Bugtraq
[Prev Page][Next Page]
- Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow,
Secunia Research
- Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center,
mattijs
- Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage,
mattijs
- [slackware-security] slocate (SSA:2012-244-05),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2012-244-04),
Slackware Security Team
- Admidio 2.3.5 Multiple security vulnerabilities,
sschurtz
- [slackware-security] mozilla-firefox (SSA:2012-244-02),
Slackware Security Team
- [ MDVSA-2012:149 ] fetchmail,
security
- [slackware-security] glibc (SSA:2012-244-01),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2012-244-03),
Slackware Security Team
- VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries,
VMware Security Team
- Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11,
LpSolit
- AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users,
Asterisk Security Team
- AST-2012-012: Asterisk Manager User Unauthorized Shell Access,
Asterisk Security Team
- [SECURITY] [DSA 2537-1] typo3-src security update,
Florian Weimer
- [SECURITY] [DSA 2536-1] otrs2 security update,
Florian Weimer
- ESA-2012-038: EMC NetWorker Format String Vulnerability,
Security Alert
- [ MDVSA-2012:148 ] ffmpeg,
security
- [ MDVSA-2012:074-1 ] ffmpeg,
security
- SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor,
SEC Consult Vulnerability Lab
- [security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code,
security-alert
- ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2535-1] rtfm security update,
Florian Weimer
- ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
- squidGuard 1.4 - Remote Denial of Service - POC,
Stefan Bauer
- ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability,
ZDI Disclosures
- Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing,
Seeker Research Center
- Sistem Biwes Multiple Vulnerability,
admin
- [ MDVSA-2012:147 ] mozilla-thunderbird,
security
- ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2012:146 ] firefox,
security
- XSS in PrestaShop,
advisory
- Cross-Site Scripting (XSS) in Phorum,
advisory
- t2′12: Challenge to be released 2012-09-01 10:00 EEST,
Tomi Tuominen
- [ MDVSA-2012:145 ] firefox,
security
- ToorCon 14 Call For Papers,
h1kari
- ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability,
Security Alert
- [security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [SE-2012-01] information regarding recently discovered Java 7 attack,
Security Explorations
- [ MDVSA-2012:144 ] tetex,
security
- CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0,
Rob Weir
- CA20111208-01: Security Notice for CA SiteMinder [updated],
Williams, James K
- CommPort 1.01 <= SQL Injection Vulnerability,
pereira
- Wordpress fckeditor Arbitrary File Upload Vulnerability,
irist . ir
- Exploit Title: Mihalism Multi Host v 5.0,
explo21ter
- Paliz CMS Full Path Disclosure Vulnerability,
advisories
- Chamilo 1.8.8.4 Multiple Vulnerabilities,
beford
- [slackware-security] dhcp (SSA:2012-237-01),
Slackware Security Team
- Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008,
Lists
- [SECURITY] [DSA 2533-1] pcp security update,
Florian Weimer
- [security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS),
security-alert
- ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability,
Security Alert
- [ MDVSA-2012:143 ] python-django,
security
- Ad Manager Pro v. 4 Remote FLI,
CorryL
- SaltOS 3.1 Cross-Site Scripting vulnerability,
sschurtz
- [security bulletin] HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS),
security-alert
- ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability,
ZDI Disclosures
- ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability,
ZDI Disclosures
- This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.,
ZDI Disclosures
- ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability,
ZDI Disclosures
- XSS and SQL Injection Vulnerabilities in Jara,
Netsparker Advisories
- XSS Vulnerabilities in LabWiki,
Netsparker Advisories
- XSS and SQL Injection Vulnerabilities in OrderSys,
Netsparker Advisories
- XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS,
Netsparker Advisories
- [ MDVSA-2012:142 ] gimp,
security
- apache struts2 remote code execute,
voidloafer
- [ MDVSA-2012:141 ] openslp,
security
- APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1,
Apple Product Security
- NGS00242 Patch Notification: SysAid Helpdesk stored XSS,
Research@NGSSecure
- NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection,
Research@NGSSecure
- NGS00208 Patch Notification: Moodle CMS stored XSS,
Research@NGSSecure
- NGS00330 Patch Notification: Squiz CMS Directory Traversal,
Research@NGSSecure
- ocPoral CMS 8.x | Session Hijacking Vulnerability,
YGN Ethical Hacker Group
- ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability,
