Bugtraq
[Prev Page][Next Page]
- GreHack 2012 - Call For Papers (Grenoble, France)
- Kingcopes AthCon 2012 Slides & Notes
- CFP: Hacktivity 2012, October 12-13, Budapest, Hungary
- [SECURITY] [DSA 2479-1] libxml2 security update
- [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability
- Multiple vulnerabilities in LogAnalyzer
- Multiple vulnerabilities in Pligg CMS
- Multiple XSS in pragmaMx
- [SECURITY] [DSA 2480-1] request-tracker3.8 security update
- [ MDVSA-2012:081 ] firefox
- [SECURITY] [DSA 2478-1] sudo security update
- [ MDVSA-2012:080 ] wireshark
- IPv6 security: New IETF I-Ds, slideware and videos for recent presentations, trainings, etc...
- ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities
- Tftpd32 DHCP Server Denial Of Service Vulnerability
- DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012
- [Announcement] CHMag's Issue 28, May 2012 Released
- [SECURITY] [DSA 2477-1] sympa security update
- PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
- Acuity CMS 2.6.x <= Arbitrary File Upload
- From: YGN Ethical Hacker Group
- Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2476-1] pidgin-otr security update
- Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)
- [ MDVSA-2012:079 ] sudo
- Re: [oss-security] CVE Request: Planeshift buffer overflow
- New Open Source Web Application Vulnerability Scanner Available
- SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149
- From: SEC Consult Vulnerability Lab
- H2HC Brazil 9th Edition - Call for Papers
- From: Rodrigo Rubira Branco (BSDaemon)
- Re: [oss-security] CVE Request: Planeshift buffer overflow
- [SECURITY] [DSA 2475-1] openssl security update
- [security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized
- Re: [oss-security] CVE Request: Planeshift buffer overflow
- [SECURITY] [DSA 2474-1] ikiwiki security update
- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
- [security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of
- [security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial
- [ MDVSA-2012:078 ] imagemagick
- [ MDVSA-2012:077 ] imagemagick
- [SECURITY] [DSA 2473-1] openoffice.org security update
- [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
- CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
- FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability
- The story of the Linux kernel 3.x...
- CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0
- [SECURITY] [DSA 2472-1] gridengine security update
- CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
- Re: Trigerring Java code from a SVG image
- Apple Quicktime Memory Corruption (CVE-2012-0671)
- From: Rodrigo Rubira Branco (BSDaemon)
- APPLE-SA-2012-05-15-1 QuickTime 7.7.2
- From: Apple Product Security
- [ MDVSA-2012:075 ] ffmpeg
- Liferay 6.1 json webservices are subject to cross-site request forgery attacks
- Multiple xss issues in Liferay
- Liferay 6.1 can be compromised without having an account on the portal
- Guests can view names and emailadresses of all Liferay users in liferay 6.1
- APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003
- From: Apple Product Security
- APPLE-SA-2012-05-14-1 Flashback Removal Security Update
- From: Apple Product Security
- NETGEAR Exposure of Sensitive Information - Security Advisory - SOS-12-005
- ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
- Trigerring Java code from a SVG image
- Re: rssh security announcement
- [ MDVSA-2012:076 ] ffmpeg
- [ MDVSA-2012:074 ] ffmpeg
- [SECURITY] [DSA-2471-1] ffmpeg security update
- [ MDVSA-2012:073 ] openssl
- [SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression
- Liferay users can assign themselves to organizations, leading to possible privilege escalation
- Universal Reader Filename Denial Of Service Vulnerability
- [SECURITY] [DSA 2670-1] wordpress security update
- b2ePMS 1.0 Authentication Bypass Vulnerability
- Cross-Site Scripting (XSS) in Pivotx
- t2'12: Call for Papers 2012 (Helsinki / Finland)
- [SECURITY] [DSA 2469-1] linux-2.6 security update
- Multiple vulnerabilities in OrangeHRM
- CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities
- From: CORE Security Technologies Advisories
- ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities
- Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability
- [ MDVSA-2012:072 ] roundcubemail
- [ MDVSA-2012:071 ] php
- APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002
- From: Apple Product Security
- Re: rssh security announcement
- Adobe Shockwave Player Remote Code Execution (CVE-2012-2029)
- From: Rodrigo Rubira Branco (BSDaemon)
- Re: Drupal 7.14 <= Full Path Disclosure Vulnerability
- [ MDVSA-2012:068-1 ] php
- Drupal 7.14 <= Full Path Disclosure Vulnerability (Update)
- Drupal 7.14 <= Full Path Disclosure Vulnerability
- APPLE-SA-2012-05-09-2 Safari 5.1.7
