Bugtraq

Date Index

[Prev Page][Next Page]

Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities, Cisco Systems Product Security Incident Response Team
Adobe Reader XI versions are vulnerable to a heap overflow, n1s0o
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget"), Moritz Naumann
Unauthenticated remote access to D-Link DCS cameras, roberto
APPLE-SA-2013-01-28-2 Apple TV 5.2, Apple Product Security
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update, Apple Product Security
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability, Egidio Romano
Kohana Framework v2.3.3 - Directory Traversal Vulnerability, Vulnerability Lab
ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability, Security Alert
Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities, Vulnerability Lab
nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities, Vulnerability Lab
[ MDVSA-2013:005 ] perl, security
[SE-2012-01] An issue with new Java SE 7 security features, Security Explorations
WordPress SolveMedia 1.1.0 CSRF Vulnerability, illSecResearchGroup
[SECURITY] [DSA 2612-1] ircd-ratbox security update, Moritz Muehlenhoff
New Blog Post: Attacking the Windows 7/8 Address Space Randomization, king cope
SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products, SEC Consult Vulnerability Lab
IPv6: How to avoid security issues with VPN leaks on dual-stack networks, Fernando Gont
CVE-2013-0805 / CSNC-2013-001, stephan . rickauer
SQL Injection Vulnerability in ImageCMS, advisory
Cross-Site Scripting (XSS) vulnerability in gpEasy, advisory
CVE ID Syntax Change - Call for Public Feedback, cve-id-change
DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013, Major Malfunction
[slackware-security] mysql (SSA:2013-022-01), Slackware Security Team
[security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code, security-alert
Wordpress Valums Uploader - File Upload Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- Re: Wordpress Valums Uploader - File Upload Vulnerability, fineuploader
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability, i
[SECURITY] [DSA 2611-1] movabletype-opensource security update, Yves-Alexis Perez
SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability, SEC Consult Vulnerability Lab
SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability, SEC Consult Vulnerability Lab
Wordpress Developer Formatter CSRF Vulnerability, illSecResearchGroup
Looking for security contacts, DefenseCode
[HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb, Hafez Kamal
[SECURITY] [DSA 2610-1] ganglia security update, Yves-Alexis Perez
Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin, marcelavbx
Multiple Vulnerabilities in Linksys WRT54GL, devnull
(AUSCERT#20131775e) AusCERT 2013 Call For Presentations - closing in 10 days, auto-bulletins
NoSuchCon CFP / 15-17 May 2013 / Paris, France, Jonathan Brossard
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069, Stefan Kanthak
[SECURITY] [DSA 2605-2] asterisk regression update, Thijs Kinkhorst
CA20121220-01: Security Notice for CA IdentityMinder [updated], Williams, James K
ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities, Security Alert
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable, Security Explorations
- Message not available
  - Message not available
    - Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable, Security Explorations
Recently-revised IETF I-Ds about IPv6 security, Fernando Gont
CVE-2012-6452 Axway Secure Messenger Username Disclosure, jason . doyle
NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/), NSO Research
NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/), NSO Research
Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow, Secunia Research
Secunia Research: Oracle Outside In Technology Paradox Database Handling Denial of Service, Secunia Research
Cisco Security Advisory Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2609-1] rails security update, Florian Weimer
DC4420 - 2013 CFP, Major Malfunction
Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[slackware-security] freetype (SSA:2013-015-01), Slackware Security Team
[SECURITY] [DSA 2608-1] qemu security update, Florian Weimer
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability, Rustein, Fara Denise (LATCO - Buenos Aires)
[SECURITY] [DSA 2607-1] qemu-kvm security update, Florian Weimer
[IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service, Inshell Security
[IA33] Serva v2.0.0 DNS Server Remote Denial of Service, Inshell Security
Updated - CA20121018-01: Security Notice for CA ARCserve Backup, Kotas, Kevin J
CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash, Jan Lehnardt
CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI, Jan Lehnardt
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows, Jan Lehnardt
[SECURITY] [DSA 2605-1] asterisk security update, Thijs Kinkhorst
[SECURITY] [DSA 2606-1] proftpd-dfsg security update, Thijs Kinkhorst
Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect, Include Security Research
[security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS), security-alert
[SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code, Security Explorations
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit, DefenseCode
Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee), Arne Vidström
Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability, Beni_vanda
- Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability, Henri Salo
  - Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability, Paolo Perego
OrangeHRM 2.7.1 Vacancy Name Persistent XSS, SBV Research
[slackware-security] seamonkey (SSA:2013-009-03), Slackware Security Team
[ MDVSA-2013:004 ] tomcat5, security
