Bugtraq
[Prev Page][Next Page]
- [SECURITY] [DSA 2285-1] mapserver security update
- TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
- From: Trustwave Advisories
- APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone
- From: Apple Product Security
- APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update
- From: Apple Product Security
- APPLE-SA-2011-07-20-2 iWork 9.1 Update
- From: Apple Product Security
- OWASP AppSec USA 2011 Pre-conference Challenge #3 - July
- [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11
- [ MDVSA-2011:119 ] libsndfile
- [SECURITY] [DSA 2284-1] opensaml2 security update
- phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability
- [SECURITY] [DSA 2283-1] krb5-appl security update
- [SECURITY] [DSA 2282-1] qemu-kvm security update
- NGS00042 Patch Notification: Solaris USB configuration descriptor kernel stack overflow
- phpMyAdmin 3.x Conditional Session Manipulation
- CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability
- [ MDVSA-2011:118 ] wireshark
- Re: [Full-disclosure] [Bkis] sNews 1.7.1 XSS vulnerability
- Hiding Backdoors in plain sight, again
- [ MDVSA-2011:117 ] krb5-appl
- [ MDVSA-2011:116 ] curl
- Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
- From: YGN Ethical Hacker Group
- Permutation Oriented Programming
- Foxit Reader Insecure Library Loading
- ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability
- Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure
- Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability
- From: fb1h2s Hack 2 Secure
- iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability
- iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability
- iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability
- iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability
- iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability
- [SECURITY] [DSA 2281-1] opie security update
- Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation
- From: Digit Security Research
- CA20110720-01: Security Notice for CA Gateway Security and Total Defense
- Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability
- Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
- From: Apple Product Security
- [ MDVSA-2011:115 ] bind
- XSS in Tiki Wiki CMS Groupware
- OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability
- HTC / Android OBEX FTP Service Directory Traversal Vulnerability
- Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009
- H2HC Brazil (Hackers 2 Hackers Conference) 8th Edition - Call for Papers
- From: Rodrigo Rubira Branco (BSDaemon)
- [SECURITY] [DSA 2280-1] libvirt security update
- [SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
- [ MDVSA-2011:114 ] blender
- [ MDVSA-2011:112 ] blender
- ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability
- Call for Papers: ICITST-2011
- Reminder - DeepSec 2011 Call For Papers
- [SECURITY] [DSA 2278-1] horde3 security update
- [SECURITY] [DSA 2254-2] oprofile security update
- APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update
- From: Apple Product Security
- APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone
- From: Apple Product Security
- ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability
- [slackware-security] seamonkey (SSA:2011-195-01)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2011-195-02)
- From: Slackware Security Team
- iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability
- [oCERT-2011-001] Chyrp input sanitization errors
- [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities
- Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
- DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
- Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service
- Torque Server Buffer Overflow Vulnerability
- Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability
- Paltalk Messenger ActiveX Control Multiple Insecure Methods
- [Annoucement] ClubHack Magazine - Call for Articles
- CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite
- Alice (Telefonica Germany) Modem 1111 DoS + XSS
- Static Analysis Tool Exposition (SATE) - Call for Participation
- ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability
- [Announcement] ClubHack Magazine Issue 18-July2011 Released
- Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss)
- [SECURITY] [DSA 2276-2] asterisk regression update
- ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability
- [HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th
- [SECURITY] [DSA 2277-1] xml-security-c security update
- [SECURITY] [DSA 2276-1] asterisk security update
- phpMyAdmin 3.x Multiple Remote Code Executions
- POC2011 Call for Paper
- Wireshark 1.4.0 Malformed IKE Packet Denial of Service
- Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities
- [slackware-security] bind (SSA:2011-189-01)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2011-189-02)
- From: Slackware Security Team
- phpMyAdmin 3.x preg_replace RCE POC
- Re: [Full-disclosure] Binary Planting Goes "Any File Type"
- Re: [Full-disclosure] Binary Planting Goes "Any File Type"
- Re: [Full-disclosure] Binary Planting Goes "Any File Type"
- [security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS)
- [SECURITY] [DSA 2275-1] openoffice.org security update
- ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability
- [SECURITY] [DSA 2274-1] wireshark security update
- bcksrvr format string in Sybase Adaptive Server 15.5
- [security bulletin] HPSBMA02674 SSRT100487 rev.2 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject
- Security Advisory: CVE-2011-2516
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- Aruba Advisory AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces
- Re: Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- [SECURITY] [DSA 2273-1] icedove security update
- Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations
- Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers
- Arbitrary files deletion in HP OpenView Communication Broker
- Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Re: SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
- Re: in_midi multiple vulnerabilities in Winamp 5.61
- aTube Catcher ActiveX Control Insecure Method
- IDrive Online Backup ActiveX control Insecure Method
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- [security bulletin] HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS)
- Ubuntu: reseed(8), random.org, and HTTP request
- Fwd: RFC 6274 on Security Assessment of the Internet Protocol Version 4
- [SECURITY] [DSA 2272-1] bind9 security update
- MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]
- NGS00060 Technical Advisory: Blue Coat BCAAA Remote Code Execution Vulnerability
- Integer overflow in foobar2000 1.1.7
- NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow
- Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD
- NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation
- NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows
- NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow
- Multiple vulnerabilities in Open-Realty
- [SECURITY] [DSA 2270-1] qemu-kvm security update
- Vega beta release: a new open-source web-application security assessment platform
- [SECURITY] [DSA 2269-1] iceape security update
- [SECURITY] [DSA 2262-2] php5 update
- [SECURITY] [DSA 2268-1] iceweasel security update
- [SECURITY] [DSA 2267-1] perl security update
- Re: [Full-disclosure] Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD)
- NetBSD 5.1 libc/net multiple functions stack buffer overflow
- Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used
- [security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code
- SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress
- From: SEC Consult Vulnerability Lab
- in_midi multiple vulnerabilities in Winamp 5.61
- ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability
- [SECURITY] [DSA 2266-1] php5 security update
- [security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
- CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability
- From: CORE Security Technologies Advisories
- bcksrvr format string in Sybase Adaptive Server 15.5
- Multiple Cross-Site Scripting vulnerabilities in WebCalendar
- Arbitrary files deletion in HP OpenView Performance Agent
- [SECURITY] [DSA 2271-1] curl security update
- ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability
- Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD)
- CORE-2011-0514: Multiple vulnerabilities in HP Data Protector
- From: CORE Security Technologies Advisories
- Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
- From: YGN Ethical Hacker Group
- [slackware-security] pidgin (SSA:2011-178-01)
- From: Slackware Security Team
- ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability
- AST-2011-011: Possible enumeration of SIP users due to differing authentication responses
- From: Asterisk Security Team
- ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
- ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability
- Multiple vulnerabilities in Winamp 5.61
- Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- Breaking the links: Exploiting the linker
- Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method
- XSS in FlatPress
- [slackware-security] mozilla-firefox (SSA:2011-174-01)
- From: Slackware Security Team
- APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10
- From: Apple Product Security
- APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5
- From: Apple Product Security
- [SECURITY] [DSA-2210-2] tiff security update
- Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- Re: Perfect PDF products distributed with vulnerable MSVC++ libraries
- Off-by-one in Sybase Advantage Server 10.0.0.3
- Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2
- ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability
- 2wire password reset module
- [PRE-SA-2011-05] Buffer overflow in tftp-hpa daemon
- TWSL2011-006: IBM Web Application Firewall Bypass
- From: Trustwave Advisories
- HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods
- Re: Perfect PDF products distributed with vulnerable MSVC++ libraries
- HTB23017: XSS in FanUpdate
- HTB23016: Kofax e-Transactions Sender Sendbox ActiveX Control Insecure Method
- Re: Perfect PDF products distributed with vulnerable MSVC++ libraries
- ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability
- ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability
- ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability
- [slackware-security] fetchmail (SSA:2011-171-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2265-1] perl security update
- Perfect PDF products distributed with vulnerable MSVC++ libraries
- [SECURITY] [DSA 2264-1] linux-2.6 security update
- Re: WOOT '11 Call for Papers (reminder)
- NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability
- From: NSFOCUS Security Team
- HTB23005: Multiple XSS in N-13 News
- CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery
- From: CORE Security Technologies Advisories
- ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability
- CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability
- From: CORE Security Technologies Advisories
- Re: [Full-disclosure] XSS Vulnerability in Redmine 1.0.1 to 1.1.1
- ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability
- [SECURITY] [DSA 2262-1] moodle security update
- TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability
- iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability
- [SECURITY] [DSA 2259-1] rails security update
- ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability
- ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
- ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability
- ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability
- ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability
- ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
- ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
- ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability
- ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability
- ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability
- ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability
- ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability
- VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038)
- From: VUPEN Security Research
- ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability
- ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability
- ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability
- ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability
- ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability
- ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability
- ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
- ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
- EQDKP plus Cross Site Scripting and Bypass file extension
- TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability
- ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability
- HTB23004: Multiple Vulnerabilities in e107
- HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS
- iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability
- HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog
- [SECURITY] [DSA 2263-1] movabletype-opensource security update
- [SECURITY] [DSA 2261-1] redmine security update
- JFreeChart - Path Disclosure vulnerability
- myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique
- ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability
- ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability
- Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
- iDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerability
- iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability
- [security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [ MDVSA-2011:110 ] gimp
- TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability
- TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability
- TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability
- ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability
- [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution
- ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability
- ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability
- ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability
- HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability
- [security bulletin] HPSBMA02627 SSRT090246 rev.2 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code
- DC4420 - London DEFCON - June meet - Tuesday 21st June 2011
- Last Day for AppSec USA 2011 CFP!
- [Annoucement] ClubHack Magazine - Call for Articles
- phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges
- [ MDVSA-2011:109 ] webmin
- Re: HTB22943: XSS in Dalbum
- [HITB-Announce] HITB eZine Issue #006 Released!
- [ MDVSA-2011:108 ] xerces-j2
- [SECURITY] [DSA 2259-1] fex security update
- [SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update
- Javascript Injection in Microsoft Lync 4.0.7577.0
- [SECURITY] [DSA 2257-1] vlc security update
- Call for Participation: DIMVA 2011
- VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability
- From: VUPEN Security Research
- VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability
- From: VUPEN Security Research
- VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability
- From: VUPEN Security Research
- VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability
- From: VUPEN Security Research
- VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability
- From: VUPEN Security Research
- VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability
- From: VUPEN Security Research
- IEEE SocialCom/PASSAT Call For Paper Deadline: June 15, 2011
- [SECURITY] [DSA 2256-1] tiff security update
- PDFill Insecure Library Loading
- [Announcement] ClubHACK Magazine Issue 17-June 2011 released
- [security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
- ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability
- [security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject
- ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability
- ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability
- ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability
- Multiple vulnerabilities in several IP camera products
- [HITB-Announce] HITB2011AMS Conference Materials & Photos
- OWASP Zed Attack Proxy version 1.3.0
- [ MDVSA-2011:107 ] fetchmail
- Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS
- ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability
- ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability
- ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability
- ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability
- ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability
- ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability
- ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability
- ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability
- ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability
- ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability
- Java HotSpot Cryptographic Provider signature verification vulnerability
- [SECURITY] [DSA 2255-1] libxml2 security update
- ESA-2011-009 (revised): RSA, The Security Division of EMC, announces new fix for potential security vulnerability in RSA(r) Access Manager Server.
