work to improve our posture in this ever-changing field. We do have predefined roles in the application which allow our customers to segment users permissions based on their role. These horizontal permissions a

[SECURITY] [DSA 3014-1] squid3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3014-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso August 28, 2014

SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory < 20140828-0 > === title: Reflected Cross-Site Scripting product: F5 BIG-IP vulnerable version: <

Aerohive Hive Manager and Hive OS Multiple Vulnerabilities

(, ) (, . '.' ) ('.', ). , ('. ( ) ( (_,) .'), ) _ _, / _/ / _ \ _ \ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ |\\ \__( <_> ) Y Y \ /__ /\___|__ / \___ >/|__|_| / \/ \/.-.\/ \/:wq

[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert

Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a cust

[SECURITY] [DSA 3013-1] s3ql security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3013-1 secur...@debian.org http://www.debian.org/security/Florian Weiemr August 27, 2014