[slackware-security] mozilla-thunderbird (SSA:2013-009-02), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2013-009-01), Slackware Security Team
[SECURITY] [DSA 2604-1] rails security update, Thijs Kinkhorst
[SECURITY] [DSA 2603-1] emacs23 security update, Moritz Muehlenhoff
[ MDVSA-2013:003 ] rootcerts, security
Nero MediaHome Multiple Remote DoS Vulnerabilities, advisory
Remote Buffer Overflow Vulnerability in Samsung Kies, advisory
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart, advisory
[ MDVSA-2013:002 ] firefox, security
Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2602-1] zendframework security update, Florian Weimer
[security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access, security-alert
ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability, Security Alert
Chrome for Android - Bypassing SOP for Local Files By Symlinks, mbsdtest01
Facebook for Android - Information Diclosure Vulnerability, mbsdtest01
Chrome for Android - Cookie theft from Chrome by malicious Android app, mbsdtest01
Chrome for Android - Android APIs exposed to JavaScript, mbsdtest01
Chrome for Android - Download Function Information Disclosure, mbsdtest01
Chrome for Android - UXSS via com.android.browser.application_id Intent extra, mbsdtest01
[security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[SECURITY] [DSA 2600-1] cups security update, Nico Golde
[SECURITY] [DSA 2599-1] nss security update, Thijs Kinkhorst
[SECURITY] [DSA 2598-1] weechat security update, Moritz Muehlenhoff
[SECURITY] [DSA 2597-1] rails security update, Nico Golde
CFP: InfoSec Southwest 2013, todb
- Re: CFP: InfoSec Southwest 2013, Tod Beardsley
TomatoCart 1.x | Unrestricted File Creation, YGN Ethical Hacker Group
CVE-2012-6494 - Nexpose Security Console - Session Hijacking, i@xxxxxxxxxx
CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF), i@xxxxxxxxxx
Simple Webserver 2.3-rc1 Directory Traversal, cwggenius
Aastra IP Telephone encrypted .tuz configuration file leakage, Timo Juhani Lindfors
- <Possible follow-ups>
- Re: Aastra IP Telephone encrypted .tuz configuration file leakage, noreply
  - Re: Aastra IP Telephone encrypted .tuz configuration file leakage, Timo Juhani Lindfors
AST-2012-015: Denial of Service Through Exploitation of Device State Caching, Asterisk Security Team
AST-2012-014: Crashes due to large stack allocations when using TCP, Asterisk Security Team
[ MDVSA-2013:001 ] gnupg, security
ShakaCon 2013 - Call for Papers, Shakacon
AthCon 2013 CFP OPEN, cfp
Charybdis: Improper assumptions in the server handshake code may lead to a remote crash, muztapha
CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
GnuPG 1.4.12 and lower - memory access errors and keyring database corruption, KB Sriram
- Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption, Kurt Seifried
  - Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption, Kurt Seifried
[SECURITY] [DSA 2596-1] mediawiki-extensions security update, Jonathan Wiltshire
[SECURITY] [DSA 2595-1] ghostscript security update, Moritz Muehlenhoff
[SECURITY] [DSA 2594-1] virtualbox-ose security update, Moritz Muehlenhoff
[SECURITY] [DSA 2593-1] moin security update, Moritz Muehlenhoff
[SECURITY] [DSA 2591-1] mahara security update, Moritz Muehlenhoff
CubeCart 5.0.7 and lower versions | Insecure Backup File Handling, YGN Ethical Hacker Group
- Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling, Sean Jenkins
  - Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling, YGN Ethical Hacker Group
[SECURITY] [DSA 2592-1] elinks security update, Moritz Muehlenhoff
SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability, Vulnerability Lab
Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability, Vulnerability Lab
Polycom® HDX® Video End Points Web Management Cross Site Scripting (XSS) vulnerability, Rustein, Fara Denise (LATCO - Buenos Aires)
[ MDVSA-2012:184 ] libtiff, security
[SECURITY] [DSA 2590-1] wireshark security update, Moritz Muehlenhoff
Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
Open-Realty CMS 3.x | Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
DoS vulnerability in Siemens S7-1200 PLCs, Arne Vidström
CubeCart 4.x/5.x | Setup Re-installation Privilege Escalation Vulnerability, YGN Ethical Hacker Group
CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability, YGN Ethical Hacker Group
CubeCart 4.4.6 and lower | Multiple SQL Injection Vulnerabilities, YGN Ethical Hacker Group
CubeCart 4.4.6 and lower | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
CubeCart 4.4.6 and lower | Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
CubeCart 5.0.7 and lower | Open URL Redirection Vulnerability, YGN Ethical Hacker Group
[TOOL RELEASE] SQL Fingerprint powered by ENG++ Technology [Version 1.33.23-170308], Nelson Brito
CubeCart 4.4.6 and lower | Open URL Redirection Vulnerability, YGN Ethical Hacker Group
[ MDVSA-2012:183 ] apache-mod_security, security
[ MDVSA-2012:182 ] apache-mod_security, security
CubeCart 3.0.20 (3.0.x) and lower | Multiple SQL Injection Vulnerabilities, YGN Ethical Hacker Group
CubeCart 3.0.20 (3.0.x) and lower | Arbitrary File Upload, YGN Ethical Hacker Group
CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
VMSA-2012-0018 VMware security updates for vCSA and ESXi, VMware Security Response Center
CA20121220-01: Security Notice for CA IdentityMinder, Williams, James K
ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability., Security Alert
[security bulletin] HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation, security-alert
EMC Avamar: World writable cache files, fulldisclosure
- <Possible follow-ups>
- Re: EMC Avamar: World writable cache files, security_alert
- Re: Re: EMC Avamar: World writable cache files, security_alert
- Re: EMC Avamar: World writable cache files, security_alert
Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339], Ken
[ MDVSA-2012:181 ] python-django, security
Multiple vulnerabilities in Banana Dance, advisory
Firefly MediaServer Multiple Remote DoS Vulnerabilities, advisory
Multiple SQL Injection Vulnerabilities in Elite Bulletin Board, advisory
Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root, larry0
Enterpriser16 LoadBalancer v7.1 - Multiple Web Vulnerabilities, Vulnerability Lab
SonicWall SonicOS 5.8.1.8 WAF - POST Inject Vulnerability, Vulnerability Lab
Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability, pereira
- Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability, Fabio Baroni
- <Possible follow-ups>
- Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability, pereira
- Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability, pereira
- Re: Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability, koppensb
IPv6 Neighbor Discovery security (new documents), Fernando Gont
RE: PHP Addressbook v8.2.5 Group Name XSS, Kenneth F. Belva
Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro, George Clark
[ MDVSA-2012:180 ] perl-CGI, security
[SECURITY] [DSA 2589-1] tiff security update, Florian Weimer
[SECURITY] [DSA 2588-1] icedove security update, Florian Weimer
Wordpress Pingback Port Scanner, FireFart
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978), ddivulnalert
Issues in Netgear WGR614 wireless router, gsuberland
- Re: Issues in Netgear WGR614 wireless router, Liam
Password Disclosure in D-Link IP Cameras (CVE-2012-4046), doylej . ia
[btrfs] is vulnerable to a hash-DoS attack, Pascal Junod (Mailing Lists)
[security bulletin] HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
RVAsec 2013 CFP Now Open, Sullo
Network Reconnaissance in IPv6 Networks (errata), Fernando Gont
Network Reconnaissance in IPv6 Networks, Fernando Gont
'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469), Mark Stanislav
OpenDocMan 1.2.6.2 - 3 Vulnerabilities, Kenneth F. Belva
FCKEditor File Upload Vulnerability, bugreport
File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2, Kenneth F. Belva
Addressbook v8.1.24.1 Group Name XSS, Kenneth F. Belva
[ MDVSA-2012:179 ] cups, security
[SECURITY] [DSA 2587-1] libcgi-pm-perl security update, Florian Weimer
Multiple critical vulnerabilities in Maxthon and Avant browsers, Roberto Suggi Liverani
[SECURITY] [DSA 2586-1] perl security update, Florian Weimer
[SECURITY] [DSA 2585-1] bogofilter security update, Florian Weimer
Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10, Nick Johnson
Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier, Perez, Sebastian (LATCO - Buenos Aires)
[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS), security-alert
SimpleInvoices 2011.1 Cross-Site-Scripting (XSS) Vulnerabilities CVE-2012-4932, tommccredie
Snare for Linux Password Disclosure, sometimesbugs
Snare for Linux Cross-Site Request Forgery, sometimesbugs
FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution, pereira
Snare for Linux Cross-Site Scripting via Log Injection, sometimesbugs
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework, advisory
DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution, pereira
Centrify Deployment Manager v2.1.0.283 local root, larry0
Android Kernel 2.6 Local DoS, Thomas Richards
[slackware-security] bind (SSA:2012-341-01), Slackware Security Team
[ MDVSA-2012:178 ] mysql, security
[SECURITY] [DSA 2584-1] iceape security update, Yves-Alexis Perez
[SECURITY] [DSA 2583-1] iceweasel security update, Yves-Alexis Perez
[slackware-security] libssh (SSA:2012-341-02), Slackware Security Team
Update on CVE assigned for Wordpress Plugin Simple Gmail Login, nauty . me04
Update on CVE assigned for Video Lead Form Plugin Cross-Site, nauty . me04
CanSecWest13 CFP Open Until December 14 2012, Conf March 7-9 2013, Vancouver, Dragos Ruiu
Multiple vulnerabilities in Achievo, advisory
- <Possible follow-ups>
- Multiple vulnerabilities in Achievo, advisory
Multiple SQL Injection vulnerabilities in ClipBucket, advisory
- <Possible follow-ups>
- Multiple SQL Injection vulnerabilities in ClipBucket, advisory
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities, advisory
- <Possible follow-ups>
- TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities, advisory
[SECURITY] [DSA 2582-1] xen security update, Yves-Alexis Perez
[slackware-security] libxml2 (SSA:2012-341-03), Slackware Security Team
[slackware-security] ruby (SSA:2012-341-04), Slackware Security Team
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux, Kotas, Kevin J
[ MDVSA-2012:177 ] bind, security
Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information, Darius Freamon
[security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter, Mark Thomas
CVE-2012-3546 Apache Tomcat Bypass of security constraints, Mark Thomas
CVE-2012-4534 Apache Tomcat denial of service, Mark Thomas
[security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS), security-alert
[security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access, security-alert
FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique), king cope
Re: MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day, king cope
FreeSSHD Remote Authentication Bypass Zeroday Exploit, king cope
Centrify Deployment Manager v2.1.0.283, larry0
- <Possible follow-ups>
- Centrify Deployment Manager v2.1.0.283, larry0
- Re: Centrify Deployment Manager v2.1.0.283, to-choi . lau
Privilege Escalation through Binary Planting in Panda Internet Security, by_argos
MySQL Local/Remote FAST Account Password Cracking, king cope
DC4420 - London DEFCON - Christmas 2012 meet! Tuesday 11th December 2012, Major Malfunction
[SECURITY] [DSA 2581-1] mysql-5.1 security update, Yves-Alexis Perez