YGN Ethical Hacker Group
- [ MDVSA-2012:140 ] mono,
security
- [ MDVSA-2012:139 ] postgresql,
security
- [SECURITY] [DSA 2531-1] xen security update,
Luciano Bello
- ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty,
ZDI Disclosures
- ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability,
ZDI Disclosures
- [slackware-security] emacs (SSA:2012-228-02),
Slackware Security Team
- Internet Explorer Script Interjection Code Execution,
ds . adv . pub
- [ MDVSA-2012:134 ] wireshark,
security
- ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities,
Vulnerability Lab
- Nike+ Panel & Mobile App - Multiple Web Vulnerabilities,
Vulnerability Lab
- ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities,
Vulnerability Lab
- ShopperPress v2.7 Wordpress - SQL Injection Vulnerability,
Vulnerability Lab
- Social Engine v4.2.5 - Multiple Web Vulnerabilities,
Vulnerability Lab
- GIMP Scriptfu Python Remote Command Execution,
research
- NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3,
Research@NGSSecure
- [ MDVSA-2012:136 ] phpmyadmin,
security
- [ MDVSA-2012:138 ] acpid,
security
- [ MDVSA-2012:137 ] acpid,
security
- [security bulletin] HPSBUX02806 SSRT100789 rev.1 - HP Serviceguard, Remote Denial of Service (DoS),
security-alert
- [ MDVSA-2012:135 ] wireshark,
security
- [ MDVSA-2012:133 ] usbmuxd,
security
- vulnerabilities in Samsung Epic 4G Touch with 2.3.6 and probably other Samsung Galaxies,
Alexander Pruss
- [slackware-security] t1lib (SSA:2012-228-01),
Slackware Security Team
- [SECURITY] [DSA 2530-1] rssh security update,
Florian Weimer
- [SECURITY] [DSA 2528-1] icedove security update,
Florian Weimer
- [ MDVSA-2012:132 ] glpi,
security
- [2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- CFP for ZeroNights conference Moscow 19-20 November 2012,
Alexander Polyakov
- Group-Office Cleartext Credentials Stored in Cookies,
research
- TCExam Edit Cross-Site Scripting,
research
- Total Shop UK eCommerce Generic Cross-Site Scripting,
research
- 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities,
Vulnerability Lab
- NeoInvoice Blind SQL Injection (CVE-2012-3477),
Adam Caudill
- Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities,
Vulnerability Lab
- [security bulletin] HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [security bulletin] HPSBMU02803 SSRT100926 rev.1 - HP Service Manager and HP Service Center Web Tier, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02802 SSRT100923 rev.1 - HP Fortify Software Security Center, Remote Disclosure of Privileged Information,
security-alert
- [security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information,
security-alert
- TCExam Edit SQL Injection,
research
- [Announcement] ClubHack Magazine's Aug 2012 Issue Released,
abhijeet
- GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012,
Fabien DUCHENE
- [security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS),
security-alert
- [SECURITY] [DSA 2527-1] php5 security update,
Moritz Muehlenhoff
- [ MDVSA-2012:131 ] libotr,
security
- Last reminder for Passwords^12 : Call for Presentations,
Per Thorsheim
- [SECURITY] [DSA 2526-1] libotr security update,
Nico Golde
- [ MDVSA-2012:130 ] openldap,
security
- [ MDVSA-2012:129 ] busybox,
security
- [ MDVSA-2012:129-1 ] busybox,
security
- [PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice,
Timo Warns
- WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities,
sschurtz
- How well does Microsoft support (and follow) their mantra "keep your PC updated"?,
Stefan Kanthak
- Another Solaris 10 Patch Cluster Symlink Attack,
larry Cashdollar
- [HITB-Announce] HITB Magazine Issue 009 - Call for Submissions,
Hafez Kamal
- Arasism (IR) CMS - File Upload Vulnerability,
Vulnerability Lab
- Joomla com_fireboard - SQL Injection Vulnerability,
Vulnerability Lab
- Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities,
Vulnerability Lab
- [ MDVSA-2012:128 ] bash,
security
- Multiple Vulnerabilities in phpList,
advisory
- Multiple vulnerabilities in PBBoard,
advisory
- MobileCartly 1.0 <= Remote Code Execution Vulnerability,
pereira
- ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability,
Security Alert
- [ MDVSA-2012:127 ] libtiff,
security
- [ MDVSA-2012:126 ] libxml2,
security
- [security bulletin] HPSBMU02781 SSRT100617 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- nullcon International security conference Delhi 2012 Highlights,
nullcon
- Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion,
nospam
- Oracle Business Transaction Management Server FlashTunnelService WriteToFile Message Remote Code Execution,
nospam
- FreeBSD Security Advisory FreeBSD-SA-12:05.bind,
FreeBSD Security Advisories
- [SECURITY] [DSA 2525-1] expat security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2524-1] openttd security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2523-1] globus-gridftp-server security update,
