Bugtraq

Date Index

[Prev Page][Next Page]

NETGEAR Exposure of Sensitive Information - Security Advisory - SOS-12-005, Lists
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED, Stefan Kanthak
Trigerring Java code from a SVG image, Nicolas Grégoire
- <Possible follow-ups>
- Re: Trigerring Java code from a SVG image, Nicolas Grégoire
[ MDVSA-2012:076 ] ffmpeg, security
[ MDVSA-2012:074 ] ffmpeg, security
[SECURITY] [DSA-2471-1] ffmpeg security update, Moritz Muehlenhoff
[ MDVSA-2012:073 ] openssl, security
[SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression, Moritz Muehlenhoff
Liferay users can assign themselves to organizations, leading to possible privilege escalation, Jelmer Kuperus
Universal Reader Filename Denial Of Service Vulnerability, demonalex
[SECURITY] [DSA 2670-1] wordpress security update, Yves-Alexis Perez
b2ePMS 1.0 Authentication Bypass Vulnerability, pereira
Cross-Site Scripting (XSS) in Pivotx, advisory
t2'12: Call for Papers 2012 (Helsinki / Finland), Tomi Tuominen
[SECURITY] [DSA 2469-1] linux-2.6 security update, dann frazier
CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities, CORE Security Technologies Advisories
ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities, Security_Alert
Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability, nospam
[ MDVSA-2012:072 ] roundcubemail, security
[ MDVSA-2012:071 ] php, security
APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002, Apple Product Security
Adobe Shockwave Player Remote Code Execution (CVE-2012-2029), Rodrigo Rubira Branco (BSDaemon)
[ MDVSA-2012:068-1 ] php, security
Drupal 7.14 <= Full Path Disclosure Vulnerability (Update), pereira
Drupal 7.14 <= Full Path Disclosure Vulnerability, pereira
- <Possible follow-ups>
- Re: Drupal 7.14 <= Full Path Disclosure Vulnerability, pereira
APPLE-SA-2012-05-09-2 Safari 5.1.7, Apple Product Security
[SECURITY] [DSA 2468-1] libjakarta-poi-java security update, Florian Weimer
[SECURITY] [DSA 2422-2] file regression fix, Thijs Kinkhorst
[SECURITY] [DSA 2467-1] mahara security update, Thijs Kinkhorst
[SECURITY] [DSA 2466-1] rails security update, Thijs Kinkhorst
[SECURITY] [DSA 2465-1] php5 security update, Thijs Kinkhorst
Adobe Shockwave Player Remote Code Execution (CVE-2012-2031), Rodrigo Rubira Branco (BSDaemon)
Adobe Shockwave Player Remote Code Execution (CVE-2012-2030), Rodrigo Rubira Branco (BSDaemon)
[security bulletin] HPSBMU02775 SSRT100853 rev.2 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation, security-alert
[SECURITY] [DSA 2464-2] icedove regression update, Florian Weimer
Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability, security
rssh security announcement, Derek Martin
- Re: rssh security announcement, Derek Martin
  - Message not available
    - Re: rssh security announcement, Derek Martin
  - Re: rssh security announcement, Derek Martin
    - Re: rssh security announcement, Russ Allbery
    - Re: rssh security announcement, Nico Kadel-Garcia
      - Re: rssh security announcement, Russ Allbery
- Re: rssh security announcement, Derek Martin
  - Re: rssh security announcement, Derek Martin
[security bulletin] HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation, security-alert
Ubuntu, Linux Mint, and the Guest Account, Jeffrey Walton
- Re: [Full-disclosure] Ubuntu, Linux Mint, and the Guest Account, Marc Deslauriers
Fwd: [cryptography] Apple Legacy filevault barn door..., Jeffrey Walton
APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update, Apple Product Security
VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break, ds . adv . pub
[SECURITY] [DSA 2459-2] quagga security update, Florian Weimer
Format Factory v2.95 - Buffer Overflow Vulnerabilities, Research
- <Possible follow-ups>
- Format Factory v2.95 - Buffer Overflow Vulnerabilities, Research
[ MDVSA-2012:070 ] samba, security
[ MDVSA-2012:069 ] cifs-utils, security
[SECURITY] [DSA 2462-2] imagemagick regression update, Moritz Muehlenhoff
VMware Backdoor Response Uninitialized Memory Potential VM Break, ds . adv . pub
[waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 "ja_purity" template, come2waraxe
Fortinet FortiWeb Web Application Firewall Policy Bypass, Geffrey Velasquez
[waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page, come2waraxe
SQL Injection and other issues in Micro Technology Services, Inc. Lynx, bede
Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901), Roee Hay
LACSEC 2012 Agenda (May 6-11, 2012, Quito, Ecuador), Fernando Gont
Firefox security bug (proxy-bypass) in current Tor BBs, oLhrrBHQeTr0EmbKwBXa
FreeBSD Security Advisory FreeBSD-SA-12:01.openssl, FreeBSD Security Advisories