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion, SEC Consult Vulnerability Lab
tinymcpuk xss vulnerability, admin
[ MDVSA-2012:176 ] libxml2, security
[SECURITY] [DSA 2580-1] libxml security update, Moritz Muehlenhoff
Re: [Full-disclosure] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot), Kurt Seifried
MySQL Remote Preauth User Enumeration Zeroday, king cope
- Re: [Full-disclosure] MySQL Remote Preauth User Enumeration Zeroday, Kurt Seifried
MySQL Denial of Service Zeroday PoC, king cope
- Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC, Kurt Seifried
MySQL (Linux) Database Privilege Elevation Zeroday Exploit, king cope
- Re: [Full-disclosure] MySQL (Linux) Database Privilege Elevation Zeroday Exploit, Kurt Seifried
MySQL (Linux) Heap Based Overrun PoC Zeroday, king cope
- Re: [Full-disclosure] MySQL (Linux) Heap Based Overrun PoC Zeroday, Jeffrey Walton
- Re: [Full-disclosure] MySQL (Linux) Heap Based Overrun PoC Zeroday, Kurt Seifried
- Re: [Full-disclosure] MySQL (Linux) Heap Based Overrun PoC Zeroday, Kurt Seifried
MySQL (Linux) Stack based buffer overrun PoC Zeroday, king cope
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Jeffrey Walton
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Kurt Seifried
  - Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Sergei Golubchik
  - Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Huzaifa Sidhpurwala
    - Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Sergei Golubchik
      - Message not available
        
        Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Yves-Alexis Perez
        
        Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, king cope
      - Message not available
        
        Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday, Sergei Golubchik
IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday), king cope
FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities, Vulnerability Lab
FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability, Vulnerability Lab
Low severity flaw in RIM BlackBerry PlayBook OS browser, Tim Brown
ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities, Security Alert
[SECURITY] [DSA 2577-1] libssh security update, Yves-Alexis Perez
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator, NCC Group Research
NGS000268 Technical Advisory: Symantec Messaging Gateway - Out-of-band stored-XSS delivered by email, NCC Group Research
NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection, NCC Group Research
NGS000266 Technical Advisory: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL, NCC Group Research
APPLE-SA-2012-11-29-1 Apple TV 5.1.1, Apple Product Security
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel, NCC Group Research
NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection, NCC Group Research
NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout, NCC Group Research
NGS000330 Technical Advisory: Squiz CMS File Path Traversal, NCC Group Research
NGS000194 Technical Advisory: Nagios XI Network Monitor Blind SQL Injection, NCC Group Research
NGS000107 Technical Advisory: Oracle Gridengine sgepasswd Buffer Overflow, NCC Group Research
SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011, Lists
[SECURITY] [DSA 2579-1] apache2 security update, Stefan Fritsch
VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Remote Use-After-Free Vulnerability, VUPEN Security Research
Safend Data Protector Multiple Vulnerabilities, Joseph Sheridan
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability, nauty . me04
ideo Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL, nauty . me04
Oracle Exadata leaf switch logins, larry0
[ MDVSA-2012:175 ] libssh, security
[SECURITY] [DSA 2578-1] rssh security update, Yves-Alexis Perez
[SE-2011-01] Additional materials released for SAT TV research, Security Explorations
Forescout NAC (Network Access Control) multiple vulnerabilities, Joseph Sheridan
[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities, DefenseCode
ESA-2012-054: RSA ® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities , Security Alert
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities, Security Alert
VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free Vulnerability, VUPEN Security Research
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision, Andrea Barisani
Twitter App 5.0 vulnerable to eavesdropping, Carlos Reventlov
FreeBSD Security Advisory FreeBSD-SA-12:08.linux, FreeBSD Security Advisories
[SECURITY] [DSA 2576-1] trousers security update, Yves-Alexis Perez
XSS Vulnerability in Simple Slider Wordpress Plugin, nauty . me04
FreeBSD Security Advisory FreeBSD-SA-12:06.bind, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd, FreeBSD Security Advisories
[ MDVSA-2012:174 ] libtiff, security
[slackware-security] mozilla-thunderbird (SSA:2012-326-03), Slackware Security Team
[slackware-security] seamonkey (SSA:2012-326-01), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2012-326-02), Slackware Security Team
[ MDVSA-2012:173 ] firefox, security
Multiple vulnerabilities in dotProject, advisory
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities, Vulnerability Lab
OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures, roman . fiedler
Wordpress Facebook Survey v1 - SQL Injection Vulnerability, Vulnerability Lab
FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |=, Matan Azugi
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities, Vulnerability Lab
[security bulletin] HPSBHF02821 SSRT100934 rev.1 - HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information, security-alert
n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS, security
- <Possible follow-ups>
- n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS, security
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers, Jakob Lell