- From: Apple Product Security
- [SECURITY] [DSA 2468-1] libjakarta-poi-java security update
- [SECURITY] [DSA 2422-2] file regression fix
- [SECURITY] [DSA 2467-1] mahara security update
- [SECURITY] [DSA 2466-1] rails security update
- [SECURITY] [DSA 2465-1] php5 security update
- Adobe Shockwave Player Remote Code Execution (CVE-2012-2031)
- From: Rodrigo Rubira Branco (BSDaemon)
- Adobe Shockwave Player Remote Code Execution (CVE-2012-2030)
- From: Rodrigo Rubira Branco (BSDaemon)
- [security bulletin] HPSBMU02775 SSRT100853 rev.2 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation
- [SECURITY] [DSA 2464-2] icedove regression update
- Re: rssh security announcement
- Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
- rssh security announcement
- [security bulletin] HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation
- Re: [Full-disclosure] Ubuntu, Linux Mint, and the Guest Account
- Ubuntu, Linux Mint, and the Guest Account
- Fwd: [cryptography] Apple Legacy filevault barn door...
- APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update
- From: Apple Product Security
- VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break
- Format Factory v2.95 - Buffer Overflow Vulnerabilities
- [SECURITY] [DSA 2459-2] quagga security update
- Format Factory v2.95 - Buffer Overflow Vulnerabilities
- [ MDVSA-2012:070 ] samba
- [ MDVSA-2012:069 ] cifs-utils
- [SECURITY] [DSA 2462-2] imagemagick regression update
- VMware Backdoor Response Uninitialized Memory Potential VM Break
- Re: DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass
- [waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 "ja_purity" template
- Fortinet FortiWeb Web Application Firewall Policy Bypass
- [waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page
- SQL Injection and other issues in Micro Technology Services, Inc. Lynx
- Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901)
- LACSEC 2012 Agenda (May 6-11, 2012, Quito, Ecuador)
- Firefox security bug (proxy-bypass) in current Tor BBs
- From: oLhrrBHQeTr0EmbKwBXa
- FreeBSD Security Advisory FreeBSD-SA-12:01.openssl
- From: FreeBSD Security Advisories
- VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues
- From: VMware Security Team
- [SECURITY] [DSA 2464-1] icedove security update
- [SECURITY] [DSA 2463-1] samba security update
- Local File Inclusion in PluXml
- [CVE-2012-1002] OpenConf <= 4.11 (author/edit.php) Blind SQL Injection Vulnerability
- [security bulletin] HPSBMU02772 SSRT100603 rev.1 - HP System Health Application and Command Line Utilities for Linux, Remote Execution of Arbitrary Code
- [security bulletin] HPSBMU02771 SSRT100558 rev.1 - HP SNMP Agents for Linux, Remote Cross Site Scripting (XSS), URL Redirection
- [security bulletin] HPSBMU02770 SSRT100848 rev.1 - HP Insight Management Agents for Windows Server, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), URL Redirection, Unauthorized Modification, Denial of Service (DoS)
- LAN Messenger v1.2.28 - Denial of Service Vulnerability
- Re: Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities
- [ MDVSA-2012:067 ] samba
- Corrections about Squid/McAfee URL Filtering Bypass
- From: Gabriel Menezes Nunes
- Call for Paper: 3rd Workshop on Security and Privacy in Social Networks
- NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI
- NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM
- McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability
- NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM
- NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI
- NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation
- OWASP 2012 Online Competition with Hacking-Lab
- NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI
- NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow
- Pritlog v0.821 CMS - Multiple Web Vulnerabilities
- Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities
- C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
- Opial CMS v2.0 - Multiple Web Vulnerabilities
- PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities
- [SECURITY] [DSA 2462-1] imagemagick security update
- [SECURITY] [DSA 2461-1] spip security update
- [ MDVSA-2012:065 ] php
- VMSA-2012-0008 VMware ESX updates to ESX Service Console
- From: VMware Security Team
- C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
- Car Portal CMS v3.0 - Multiple Web Vulnerabilities
- DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities
- DIY CMS v1.0 Poll - Multiple Web Vulnerabilities
- [security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware
- [ MDVSA-2012:066 ] mozilla
- DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal
- [SECURITY] [DSA 2459-1] quagga security update
- DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal
- PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities
- [security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- Re: The history of a -probably- 13 years old Oracle bug: TNS Poison
- Oracle TNS Poison vulnerability is actually a 0day with no patch available
- ToorCamp 2012: The American Hacker Camp
- [SECURITY] [DSA 2460-1] asterisk security update
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- Re: We're now paying up to $20,000 for web vulns in our services
- RE: We're now paying up to $20,000 for web vulns in our services
- Multiple vulnerabilities in Piwigo
- linux privileged and arbitrary chdir() (fixed at 5.4 cifs release)
- [SECURITY] [DSA 2454-2] openssl incomplete fix
- [SECURITY] [DSA 2548-1] iceape security update
- [SECURITY] [DSA 2457-1] iceweasel security update
- [SECURITY] [DSA 2456-1] dropbear security update
- PHP Ticket System Beta 1 'p' SQL Injection
- RE: McAfee Web Gateway URL Filtering Bypass
- New IETF I-D: Security Implications of IPv6 on IPv4 networks
- [security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)
- RuggedCom - Backdoor Accounts in my SCADA network? You don't say...
- [ MDVSA-2012:064 ] openssl0.9.8
- Re: phpMyBible 0.5.1 Mutiple XSS
- FYI: We're now paying up to $20,000 for web vulns in our services
- WebCalendar <= 1.2.4 Two Security Vulnerabilities
- AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver
- From: Asterisk Security Team
- AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver
- From: Asterisk Security Team
- AST-2012-004: Asterisk Manager User Unauthorized Shell Access
- From: Asterisk Security Team
- ChurchCMS 0.0.1 'admin.php' Multiple SQLi
- .NET Framework EncoderParameter integer overflow vulnerability
- From: Akita Software Security
- HTC IQRD Android Permission Leakage (CVE-2012-2217)
- [Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability
- [HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
- XSS and Blind SQL Injection Vulnerabilities in ExponentCMS
- From: Netsparker Advisories
- [Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability
- PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
- [Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities
- Re: Squid URL Filtering Bypass
- From: Gabriel Menezes Nunes
- phpMyBible 0.5.1 Mutiple XSS
- [ MDVSA-2012:063 ] libreoffice
- [ MDVSA-2012:062 ] openoffice.org
- [ MDVSA-2012:061 ] raptor
- Re: McAfee Web Gateway URL Filtering Bypass
- Re: Squid URL Filtering Bypass
- [SECURITY] [DSA 2455-1] typo3-src security update
- [SECURITY] [DSA 2454-1] openssl security update
- XSS in Kaseya version 6.2.0.0 web interface
- [security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- IPv6 host scanning in IPv6
- Specially crafted webdav request allows reading of local files on liferay 6.0.x
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
- Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)
- HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527)
- HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)
- SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)
- Liferay 6.1 can be compromised in its default configuration
- SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512)
- RE: Squid URL Filtering Bypass
- Specially crafted Json service request allows full control over a Liferay portal instance
- Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511)
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
- From: Esteban Martinez Fayo
- Incomplete protection of Oracle Database locked accounts (CVE-2012-0510)
- DC4420 - London DEFCON - April meet - Tuesday April 24th 2012
- [security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
- [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)
- The history of a -probably- 13 years old Oracle bug: TNS Poison
- Vulnerabilities in Samsung TV (remote controller protocol)
- [ MDVSA-2012:060 ] openssl
- Re: Squid URL Filtering Bypass
- VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773)
- From: VUPEN Security Research
- Ruxcon 2012 Call For Papers
- [SECURITY] [DSA 2453-2] gajim regression
- Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9
- ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
- Re: Squid URL Filtering Bypass
- From: Gabriel Menezes Nunes
- Re: Squid URL Filtering Bypass
- Multiple XSS vulnerabilities in XOOPS
- TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
- Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities
- VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)
- From: VUPEN Security Research
- [security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS)
- Multiple vulnerabilities in Newscoop
- [ MDVSA-2012:032-1 ] mozilla
- Acuity CMS 2.6.x <= Cross Site Scripting
- From: YGN Ethical Hacker Group
- Re: Wordpress advanced-text-widget Plugin Vulnerabilities
- ClubHack Magazine's April 2012 Issue is released.
