Bugtraq
[Prev Page][Next Page]
- [ MDVSA-2012:017 ] firefox
- sqlinjection bug in nova cms
- eFront Community++ v3.6.10 - SQL Injection Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [slackware-security] proftpd (SSA:2012-041-04)
- From: Slackware Security Team
- [slackware-security] glibc (SSA:2012-041-03)
- From: Slackware Security Team
- [ MDVSA-2012:016 ] glpi
- CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability
- From: YGN Ethical Hacker Group
- Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- eFront Community++ v3.6.10 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
- [ MDVSA-2012:015 ] wireshark
- [SECURITY] [DSA 2407-1] cvs security update
- ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability
- ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability
- ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability
- ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities
- ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability
- ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability
- ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution
- ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
- ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
- ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability
- ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
- [security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information
- [security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
- Multiple vulnerabilities in ZENphoto
- Cyberoam Central Console v2.00.2 - File Include Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Unauthenticated remote code execution on D-Link ShareCenter products
- eFronts Community++ v3.6.10 - Cross Site Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
- CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly
- From: Colm O hEigeartaigh
- SQL Injection Vulnerability in Batavi 1.1.2
- From: Netsparker Advisories
- DEF CON 20 Capture the Flag Announcement
- SimpleGroupware 0.742 Cross-Site-Scripting vulnerability
- [SECURITY] [DSA 2403-2] php5 security update
- [ MDVSA-2012:014 ] glpi
- Mathopd - Directory Traversal Vulnerability
- [SECURITY] [DSA 2405-1] apache2 security update
- [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update
- [SECURITY] [DSA 2384-2] cacti regression
- [ MDVSA-2012:013 ] mozilla
- ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability
- RFC 6528 on Defending against Sequence Number Attacks
- [SECURITY] [DSA 2403-1] php5 security update
- [SECURITY] [DSA 2402-1] iceape security update
- [SECURITY] [DSA 2400-1] iceweasel security update
- [SECURITY] [DSA 2401-1] tomcat6 security update
- [security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code
- GLSA (Gentoo Linux Security Advisory) publication changes
- [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
- [CAL-2012-0004] opera array integer overflow
- Fwd: RA-Guard: Advice on the implementation (feedback requested)
- Call For Paper
- APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
- From: Apple Product Security
- [ MDVSA-2012:012 ] apache
- XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge)
- ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability
- Multiple vulnerabilities in OpenEMR
- Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
- 802.1X password exploit on many HTC Android devices
- [Announce] Apache HTTP Server 2.2.22 Released
- From: William A. Rowe Jr.
- [security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege
- ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability
- [SECURITY] [DSA 2399-2] php5 regression fix
- [SECURITY] [DSA 2399-1] php5 security update
- VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console
- From: VMware Security Team
- [security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [SECURITY] [DSA 2398-1] curl security update
- [security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access
- Advisory: sudo 1.8 Format String Vulnerability
- From: joernchen of Phenoelit
- [ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities
- [ GLSA 201201-18 ] bip: Multiple vulnerabilities
- Multiple vulnerabilities in OSClass
- Multiple vulnerabilities in postfixadmin
- Mibew messenger multiple XSS
- [ MDVSA-2012:011 ] openssl
- [SECURITY] [DSA 2397-1] icu security update
- FAA US Academy (AFS) - Auth Bypass Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- eBank IT Online Banking - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [ GLSA 201201-17 ] Chromium: Multiple vulnerabilities
- [ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass
- [SECURITY] [DSA 2396-1] qemu-kvm security update
- [SECURITY] [DSA 2395-1] wireshark security update
- AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
- [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
- [ GLSA 201201-15 ] ktsuss: Privilege escalation
- [SECURITY] [DSA 2394-1] libxml2 security update
- ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision
- ESA-2012-005: EMC NetWorker buffer overflow vulnerability
- Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
- NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
- [SECURITY] [DSA-2393-1] bip security update
- D-Link DIR-601 TFTP Directory Traversal Vulnerability
- CSRF (Cross-Site Request Forgery) in DClassifieds
- Multiple vulnerabilities in OSclass
- NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation
- NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM
- [security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
- [security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- TWSL2012-002: Multiple Vulnerabilities in WordPress
- From: Trustwave Advisories
- Only 7 Days Left: SANS AppSec 2012 CFP
- NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
- [ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities
- [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities
- Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability
- [ GLSA 201201-12 ] Tor: Multiple vulnerabilities
- SQL injection in Bigware shop software
- [SECURITY] [DSA 2392-1] openssl security update
- [SECURITY] [DSA 2301-2] rails regression
- DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass
- Bart`s CMS - SQL Injection Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Re: pwgen: non-uniform distribution of passwords
- AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload
- [SECURITY] [DSA 2391-1] phpmyadmin security update
- ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability
- [ GLSA 201201-04 ] Logsurfer: Arbitrary code execution
- [ MDVSA-2012:010 ] cacti
- Webcalendar 1.2.4 'location' XSS
- DC4420 - London DEFCON - 24 January 2012
- InfoSec Southwest 2012 Open Registration
- [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability
- Re: pwgen: non-uniform distribution of passwords
- Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
- Microsoft Anti-XSS Library Bypass (MS12-007)
- [security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
- Xpra memory disclosure
- Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
- From: InterN0T Advisories
- Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:009 ] perl
- [ MDVSA-2012:008 ] perl
- XSS in OneOrZero AIMS
- Reflection Scan: an Off-Path Attack on TCP
- Re: pwgen: non-uniform distribution of passwords
- ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability.