- Message not available
  - Re: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers, Jakob Lell
Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites, Vulnerability Lab
Akeni LAN v1.2.118 - Filter Bypass Vulnerability (Local), Vulnerability Lab
[ MDVSA-2012:172 ] libproxy, security
[SECURITY] [DSA 2575-1] tiff security update, Nico Golde
Open-Realty CMS 2.5.8 (2.x.x) <= Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
[SE-2012-01] Security vulnerabilities in Java SE (details released), Security Explorations
- Re: [SE-2012-01] Security vulnerabilities in Java SE (details released), Security Explorations
DC4420 - London DEFCON - November meet - Tuesday 20th November, alien DC4420
[SECURITY] [DSA 2574-1] typo3-src security update, Florian Weimer
[CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air, cjlacayo
SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability, SEC Consult Vulnerability Lab
iDev Rentals v1.0 - Multiple Web Vulnerabilities, Vulnerability Lab
Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12, LpSolit
Multiple vulnerabilities in BabyGekko, advisory
0-day vulnerabilities in Call of Duty MW3 and CryEngine 3, ReVuln
Reflective XSS in uk cookie plugin, nauty . me04
ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities, Security Alert
[DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugin Multiple Security Vulnerabilities, DefenseCode
Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities, Vulnerability Lab
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection, Tim Brown
- Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection, Tim Brown
  - Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection, Jan Lieskovsky
    - Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection, Michal Ambroz
Weak password encryption on Huawei products, roberto . paleari
Eventy CMS v1.8 Plus - Multiple Web Vulnerablities, Vulnerability Lab
BananaDance Wiki b2.2 - Multiple Web Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 2573-1] radsecproxy security update, Luciano Bello
[ MDVSA-2012:171 ] icedtea-web, security
Cisco Security Advisory: Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities, Cisco Systems Product Security Incident Response Team
Vulnerability Report on AWCM 2.2, Sooel Postman
APPLE-SA-2012-11-07-1 QuickTime 7.7.3, Apple Product Security
Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue, Cisco Systems Product Security Incident Response Team
Cross-Site Request Forgery (CSRF) in CMS Made Simple, advisory
Sql injection in AJAX post Search wordpress plugin, marcelavbx
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0, Stefan Kanthak
[security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure, security-alert
Wisecracker 1.0 - A high performance distributed cryptanalysis framework, Vikas N Kumar
- Re: Wisecracker 1.0 - A high performance distributed cryptanalysis framework, Jann Horn
  - Re: Wisecracker 1.0 - A high performance distributed cryptanalysis framework, Vikas N Kumar
multiple critical vulnerabilities in sophos products, Tavis Ormandy
SQL Injection Vulnerability in OrangeHRM, advisory
Multiple Vulnerabilities in LibreOffice, advisory
[CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability, machuanlei
VideoLAN VLC Media Player <= 2.0.4 Crash Bug, bingxuefenggu
XSS in answer my question plugin, marcelavbx
iCompel Digital Signage risks, Chris S
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client, Stefan Kanthak
PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls, research
[SECURITY] [DSA 2572-1] iceape security update, Thijs Kinkhorst
[SECURITY] [DSA 2571-1] libproxy security update, Raphael Geissert
[ MDVSA-2012:170 ] firefox, security
[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability, n0b0d13s
[security bulletin] HPSBUX02824 SSRT100970 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities, security-alert
Re: [Full-disclosure] XSS, LFI and SQL Injection Vulnerabilities in Achievo, Henri Salo
[security bulletin] HPSBMU02815 SSRT100715 rev.4 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution, security-alert
[security bulletin] HPSBMU02827 SSRT100924 rev.1 - HP Performance Insight with Sybase, Remote Denial of Service (DoS) and Loss of Data, security-alert
APPLE-SA-2012-11-01-2 Safari 6.0.2, Apple Product Security
APPLE-SA-2012-11-01-1 iOS 6.0.1, Apple Product Security
[ MDVSA-2012:169 ] java-1.6.0-openjdk, security
[SECURITY] [DSA 2570-1] openoffice.org security update, Yves-Alexis Perez
Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing, Cisco Systems Product Security Incident Response Team
XSS in dokeos 2.1.1, marcelavbx
Medium risk security flaws in Konqueror, Tim Brown
VaM Shop v1.69 - Multiple Web Vulnerabilities, Vulnerability Lab
PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities, Vulnerability Lab
PrestaShop <= 1.5.1 Persistent XSS, David Sopas
NetCat CMS v5.0.1 - Multiple Web Vulnerabilities, Vulnerability Lab
[BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE], Matan Azugi
- <Possible follow-ups>
- Re: [BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE], osoriojr
[slackware-security] seamonkey (SSA:2012-304-02), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2012-304-01), Slackware Security Team
[waraxe-2012-SA#095] - Multiple Vulnerabilities in Wordpress FoxyPress Plugin, come2waraxe
[SECURITY] [DSA 2569-1] icedove security update, Florian Weimer
[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities, security-alert
Call for Papers: DIMVA 2013, Collin Mulliner
- <Possible follow-ups>
- Call for Papers: DIMVA 2013, Collin Mulliner
[slackware-security] mozilla-firefox (SSA:2012-300-01), Slackware Security Team
PIAF H.M.S - SQL Injection, Michał Błaszczak