- DokuWiki Ver.2012/01/25 CSRF Add User Exploit
- Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
- McAfee Web Gateway URL Filtering Bypass
- From: Gabriel Menezes Nunes
- Squid URL Filtering Bypass
- From: Gabriel Menezes Nunes
- [security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS)
- [security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
- Fwd: PHP Gift Registry 1.5.5 SQL Injection
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
- Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting
- From: ACROS Security Lists
- [ MDVSA-2012:059 ] python-sqlalchemy
- [SECURITY] [DSA 2453-1] gajim security update
- [SECURITY] [DSA 2452-1] apache2 security update
- FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- [CVE-2012-1622] Apache OFBiz information disclosure vulnerability
- [CVE-2012-1621] Apache OFBiz information disclosure vulnerability
- Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities
- Passwords^12 : Call for Presentations
- [Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities
- Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities
- Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
- Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012
- [Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability
- APPLE-SA-2012-04-13-1 Flashback malware removal tool
- From: Apple Product Security
- ACC PHP eMail v1.1 - Multiple Web Vulnerabilites
- Re: Erronous post concerning Backtrack 5 R2 0day
- [ MDVSA-2012:058 ] curl
- [SECURITY] [DSA 2451-1] puppet security update
- VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation
- From: VMware Security Team
- Erronous post concerning Backtrack 5 R2 0day
- Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise
- From: InterN0T Advisories
- APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
- From: Apple Product Security
- [SECURITY] [DSA 2450-1] samba security update
- DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities
- [SE-2012-01] Security weakness in Apple Quicktime Java extensions
- From: Security Explorations
- Crystal Office Suite v1.43 - Buffer Overflow Vulnerability
- [SECURITY] [DSA 2449-1] sqlalchemy security update
- online newspaper university"newsdesc.php" SQL Injection Vulnerabilities
- [ MDVSA-2012:057 ] freetype2
- TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
- From: Trustwave Advisories
- [waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
- Netjuke 1.0 RC1 - SQL Injection Vulnerabilities
- [ MDVSA-2012:056 ] rpm
- TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command
- Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed!
- Backtrack 5 R2 priv escalation 0day found in CTF exercise
- [ MDVSA-2012:055 ] samba
- Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress
- Android information leak
- [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus
- GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities
- Matterdaddy Market v1.1 - SQL Injection Vulnerabilities
- [SECURITY] [DSA 2448-1] inspircd security update
- Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
- CVE-2012-0769, the case of the perfect info leak
- idev Game Site CMS v1.0 - Multiple Web Vulnerabilites
- Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities
- OWASP ZAP 1.4.0 released
- [Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities
- CsForum v0.8 - Cross Site Scripting Vulnerability
- osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
- [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities
- CitrusDB 2.4.1 - LFI/SQLi Vulnerability
- [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
- [waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1
- [CVE-2012-1574] Apache Hadoop user impersonation vulnerability
- PHPNuke Module's Name Download SQL Injection Vulnerabilities
- [security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4
- [waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0
- Wordpress taggator plugin Sql Injection Vulnerabilities
- Sony Bravia Remote Denial of Service - CVE-2012-2210
- vBulletin 4.1.10 Sql Injection Vulnerabilitiy
- Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite
- Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite
- [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7
- [ MDVSA-2012:054 ] libtiff
- Re: Arbor Networks Peakflow SP web interface XSS
- Re: Arbor Networks Peakflow SP web interface XSS
- [SECURITY] [DSA 2447-1] tiff security update
- DirectAdmin v1.403 - Cross Site Scripting Vulnerability
- ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities
- Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities
- [SECURITY] [DSA 2446-1] libpng security update
- Sourcefire Defense Center - multiple vulnerabilities.