Moritz Muehlenhoff
- Dir2web3 Mutiple Vulnerabilities,
Daniel Correa
- [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities,
lorenzo . cantoni86
- [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability,
lorenzo . cantoni86
- [CVE-2012-3872] Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities,
lorenzo . cantoni86
- [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities,
lorenzo . cantoni86
- BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 2522-1] fckeditor security update,
Yves-Alexis Perez
- Joomla com_photo - SQL Injection Vulnerability,
Vulnerability Lab
- Joomla com_package - SQL Injection Vulnerability,
Vulnerability Lab
- [ MDVSA-2012:125 ] wireshark,
security
- Inout Mobile Webmail APP - Multiple Web Vulnerabilities,
Vulnerability Lab
- iAuto Mobile Application 2012 - Multiple Web Vulnerabilities,
Vulnerability Lab
- AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution,
nospam
- [SECURITY] [DSA 2519-2] isc-dhcp regression,
Nico Golde
- [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [ MDVSA-2012:124 ] openoffice.org,
security
- [SECURITY] [DSA 2521-1] libxml2 security update,
Moritz Muehlenhoff
- [ MDVSA-2012:123 ] libreoffice,
security
- ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities,
ZDI Disclosures
- ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel),
ZDI Disclosures
- ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability,
ZDI Disclosures
- 29C3: Call for Participation for 29th Chaos Communication Congress,
fukami
- [SECURITY] [DSA 2520-1] openoffice.org security update,
Yves-Alexis Perez
- [ MDVSA-2012:122 ] icedtea-web,
security
- My ROP mitigation,
Young Jun Ko
- Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability,
Vulnerability Lab
- Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability,
Socket_0x03
- [security bulletin] HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2012:121 ] libjpeg-turbo,
security
- [SECURITY] [DSA 2519-1] isc-dhcp security update,
Nico Golde
- [ MDVSA-2012:111 ] krb5,
security
- Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow,
Secunia Research
- Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow,
Secunia Research
- Kaspersky PM 5.0.0.164 - Software Filter Vulnerability,
Vulnerability Lab
- ME Mobile Application Manager v10 - SQL Vulnerabilities,
Vulnerability Lab
- Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities,
Vulnerability Lab
- ME Application Manager 10 - Multiple Web Vulnerabilities,
Vulnerability Lab
- Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities,
Vulnerability Lab
- Barracuda Appliances - Validation Filter Bypass Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 2518-1] krb5 security update,
Yves-Alexis Perez
- MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015],
Tom Yu
- DataWatch Monarch Business Intelligence (BI) v5.1 client section stored cross-site scripting,
vulns
- [SECURITY] [DSA 2517-1] bind9 security update,
Nico Golde
- TEMENOS T24 R07.03 Authentication Bypass,
vulns
- TEMENOS T24 R07.03 Reflected Cross-Site Scripting,
vulns
- DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection,
vulns
- DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection,
vulns
- DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting,
vulns
- DataWatch Monarch BI v5.1 admin section reflected cross-site scripting,
vulns
- Dr. Web Control Center Admin UI Remote Script Code Injection,
Oliver Karow
- Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability,
Chris Travers
- ocPortal 7.1.5 <= | Open URL Redirection Vulnerability,
YGN Ethical Hacker Group
- Spark IM Client Local Password Decryption,
Adam Caudill
- TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer,
Trustwave Advisories
- [ MDVSA-2012:110-1 ] mozilla,
security
- [ MDVSA-2012:119 ] bind,
security
- [slackware-security] bind (SSA:2012-209-01),
Slackware Security Team
- [ MDVSA-2012:118 ] apache-mod_security,
security
- Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10,
LpSolit
- [ MDVSA-2012:117 ] python-pycrypto,
security
- [ MDVSA-2012:116 ] dhcp,
security
- [ MDVSA-2012:115 ] dhcp,
security
- [ MDVSA-2012:114 ] apache-mod_auth_openid,
security
- [ MDVSA-2012:113 ] arpwatch,
security
- [SECURITY] [DSA 2516-1] isc-dhcp security update,
Nico Golde
- [ MDVSA-2012:112 ] perl-DBD-Pg,
security
- tekno.Portal 0.1b - SQLi Vulnerability in "anket.php",
Socket_0x03
- APPLE-SA-2012-07-25-2 Xcode 4.4,
Apple Product Security
- [security bulletin] HPSBUX02795 SSRT100878 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02789 SSRT100824 rev.3 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges,
security-alert
- Cross-Site Scripting (XSS) in Redaxo,
advisory
- [ MDVSA-2012:111 ] libgdata,
security
- APPLE-SA-2012-07-25-1 Safari 6.0,