- [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service
- pwgen: non-uniform distribution of passwords
- [SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure
- Re: p0f3 release candidate
- [ MDVSA-2012:007 ] openssl
- [ MDVSA-2012:006 ] openssl
- [ MDVSA-2012:005 ] libxml2
- [SECURITY] [DSA 2390-1] openssl security update
- Re: Multiple XSS in KnowledgeTree Community Edition
- [Announcement] ClubHack Mag - Call for Articles
- (CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean
- Beehive Forum 101 Multiple XSS vulnerabilities
- phpVideoPro Multiple XSS vulnerabilities
- Family Connections 2.7.2 Multiple XSS
- Re: Multiple XSS in KnowledgeTree Community Edition
- First-hop security in IPv6
- [Announcement] ClubHack Mag Issue 24-Jan 2012 Released
- [SECURITY] [DSA 2389-1] linux-2.6 security update
- [SECURITY] [DSA 2388-1] t1lib security update
- ATutor 2.0.3 Multiple XSS vulnerabilities
- BoltWire 3.4.16 Multiple XSS vulnerabilities
- PHP 5.3.8 Multiple vulnerabilities
- [security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
- ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389
- ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
- ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability
- ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
- ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability
- ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
- [ MDVSA-2012:004 ] t1lib
- SafeSEH+SEHOP all-at-once bypass explotation method principles
- Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation
- AthCon 2012 CFP is now OPEN!
- From: Christian Papathanasiou
- Office arbitrary ClickOnce application execution vulnerability
- From: Akita Software Security
- GreenBrowser iframe content Double Free Vulnerability
- [security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code
- [SECURITY] [DSA 2386-1] openttd security update
- [PT-2011-04] Cross-Site Scripting in Kayako Support Suite
- [SECURITY] [DSA 2387-1] simplesamlphp security update
- Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability
- Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities
- [PT-2011-03] Information disclosure in Kayako Support Suite
- [PT-2011-03] Information disclosure in Kayako Support Suite
- Multiple Cross-Site-Scripting vulnerabilities in x3cms
- Multiple XSS in KnowledgeTree Community Edition
- [PT-2011-02] PHP code Injection in Kayako Support Suite
- [PT-2011-01] Cross-Site Scripting in Kayako Support Suite
- VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01)
- From: VUPEN Security Research
- ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability
- [SECURITY] [DSA 2385-1] pdns security update
- ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
- ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability
- ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability
- [ MDVSA-2012:003 ] apache
- Is Your Online Bank Vulnerable To Currency Rounding Attacks?
- From: ACROS Security Lists
- p0f3 release candidate
- Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability
- AppSec DC 2012 CFP EXTENDED!