KmPlayer v3.0.0.1440 Local Crash PoC, irist . ir
Exploit - EasyITSP by Lemens Telephone Systems 2.0.2, Michał Błaszczak
EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability, Security Alert
[SECURITY] [DSA 2568-1] rtfm security update, Florian Weimer
[SECURITY] [DSA 2567-1] request-tracker3.8 security update, Florian Weimer
Inventory 1.0 Multiple XSS Vulnerabilities, Thomas Richards
Inventory 1.0 Multiple SQL Vulnerabilities, Thomas Richards
[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 2566-1] exim4 security update, Nico Golde
Wordpress 3.4 Cross-Site Scripting Vulnerability, irist . ir
Smf 2.0.2 Cross-Site Scripting Vulnerability, irist . ir
[SECURITY] [DSA 2564-1] tinyproxy security update, Thijs Kinkhorst
[SECURITY] [DSA 2565-1] iceweasel security update, Florian Weimer
[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin, come2waraxe
[SECURITY] [DSA 2562-1] cups-pk-helper security update, Thijs Kinkhorst
[SECURITY] [DSA 2563-1] viewvc security update, Thijs Kinkhorst
HP/H3C and Huawei SNMP Weak Access to Critical Data, Kurt Grutzmacher
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability, VUPEN Security Research
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability, VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vulnerability (MS12-063), VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerability (MS12-063), VUPEN Security Research
[security bulletin] HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities, security-alert
[security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information, security-alert
DC4420 - London DEFCON - October meet - tomorrow, Tuesday 23rd October., alien DC4420
[ MDVSA-2012:168 ] hostapd, security
VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities, sec . team
[SECURITY] [DSA 2561-1] tiff security update, Moritz Muehlenhoff
[SECURITY] [DSA 2560-1] bind9 security update, Florian Weimer
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection, YGN Ethical Hacker Group
- Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection, Gary Driggs
XSS Vulnerabilities in ClipBucket, Netsparker Advisories
XSS Vulnerabilities in CMSMini, Netsparker Advisories
XSS Vulnerabilities in TaskFreak, Netsparker Advisories
CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies, Vulnerability Lab
Old Habits Die Hard: Cross-Zone Scripting in Dropbox & Google Drive Mobile Apps, Roi Saltzman
Multiple Vulnerabilities in Campaign Enterprise <= 11.0.538, Ken
CA20121018-01: Security Notice for CA ARCserve Backup, Kotas, Kevin J
Internet Explorer 9 XSS Filter Bypass, pereira
MitM-vulnerability in Palo Alto Networks GlobalProtect, Micha Borrmann
[waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions Plugin, come2waraxe
[waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin, come2waraxe
Multiple vulnerabilities in jCore, advisory
Multiple vulnerabilities in Subrion CMS, advisory
Multiple vulnerabilities in AContent, advisory
SEC Consult SA-20121017-2 :: Multiple vulnerabilities in Oracle WebCenter Sites (former FatWire Content Server), SEC Consult Vulnerability Lab
[IMF 2013] 3rd Call for Papers: Deadline Extended, Oliver Goebel
SEC Consult SA-20121017-1 :: Unirgy uStoreLocator SQL Injection - Magento extension, SEC Consult Vulnerability Lab
SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass, SEC Consult Vulnerability Lab
[SECURITY] [DSA 2559-1] libexif security update, Yves-Alexis Perez
APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11, Apple Product Security
Visual Tools DVR multiple vulnerabilities, Andrea Fabrizi
[slackware-security] seamonkey (SSA:2012-288-01), Slackware Security Team
Critical issues affecting Steam users, ReVuln
Multiple vulnerabilities in Samsung Kies, advisory
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection, YGN Ethical Hacker Group
[CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability, lorenzo . cantoni86
[ MDVSA-2012:167 ] firefox, security
[slackware-security] mozilla-firefox (SSA:2012-285-01), Slackware Security Team
[ MDVSA-2012:166 ] bacula, security
[ MDVSA-2012:165 ] graphicsmagick, security
[slackware-security] mozilla-thunderbird (SSA:2012-285-02), Slackware Security Team
Last reminder for ClubHack 2012 : Call for Papers, abhijeet
[ MDVSA-2012:164 ] libxslt, security
[ MDVSA-2012:163 ] firefox, security
Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB, roberto
[slackware-security] bind (SSA:2012-284-01), Slackware Security Team
FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010, Lists
VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates, VMware Security Response Center
ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities, Security Alert
VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update), pereira
- <Possible follow-ups>
- Re: VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update), pereira
vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities, Vulnerability Lab
Omnistar Document Manager v8.0 - Multiple Vulnerabilities, Vulnerability Lab
Multiple vulnerabilities in OpenX, advisory
- <Possible follow-ups>
- Multiple Vulnerabilities in OpenX, advisory
Microsoft Office Excel ReadAV Arbitrary Code Execution, pereira
[ MDVSA-2012:162 ] bind, security
[CVE-2012-4501] CloudStack configuration vulnerability, John Kinsella
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format Player, Cisco Systems Product Security Incident Response Team
[slackware-security] mozilla-firefox (SSA:2012-283-01), Slackware Security Team
Key Systems Electronic Key Lockers command injection and weak authentication vulnerabilities, Travis Lee
FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution, pereira
- <Possible follow-ups>
- Re: FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution, pereira
Hardcoreview WriteAV Arbitrary Code Execution, pereira