Apple Product Security
- [slackware-security] libpng (SSA:2012-206-01),
Slackware Security Team
- [ MDVSA-2012:110 ] mozilla,
security
- Android DNS poisoning: Randomness gone bad (CVE-2012-2808),
Roee Hay
- [ MDVSA-2012:109 ] libxslt,
security
- [SECURITY] [DSA 2508-1] kfreebsd-8 security update,
Yves-Alexis Perez
- Free Web App Security Challenges - Hackademics Project,
Ivan Buetler
- file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.,
larry0
- NESSUS ANDROID APP - stores login info in plain text,
securityfocus
- POC2012 Call for Paper,
pocadm
- Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability,
Amir
- CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass,
Krzysztof Kotowicz
- [ MDVSA-2012:108 ] php,
security
- [Announcement] ClubHack Magazine's July 2012 Issue Released,
abhijeet
- [SECURITY] [DSA 2515-1] nsd3 security update,
Nico Golde
- GreHack 2012 - Call For Musicians/Artists/DJs application open till October 5th 2012 (Grenoble, France),
Fabien DUCHENE
- ZDI-12-127 : (0Day) HP StorageWorks File Migration Agent RsaFTP.dll Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-126 : (0 day) HP StorageWorks File Migration Agent RsaCIFS.dll Remote Code Execution Vulnerability,
ZDI Disclosures
- [slackware-security] libexif (SSA:2012-200-01),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2012-200-04),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2012-200-03),
Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2012-200-02),
Slackware Security Team
- [SECURITY] [DSA 2514-1] iceweasel security update,
Nico Golde
- DomsHttpd 1.0 <= Remote Denial Of Service,
pereira
- [security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS),
security-alert
- [PT-2012-23] SQL Injection in Dr.Web Anti-virus,
noreply
- Secunia Research: Cisco Linksys PlayerPT ActiveX Control "SetSource()" Buffer Overflow,
Secunia Research
- KeyPass Password Safe v1.22 - Software Filter Vulnerability,
Research
- AVAVoIP v1.5.12 - Multiple Web Vulnerabilities,
Administrator
- DC4420 - London DEFCON - July meet - Tuesday July 17th 2012,
Major Malfunction
- Re: [Full-disclosure] Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin,
Thor (Hammer of God)
- Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin,
king cope
- CORE-2011-1123 - Windows Kernel ReadLayoutFile Heap Overflow,
CORE Security Technologies Advisories
- 0A29-12-2 :Metasploit 'pcap_log' plugin privilege escalation vulnerability,
0a29 40
- WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities,
sschurtz
- PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities,
Research
- SMF Board v2.0.2 - Multiple Web Vulnerabilities,
Research
- [security bulletin] HPSBGN02787 SSRT100876 rev.1 - HP AssetManager, Remote Cross Site Scripting (XSS) and Unauthorized Data Modification,
security-alert
- libexif project security advisory July 12, 2012,
Dan Fandrich
- CakePHP 2.x-2.2.0-RC2 XXE Injection,
pawel . wylecial
- MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities,
sschurtz
- Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability,
Research
- [slackware-security] php (SSA:2012-195-01),
Slackware Security Team
- VamCart v0.9 CMS - Multiple Web Vulnerabilities,
Research
- Event Calendar PHP 1.2 - Multiple Web Vulnerabilites,
Research
- Google Chrome 19 metro_driver.dll mishandling,
moshez
- [slackware-security] pidgin (SSA:2012-195-02),
Slackware Security Team
- [security bulletin] HPSBMU02796 SSRT100594 rev.2 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2012:106 ] libexif,
security
- [ MDVSA-2012:107 ] exif,
security
- security advisory: AirDroid 1.0.4 beta,
Kathrin Schäberle
- [SECURITY] [DSA 2510-1] extplorer security update,
Luciano Bello
- [SECURITY] [DSA 2512-1] mono security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2511-1] puppet security update,
Moritz Muehlenhoff
- ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-121: EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-120: EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-119: EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- Funeral Script PHP - Multiple Web Vulnerabilites,
Research
- ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability,
ZDI Disclosures
- Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities,
Research
- PHP Jobsite v1.36 - Cross Site Scripting Vulnerabilities,
Research
- Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities,
Research
- [ MDVSA-2012:105 ] pidgin,
security
- TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities,
Admin
- [ MDVSA-2012:104 ] openjpeg,
security
- [ MDVSA-2012:103 ] automake,
security
- ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities,
Security_Alert
- ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability,
Security_Alert
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices,