- Squiz Matrix - Cross-Site Scripting Vulnerability
- PopScript Multiple Vulnerabilities
- [SECURITY] [DSA 2254-1] oprofile security update
- [ MDVSA-2011:106 ] subversion
- AppSec USA 2011 CFP Reminder, CTF Pre-Conference Challenge #2
- [SECURITY] [DSA 2253-1] fontforge security update
- VMware Tools Multiple Vulnerabilities
- iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability
- fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)
- ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability
- [security bulletin] HPSBMA02652 SSRT100432 rev.4 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure
- WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability
- CFP: IEEE SocialCom11 /PASSAT11
- iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability
- Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
- [SECURITY] [DSA 2252-1] dovecot security update
- [CVE-ID REQUEST] vBulletin - Multiple Open Redirects
- Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
- AST-2011-007
- RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
- Re: [Full-disclosure] COM Server-Based Binary Planting Proof Of Concept
- RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
- RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept
- From: ACROS Security Lists
- RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept
- From: Thor (Hammer of God)
- COM Server-Based Binary Planting Proof Of Concept
- From: ACROS Security Lists
- [SECURITY] [DSA 2251-1] subversion security update
- International PHP Conference - Call for Papers
- Re: Ra-Guard evasion (new Internet-Drafts)
- Cross-Site Scripting vulnerability in Nagios
- Cross-Site Scripting vulnerability in Icinga
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2011:105 ] wireshark
- [ MDVSA-2011:104 ] bind
- HTB22997: XSS in A Really Simple Chat (ARSC)
- HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC)
- Re: Ra-Guard evasion (new Internet-Drafts)
- Post Revolution 0.8.0c Multiple Remote Vulnerabilities
- CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability
- [SECURITY] [DSA 2250-1] citadel security update
- [SECURITY] [DSA 2249-1] jabberd14 security update
- IPv6 RA-Guard evasion (and neighbor discovery monitoring) vulnerabilities
- [SECURITY] [DSA 2248-1] ejabberd security update
- ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability
- [SECURITY] [DSA 2247-1] rails security update
- Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag"
- [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities
- From: Walikar Riyaz Ahemed Dawalmalik
- [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities
- From: Walikar Riyaz Ahemed Dawalmalik
- Paranoia 2011: Call for papers
- [SECURITY] [DSA 2245-1] chromium-browser security update
- CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina]
- From: eko security conference
- FreeBSD Security Advisory FreeBSD-SA-11:02.bind
- From: FreeBSD Security Advisories
- [ MDVSA-2011:102 ] rdesktop
- [SECURITY] [DSA 2246-1] mahara security update
- [SECURITY] [DSA 2244-1] bind9 security update
- [ MDVSA-2011:103 ] gimp
- [SECURITY] [DSA 2243-1] unbound security update
- Viewpoint: Security implications of IPv6
- [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability
- [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability
- [CVE-REQUEST] Plone XSS and permission errors
- [SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update
- [ MDVSA-2011:101 ] dovecot
- Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
- iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow
- [SECURITY] [DSA 2241-1] qemu-kvm security update
- iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow
- Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow
- iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
- Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others
- [SECURITY] [DSA 2240-1] linux-2.6 security update
- CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow
- From: CORE Security Technologies Advisories
- The Anatomy of COM Server-Based Binary Planting Exploits
- From: ACROS Security Lists
- VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption
- From: VUPEN Security Research
- [SECURITY] [DSA 2239-1] libmojolicious-perl security update
- E-mail address spoofing with RLO
- [ MDVSA-2011:095-1 ] apr
- Gadu-Gadu 0-Day Remote Code Execution
- HTB22986: SQL injection in ExtCalendar 2
- [ MDVSA-2011:097 ] ruby
- [ MDVSA-2011:100 ] cyrus-imapd
- HTB22987: Multiple XSS in phpScheduleIt
- NNT Change Tracker - Hard-Coded Encryption Key
- [SECURITY] [DSA 2237-2] apr security update
- [ MDVSA-2011:099 ] libzip
- [ MDVSA-2011:098 ] ruby
- HTB22995: XSS in Ajax Chat
- [ MDVSA-2011:096 ] python
- Bypassing Cisco's ICMPv6 Router Advertisement Guard feature
- PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)
- NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption
- Session hacking via authentication cookie on Oracle CRM on Demand
- PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007
- [ MDVSA-2011:095 ] apr
- [SECURITY] [DSA 2238-1] vino security update
- RE: CA20110420-02: Security Notice for CA Output Management Web Viewer
- Ubuntu Security Notice publication update
- Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure
- [ MDVSA-2011:094 ] pure-ftpd
- Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006
- [ MDVSA-2011:093 ] gnome-screensaver
- DOMinator - The DOMXss Analyzer Tool - is finally public
- XSS vulnerability in TWiki < 5.0.2
- From: Netsparker Advisories
- [ MDVSA-2011:092 ] perl-IO-Socket-SSL
- CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
- Ruxcon 2011 Call For Papers
- HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic
- [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass
- [ MDVSA-2011:090 ] postfix
- ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability
- [USN-1132-1] apturl vulnerability
- Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
- [ MDVSA-2011:089 ] mplayer
- PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing)
- [ MDVSA-2011:088 ] mplayer
- MalBox Release! A Program Behavior Analysis System!
