Bugtraq
[Prev Page][Next Page]
- Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow,
Secunia Research
- Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center,
mattijs
- Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage,
mattijs
- [slackware-security] slocate (SSA:2012-244-05),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2012-244-04),
Slackware Security Team
- Admidio 2.3.5 Multiple security vulnerabilities,
sschurtz
- [slackware-security] mozilla-firefox (SSA:2012-244-02),
Slackware Security Team
- [ MDVSA-2012:149 ] fetchmail,
security
- [slackware-security] glibc (SSA:2012-244-01),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2012-244-03),
Slackware Security Team
- VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries,
VMware Security Team
- Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11,
LpSolit
- AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users,
Asterisk Security Team
- AST-2012-012: Asterisk Manager User Unauthorized Shell Access,
Asterisk Security Team
- [SECURITY] [DSA 2537-1] typo3-src security update,
Florian Weimer
- [SECURITY] [DSA 2536-1] otrs2 security update,
Florian Weimer
- ESA-2012-038: EMC NetWorker Format String Vulnerability,
Security Alert
- [ MDVSA-2012:148 ] ffmpeg,
security
- [ MDVSA-2012:074-1 ] ffmpeg,
security
- SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor,
SEC Consult Vulnerability Lab
- [security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code,
security-alert
- ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2535-1] rtfm security update,
Florian Weimer
- ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
- squidGuard 1.4 - Remote Denial of Service - POC,
Stefan Bauer
- ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability,
ZDI Disclosures
- Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing,
Seeker Research Center
- Sistem Biwes Multiple Vulnerability,
admin
- [ MDVSA-2012:147 ] mozilla-thunderbird,
security
- ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2012:146 ] firefox,
security
- XSS in PrestaShop,
advisory
- Cross-Site Scripting (XSS) in Phorum,
advisory
- t2′12: Challenge to be released 2012-09-01 10:00 EEST,
Tomi Tuominen
- [ MDVSA-2012:145 ] firefox,
security
- ToorCon 14 Call For Papers,
h1kari
- ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability,
Security Alert
- [security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [SE-2012-01] information regarding recently discovered Java 7 attack,
Security Explorations
- [ MDVSA-2012:144 ] tetex,
security
- CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0,
Rob Weir
- CA20111208-01: Security Notice for CA SiteMinder [updated],
Williams, James K
- CommPort 1.01 <= SQL Injection Vulnerability,
pereira
- Wordpress fckeditor Arbitrary File Upload Vulnerability,
irist . ir
- Exploit Title: Mihalism Multi Host v 5.0,
explo21ter
- Paliz CMS Full Path Disclosure Vulnerability,
advisories
- Chamilo 1.8.8.4 Multiple Vulnerabilities,
beford
- [slackware-security] dhcp (SSA:2012-237-01),
Slackware Security Team
- Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008,
Lists
- [SECURITY] [DSA 2533-1] pcp security update,
Florian Weimer
- [security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS),
security-alert
- ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability,
Security Alert
- [ MDVSA-2012:143 ] python-django,
security
- Ad Manager Pro v. 4 Remote FLI,
CorryL
- SaltOS 3.1 Cross-Site Scripting vulnerability,
sschurtz
- [security bulletin] HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS),
security-alert
- ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability,
ZDI Disclosures
- ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability,
ZDI Disclosures
- This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.,
ZDI Disclosures
- ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability,
ZDI Disclosures
- XSS and SQL Injection Vulnerabilities in Jara,
Netsparker Advisories
- XSS Vulnerabilities in LabWiki,
Netsparker Advisories
- XSS and SQL Injection Vulnerabilities in OrderSys,
Netsparker Advisories
- XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS,
Netsparker Advisories
- [ MDVSA-2012:142 ] gimp,
security
- apache struts2 remote code execute,
voidloafer
- [ MDVSA-2012:141 ] openslp,
security
- APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1,
Apple Product Security
- NGS00242 Patch Notification: SysAid Helpdesk stored XSS,
Research@NGSSecure
- NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection,
Research@NGSSecure
- NGS00208 Patch Notification: Moodle CMS stored XSS,
Research@NGSSecure
- NGS00330 Patch Notification: Squiz CMS Directory Traversal,
Research@NGSSecure
- ocPoral CMS 8.x | Session Hijacking Vulnerability,
YGN Ethical Hacker Group
- ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability,