- Simple Mail Server - SMTP Authentication Bypass Vulnerability
- DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
- Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
- From: Security Explorations
- [SECURITY] [DSA 2384-1] cacti security update
- From: <@securityfocus.com Luk Claes
- [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files
- [security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- [SECURITY] [DSA 2383-1] super security update
- [ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities
- [SECURITY] [DSA 2382-1] ecryptfs-utils security update
- [ GLSA 201201-02 ] MySQL: Multiple vulnerabilities
- ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability
- IpTools - Rcmd Remote Overflow Vulnerability
- IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability
- [SECURITY] [DSA 2381-1] squid3 security update
- ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability
- ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability
- ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability
- ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability
- ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
- ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities
- VertrigoServ 2.25 Cross-Site-Scripting vulnerability
- SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities
- VLC media player v1.1.11 (.amr) Local Crash PoC
- Ggb Guestbook - XSS Vulnerabilities
- SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2
- From: SEC Consult Vulnerability Lab
- NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability
- NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS
- HServer webserver - Directory Traversal Vulnerability
- Revised IETF I-D: Advice on IPv6 RA-Guard Implementation
- [ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities
- [SECURITY] [DSA 2380-1] foomatic-filters security update
- [SECURITY] [DSA 2379-1] krb5 security update
- Open Redirection Vulnerability in Orchard 1.3.9
- From: Netsparker Advisories
- Multiple vulnerabilities in ImpressCMS
- Re: OpenKM 5.1.7 Privilege Escalation
- Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
- From: Security Explorations
- InfoSec Southwest 2012 CFP First-round Speaker Selections
- Google Chrome HTTPS Address Bar Spoofing
- From: ACROS Security Lists
- TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System
- From: Trustwave Advisories
- [SECURITY] [DSA 2378-1] ffmpeg security update
- Re: Tinyguestbook XSS
- Re: PHP Booking Calendar 10e XSS
- SQL Injection Vulnerability in OpenEMR 4.1.0
- From: Netsparker Advisories
- [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
- From: Security Explorations
- [RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator
- From: RedTeam Pentesting GmbH
- mavili guestbook - SQL Injection and XSS Vulnerabilities
- BigACE CMS - XSS Vulnerabilities
- Tinyguestbook XSS
- OpenKM 5.1.7 OS Command Execution (XSRF based)
- From: Cyrill Brunschwiler
- OpenKM 5.1.7 Privilege Escalation
- From: Cyrill Brunschwiler
- [ MDVSA-2012:002 ] t1lib
- [ MDVSA-2012:001 ] fcgi
- [SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update
- [ MDVSA-2011:198 ] phpmyadmin
- [SECURITY] [DSA 2376-2] ipmitool security update
- [SECURITY] [DSA 2263-2] movabletype-opensource security update
- SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2011:197 ] php
- [SECURITY] [DSA 2376-1] ipmitool security update
- Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13
- Winn Guestbook v2.4.8c Stored XSS
- [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
- n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- [ MDVSA-2011:196 ] ipmitool
- [ MDVSA-2011:195 ] krb5-appl
- [security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code
- [security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities
- [ MDVSA-2011:194 ] icu
- [ MDVSA-2011:193 ] squid
- Merry Christmas from the FreeBSD Security Team
- From: FreeBSD Security Officer
- MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]
- [SECURITY] [DSA 2375-1] krb5. krb5-appl security update
- [SECURITY] [DSA 2374-1] openswan security update
- [SECURITY] [DSA 2373-1] inetutils security update
- [SECURITY] [DSA 2372-1] heimdal security update
- Lighttpd Proof of Concept code for CVE-2011-4362
- [ MDVSA-2011:192 ] mozilla
- FreeBSD Security Advisory FreeBSD-SA-11:07.chroot
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:10.pam
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:06.bind
- From: FreeBSD Security Advisories
- Xmas 2011 Security Puzzle
- Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
- TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin
- From: Trustwave Advisories
- ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities
- ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability
- ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities
- ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability
- [MATTA-2011-001] pfSense x509 Insecure Certificate Creation
- [SECURITY] [DSA 2369-1] libsoup2.4 security update
- Exploit for Asterisk Security Advisory AST-2011-013
- [SECURITY] [DSA 2370-1] unbound security update
- Multiple vulnerabilities in epesi BIM
- Multiple vulnerabilities in OBM
- RE: RFI in JAF CMS
- [SECURITY] [DSA 2368-1] lighttpd security update
- [SECURITY] [DSA 2381-] lighttpd security update
- post-XSS landscape
- TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
- From: Trustwave Advisories
- Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)
- Re: SASHA v0.2.0 Mutiple XSS
- Tiki Wiki CMS Groupware Stored Cross-Site-Scripting
- Multiple vulnerabilities in PHPShop CMS Free
- [security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability
- [SECURITY] [DSA 2367-1] asterisk security update
- [SECURITY] [DSA 2363-1] tor security update
- SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp
- From: SEC Consult Vulnerability Lab
- appRain CMF v0.1.5 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011
- [SECURITY] [DSA 2366-1] mediawiki security update
- Syhunt: Time-Based Blind NoSQL Injection
- VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459)
- From: VUPEN Security Research
- Novell Sentinel Log Manager <=1.2.0.1 Path Traversal
- SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2011:191 ] libarchive
- [ MDVSA-2011:190 ] libarchive
- IFIP NTMS'2012 - Deadline Extended to 12 January 2012
- [SECURITY] [DSA 2365-1] dtc security update
- PHP Booking Calendar 10e XSS
- SASHA v0.2.0 Mutiple XSS
- [Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] [DSA 2364-1] xorg security update
- Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability
- Re: RFI in JAF CMS
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090)
- From: VUPEN Security Research
- silly PoCs continue: X-Frame-Options give you less than expected
- [security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- [ MDVSA-2011:189 ] jasper
- [security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
- <BASE> tag used for hijacking external resources (XSS)
- [ MDVSA-2011:188 ] libxml2
- Seotoaster SQL-Injection Admin Login Bypass
- New IETF I-Ds on Fragmentation-related security issues
- New IETF I-D on "Stable Privacy Addresses"
- [RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes
- From: RedTeam Pentesting GmbH
- [RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass
- From: RedTeam Pentesting GmbH
- NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI
- NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM
- NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI
- [ MDVSA-2011:187 ] php-pear
- NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI
- HTML 5 Security Report
- ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)
- PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability
- 0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9
- 0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9
- Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
- [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202
- Re:Re: Introduction to R-sequence public key cryptography attack
- Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
- Multiple vulnerabilities in Browser CRM
- Citrix Receiver, XenDesktop "Pass-the-hash" Attack
- Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
- ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
- ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability
- ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability
- Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability
- [ MDVSA-2011:186 ] nfs-utils
- [ MDVSA-2011:185 ] libcap
- Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities
- ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)
- OSI Security: Squiz Matrix - User Account Enumeration
- Re: the week of silly PoCs continues: data://www.mybank.com/
- Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected
- Re: seamless bait-and-switch
- [ MDVSA-2011:184 ] krb5
- Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities
- WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability
- Introduction to R-sequence public key cryptography attack
- [ MDVSA-2011:183 ] pidgin
- zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
- Call for Papers -YSTS 6 - Security Conference, Brazil
- [SECURITY] [DSA 2362-1] acpid security update
- Re: seamless bait-and-switch
- the week of silly PoCs continues: data://www.mybank.com/
- *CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers
- [SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption
- CA20111208-01: Security Notice for CA SiteMinder
- AST-2011-014: Remote crash possibility with SIP and the âautomonâ feature enabled
- From: Asterisk Security Team
- AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
- From: Asterisk Security Team
- DC4420 - London DEFCON - 13 December 2011
- Re: seamless bait-and-switch
- Call for Papers - 2012 Rocky Mountain Information Security Conference
- Re: seamless bait-and-switch
- [ MDVSA-2011:182 ] dhcp
- [DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure
- From: Ewerson Guimarães (Crash) - Dclabs
- 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11
- Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
- Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
- seamless bait-and-switch
- ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability
- ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability
- ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability
- ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability
- ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability
- ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability
- [SECURITY] [DSA 2361-1] chasen security update
- DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection
- [ MDVSA-2011:181 ] proftpd
- [security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable
- [SECURITY] [DSA 2359-1] mojarra security update
- MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]
- [security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access
- Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
- Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
- [SECURITY] [DSA 2358-1] openjdk-6 security update
- [DCA-2011-0014] - Elxis CMS Cross Site Script
- From: Ewerson Guimarães (Crash) - Dclabs
- Vulnerabilities in Serv-U 11.1.0.3
- Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012)
- fast and somewhat reliable cache timing
- [security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- XSSer v1.6 -beta- aka "Grey Swarm!" released.