Cisco Systems Product Security Incident Response Team
- Multiple Cross-Site Scripting (XSS) in Kajona,
advisory
- [security bulletin] HPSBMU02796 SSRT100594 rev.1 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 2509-1] pidgin security update,
Luciano Bello
- GreHack 2012 - extended deadline CFP 15th August 2012 (Grenoble, France),
Fabien DUCHENE
- Checkpoint Abra - Vulnerabilities,
komarov
- [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability,
Aaron T. Myers
- AST-2012-010: Possible resource leak on uncompleted re-invite transactions,
Asterisk Security Team
- BookNux 0.2 <= Multiple Vulnerabilities,
pereira
- [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability,
Bertrand Delacretaz
- AST-2012-011: Remote crash vulnerability in voice mail application,
Asterisk Security Team
- [ MDVSA-2012:102 ] krb5,
security
- CLscript CMS v3.0 - Multiple Web Vulnerabilities,
Research
- [security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- IPv6 security tools released,
Fernando Gont
- ClubHack2012 CFP Open Now,
abhijeet
- ESA-2012-026: RSA Access Manager Session Replay Vulnerability,
Security_Alert
- Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities,
Research
- Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities,
Research
- GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites,
Research
- Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites,
Research
- .Net Framework Tilde Character DoS - Sorry, exploit-db link corrected,
bugreport
- .Net Framework Tilde Character DoS,
bugreport
- IIS Short File/Folder Name Disclosure by using tilde ~ character,
bugreport
- [SECURITY] [DSA 2507-1] openjdk-6 security update,
Moritz Muehlenhoff
- Wordpress (editormonkey) Arbitrary File Upload Vulnerability,
Amir
- Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location,
Stefan Kanthak
- Just4meeting 3.0 - Lisbon/Portugal - 6 to 8 - July,
Ralf Braga
- Blind SQL Injection in Webmatic,
advisory
- Forum Oxalis 0.1.2 <= SQL Injection Vulnerability,
pereira
- plow 0.0.5 <= Buffer Overflow Vulnerability,
pereira
- From XSLT code execution to Meterpreter shells,
Nicolas Grégoire
- Cyberoam advisory,
Ben Laurie
- [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution,
n0b0d13s
- [ MDVSA-2012:101 ] libtiff,
security
- [security bulletin] HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- Slideware of IPv6 hacking training (HIP 2012 edition), and future trainings (Portugal & Belgium),
Fernando Gont
- [SECURITY] [DSA 2506-1] libapache-mod-security security update,
Yves-Alexis Perez
- [IA30] Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Vulnerability,
Inshell Security
- Malicious Code Execution in PCI Expansion ROM,
Adam Behnke
- NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation,
Research@NGSSecure
- NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS,
Research@NGSSecure
- NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection,
Research@NGSSecure
- NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection,
Research@NGSSecure
- [security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [ MDVSA-2012:096-1 ] python,
security
- IBM Edge Components Caching Proxy XSS Followup,
BugsNotHugs
- Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI,
BugsNotHugs
- IBM developerWorks ncp (Nigel's Capacity Planning) 2.1 Remote Information Disclosure,
BugsNotHugs
- Sun iPlanet Error Page Link Injection,
BugsNotHugs
- Basilic RCE bug,
m . razavi777
- [SECURITY] [DSA 2505-1] zendframework security update,
Florian Weimer
- GIMP FIT File Format DoS,
Joseph Sheridan
- Irfanview Plugins JLS Decompression,
Joseph Sheridan
- Vulnerabilities in Winlog 2.07.16,
Luigi Auriemma
- REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability,
Rewterz - Research Group
- ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2504-1] libspring-2.5-java security update,
Florian Weimer
- [SECURITY] [DSA 2503-1] bcfg2 security update,
Florian Weimer
- ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS),
security-alert
- ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution,
ZDI Disclosures
- ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution,
ZDI Disclosures
- ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities,
ZDI Disclosures
- [security bulletin] HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBMU02792 SSRT100820 rev.2 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS),
security-alert
- SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection,
SEC Consult Vulnerability Lab
- OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components,
Stefan Kanthak
- [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution,
n0b0d13s
- [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released),
Security Explorations
- [SECURITY] [DSA 2498-1] dhcpcd security update,
Yves-Alexis Perez
- CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability,
Dave
- CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability,
Dave
- [slackware-security] freetype (SSA:2012-176-01),
Slackware Security Team
- [ MDVSA-2012:100 ] rsyslog,
security
- hashdays 2012 - Call for Papers (#days CFP),
Hashdays CFP
- [SECURITY] [DSA 2502-1] python-crypto security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2501-1] xen security update,
Florian Weimer
- [SECURITY] [DSA 2500-1] mantis security update,
Florian Weimer
- [SECURITY] [DSA 2499-1] icedove security update,
Florian Weimer
- [ MDVSA-2012:088-1 ] mozilla,
security
- ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Access,
security-alert
- [security bulletin] HPSBOV02780 SSRT100766 rev.2 - HP OpenVMS ACMELOGIN, Local Unauthorized Access and Increased Privileges,
security-alert
- ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability,
ZDI Disclosures
- CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow,
CORE Security Technologies Advisories
- [ MDVSA-2012:099 ] net-snmp,
security
- Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy,
Amir
- [SECURITY] [DSA 2497-1] quagga security update,
Florian Weimer
- [ MDVSA-2012:098 ] libxml2,
security
- [ MDVSA-2012:097 ] python,
security
- Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:096 ] python,
security
- Commentics 2.0 <= Multiple Vulnerabilities,
pereira
- Multiple vulnerabilities in web@all,
advisory
- [Announcement] ClubHack Magazine Issue 29, June 2012 Released,
abhijeet
- FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED],
FreeBSD Security Advisories
- [Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs,
Stefan Kanthak
- VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876),
VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875),
VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037),
VUPEN Security Research
- [security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges,
security-alert
- [SECURITY] [DSA 2496-1] mysql-5.1 security update,
Thijs Kinkhorst
- [ MDVSA-2012:094 ] clamav,
security
- DC4420 - London DEFCON - June meet - Tuesday June 19th 2012,
Major Malfunction
- SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass,
SEC Consult Vulnerability Lab
- SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure,
SEC Consult Vulnerability Lab
- [ MDVSA-2012:095 ] java-1.6.0-openjdk,
security
- Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007,
Lists
- QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory,
Lists
- [SECURITY] [DSA 2495-1] openconnect security update,
Moritz Muehlenhoff
- Webify Product Series - Multiple Web Vulnerabilities,
Research
- News Script PHP v1.2 - Multiple Web Vulnerabilites,
Research
- [security bulletin] HPSBOV02774 SSRT100684 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Remote Denial of Service (DoS),
security-alert
- Nuked Klan SP CMS v4.5 - SQL injection Vulnerability,
Research
- Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities,
Research
- nullcon Delhi 2012 Final call for Paper/Events (extended to 10th July) and First round of speakers,
nullcon
- AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability,
Asterisk Security Team
- AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections,
Ivan Buetler
- Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities,
Research
- 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0,
0a29 40
- CSNC-2012-004 Generic XSS in AdNovum nevisProxy,
Cyrill Brunschwiler
- [CAL-2012-0015] opera website spoof,
Code Audit Labs
- MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities,
Research
- Cells Blog CMS v1.1 - Multiple Web Vulnerabilites,
Research
- Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites,
Research
- Simple Forum PHP 2.1 - SQL Injection Vulnerabilities,
Research
- Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities,
Research
- IObit Protected Folder Authentication Bypass,
Adam Behnke
- [ MDVSA-2012:093 ] php,
security
- [ MDVSA-2012:092 ] postgresql,
security
- [slackware-security] bind (SSA:2012-166-01),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2012-166-04),
Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2012-166-02),
Slackware Security Team
- [SECURITY] [DSA 2494-1] ffmpeg security update,
Florian Weimer
- Re: Bugtraq ID# 53694 is invalid/fake,
Information Booth
- [ MDVSA-2012:091 ] libreoffice,
security
- [ MDVSA-2012:090 ] openoffice.org,
security
- VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues,
VMware Security Team
- Interspire Shopping Cart v6 - Multiple Web Vulnerabilities,
Research
- iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites,
Research
- ADICO CMS v1.1 - Blind SQL Injection Vulnerability,
Research
- QuickBlog v0.8 CMS - Multiple Web Vulnerabilities,
Research
- [Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities,