YGN Ethical Hacker Group
- [ MDVSA-2012:140 ] mono,
security
- [ MDVSA-2012:139 ] postgresql,
security
- [SECURITY] [DSA 2531-1] xen security update,
Luciano Bello
- ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty,
ZDI Disclosures
- ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability,
ZDI Disclosures
- [slackware-security] emacs (SSA:2012-228-02),
Slackware Security Team
- Internet Explorer Script Interjection Code Execution,
ds . adv . pub
- [ MDVSA-2012:134 ] wireshark,
security
- ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities,
Vulnerability Lab
- Nike+ Panel & Mobile App - Multiple Web Vulnerabilities,
Vulnerability Lab
- ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities,
Vulnerability Lab
- ShopperPress v2.7 Wordpress - SQL Injection Vulnerability,
Vulnerability Lab
- Social Engine v4.2.5 - Multiple Web Vulnerabilities,
Vulnerability Lab
- GIMP Scriptfu Python Remote Command Execution,
research
- NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3,
Research@NGSSecure
- [ MDVSA-2012:136 ] phpmyadmin,
security
- [ MDVSA-2012:138 ] acpid,
security
- [ MDVSA-2012:137 ] acpid,
security
- [security bulletin] HPSBUX02806 SSRT100789 rev.1 - HP Serviceguard, Remote Denial of Service (DoS),
security-alert
- [ MDVSA-2012:135 ] wireshark,
security
- [ MDVSA-2012:133 ] usbmuxd,
security
- vulnerabilities in Samsung Epic 4G Touch with 2.3.6 and probably other Samsung Galaxies,
Alexander Pruss
- [slackware-security] t1lib (SSA:2012-228-01),
Slackware Security Team
- [SECURITY] [DSA 2530-1] rssh security update,
Florian Weimer
- [SECURITY] [DSA 2528-1] icedove security update,
Florian Weimer
- [ MDVSA-2012:132 ] glpi,
security
- [2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- CFP for ZeroNights conference Moscow 19-20 November 2012,
Alexander Polyakov
- Group-Office Cleartext Credentials Stored in Cookies,
research
- TCExam Edit Cross-Site Scripting,
research
- Total Shop UK eCommerce Generic Cross-Site Scripting,
research
- 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities,
Vulnerability Lab
- NeoInvoice Blind SQL Injection (CVE-2012-3477),
Adam Caudill
- Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities,
Vulnerability Lab
- [security bulletin] HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [security bulletin] HPSBMU02803 SSRT100926 rev.1 - HP Service Manager and HP Service Center Web Tier, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02802 SSRT100923 rev.1 - HP Fortify Software Security Center, Remote Disclosure of Privileged Information,
security-alert
- [security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information,
security-alert
- TCExam Edit SQL Injection,
research
- [Announcement] ClubHack Magazine's Aug 2012 Issue Released,
abhijeet
- GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012,
Fabien DUCHENE
- [security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS),
security-alert
- [SECURITY] [DSA 2527-1] php5 security update,
Moritz Muehlenhoff
- [ MDVSA-2012:131 ] libotr,
security
- Last reminder for Passwords^12 : Call for Presentations,
Per Thorsheim
- [SECURITY] [DSA 2526-1] libotr security update,
Nico Golde
- [ MDVSA-2012:130 ] openldap,
security
- [ MDVSA-2012:129 ] busybox,
security
- [ MDVSA-2012:129-1 ] busybox,
security
- [PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice,
Timo Warns
- WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities,
sschurtz
- How well does Microsoft support (and follow) their mantra "keep your PC updated"?,
Stefan Kanthak
- Another Solaris 10 Patch Cluster Symlink Attack,
larry Cashdollar
- [HITB-Announce] HITB Magazine Issue 009 - Call for Submissions,
Hafez Kamal
- Arasism (IR) CMS - File Upload Vulnerability,
Vulnerability Lab
- Joomla com_fireboard - SQL Injection Vulnerability,
Vulnerability Lab
- Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities,
Vulnerability Lab
- [ MDVSA-2012:128 ] bash,
security
- Multiple Vulnerabilities in phpList,
advisory
- Multiple vulnerabilities in PBBoard,
advisory
- MobileCartly 1.0 <= Remote Code Execution Vulnerability,
pereira
- ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability,
Security Alert
- [ MDVSA-2012:127 ] libtiff,
security
- [ MDVSA-2012:126 ] libxml2,
security
- [security bulletin] HPSBMU02781 SSRT100617 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- nullcon International security conference Delhi 2012 Highlights,
nullcon
- Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion,
nospam
- Oracle Business Transaction Management Server FlashTunnelService WriteToFile Message Remote Code Execution,
nospam
- FreeBSD Security Advisory FreeBSD-SA-12:05.bind,
FreeBSD Security Advisories
- [SECURITY] [DSA 2525-1] expat security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2524-1] openttd security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2523-1] globus-gridftp-server security update,