- InfoSec Southwest 2012 CFP
- Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store
- [PT-2011-43] Database information disclosure in Kayako Fusion
- SANS AppSec 2012 CFP reminder
- FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit
- [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service
- [SECURITY] [DSA 2356-1] openjdk-6 security update
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
- Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
- Re: Contao 2.10.1 Cross-site scripting vulnerability
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
- [SECURITY] [DSA 2355-1] clearsilver security update
- Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
- Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
- [security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- Ariadne 2.7.6 Multiple XSS vulnerabilities
- Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability
- Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
- [SECURITY] [DSA 2354-1] cups security update
- Sql injection in SugarCRM
- Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
- PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
- WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
- New issue of PenTest Magazine is out - 21 pages of free content.
- Multiple vulnerabilities in OrangeHRM
- Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2
- From: Daniel Roethlisberger
- CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011
- Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2
- Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits
- Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
- Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
- MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter
- ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability
- ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability
- ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability
- ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability
- ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability
- ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability
- ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability
- ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability
- [ MDVSA-2011:180 ] php-suhosin
- Vulnerabilities in Siemens Automation License Manager
- Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2
- Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
- [ MDVSA-2011:179 ] glibc
- [ MDVSA-2011:178 ] glibc
- [SECURITY] [DSA 2353-1] ldns security update
- 0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10
- [security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
- [security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege
- TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181
- Debut issue of Web App Pentesting Magazine - Free Download!
- Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities
- [ MDVSA-2011:177 ] freetype2
- PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability
- Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities
- Wordpress enable-latex plugin Remote File Include Vulnerabilities
- Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities
- NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution
- NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution
- NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution
- Multiple vulnerabilities in Dolibarr
- [SECURITY] [DSA 2352-1] puppet security update
- Re: XSS in Tiki Wiki CMS Groupware
- [security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access
- Re: jara 1.6 sql injection vulnerability
- [SECURITY] [DSA 2351-1] wireshark security update
- Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
- [ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities
- Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
- OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab
- Wordpress adminimize Plugin Vulnerabilities
- Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities
- Wordpress advanced-text-widget Plugin Vulnerabilities
- Implications of IPv6 on network firewalls
- [SECURITY] [DSA 2348-1] systemtap security update
- [SECURITY] [DSA 2350-1] freetype security update
- [ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code
- [ GLSA 201111-10 ] Evince: Multiple vulnerabilities
- [ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection
- [ GLSA 201111-08 ] radvd: Multiple vulnerabilities
- [ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities
- [ GLSA 201111-06 ] MaraDNS: Arbitrary code execution
- Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
- [SECURITY] [DSA 2349-1] spip security update
- wordpress Lanoba Social Plugin Xss Vulnerabilities
- Freelancer calendar <= 1.01 SQL Injection Vulnerability
- From: muuratsalo experimental hack lab
- Valid tiny-erp <= 1.6 SQL Injection Vulnerability
- From: muuratsalo experimental hack lab
- Blogs manager <= 1.101 SQL Injection Vulnerability
- From: muuratsalo experimental hack lab
- [ MDVSA-2011:176-2 ] bind
- [ MDVSA-2011:176-1 ] bind
- VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
- From: VMware Security Team
- [DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)
- [DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW)
- [ MDVSA-2011:176 ] bind
- Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus
- Multiple vulnerabilities in webERP
- [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability
- [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
- [DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation
- [DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
- [SECURITY] [DSA 2346-2] proftpd-dfsg regression fix
- [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS
- [DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
- [DSECRG-11-037] SAP BW Doc - Multiple XSS
- [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS
- [DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose
- Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
- Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability
- [security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)
- CA20111116-01: Security Notice for CA Directory
- [SECURITY] [DSA 2347-1] bind9 security update
- ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability
- ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability
- wordpress Flexible Custom Post Type plugin Xss Vulnerabilities
- wordpress Flexible Custom Post Type plugin Xss Vulnerabilities
- FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability
- [SECURITY] [DSA 2346-1] proftpd-dfsg security update
- [ MDVSA-2011:174 ] graphite2
- [ MDVSA-2011:175 ] poppler
- APPLE-SA-2011-11-14-1 iTunes 10.5.1