Team SHATTER Security Advisory: Elevated roles through DBCC, Shatter
WingFTP Server Denial of Service Vulnerability, Anil Pazvant
- <Possible follow-ups>
- WingFTP Server Denial of Service Vulnerability, Anil Pazvant
BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface, Anil Pazvant
[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation, Timo Warns
soapbox Local Root / Privilege Escalation Vulnerability, pereira
Privilege Escalation Vulnerability in Microsoft Windows, advisory
[security bulletin] HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information, security-alert
Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets components), Shatter
[SECURITY] [DSA 2558-1] bacula security update, Raphael Geissert
Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities, Vulnerability Lab
Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites, Vulnerability Lab
[SECURITY] [DSA 2557-1] hostapd security update, Nico Golde
[SECURITY] [DSA 2556-1] icedove security update, Nico Golde
utempter allows fake host setting, paul . szabo
[ MDVSA-2012:161 ] html2ps, security
Blender 2.63 Exploitable User Mode Write AV, beford
ESA-2012-035: RSAR Adaptive Authentication (On-Premise) Information Disclosure Vulnerability, Security Alert
[SECURITY] [DSA 2555-1] libxslt security update, Moritz Muehlenhoff
[ MDVSA-2012:160 ] imagemagick, security
[ MDVSA-2012:150-1 ] java-1.6.0-openjdk, security
Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2, Shatter
[ MDVSA-2012:151-1 ] ghostscript, security
Team SHATTER Security Advisory: Java Operating System command execution, Shatter
[DCA-2011-0013] - IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow, Ewerson Guimarães (Crash) - Dclabs
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters, Stefan Kanthak
XnView JLS File Decompression Heap Overflow, Joseph Sheridan
ANNOUNCE: RFIDIOt v1.0d released and code migration, Adam Laurie
One week left! CFP for ZeroNights Conference in Moscow 19-20 November 2012, Alexander Polyakov
[ MDVSA-2012:159 ] freeradius, security
[security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, security-alert
Omnistar Mailer v7.2 - Multiple Web Vulnerabilities, Vulnerability Lab
Multiple vulnerabilities in Template CMS, advisory
[ MDVSA-2012:158 ] gc, security
[ MDVSA-2012:157 ] openjpeg, security
[ MDVSA-2012:153-1 ] dhcp, security
CA20121001-01: Security Notice for CA License, Williams, James K
XSS Vulnerabilities in phpFreeChat, Netsparker Advisories
phptax 0.8 <= Remote Code Execution Vulnerability, pereira
Reminder: ClubHack2012 Call for Papers Closing Soon, abhijeet
Better WP Security v3.4.3 Wordpress - Web Vulnerabilities, Vulnerability Lab
Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities, Vulnerability Lab
- <Possible follow-ups>
- Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities, Vulnerability Lab
GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities, Vulnerability Lab
- <Possible follow-ups>
- GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities, Vulnerability Lab
[ MDVSA-2012:155-1 ] xinetd, security
[ MDVSA-2012:156 ] inn, security
[ MDVSA-2012:152-1 ] bind, security
[security bulletin] HPSBUX02814 SSRT100930 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information, security-alert
[ MDVSA-2012:154-1 ] apache, security
CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9, Ken
[ MDVSA-2012:155 ] xinetd, security
[ MDVSA-2012:154 ] apache, security
[IMF 2013] 2nd Call for Papers, Oliver Goebel
NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution, NCC Group Research
XSS in OSSEC wui 0.3, A. Ramos
[SECURITY] [DSA 2552-1] tiff security update, Luciano Bello
[SECURITY] [DSA 2554-1] iceape security update, Yves-Alexis Perez
Cisco Security Advisory: Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2550-2] asterisk regression update, Moritz Muehlenhoff
[Full-disclosure] "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers, Stefan Kanthak
[Announcement] CHMag - Call for Articles, abhijeet
- <Possible follow-ups>
- [Announcement] CHMag - Call for Articles, abhijeet
[waraxe-2012-SA#090] - Insecure SSL Connection in Thomson SpeedTouch ST780, come2waraxe
[SE-2012-01] Critical security issue affecting Java SE 5/6/7, Security Explorations
APPLE-SA-2012-09-24-1 Apple TV 5.1, Apple Product Security
[Positive Research] Intel SMEP Part II: Bypassing Intel SMEP on Windows 8 x64 Using Return-oriented Programming, noreply
CVE-2012-4415: guacamole local root vulnerability, Timo Juhani Lindfors
[Announcement] ClubHack Magazine's Sept 2012 Issue Out, abhijeet
DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419), ddivulnalert
Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field, Joseph Sheridan
Toshiba ConfigFree CF7 File Remote Command Execution, Joseph Sheridan
Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName), Joseph Sheridan
ESA-2012-037: RSA(r) Authentication Agent 7.1 for Microsoft Windows(r) and RSA(r) Authentication Client 3.5 Access Control Vulnerability, Security Alert
[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities, Robert Gilbert
- <Possible follow-ups>
- Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities, rgilbert
GreHack 2012 - 19th Oct. Grenoble, France - Conference + CTF - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ], Fabien DUCHENE
[SECURITY] [DSA 2551-1] isc-dhcp security update, Nico Golde
[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution, security-alert
APPLE-SA-2012-09-19-3 Safari 6.0.1, Apple Product Security
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004, Apple Product Security
APPLE-SA-2012-09-19-1 iOS 6, Apple Product Security
[security bulletin] HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution, security-alert