Research
- [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability,
Code Audit Labs
- Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack,
moshez
- APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9,
Apple Product Security
- [SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE,
Security Explorations
- [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability,
Code Audit Labs
- CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file.,
Boston Cyber Defense
- ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2493-1] asterisk security update,
Florian Weimer
- [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation,
0x721427D8 0x721427D8
- [security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS),
security-alert
- [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability,
Inshell Security
- FreeBSD Security Advisory FreeBSD-SA-12:03.bind,
FreeBSD Security Advisories
- IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE,
king cope
- [ MDVSA-2012:088 ] mozilla,
security
- FreeBSD Security Advisory FreeBSD-SA-12:04.sysret,
FreeBSD Security Advisories
- APPLE-SA-2012-06-11-1 iTunes 10.6.3,
Apple Product Security
- [security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code,
security-alert
- [MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability,
Florent Daigniere
- [SECURITY] [DSA 2492-1] php5 security update,
Florian Weimer
- [ MDVSA-2012:089 ] bind,
security
- [SECURITY] [DSA 2491-1] postgresql-8.4 security update,
Florian Weimer
- ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- Analysis: Vast IPv6 address space actually enables IPv6 attacks,
Fernando Gont
[SECURITY] [DSA 2488-1] iceweasel security update,
Thijs Kinkhorst
[SECURITY] [DSA 2490-1] nss security update,
Thijs Kinkhorst
[SECURITY] [DSA 2489-1] iceape security update,
Thijs Kinkhorst
[SECURITY] [DSA 2487-1] openoffice.org security update,
Florian Weimer
CVE-2012-3287: md5crypt is no longer considered safe,
phk
Mybb 1.6.8 Sql Injection Vulnerabilitiy,
Amir
[SECURITY] [DSA 2480-3] request-tracker3.8 regression update,
Florian Weimer
ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability,
ZDI Disclosures
ComSndFTP Server Remote Format String Overflow Vulnerability,
demonalex
Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows,
Secunia Research
Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service,
Secunia Research
ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability,
Zero Day Initiative
ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution,
ZDI Disclosures
ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability,
ZDI Disclosures
SQL injection in Serendipity,
advisory
[SECURITY] [DSA 2486-1] bind9 security update,
Florian Weimer
[ MDVSA-2012:087 ] nut,
security
Sielco Sistemi Winlog Buffer Overflow <= v2.07.14,
devnull
Arbitrary File Upload/Execution in Collabtive,
Mark Hoopes
EUSecWest 2012 - Amsterdam, Sept 19/20 featuring Mobile PWN2OWN - CFP Deadline June 15,
Dragos Ruiu
[SECURITY] [DSA 2482-1] libgdata security update,
Yves-Alexis Perez
[SECURITY] [DSA 2482-1] arpwatch security update,
Yves-Alexis Perez
[SECURITY] [DSA 2485-1] imp4 security update,
Thijs Kinkhorst
[SECURITY] [DSA 2481-1] arpwatch security update,
Yves-Alexis Perez
[SECURITY] [DSA 2484-1] nut security update,
Thijs Kinkhorst
[SECURITY] [DSA 2483-1] strongswan security update,
Yves-Alexis Perez
[security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code,
security-alert
OpenSSL 1.0.1 Buffer Overflow Vulnerability,
chenz9187
[ MDVSA-2012:086 ] acpid,
security
[security bulletin] HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities,
security-alert
script-fu buffer overflow in GIMP 2.6,
Joseph Sheridan
things you can do with downloads,
Michal Zalewski
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability,
Asterisk Security Team
Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
FreeBSD Security Advisory FreeBSD-SA-12:02.crypt,
FreeBSD Security Advisories
2 Buffer Overflows in Wireless Manager Sony VAIO,
advisory
AST-2012-007: Remote crash vulnerability in IAX2 channel driver.,
Asterisk Security Team
Mapserver for Windows (MS4W) Remote Code Execution,
bruk0ut . sec
[ MDVSA-2012:085 ] tomcat5,
security
[SECURITY] [DSA 2480-2] request-tracker3.8 regression update,
Florian Weimer
DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass,
ddivulnalert
[ MDVSA-2012:084 ] ncpfs,
security
[ MDVSA-2012:083 ] util-linux,
security
[ MDVSA-2012:082 ] pidgin,
security
[SE-2011-01] Security of SAT TV set-to-boxes and DVB chipsets (details released),
Security Explorations
WinRadius Server Denial Of Service Vulnerability,
demonalex
Tftpd32 DNS Server Denial Of Service Vulnerability,
demonalex
GreHack 2012 - Call For Papers (Grenoble, France),
Fabien DUCHENE
Kingcopes AthCon 2012 Slides & Notes,
HI-TECH .