- [SE-2012-01] Security vulnerabilities in Java SE
- From: Security Explorations
- [ MDVSA-2012:053 ] ocsinventory
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
- From: Cisco Systems Product Security Incident Response Team
- Arbor Networks Peakflow SP web interface XSS
- 'phpPaleo' Local File Inclusion (CVE-2012-1671)
- [security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS)
- 'Hotel Booking Portal' SQL Injection (CVE-2012-1672)
- [ MDVSA-2012:048 ] mutt
- IPv6 stable privacy addresses
- [DCA-2011-0016] - Tufin SecureTrack Cross Site Script
- From: Ewerson Guimarães (Crash) - Dclabs
- 'e-ticketing' SQL Injection (CVE-2012-1673)
- Hackito 2012 Crypto Challenge
- Multiple vulnerabilities in osCmax
- APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
- From: Apple Product Security
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
- [ MDVSA-2012:052 ] libvorbis
- [ MDVSA-2012:051 ] libvorbis
- [security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS)
- [ MDVSA-2012:050 ] phpmyadmin
- [security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection
- [ MDVSA-2012:049 ] nagios
- [ MDVSA-2012:047 ] freeradius
- [SECURITY] [DSA 2442-2] openarena regression
- [ MDVSA-2012:046 ] libpng
- [SECURITY] [DSA 2398-2] curl regression
- SQL injection in Wordpress plugin Buddypress
- [SECURITY] [DSA 2445-1] typo3-src security update
- VMSA-2012-0006 VMware ESXi and ESX address several security issues
- From: VMware Security Team
- Landshop v0.9.2 - Multiple Web Vulnerabilities
- Intuit Help System Protocol File Retrieval
- VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation
- Intuit Help System Protocol URL Heap Corruption and Memory Leak
- [ MDVSA-2012:045 ] gnutls
- Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
- PHP 5.4/5.3 deprecated eregi() memory_limit bypass
- [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
- Cross-site scripting vulnerability in Invision Power Board version 3.2.3
- From: Netsparker Advisories
- [ MDVSA-2012:044 ] cvs
- [ MDVSA-2012:043 ] nginx
- NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user
- NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
- NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI
- NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators
- NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts
- NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens
- [SECURITY] [DSA 2444-1] tryton-server security update
- OWASP AppSec Research EU CFP/CFT
- Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features
- From: Cisco Systems Product Security Incident Response Team
- D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability
- Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
- TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow
- Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data
- [security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
- [security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
- [ MDVSA-2012:042 ] wireshark
- [ MDVSA-2012:041 ] expat
- Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
- [ MDVSA-2012:040 ] gnutls
- [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0
- [ MDVSA-2012:039 ] libtasn1
- [SECURITY] [DSA 2441-1] gnutls26 security update
- PcwRunAs Password Obfuscation Design Flaw
- [PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip
- [SECURITY] [DSA 2443-1] linux-2.6 security update
- [SECURITY] [DSA 2442-1] openarena security update
- Matthew1471s ASP BlogX - XSS Vulnerabilities
- [ MDVSA-2012:038 ] openssl
- Traffic amplification via Quake 3-based servers
- SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver
- [SECURITY] [DSA 2440-1] libtasn1-3 security update
- CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
- [ MDVSA-2012:035 ] file
- 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
- [ MDVSA-2012:037 ] cyrus-imapd
- [ MDVSA-2012:036 ] libsoup
- struts2 xsltResult Local code execution vulnerability
- [ MDVSA-2012:034 ] libzip
- [SECURITY] [DSA 2439-1] libpng security update
- [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256
- [SECURITY] [DSA 2438-1] raptor security update
- 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
- Prado TJavaScript::encode() script injection vulnerability
- [CVE-2012-1089] Apache Wicket serving of hidden files vulnerability
- [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter
- Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability
- CA20120320-01: Security Notice for CA ARCserve Backup
- Multiple vulnerabilities in Open Journal Systems (OJS)
- RE: Regarding MS12-020
- From: Thor (Hammer of God)
- RE: Regarding MS12-020
- [SECURITY] [DSA 2437-1] icedove security update
- Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)
- [ MDVSA-2012:033 ] libpng
- CMSimple_XH 1.5.2 Cross-site Scripting vulnerability
- Cyberoam Unified Threat Management: OS Command Execution
- Cyberoam Unified Threat Management: Insecure Password Handling
- Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
- [ MDVSA-2012:032 ] mozilla
- Regarding MS12-020
- From: Thor (Hammer of God)
- [security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability
- [SECURITY] [DSA 2435-1] gnash security update
- [SECURITY] [DSA 2434-1] nginx security update
- [SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update
- Re: [oss-security] Case YVS Image Gallery
- Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products
- VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768)
- From: VUPEN Security Research
- ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability
- Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"
- at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability
- RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
- Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
- SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom
- From: SEC Consult Vulnerability Lab
- Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability
- ESA-2012-014: RSA enVision Multiple Vulnerabilities
- [security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- Android wipe unreliable
- Re: WikyBlog 1.7.3RC2 XSS vulnerability
- [ MDVSA-2012:031 ] firefox
- VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
- From: VMware Security Team
- [Announcement] ClubHack Mag - Call for Articles
- AST-2012-002: Remote Crash Vulnerability in Milliwatt Application
- From: Asterisk Security Team
- [ MDVSA-2012:030 ] systemd
- [ MDVSA-2012:029 ] pidgin
- VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
- From: VMware Security Team
- AST-2012-003: Stack Buffer Overflow in HTTP Manager
- From: Asterisk Security Team
- [SECURITY] [DSA 2433-1] iceweasel security update
- WikyBlog 1.7.3RC2 XSS vulnerability
- Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
- From: Security Mailing List
- nginx fix for malformed HTTP responses from upstream servers
- Oracle Exadata Infiniband Switch default logins and world readable shadow file
- Struts2 Security Challenge
- Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
- From: Cisco Systems Product Security Incident Response Team
- PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability
- Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417]
- Announcing Hackademic CFP
- ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities
- [security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code
- [SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update
- APPLE-SA-2012-03-12-1 Safari 5.1.4
- From: Apple Product Security
- Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004
- Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
- From: Security Mailing List
- OSI Security: CheckPoint Firewall VPN - Information Disclosure
- [SECURITY] [DSA 2431-1] libdbd-pg-perl security update
- Synology Photo Station 5 - Reflected Cross-Site Scripting
- [SECURITY] [DSA 2430-1] python-pam security update
- Re: Ariadne 2.7.6 Multiple XSS vulnerabilities
- Wikidforum 2.10 Multiple security vulnerabilities
- LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption
- Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
- From: Dmitry Yu. Bolkhovityanov
- Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
- VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE
- From: VMware Security Team
- VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service
- From: VMware Security Team
- [SECURITY] [DSA 2428-1] freetype security update
- Eleytt Research ER-03-2012
- SAP Business Objects XI R2 Infoview Multiple XSS
- gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
- Iciniti Store SQL Injection - Security Advisory - SOS-12-003
- APPLE-SA-2012-03-07-3 Apple TV 5.0
- From: Apple Product Security
- Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
- From: Apple Product Security
- APPLE-SA-2012-03-07-1 iTunes 10.6
- From: Apple Product Security
- [SECURITY] [DSA 2429-1] mysql-5.1 security update
- [security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
- OSClass directory traversal (leads to arbitrary file upload)
- Multiple SQL injections in rivettracker <=1.03
- Multiple XSS in Fork CMS
- XCon 2012 XFocus Information Security Conference Call for Paper
- [security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
- [SECURITY] [DSA 2427-1] imagemagick security update
- [SECURITY] [DSA 2426-1] gimp security update
- ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability
- [TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection
- From: Joao Paulo Caldas Campello
- [TSI-ADV-1201] Path Traversal on Polycom Web Management Interface
- From: Joao Paulo Caldas Campello
- 11in1 CMS v1.2.1 - SQL Injection Vulnerabilities
- Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability
- From: YGN Ethical Hacker Group
- Timesheet Next Gen 1.5.2 Multiple SQLi
- [SECURITY] [DSA 2423-1] movabletype-opensource security update
- Symfony2 Local File Disclosure - Security Advisory - SOS-12-002
- [SECURITY] [DSA 2425-1] plib security update
- %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
- [SECURITY] [DSA 2424-1] libxml-atom-perl security update
- Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability
- Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D)
- Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [ MDVSA-2012:028 ] libxslt
- [SECURITY] [DSA 2422-1] file security update
- [SECURITY] [DSA 2421-1] moodle security update
- Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:027 ] postgresql8.3
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:026 ] postgresql
- Multiple XSS in Dotclear
- [SECURITY] [DSA 2420-1] openjdk-6 security update
- [ MDVSA-2012:025 ] samba
- [ MDVSA-2012:023-1 ] libvpx
- ImgPals Photo Host Version 1.0 Admin Account Disactivation
- Reliable Windows 7 Exploitation: A Case Study
- [ MDVSA-2012:022-1 ] mozilla
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [oss-security] Case YVS Image Gallery