- <Possible follow-ups>
- FreeBSD Security Advisory FreeBSD-SA-12:01.openssl, FreeBSD Security Advisories
VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues, VMware Security Team
[SECURITY] [DSA 2464-1] icedove security update, Moritz Muehlenhoff
[SECURITY] [DSA 2463-1] samba security update, Moritz Muehlenhoff
Local File Inclusion in PluXml, advisory
[CVE-2012-1002] OpenConf <= 4.11 (author/edit.php) Blind SQL Injection Vulnerability, n0b0d13s
[security bulletin] HPSBMU02772 SSRT100603 rev.1 - HP System Health Application and Command Line Utilities for Linux, Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBMU02771 SSRT100558 rev.1 - HP SNMP Agents for Linux, Remote Cross Site Scripting (XSS), URL Redirection, security-alert
[security bulletin] HPSBMU02770 SSRT100848 rev.1 - HP Insight Management Agents for Windows Server, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), URL Redirection, Unauthorized Modification, Denial of Service (DoS), security-alert
LAN Messenger v1.2.28 - Denial of Service Vulnerability, Research
[ MDVSA-2012:067 ] samba, security
Corrections about Squid/McAfee URL Filtering Bypass, Gabriel Menezes Nunes
Call for Paper: 3rd Workshop on Security and Privacy in Social Networks, asemailing
NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI, Research@NGSSecure
NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM, Research@NGSSecure
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability, nospam
NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM, Research@NGSSecure
NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI, Research@NGSSecure
NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation, Research@NGSSecure
OWASP 2012 Online Competition with Hacking-Lab, Ivan Buetler
NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI, Research@NGSSecure
NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow, Research@NGSSecure
Pritlog v0.821 CMS - Multiple Web Vulnerabilities, Research
Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities, Amir
- <Possible follow-ups>
- Re: Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities, g
Opial CMS v2.0 - Multiple Web Vulnerabilities, Research
PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities, ariosrandy
[SECURITY] [DSA 2462-1] imagemagick security update, Moritz Muehlenhoff
[SECURITY] [DSA 2461-1] spip security update, Moritz Muehlenhoff
[ MDVSA-2012:065 ] php, security
VMSA-2012-0008 VMware ESX updates to ESX Service Console, VMware Security Team
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability, Research
- <Possible follow-ups>
- C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability, Research
Car Portal CMS v3.0 - Multiple Web Vulnerabilities, Research
DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities, Research
DIY CMS v1.0 Poll - Multiple Web Vulnerabilities, Research
[security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware, security-alert
[ MDVSA-2012:066 ] mozilla, security
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal, ddivulnalert
[SECURITY] [DSA 2459-1] quagga security update, Florian Weimer
DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal, ddivulnalert
PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities, Thomas Richards
[security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
Oracle TNS Poison vulnerability is actually a 0day with no patch available, Joxean Koret
ToorCamp 2012: The American Hacker Camp, h1kari
[SECURITY] [DSA 2460-1] asterisk security update, Moritz Muehlenhoff
Multiple vulnerabilities in Piwigo, advisory
- <Possible follow-ups>
- Multiple Vulnerabilities in Piwigo, advisory
linux privileged and arbitrary chdir() (fixed at 5.4 cifs release), Jesús Olmos
[SECURITY] [DSA 2454-2] openssl incomplete fix, Raphael Geissert
[SECURITY] [DSA 2548-1] iceape security update, Moritz Muehlenhoff
[SECURITY] [DSA 2457-1] iceweasel security update, Moritz Muehlenhoff
[SECURITY] [DSA 2456-1] dropbear security update, Moritz Muehlenhoff
PHP Ticket System Beta 1 'p' SQL Injection, Thomas Richards
New IETF I-D: Security Implications of IPv6 on IPv4 networks, Fernando Gont
[security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), security-alert
RuggedCom - Backdoor Accounts in my SCADA network? You don't say..., jc
[ MDVSA-2012:064 ] openssl0.9.8, security
FYI: We're now paying up to $20,000 for web vulns in our services, Michal Zalewski
- RE: We're now paying up to $20,000 for web vulns in our services, Jim Harrison
  - Re: We're now paying up to $20,000 for web vulns in our services, Michal Zalewski
    - Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services, Charles Morris
      - Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services, Michal Zalewski
WebCalendar <= 1.2.4 Two Security Vulnerabilities, n0b0d13s
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver, Asterisk Security Team
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver, Asterisk Security Team
AST-2012-004: Asterisk Manager User Unauthorized Shell Access, Asterisk Security Team
ChurchCMS 0.0.1 'admin.php' Multiple SQLi, Thomas Richards
.NET Framework EncoderParameter integer overflow vulnerability, Akita Software Security
HTC IQRD Android Permission Leakage (CVE-2012-2217), VSR Advisories
[Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability, Research
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!), Hafez Kamal
XSS and Blind SQL Injection Vulnerabilities in ExponentCMS, Netsparker Advisories
[Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability, Research
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability, Research
[Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities, Research
phpMyBible 0.5.1 Mutiple XSS, Thomas Richards
- <Possible follow-ups>
- Re: phpMyBible 0.5.1 Mutiple XSS, Lostmon
[ MDVSA-2012:063 ] libreoffice, security
[ MDVSA-2012:062 ] openoffice.org, security
[ MDVSA-2012:061 ] raptor, security
[SECURITY] [DSA 2455-1] typo3-src security update, Nico Golde
[SECURITY] [DSA 2454-1] openssl security update, Raphael Geissert
XSS in Kaseya version 6.2.0.0 web interface, bede
[security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities, security-alert
IPv6 host scanning in IPv6, Fernando Gont
Specially crafted webdav request allows reading of local files on liferay 6.0.x, Jelmer Kuperus
Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528), Shatter
HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527), Shatter
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526), Shatter
SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525), Shatter
Liferay 6.1 can be compromised in its default configuration, Jelmer Kuperus
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512), Shatter
Specially crafted Json service request allows full control over a Liferay portal instance, Jelmer Kuperus
Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511), Shatter
OCIPasswordChange API leaks information of password hash (CVE-2012-0511), Esteban Martinez Fayo
- <Possible follow-ups>
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511), Shatter
Incomplete protection of Oracle Database locked accounts (CVE-2012-0510), Shatter
DC4420 - London DEFCON - April meet - Tuesday April 24th 2012, Major Malfunction
[security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege, security-alert
[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64), Ange Albertini
The history of a -probably- 13 years old Oracle bug: TNS Poison, Joxean Koret
- <Possible follow-ups>
- Re: The history of a -probably- 13 years old Oracle bug: TNS Poison, laurenz . albe
- Re: The history of a -probably- 13 years old Oracle bug: TNS Poison, prpgk1
  - Re: The history of a -probably- 13 years old Oracle bug: TNS Poison, Gary Driggs
Vulnerabilities in Samsung TV (remote controller protocol), Luigi Auriemma
[ MDVSA-2012:060 ] openssl, security
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773), VUPEN Security Research
Ruxcon 2012 Call For Papers, cfp
[SECURITY] [DSA 2453-2] gajim regression, Nico Golde
Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9, LpSolit
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities, Security_Alert
Multiple XSS vulnerabilities in XOOPS, advisory
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0, Tobias Glemser
VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172), VUPEN Security Research
[security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS), security-alert
Multiple vulnerabilities in Newscoop, advisory
[ MDVSA-2012:032-1 ] mozilla, security
Acuity CMS 2.6.x <= Cross Site Scripting, YGN Ethical Hacker Group
ClubHack Magazine's April 2012 Issue is released., v . hirve
DokuWiki Ver.2012/01/25 CSRF Add User Exploit, irancrash
McAfee Web Gateway URL Filtering Bypass, Gabriel Menezes Nunes
- Re: McAfee Web Gateway URL Filtering Bypass, Vikram Dhillon
  - RE: McAfee Web Gateway URL Filtering Bypass, Jim Harrison
Squid URL Filtering Bypass, Gabriel Menezes Nunes
- Re: Squid URL Filtering Bypass, Richard Barrett
  - Re: Squid URL Filtering Bypass, Gabriel Menezes Nunes
  - Re: Squid URL Filtering Bypass, Mario Vilas
    - RE: Squid URL Filtering Bypass, Jim Harrison
- Re: Squid URL Filtering Bypass, Amos Jeffries