CFP: Hacktivity 2012, October 12-13, Budapest, Hungary,
Attila Bartfai
[SECURITY] [DSA 2479-1] libxml2 security update,
Moritz Muehlenhoff
[CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability,
Stefan Bodewig
Multiple vulnerabilities in LogAnalyzer,
Filippo Cavallarin
Multiple vulnerabilities in Pligg CMS,
advisory
Multiple XSS in pragmaMx,
advisory
[SECURITY] [DSA 2480-1] request-tracker3.8 security update,
Moritz Muehlenhoff
[ MDVSA-2012:081 ] firefox,
security
[SECURITY] [DSA 2478-1] sudo security update,
Moritz Muehlenhoff
[ MDVSA-2012:080 ] wireshark,
security
IPv6 security: New IETF I-Ds, slideware and videos for recent presentations, trainings, etc...,
Fernando Gont
ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities,
Security_Alert
Tftpd32 DHCP Server Denial Of Service Vulnerability,
demonalex
DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012,
Major Malfunction
[Announcement] CHMag's Issue 28, May 2012 Released,
abhijeet
[SECURITY] [DSA 2477-1] sympa security update,
Florian Weimer
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version,
admin
Acuity CMS 2.6.x <= Arbitrary File Upload,
YGN Ethical Hacker Group
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access,
YGN Ethical Hacker Group
[SECURITY] [DSA 2476-1] pidgin-otr security update,
Jonathan Wiltshire
Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012),
Call for papers
[ MDVSA-2012:079 ] sudo,
security
New Open Source Web Application Vulnerability Scanner Available,
webvulscan
SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149,
SEC Consult Vulnerability Lab
H2HC Brazil 9th Edition - Call for Papers,
Rodrigo Rubira Branco (BSDaemon)
[SECURITY] [DSA 2475-1] openssl security update,
Raphael Geissert
[security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized,
security-alert
Re: [oss-security] CVE Request: Planeshift buffer overflow,
Kurt Seifried
[SECURITY] [DSA 2474-1] ikiwiki security update,
Raphael Geissert
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection,
ddivulnalert
[security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of,
security-alert
[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial,
security-alert
[ MDVSA-2012:078 ] imagemagick,
security
[ MDVSA-2012:077 ] imagemagick,
security
[SECURITY] [DSA 2473-1] openoffice.org security update,
Florian Weimer
[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem,
Timo Warns
CVE-2012-2149 OpenOffice.org memory overwrite vulnerability,
Rob Weir
FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability,
demonalex
The story of the Linux kernel 3.x...,
pi3
CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0,
Rob Weir
[SECURITY] [DSA 2472-1] gridengine security update,
Florian Weimer
CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object,
Rob Weir
Apple Quicktime Memory Corruption (CVE-2012-0671),
Rodrigo Rubira Branco (BSDaemon)
APPLE-SA-2012-05-15-1 QuickTime 7.7.2,
Apple Product Security
[ MDVSA-2012:075 ] ffmpeg,
security
Liferay 6.1 json webservices are subject to cross-site request forgery attacks,
Jelmer Kuperus
Multiple xss issues in Liferay,
Jelmer Kuperus
Liferay 6.1 can be compromised without having an account on the portal,
Jelmer Kuperus
Guests can view names and emailadresses of all Liferay users in liferay 6.1,
Jelmer Kuperus
APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003,
Apple Product Security
APPLE-SA-2012-05-14-1 Flashback Removal Security Update,
Apple Product Security
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]