Moritz Muehlenhoff
- Dir2web3 Mutiple Vulnerabilities,
Daniel Correa
- [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities,
lorenzo . cantoni86
- [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability,
lorenzo . cantoni86
- [CVE-2012-3872] Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities,
lorenzo . cantoni86
- [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities,
lorenzo . cantoni86
- BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 2522-1] fckeditor security update,
Yves-Alexis Perez
- Joomla com_photo - SQL Injection Vulnerability,
Vulnerability Lab
- Joomla com_package - SQL Injection Vulnerability,
Vulnerability Lab
- [ MDVSA-2012:125 ] wireshark,
security
- Inout Mobile Webmail APP - Multiple Web Vulnerabilities,
Vulnerability Lab
- iAuto Mobile Application 2012 - Multiple Web Vulnerabilities,
Vulnerability Lab
- AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution,
nospam
- [SECURITY] [DSA 2519-2] isc-dhcp regression,
Nico Golde
- [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [ MDVSA-2012:124 ] openoffice.org,
security
- [SECURITY] [DSA 2521-1] libxml2 security update,
Moritz Muehlenhoff
- [ MDVSA-2012:123 ] libreoffice,
security
- ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities,
ZDI Disclosures
- ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel),
ZDI Disclosures
- ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability,
ZDI Disclosures
- 29C3: Call for Participation for 29th Chaos Communication Congress,
fukami
- [SECURITY] [DSA 2520-1] openoffice.org security update,
Yves-Alexis Perez
- [ MDVSA-2012:122 ] icedtea-web,
security
- My ROP mitigation,
Young Jun Ko
- Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability,
Vulnerability Lab
- Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability,
Socket_0x03
- [security bulletin] HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2012:121 ] libjpeg-turbo,
security
- [SECURITY] [DSA 2519-1] isc-dhcp security update,
Nico Golde
- [ MDVSA-2012:111 ] krb5,
security
- Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow,
Secunia Research
- Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow,
Secunia Research
- Kaspersky PM 5.0.0.164 - Software Filter Vulnerability,
Vulnerability Lab
- ME Mobile Application Manager v10 - SQL Vulnerabilities,
Vulnerability Lab
- Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities,
Vulnerability Lab
- ME Application Manager 10 - Multiple Web Vulnerabilities,
Vulnerability Lab
- Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities,
Vulnerability Lab
- Barracuda Appliances - Validation Filter Bypass Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 2518-1] krb5 security update,
Yves-Alexis Perez
- MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015],
Tom Yu
- DataWatch Monarch Business Intelligence (BI) v5.1 client section stored cross-site scripting,
vulns
- [SECURITY] [DSA 2517-1] bind9 security update,
Nico Golde
- TEMENOS T24 R07.03 Authentication Bypass,
vulns
- TEMENOS T24 R07.03 Reflected Cross-Site Scripting,
vulns
- DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection,
vulns
- DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection,
vulns
- DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting,
vulns
- DataWatch Monarch BI v5.1 admin section reflected cross-site scripting,
vulns
- Dr. Web Control Center Admin UI Remote Script Code Injection,
Oliver Karow
- Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability,
Chris Travers
- ocPortal 7.1.5 <= | Open URL Redirection Vulnerability,
YGN Ethical Hacker Group
- Spark IM Client Local Password Decryption,
Adam Caudill
- TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer,
Trustwave Advisories
- [ MDVSA-2012:110-1 ] mozilla,
security
- [ MDVSA-2012:119 ] bind,
security
- [slackware-security] bind (SSA:2012-209-01),
Slackware Security Team
- [ MDVSA-2012:118 ] apache-mod_security,
security
- Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10,
LpSolit
- [ MDVSA-2012:117 ] python-pycrypto,
security
- [ MDVSA-2012:116 ] dhcp,
security
- [ MDVSA-2012:115 ] dhcp,
security
- [ MDVSA-2012:114 ] apache-mod_auth_openid,
security
- [ MDVSA-2012:113 ] arpwatch,
security
- [SECURITY] [DSA 2516-1] isc-dhcp security update,
Nico Golde
- [ MDVSA-2012:112 ] perl-DBD-Pg,
security
- tekno.Portal 0.1b - SQLi Vulnerability in "anket.php",
Socket_0x03
- APPLE-SA-2012-07-25-2 Xcode 4.4,
Apple Product Security
- [security bulletin] HPSBUX02795 SSRT100878 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02789 SSRT100824 rev.3 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges,
security-alert
- Cross-Site Scripting (XSS) in Redaxo,
advisory
- [ MDVSA-2012:111 ] libgdata,
security
- APPLE-SA-2012-07-25-1 Safari 6.0,
Apple Product Security