- WebTech Conference 2011 Call for Papers
- [ MDVSA-2011:087 ] vino
- Linux Kernel 2.6.38 Remote NULL Pointer Dereference
- DC4420 - London DEFCON - May meet - Tuesday 24th May 2011
- NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon
- Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
- [ MDVSA-2011:086 ] polkit
- [SECURITY] [DSA 2236-1] exim4 security update
- [SECURITY] [DSA 2237-1] apr security update
- [ MDVSA-2011:085 ] libmodplug
- ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability
- [ MDVSA-2011:084 ] apr
- [Annoucement] ClubHack Magazine - Call for Articles
- [security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS)
- [ MDVSA-2011:083 ] wireshark
- CORE-2011-0204: Adobe Audition vulnerability processing malformed session file
- From: CORE Security Technologies Advisories
- HTB22978: XSRF (CSRF) in Argyle Social
- HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social
- [security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure
- HTB22980: XSRF (CSRF) in Open Classifieds
- [Bkis] sNews 1.7.1 XSS vulnerability
- CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass
- From: CORE Security Technologies Advisories
- [security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
- [USN-1130-1] Exim vulnerability
- ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability
- ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability
- [PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel
- CA20110510-01: Security Notice for CA eHealth
- ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability
- [security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files
- [Announcement] ClubHACK Magazine Issue 16-May 2011 released
- ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability
- [security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access
- [SECURITY] [DSA 2233-1] postfix security update
- ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability
- [USN-1131-1] Postfix vulnerability
- [SECURITY] [DSA 2234-1] zodb security update
- ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
- ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability
- ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability
- ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability
- ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability
- [security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code
- Apache Struts 2 Multiple Reflected XSS in XWork error pages
- [SECURITY] [DSA 2235-1] icedove security update
- HTB22977: XSRF (CSRF) in poMMo
- HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo
- HTB22975: SQL injection in Calendarix
- HTB22974: Multiple XSS in Calendarix
- Re: SQL Injection in Pixie
- From: security curmudgeon
- OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability
- ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
- ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability
- ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability
- ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability
- PR10-17 Various XSS and information disclosure flaws within KeyFax response management system
- [security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification
- [security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS)
- [security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS)
- Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)
- TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection
- From: Advisories Toucan-System
- TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write
- From: Advisories Toucan-System
- Swiss Cyber Storm 3
- [SECURITY] [DSA 2232-1] exim4 security update
- [SECURITY] [DSA 2231-1] otrs2 security update
- VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities
- From: VMware Security Team
- Silently Pwning Protected-Mode IE9 and Innocent Windows Applications
- Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones
- [USN-1111-1] Linux kernel vulnerabilities
- PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management
- [USN-1122-2] Thunderbird vulnerabilities
- HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar
- HTB22972: Multiple SQL injection vulnerabilities in PHPDug
- Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability
- HTB22971: XSRF (CSRF) in PHPDug
- HTB22973: XSS in AJAX Calendar
- HTB22970: Multiple XSS vulnerabilities in PHPDug
- HTB22968: XSS in PHP Directory Listing Script
- Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Fwd: [USN-1122-1] Thunderbird vulnerabilities
- Re: Cisco IOS UDP Denial of Service Vulnerability
- t2'11: Call for Papers 2011 (Helsinki / Finland)
- [USN-1126-2] PHP Regressions
- Announcement - DeepSec 2011 - Call for Papers
- Cisco IOS SNMP Message Processing Denial Of Service Vulnerability
- [RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances
- From: RedTeam Pentesting GmbH
- [RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface
- From: RedTeam Pentesting GmbH
- [security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection
- Cisco IOS UDP Denial of Service Vulnerability
- CSRF (Cross-Site Request Forgery) in FREELANCER
- TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component
- [USN-1128-1] Vino vulnerabilities
- Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005
- NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia.
- TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU
- XSS in CLASSIFIED ADS
- Path disclousure in MEGA PORTAL
- [USN-1129-1] Perl vulnerabilities
- TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html
- Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv
- HTB22962: Multiple XSS in YaPiG
- [ MDVSA-2011:082 ] python-feedparser
- HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery
- XSS in GOT.MY CLASSMATES
- HTB22964: XSS in SelectaPix Image Gallery
- [USN-1127-1] usb-creator vulnerability
- HTB22966: XSS in (e)2 interactive Photo Gallery
- HTB22967: Multiple SQL Injection in Shutter
- XSS in DEAL INFORMER
- [security bulletin] HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure
- SQL injection in 4images
- [ MDVSA-2011:080 ] mozilla-thunderbird
- [USN-1123-1] xulrunner-1.9.1 vulnerabilities
- Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion
- [USN-1112-1] Firefox and Xulrunner vulnerabilities
- [SECURITY] [DSA 2228-1] iceweasel security update
- OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability
- [SECURITY] [DSA 2230-1] qemu-kvm security update
- [SECURITY] [DSA 2229-1] spip security update
- [ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g
- From: ISecAuditors Security Advisories
- [USN-1121-1] firefox vulnerabilities
- [ MDVSA-2011:081 ] kdenetwork4
- [SECURITY] [DSA 2227-1] iceape security update
- [ MDVSA-2011:079 ] firefox
- [USN-1126-1] PHP vulnerabilities
- ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability
- ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
- ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability
- ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability
- ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability
- ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability
- ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability
- ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability
- ZDI-11-145: HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability
- ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability
- ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention
- Re: HTB22827: File Content Disclosure in Wikipad
- From: security curmudgeon
- [security bulletin] HPSBMA02668 SSRT100474 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
- [Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-007] Oracle JD Edwards JDENET Kernel Shutdown
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-008] Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure
- From: Onapsis Research Labs
- ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
- [Onapsis Security Advisory 2011-006] Oracle JD Edwards JDENET Kernel Denial of Service
- From: Onapsis Research Labs
- VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
- From: VMware Security Team
- [Onapsis Security Advisory 2011-013] Oracle JD Edwards JDENET USRBROADCAST Denial of Service
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-012] Oracle JD Edwards JDENET Firewall Bypass
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-011] Oracle JD Edwards JDENET Buffer Overflow
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2011-010] Oracle JD Edwards JDENET Remote Logging Deactivation
- From: Onapsis Research Labs
- HTB22960: XSS in Daily Maui Photo Widget wordpress plugin
- HTB22965: Multiple XSS vulnerabilities in BackupPC
- HTB22961: XSS in WP Photo Album wordpress plugin
- HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy
- hashdays 2011 - Call for Papers (#days CFP)
- HTB22958: XSS in phpGraphy
- CFP: Hacktivity 2011, September 17-18, Budapest, Hungary
- [USN-1125-1] PCSC-Lite vulnerability
- Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager
- From: Cisco Systems Product Security Incident Response Team
- [USN-1124-1] rsync vulnerability
- NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write
- B-Sides Vienna | NinjaCon 11 Call For Participation
- Re: Stored XSS vulnerability in diafan.CMS
- From: security curmudgeon
- [security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection
- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server
- [SECURITY] [DSA 2226-1] libmodplug security update
- [SECURITY] [DSA 2225-1] asterisk security update
- [security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
- Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay
- From: Vladimir '3APA3A' Dubrovin
- Re: SQL Injection in phpMySport
- From: security curmudgeon
- HTB22955: Path disclosure in BuddyPress WordPress plugin
- HTB22952: XSS vulnerabilities in Noah's Classifieds
- HTB22948: Path disclosure in Cotonti
- HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin
- HTB22954: Path disclousure in yappa-ng Photo Gallery
- HTB22956: XSS vulnerabilities in phpList
- HTB22957: XSRF (CSRF) in phpList
- HTB22953: XSS in Max's PHP Photo Album
- [TOOL RELEASE] T50 - an Experimental Mixed Packet Injector ( v5.3)
- Re: HTB22945: Multiple XSS in ZENphoto
- AST-2011-006: Asterisk Manager User Shell Access
- From: Asterisk Security Team
- AT-TFTP Server Remote Denial of Service Vulnerability
- XSS in Webmin 1.540 + exploit for privilege escalation
- [ MDVSA-2011:078 ] libtiff
- [ MDVSA-2011:077 ] krb5
- [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)
- [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay
- AST-2011-005: File Descriptor Resource Exhaustion
- From: Asterisk Security Team
- [security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure
- [security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection
- [ MDVSA-2011:076 ] xrdb
- [USN-1120-1] tiff vulnerability
- hack.lu 2011 CFP
- From: hack.lu 2011 information team
- HTB22944: Path disclousure in ZENphoto
- HTB22949: Multiple Path disclousure in 4images
- HTB22950: SQL injection in 4images
- HTB22945: Multiple XSS in ZENphoto
- HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin
- FreeBSD Security Advisory FreeBSD-SA-11:01.mountd
- From: FreeBSD Security Advisories
- HTB22947: XSS in Ajax Category Dropdown wordpress plugin
- CA20110420-01: Security Notice for CA SiteMinder
- [USN-1119-1] Linux kernel (OMAP4) vulnerabilities
- CA20110420-02: Security Notice for CA Output Management Web Viewer
- [SECURITY] [DSA 2224-1] openjdk-6 security update
- [security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation
- [security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF)
- [SECURITY] [DSA 2223-1] doctrine security update
- [SECURITY] [DSA 2222-1] tinyproxy security update
- [ MDVSA-2011:075 ] kdelibs4
- [USN-1117-1] PolicyKit vulnerability
- [SECURITY] [DSA 2220-1] Request Tracker security update
- Directory Traversal Vulnerability in Viola DVR VIO-4/1000
- [USN-1116-1] Kerberos vulnerability
- [security bulletin] HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information
- [USN-1115-1] language-selector vulnerability
- ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability
- [security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Service (DoS)
- ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability
- ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
- [USN-1108-2] DHCP vulnerability
- [security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS)
- [security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure
- ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability
- [USN-1118-1] OpenSLP vulnerability
- [SECURITY] [DSA 2221-1] Mojolicious security update
- [security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)
- Re: SQL Injection in LightNEasy
- From: security curmudgeon
- HTB22938: Multiple XSS in Universal Post Manager wordpress plugin
- Re: SQL Injection in LightNEasy
- From: security curmudgeon
- HTB22937: Path disclosure in Universal Post Manager wordpress plugin
- HTB22943: XSS in Dalbum
- HTB22942: Path disclousure in Dalbum
- Windows Synchronization Object Vulnerabilites in Antivirus Suites
- [security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
- [USN-1114-1] KDENetwork vulnerability
- [SECURITY] [DSA 2219-1] xmlsec1 security update
- HTB22931: XSS vulnerability in InTerra Blog Machine
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