[2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client, Cisco Systems Product Security Incident Response Team
Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities, sschurtz
[SECURITY] [DSA 2550-1] asterisk security update, Moritz Muehlenhoff
Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability, irist . ir
NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL, NCC Group Research
NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure, NCC Group Research
NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator, NCC Group Research
NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email, NCC Group Research
NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account, NCC Group Research
APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3, Apple Product Security
Fortigate UTM WAF Appliance - Cross Site Vulnerabilities, Vulnerability Lab
[security bulletin] HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code, security-alert
SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities, Vulnerability Lab
Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities, Vulnerability Lab
[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08, come2waraxe
[Positive Research] Intel SMEP overview and partial bypass on Windows 8 (whitepaper), noreply
[slackware-security] patch (SSA:2012-257-02), Slackware Security Team
Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service, Secunia Research
[IA38] NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow, Inshell Security
IPv6 Toolkit v1.2.3 released! (and upcoming IPv6 security trainings), Fernando Gont
[slackware-security] dhcp (SSA:2012-258-01), Slackware Security Team
[slackware-security] bind (SSA:2012-257-01), Slackware Security Team
[INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability, INTREST SEC
NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities, Vulnerability Lab
ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities, Vulnerability Lab
ipv6mon v1.0 released! (IPv6 address monitoring daemon), Fernando Gont
[SECURITY] [DSA 2480-4] request-tracker3.8 regression update, Raphael Geissert
[SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice, Nico Golde
[ MDVSA-2012:153 ] dhcp, security
[SECURITY] [DSA 2549-1] devscripts security update, Raphael Geissert
[SECURITY] [DSA 2548-1] tor security update, Moritz Muehlenhoff
[ MDVSA-2012:152 ] bind, security
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities, Vulnerability Lab
- <Possible follow-ups>
- Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities, Vulnerability Lab
Knowledge Base EE v4.62.0 - SQL Injection Vulnerability, Vulnerability Lab
APPLE-SA-2012-09-12-1 iTunes 10.7, Apple Product Security
[SECURITY] [DSA 2547-1] bind9 security update, Florian Weimer
Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center, mattijs
Cisco Security Advisory: Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center, mattijs
Cisco Security Advisory: Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:151 ] ghostscript, security
[SECURITY] [DSA 2546-1] freeradius security update, Nico Golde
VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58), VUPEN Security Research
VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060), VUPEN Security Research
VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19), VUPEN Security Research
ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities, Security Alert
Multiple vulnerabilities in Ezylog photovoltaic management server, roberto
GreHack 2012 - 19th Oct. Grenoble, France - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ], Fabien DUCHENE
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods, Timo Warns
Wordpress Download Monitor - Download Page Cross-Site Scripting, Joseph Sheridan
nullcon CTF HackIM is on, nullcon
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks, Security Alert
[SE-2012-01] Security vulnerabilities in IBM Java, Security Explorations
[ MDVSA-2012:150 ] java-1.6.0-openjdk, security
[SECURITY] [DSA 2545-1] qemu security update, Raphael Geissert
[SECURITY] [DSA 2544-1] xen security update, Raphael Geissert
[SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update, Raphael Geissert
[SECURITY] [DSA 2542-1] qemu-kvm security update, Raphael Geissert
[SECURITY] [DSA 2541-1] beaker security update, Raphael Geissert
[SECURITY] [DSA 2540-1] mahara security update, Raphael Geissert
[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking, security-alert
Internet Explorer Script Interjection Code Execution (updated), ds . adv . pub
[CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter, Carl-Eric Menzel
[SECURITY] [DSA 2539-1] zabbix security update, Raphael Geissert
[SECURITY] [DSA 2538-1] moin security update, Raphael Geissert
[Rooted CON 2013] CFP starts!, Román Ramírez
eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities, Vulnerability Lab
APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10, Apple Product Security
[IMF 2013] Call for Papers, Oliver Goebel
Сross-Site Request Forgery (CSRF) in TestLink, advisory
Cross-Site Scripting (XSS) in Kayako Fusion, advisory
Cross-Site Scripting (XSS) Vulnerabilities in Flogr, advisory
KIWICON: THE ANNUCIATION, Kiwicon
Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009, Lists
Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities, Vulnerability Lab
ES Job Search Engine v3.0 - SQL injection vulnerability, Vulnerability Lab
eFront Educational v3.6.11 - Multiple Web Vulnerabilities, Vulnerability Lab
IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion", Fernando Gont
VMWare Tools susceptible to binary planting by hijack, moshez
QNAP Turbo NAS Multiple Path Injection, Andrea Fabrizi
Group-Office Calendar SQL Injection, Joseph Sheridan

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]