- [slackware-security] libpng (SSA:2012-206-01),
Slackware Security Team
- [ MDVSA-2012:110 ] mozilla,
security
- Android DNS poisoning: Randomness gone bad (CVE-2012-2808),
Roee Hay
- [ MDVSA-2012:109 ] libxslt,
security
- [SECURITY] [DSA 2508-1] kfreebsd-8 security update,
Yves-Alexis Perez
- Free Web App Security Challenges - Hackademics Project,
Ivan Buetler
- file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.,
larry0
- NESSUS ANDROID APP - stores login info in plain text,
securityfocus
- POC2012 Call for Paper,
pocadm
- Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability,
Amir
- CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass,
Krzysztof Kotowicz
- [ MDVSA-2012:108 ] php,
security
- [Announcement] ClubHack Magazine's July 2012 Issue Released,
abhijeet
- [SECURITY] [DSA 2515-1] nsd3 security update,
Nico Golde
- GreHack 2012 - Call For Musicians/Artists/DJs application open till October 5th 2012 (Grenoble, France),
Fabien DUCHENE
- ZDI-12-127 : (0Day) HP StorageWorks File Migration Agent RsaFTP.dll Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-126 : (0 day) HP StorageWorks File Migration Agent RsaCIFS.dll Remote Code Execution Vulnerability,
ZDI Disclosures
- [slackware-security] libexif (SSA:2012-200-01),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2012-200-04),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2012-200-03),
Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2012-200-02),
Slackware Security Team
- [SECURITY] [DSA 2514-1] iceweasel security update,
Nico Golde
- DomsHttpd 1.0 <= Remote Denial Of Service,
pereira
- [security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS),
security-alert
- [PT-2012-23] SQL Injection in Dr.Web Anti-virus,
noreply
- Secunia Research: Cisco Linksys PlayerPT ActiveX Control "SetSource()" Buffer Overflow,
Secunia Research
- KeyPass Password Safe v1.22 - Software Filter Vulnerability,
Research
- AVAVoIP v1.5.12 - Multiple Web Vulnerabilities,
Administrator
- DC4420 - London DEFCON - July meet - Tuesday July 17th 2012,
Major Malfunction
- Re: [Full-disclosure] Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin,
Thor (Hammer of God)
- Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin,
king cope
- CORE-2011-1123 - Windows Kernel ReadLayoutFile Heap Overflow,
CORE Security Technologies Advisories
- 0A29-12-2 :Metasploit 'pcap_log' plugin privilege escalation vulnerability,
0a29 40
- WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities,
sschurtz
- PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities,
Research
- SMF Board v2.0.2 - Multiple Web Vulnerabilities,
Research
- [security bulletin] HPSBGN02787 SSRT100876 rev.1 - HP AssetManager, Remote Cross Site Scripting (XSS) and Unauthorized Data Modification,
security-alert
- libexif project security advisory July 12, 2012,
Dan Fandrich
- CakePHP 2.x-2.2.0-RC2 XXE Injection,
pawel . wylecial
- MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities,
sschurtz
- Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability,
Research
- [slackware-security] php (SSA:2012-195-01),
Slackware Security Team
- VamCart v0.9 CMS - Multiple Web Vulnerabilities,
Research
- Event Calendar PHP 1.2 - Multiple Web Vulnerabilites,
Research
- Google Chrome 19 metro_driver.dll mishandling,
moshez
- [slackware-security] pidgin (SSA:2012-195-02),
Slackware Security Team
- [security bulletin] HPSBMU02796 SSRT100594 rev.2 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2012:106 ] libexif,
security
- [ MDVSA-2012:107 ] exif,
security
- security advisory: AirDroid 1.0.4 beta,
Kathrin Schäberle
- [SECURITY] [DSA 2510-1] extplorer security update,
Luciano Bello
- [SECURITY] [DSA 2512-1] mono security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2511-1] puppet security update,
Moritz Muehlenhoff
- ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-121: EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-120: EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-119: EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- Funeral Script PHP - Multiple Web Vulnerabilites,
Research
- ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability,
ZDI Disclosures
- Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities,
Research
- PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities,
Research
- Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities,
Research
- [ MDVSA-2012:105 ] pidgin,
security
- TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities,
Admin
- [ MDVSA-2012:104 ] openjpeg,
security
- [ MDVSA-2012:103 ] automake,
security
- ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities,
Security_Alert
- ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability,
Security_Alert
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices,
Cisco Systems Product Security Incident Response Team