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [Full-disclosure] pidgin OTR information leakage
- [SECURITY] [DSA 2419-1] puppet security update
- Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec
- Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
- [SECURITY] [DSA 2418-1] postgresql-8.4 security update
- Re: pidgin OTR information leakage
- Case YVS Image Gallery
- Wolf CMS v0.7.5 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- OSQA CMS v3b - Multiple Persistent Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] [DSA 2414-2] fex regression
- [ MDVSA-2012:023 ] libvpx
- FrameJammer DOM based XSS
- DeepSec "Sector v6" - Call for Papers
- pidgin OTR information leakage
- NGS00237 Patch Notification: Samba Andx request Remote Code Execution
- Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps
- Kongreg8 1.7.3 Mutiple XSS
- TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform
- From: Trustwave Advisories
- Dropbear SSH server use-after-free vulnerability
- PHP Gift Registry 1.5.5 SQL Injection
- [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service
- From: Onapsis Research Labs
- [security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure
- From: Onapsis Research Labs
- [SECURITY] [DSA 2416-1] notmuch security update
- [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure
- From: Onapsis Research Labs
- Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write
- From: Onapsis Research Labs
- [security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code
- [ MDVSA-2012:022 ] mozilla
- CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability
- Security advisory for Bugzilla 4.2 and 4.0.5
- YVS Image Gallery Sql injection
- NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution
- [SECURITY] [DSA 2417-1] libxml2 security update
- TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
- ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution
- ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability
- ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability
- ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability
- ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
- ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability
- ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability
- ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability
- Mobile Mp3 Search Engine HTTP Response Splitting
- [ MDVSA-2012:023 ] libxml2
- [SECURITY] [DSA 2415-1] libmodplug security update
- Multiple XSS in Chyrp
- [ MDVSA-2012:022 ] libpng
- Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines
- [SECURITY] [DSA 2414-1] fex security update
- Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability
- IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements
- Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
- Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
- Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.
- From: muuratsalo experimental hack lab
- F*EX 20111129-2 Cross Site Scripting Vulnerability
- From: muuratsalo experimental hack lab
- F*EX <= 20100208 Cross Site Scripting Vulnerabilities
- From: muuratsalo experimental hack lab
- Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.
- From: muuratsalo experimental hack lab
- [SECURITY] [DSA 2413-1] libarchive security update
- Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- SQL Injection Vulnerabilities in TestLink
- DC4420 - London DEFCON - February meet - Tuesday February 21st 2012
- SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2412-1] libvorbis security update
- [SECURITY] [DSA 2411-1] mumble security update
- CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated]
- From: YGN Ethical Hacker Group
- WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
- Downloads Folder: A Binary Planting Minefield
- From: ACROS Security Lists
- [ MDVSA-2012:021 ] java-1.6.0-openjdk
- PHP 5.2.x Remote Code Execution Vulnerability
- Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Puppet Dashboard insecure by default
- IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains
- [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)
- From: Rodrigo Rubira Branco (BSDaemon)
- 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)
- [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- 2012 Honeynet Project Security Workshop
- Hackito Ergo sum // HES2012 Final CFP // Call for Hackers
- Re: sqlinjection bug in nova cms
- [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip
- [SECURITY] [DSA 2410-1] libpng security update
- Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
- [ MDVSA-2012:020 ] phpldapadmin
- [SECURITY] [DSA 2409-1] devscripts security update
- Multiple vulnerabilities in LEPTON
- [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow
- Multiple vulnerabilities in 11in1
- [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
- FreePBX Remote Exploit
- [ MDVSA-2012:019 ] apr
- [SECURITY] [DSA 2408-1] php5 security update
- OWASP AppSec USA 2011 Video & Slides Posted
- [slackware-security] php (SSA:2012-041-02)
- From: Slackware Security Team
- [slackware-security] httpd (SSA:2012-041-01)
- From: Slackware Security Team
- [slackware-security] vsftpd (SSA:2012-041-05)
- From: Slackware Security Team
- [Announcement] ClubHack Mag - Call for Articles
- [ MDVSA-2012:018 ] mozilla-thunderbird
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