- From: Apple Product Security
- [Announcement] ClubHack Mag Issue 22- Nov 2011 Released
- [ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities
- [security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code
- CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass
- From: CORE Security Technologies Advisories
- APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
- From: Apple Product Security
- Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability
- [Announcement] ClubHack 2011 Hacking and Security Conference
- [ MDVSA-2011:173 ] openssl0.9.8
- [ MDVSA-2011:172 ] libreoffice
- [ MDVSA-2011:171 ] networkmanager
- [ GLSA 201111-04 ] phpDocumentor: Function call injection
- [SECURITY] [DSA 2344-1] python-django-piston security update
- iGuard Biometric Access Control - Multiple Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [ MDVSA-2011:170 ] java-1.6.0-openjdk
- [security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access
- APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6
- From: Apple Product Security
- [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities
- From: Jose Carlos de Arriba
- [security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
- Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage
- XSS vulnerability in Joomla 1.6.3
- From: Netsparker Advisories
- [security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
- [security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
- Re: Local file inclusion in VtigerCRM
- Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage
- [SECURITY] [DSA 2342-1] iceape security update
- [SECURITY] [DSA 2343-1] openssl security update
- [ MDVSA-2011:168 ] apache
- [SECURITY] [DSA 2341-1] iceweasel security update
- Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2011:168 ] apache
- DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November
- Multiple security vulnerabilities in AShop
- Re: LabWiki <= 1.1 Multiple Vulnerabilities
- From: muuratsalo experimental hack lab
- Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
- LabWiki <= 1.1 Multiple Vulnerabilities
- From: muuratsalo experimental hack lab
- Local file inclusion in VtigerCRM
- [CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability
- [CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities
- APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
- From: Apple Product Security
- LabStoRe <= 1.5.4 Sql Injection Vulnerabilities
- From: muuratsalo experimental hack lab
- OrderSys <= 1.6.4 Sql Injection Vulnerabilities
- From: muuratsalo experimental hack lab
- [SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app
- osCSS2 "_ID" parameter Local file inclusion
- [security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification
- New online security challenge - GotWurzel
- IPv6 security (slides and training)
- Cisco CUCM - Multiple Vulnerabilities
- [SECURITY] [DSA 2340-1] postgresql security update
- [SECURITY] [DSA 2336-1] ffmpeg security update
- [SECURITY] [DSA 2339-1] nss security update
- TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon
- From: Trustwave Advisories
- [SECURITY] [DSA 2338-1] moodle security update
- foofus.net security advisory - Lexmark Multifunction Printer Information Leakage
- [SECURITY] [DSA 2337-1] xen security update
- [SECURITY] [DSA 2335-1] man2html security update
- [ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities
- Malware detection evasion in antivirus software
- [ MDVSA-2011:167 ] gimp
- [SECURITY] [DSA 2334-1] mahara security update
- [security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access
- [security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)
- Multiple BSD libc/regcomp(3) Multiple Vulnerabilities
- [ MDVSA-2011:166 ] php
- ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1
- [ MDVSA-2011:165 ] php
- [security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS)
- CmyDocument Content Management Application - XSS Vulnerabilities
- ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.
- Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting
- Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
- Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2011:164 ] wireshark
- NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295)
- [ MDVSA-2011:163 ] phpldapadmin
- Multiple vulnerabilities in Efront
- Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability
- XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3
- From: Netsparker Advisories
- XSS Vulnerabilities in eFront
- From: Netsparker Advisories
- [ MDVSA-2011:162 ] kdelibs4
- [security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability
- [ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities
- IBSng all version Cross-Site Scripting Vulnerability
- CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY
- DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]
- YaTFTPSvr TFTP Server Directory Traversal Vulnerability
- Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
- PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow
- Apple's Mail.app mail of death
- [SECURITY] [DSA 2333-1] phpldapadmin security update
- [SECURITY] [DSA 2332-1] python-django security update
- [security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
- RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.
- From: Paul Oxman (poxman)
- eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
- [SECURITY] [DSA 2331-1] tor security update
- [SECURITY] [DSA 2323-1] radvd security update
- [PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router
- [PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300
- [PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
- [PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS
- Re: jara 1.6 sql injection vulnerability
- VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- From: VMware Security Response Team
- [security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
- [security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
- ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability
- ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability
- ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability
- ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability
- ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
- [SECURITY] [DSA 2330-1] simplesamlphp security update
- foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage
- APPLE-SA-2011-10-26-1 QuickTime 7.7.1
- From: Apple Product Security
- [ GLSA 201110-26 ] libxml2: Multiple vulnerabilities
- [ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities
- [ GLSA 201110-24 ] Squid: Multiple vulnerabilities
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