- Multiple Cross-Site Scripting (XSS) in Kajona,
advisory
- [security bulletin] HPSBMU02796 SSRT100594 rev.1 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 2509-1] pidgin security update,
Luciano Bello
- GreHack 2012 - extended deadline CFP 15th August 2012 (Grenoble, France),
Fabien DUCHENE
- Checkpoint Abra - Vulnerabilities,
komarov
- [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability,
Aaron T. Myers
- AST-2012-010: Possible resource leak on uncompleted re-invite transactions,
Asterisk Security Team
- BookNux 0.2 <= Multiple Vulnerabilities,
pereira
- [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability,
Bertrand Delacretaz
- AST-2012-011: Remote crash vulnerability in voice mail application,
Asterisk Security Team
- [ MDVSA-2012:102 ] krb5,
security
- CLscript CMS v3.0 - Multiple Web Vulnerabilities,
Research
- [security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- IPv6 security tools released,
Fernando Gont
- ClubHack2012 CFP Open Now,
abhijeet
- ESA-2012-026: RSA Access Manager Session Replay Vulnerability,
Security_Alert
- Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities,
Research
- Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities,
Research
- GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites,
Research
- Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites,
Research
- .Net Framework Tilde Character DoS - Sorry, exploit-db link corrected,
bugreport
- .Net Framework Tilde Character DoS,
bugreport
- IIS Short File/Folder Name Disclosure by using tilde ~ character,
bugreport
- [SECURITY] [DSA 2507-1] openjdk-6 security update,
Moritz Muehlenhoff
- Wordpress (editormonkey) Arbitrary File Upload Vulnerability,
Amir
- Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location,
Stefan Kanthak
- Just4meeting 3.0 - Lisbon/Portugal - 6 to 8 - July,
Ralf Braga
- Blind SQL Injection in Webmatic,
advisory
- Forum Oxalis 0.1.2 <= SQL Injection Vulnerability,
pereira
- plow 0.0.5 <= Buffer Overflow Vulnerability,
pereira
- From XSLT code execution to Meterpreter shells,
Nicolas Grégoire
- Cyberoam advisory,
Ben Laurie
- [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution,
n0b0d13s
- [ MDVSA-2012:101 ] libtiff,
security
- [security bulletin] HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- Slideware of IPv6 hacking training (HIP 2012 edition), and future trainings (Portugal & Belgium),
Fernando Gont
- [SECURITY] [DSA 2506-1] libapache-mod-security security update,
Yves-Alexis Perez
- [IA30] Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Vulnerability,
Inshell Security
- Malicious Code Execution in PCI Expansion ROM,
Adam Behnke
- NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation,
Research@NGSSecure
- NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS,
Research@NGSSecure
- NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection,
Research@NGSSecure
- NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection,
Research@NGSSecure
- [security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [ MDVSA-2012:096-1 ] python,
security
- IBM Edge Components Caching Proxy XSS Followup,
BugsNotHugs
- Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI,
BugsNotHugs
- IBM developerWorks ncp (Nigel's Capacity Planning) 2.1 Remote Information Disclosure,
BugsNotHugs
- Sun iPlanet Error Page Link Injection,
BugsNotHugs
- Basilic RCE bug,
m . razavi777
- [SECURITY] [DSA 2505-1] zendframework security update,
Florian Weimer
- GIMP FIT File Format DoS,
Joseph Sheridan
- Irfanview Plugins JLS Decompression,
Joseph Sheridan
- Vulnerabilities in Winlog 2.07.16,
Luigi Auriemma
- REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability,
Rewterz - Research Group
- ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2504-1] libspring-2.5-java security update,
Florian Weimer
- [SECURITY] [DSA 2503-1] bcfg2 security update,
Florian Weimer
- ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS),
security-alert
- ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution,
ZDI Disclosures
- ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution,
ZDI Disclosures
- ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities,
ZDI Disclosures
- [security bulletin] HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBMU02792 SSRT100820 rev.2 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS),
security-alert
- SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection,
SEC Consult Vulnerability Lab
- OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components,
Stefan Kanthak
- [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution,
n0b0d13s
- [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released),
Security Explorations
- [SECURITY] [DSA 2498-1] dhcpcd security update,
Yves-Alexis Perez
- CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability,
Dave
- CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability,
Dave
- [slackware-security] freetype (SSA:2012-176-01),
Slackware Security Team
- [ MDVSA-2012:100 ] rsyslog,
security
- hashdays 2012 - Call for Papers (#days CFP),
Hashdays CFP
- [SECURITY] [DSA 2502-1] python-crypto security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2501-1] xen security update,
Florian Weimer
- [SECURITY] [DSA 2500-1] mantis security update,
Florian Weimer
- [SECURITY] [DSA 2499-1] icedove security update,
Florian Weimer
- [ MDVSA-2012:088-1 ] mozilla,
security
- ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Access,
security-alert
- [security bulletin] HPSBOV02780 SSRT100766 rev.2 - HP OpenVMS ACMELOGIN, Local Unauthorized Access and Increased Privileges,
security-alert
- ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability,
ZDI Disclosures
- CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow,
CORE Security Technologies Advisories
- [ MDVSA-2012:099 ] net-snmp,
security
- Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy,
Amir
- [SECURITY] [DSA 2497-1] quagga security update,
Florian Weimer
- [ MDVSA-2012:098 ] libxml2,
security
- [ MDVSA-2012:097 ] python,
security
- Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:096 ] python,
security
- Commentics 2.0 <= Multiple Vulnerabilities,
pereira
- Multiple vulnerabilities in web@all,
advisory
- [Announcement] ClubHack Magazine Issue 29, June 2012 Released,
abhijeet
- FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED],
FreeBSD Security Advisories
- [Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs,
Stefan Kanthak
- VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876),
VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875),
VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037),
VUPEN Security Research
- [security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges,
security-alert
- [SECURITY] [DSA 2496-1] mysql-5.1 security update,
Thijs Kinkhorst
- [ MDVSA-2012:094 ] clamav,
security
- DC4420 - London DEFCON - June meet - Tuesday June 19th 2012,
Major Malfunction
- SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass,
SEC Consult Vulnerability Lab
- SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure,
SEC Consult Vulnerability Lab
- [ MDVSA-2012:095 ] java-1.6.0-openjdk,
security
- Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007,
Lists
- QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory,
Lists
- [SECURITY] [DSA 2495-1] openconnect security update,
Moritz Muehlenhoff
- Webify Product Series - Multiple Web Vulnerabilities,
Research
- News Script PHP v1.2 - Multiple Web Vulnerabilites,
Research
- [security bulletin] HPSBOV02774 SSRT100684 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Remote Denial of Service (DoS),
security-alert
- Nuked Klan SP CMS v4.5 - SQL injection Vulnerability,
Research
- Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities,
Research
- nullcon Delhi 2012 Final call for Paper/Events (extended to 10th July) and First round of speakers,
nullcon
- AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability,
Asterisk Security Team
- AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections,
Ivan Buetler
- Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities,
Research
- 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0,
0a29 40
- CSNC-2012-004 Generic XSS in AdNovum nevisProxy,
Cyrill Brunschwiler
- [CAL-2012-0015] opera website spoof,
Code Audit Labs
- MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities,
Research
- Cells Blog CMS v1.1 - Multiple Web Vulnerabilites,
Research
- Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites,
Research
- Simple Forum PHP 2.1 - SQL Injection Vulnerabilities,
Research
- Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities,
Research
- IObit Protected Folder Authentication Bypass,
Adam Behnke
- [ MDVSA-2012:093 ] php,
security
- [ MDVSA-2012:092 ] postgresql,
security
- [slackware-security] bind (SSA:2012-166-01),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2012-166-04),
Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2012-166-02),
Slackware Security Team
- [SECURITY] [DSA 2494-1] ffmpeg security update,
Florian Weimer
- Re: Bugtraq ID# 53694 is invalid/fake,
Information Booth
- [ MDVSA-2012:091 ] libreoffice,
security
- [ MDVSA-2012:090 ] openoffice.org,
security
- VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues,
VMware Security Team
- Interspire Shopping Cart v6 - Multiple Web Vulnerabilities,
Research
- iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites,
Research
- ADICO CMS v1.1 - Blind SQL Injection Vulnerability,
Research
- QuickBlog v0.8 CMS - Multiple Web Vulnerabilities,
Research
- [Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities,
Research
- [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability,
Code Audit Labs
- Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack,
moshez
- APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9,
Apple Product Security
- [SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE,
Security Explorations
- [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability,
Code Audit Labs
- CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file.,
Boston Cyber Defense
- ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2493-1] asterisk security update,
Florian Weimer
- [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation,
0x721427D8 0x721427D8
- [security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS),
security-alert
- [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability,
Inshell Security
- FreeBSD Security Advisory FreeBSD-SA-12:03.bind,
FreeBSD Security Advisories
- IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE,
king cope
- [ MDVSA-2012:088 ] mozilla,
security
- FreeBSD Security Advisory FreeBSD-SA-12:04.sysret,
FreeBSD Security Advisories
- APPLE-SA-2012-06-11-1 iTunes 10.6.3,
Apple Product Security
- [security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code,
security-alert
- [MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability,
Florent Daigniere
- [SECURITY] [DSA 2492-1] php5 security update,
Florian Weimer
- [ MDVSA-2012:089 ] bind,
security
- [SECURITY] [DSA 2491-1] postgresql-8.4 security update,
Florian Weimer
- ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- Analysis: Vast IPv6 address space actually enables IPv6 attacks,
Fernando Gont
- [SECURITY] [DSA 2488-1] iceweasel security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2490-1] nss security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2489-1] iceape security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2487-1] openoffice.org security update,
Florian Weimer
- CVE-2012-3287: md5crypt is no longer considered safe,
phk
- Mybb 1.6.8 Sql Injection Vulnerabilitiy,
Amir
- [SECURITY] [DSA 2480-3] request-tracker3.8 regression update,
Florian Weimer
- ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability,
ZDI Disclosures
- ComSndFTP Server Remote Format String Overflow Vulnerability,
demonalex
- Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows,
Secunia Research
- Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service,
Secunia Research
- ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability,
Zero Day Initiative
- ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution,
ZDI Disclosures
- ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability,
ZDI Disclosures
- SQL injection in Serendipity,
advisory
- [SECURITY] [DSA 2486-1] bind9 security update,
Florian Weimer
- [ MDVSA-2012:087 ] nut,
security
- Sielco Sistemi Winlog Buffer Overflow <= v2.07.14,
devnull
- Arbitrary File Upload/Execution in Collabtive,
Mark Hoopes
- EUSecWest 2012 - Amsterdam, Sept 19/20 featuring Mobile PWN2OWN - CFP Deadline June 15,
Dragos Ruiu
- [SECURITY] [DSA 2482-1] libgdata security update,
Yves-Alexis Perez
- [SECURITY] [DSA 2482-1] arpwatch security update,
Yves-Alexis Perez
- [SECURITY] [DSA 2485-1] imp4 security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2481-1] arpwatch security update,
Yves-Alexis Perez
- [SECURITY] [DSA 2484-1] nut security update,
Thijs Kinkhorst
- [SECURITY] [DSA 2483-1] strongswan security update,
Yves-Alexis Perez
- [security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- OpenSSL 1.0.1 Buffer Overflow Vulnerability,
chenz9187
- [ MDVSA-2012:086 ] acpid,
security
- [security bulletin] HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- script-fu buffer overflow in GIMP 2.6,
Joseph Sheridan
- things you can do with downloads,
Michal Zalewski
- AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability,
Asterisk Security Team
- Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- FreeBSD Security Advisory FreeBSD-SA-12:02.crypt,
FreeBSD Security Advisories
- 2 Buffer Overflows in Wireless Manager Sony VAIO,
advisory
- AST-2012-007: Remote crash vulnerability in IAX2 channel driver.,
Asterisk Security Team
- Mapserver for Windows (MS4W) Remote Code Execution,
bruk0ut . sec
- [ MDVSA-2012:085 ] tomcat5,
security
- [SECURITY] [DSA 2480-2] request-tracker3.8 regression update,
Florian Weimer
- DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass,
ddivulnalert
- [ MDVSA-2012:084 ] ncpfs,
security
- [ MDVSA-2012:083 ] util-linux,
security
- [ MDVSA-2012:082 ] pidgin,
security
- [SE-2011-01] Security of SAT TV set-to-boxes and DVB chipsets (details released),
Security Explorations
- WinRadius Server Denial Of Service Vulnerability,
demonalex
- Tftpd32 DNS Server Denial Of Service Vulnerability,
demonalex
- GreHack 2012 - Call For Papers (Grenoble, France),
Fabien DUCHENE
- Kingcopes AthCon 2012 Slides & Notes,
HI-TECH .
- CFP: Hacktivity 2012, October 12-13, Budapest, Hungary,
Attila Bartfai
- [SECURITY] [DSA 2479-1] libxml2 security update,
Moritz Muehlenhoff
- [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability,
Stefan Bodewig
- Multiple vulnerabilities in LogAnalyzer,
Filippo Cavallarin
- Multiple vulnerabilities in Pligg CMS,
advisory
- Multiple XSS in pragmaMx,
advisory
- [SECURITY] [DSA 2480-1] request-tracker3.8 security update,
Moritz Muehlenhoff
- [ MDVSA-2012:081 ] firefox,
security
- [SECURITY] [DSA 2478-1] sudo security update,
Moritz Muehlenhoff
- [ MDVSA-2012:080 ] wireshark,
security
- IPv6 security: New IETF I-Ds, slideware and videos for recent presentations, trainings, etc...,
Fernando Gont
- ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities,
Security_Alert
- Tftpd32 DHCP Server Denial Of Service Vulnerability,
demonalex
- DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012,
Major Malfunction
- [Announcement] CHMag's Issue 28, May 2012 Released,
abhijeet
- [SECURITY] [DSA 2477-1] sympa security update,
Florian Weimer
- PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version,
admin
- Acuity CMS 2.6.x <= Arbitrary File Upload,
YGN Ethical Hacker Group
- Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access,
YGN Ethical Hacker Group
- [SECURITY] [DSA 2476-1] pidgin-otr security update,
Jonathan Wiltshire
- Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012),
Call for papers
- [ MDVSA-2012:079 ] sudo,
security
- New Open Source Web Application Vulnerability Scanner Available,
webvulscan
- SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149,
SEC Consult Vulnerability Lab
- H2HC Brazil 9th Edition - Call for Papers,
Rodrigo Rubira Branco (BSDaemon)
- [SECURITY] [DSA 2475-1] openssl security update,
Raphael Geissert
- [security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized,
security-alert
- Re: [oss-security] CVE Request: Planeshift buffer overflow,
Kurt Seifried
- [SECURITY] [DSA 2474-1] ikiwiki security update,
Raphael Geissert
- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection,
ddivulnalert
- [security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of,
security-alert
- [security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial,
security-alert
- [ MDVSA-2012:078 ] imagemagick,
security
- [ MDVSA-2012:077 ] imagemagick,
security
- [SECURITY] [DSA 2473-1] openoffice.org security update,
Florian Weimer
- [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem,
Timo Warns
- CVE-2012-2149 OpenOffice.org memory overwrite vulnerability,
Rob Weir
- FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability,
demonalex
- The story of the Linux kernel 3.x...,
pi3
- CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0,
Rob Weir
- [SECURITY] [DSA 2472-1] gridengine security update,
Florian Weimer
- CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object,
Rob Weir
- Apple Quicktime Memory Corruption (CVE-2012-0671),
Rodrigo Rubira Branco (BSDaemon)
- APPLE-SA-2012-05-15-1 QuickTime 7.7.2,
Apple Product Security
- [ MDVSA-2012:075 ] ffmpeg,
security
- Liferay 6.1 json webservices are subject to cross-site request forgery attacks,
Jelmer Kuperus
- Multiple xss issues in Liferay,
Jelmer Kuperus
- Liferay 6.1 can be compromised without having an account on the portal,
Jelmer Kuperus
- Guests can view names and emailadresses of all Liferay users in liferay 6.1,
Jelmer Kuperus
- APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003,
Apple Product Security
- APPLE-SA-2012-05-14-1 Flashback Removal Security Update,
Apple Product Security
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]