  - Re: Squid URL Filtering Bypass, Gabriel Menezes Nunes
[security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS), security-alert
[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
[security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities, security-alert
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting, ACROS Security Lists
[ MDVSA-2012:059 ] python-sqlalchemy, security
[SECURITY] [DSA 2453-1] gajim security update, Nico Golde
[SECURITY] [DSA 2452-1] apache2 security update, Stefan Fritsch
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
[CVE-2012-1622] Apache OFBiz information disclosure vulnerability, Jacopo Cappellato
[CVE-2012-1621] Apache OFBiz information disclosure vulnerability, Jacopo Cappellato
Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities, CrAzY_CrAcKeR
Passwords^12 : Call for Presentations, Per Thorsheim
[Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities, Research
Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities, Research
Mathematica8.0.4 on Linux /tmp/MathLink vulnerability, paul . szabo
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability, Vikram Dhillon
  - Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability, paul . szabo
Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012, Fernando Gont
[Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability, Research
APPLE-SA-2012-04-13-1 Flashback malware removal tool, Apple Product Security
ACC PHP eMail v1.1 - Multiple Web Vulnerabilites, Research
[ MDVSA-2012:058 ] curl, security
[SECURITY] [DSA 2451-1] puppet security update, Nico Golde
VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation, VMware Security Team
Erronous post concerning Backtrack 5 R2 0day, Adam Behnke
- Re: Erronous post concerning Backtrack 5 R2 0day, Jamie Riden
APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8, Apple Product Security
[SECURITY] [DSA 2450-1] samba security update, Thijs Kinkhorst
DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities, Research
[SE-2012-01] Security weakness in Apple Quicktime Java extensions, Security Explorations
Crystal Office Suite v1.43 - Buffer Overflow Vulnerability, Research
[SECURITY] [DSA 2449-1] sqlalchemy security update, Nico Golde
online newspaper university"newsdesc.php" SQL Injection Vulnerabilities, CrAzY_CrAcKeR
[ MDVSA-2012:057 ] freetype2, security
TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, Trustwave Advisories
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0, come2waraxe
Netjuke 1.0 RC1 - SQL Injection Vulnerabilities, Research
[ MDVSA-2012:056 ] rpm, security
TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command, Shatter
Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed!, info
Backtrack 5 R2 priv escalation 0day found in CTF exercise, Adam Behnke
- Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise, InterN0T Advisories
[ MDVSA-2012:055 ] samba, security
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress, advisory
Android information leak, sumanj
[security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus, security-alert
GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities, Research
Matterdaddy Market v1.1 - SQL Injection Vulnerabilities, Research
[SECURITY] [DSA 2448-1] inspircd security update, Jonathan Wiltshire
Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue, Secunia Research
CVE-2012-0769, the case of the perfect info leak, Fermín J. Serna
idev Game Site CMS v1.0 - Multiple Web Vulnerabilites, Research
Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities, Secunia Research
OWASP ZAP 1.4.0 released, psiinon
[Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities, Research
CsForum v0.8 - Cross Site Scripting Vulnerability, Research
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities, Research
[Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities, Research
CitrusDB 2.4.1 - LFI/SQLi Vulnerability, blaszczakm
- <Possible follow-ups>
- Re: CitrusDB 2.4.1 - LFI/SQLi Vulnerability, mbsarwin
[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin, come2waraxe
[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1, come2waraxe
[CVE-2012-1574] Apache Hadoop user impersonation vulnerability, Aaron T. Myers
PHPNuke Module's Name Download SQL Injection Vulnerabilities, CrAzY_CrAcKeR
[security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4, come2waraxe
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0, come2waraxe
Wordpress taggator plugin Sql Injection Vulnerabilities, Amir
Sony Bravia Remote Denial of Service - CVE-2012-2210, gab . mnunes
vBulletin 4.1.10 Sql Injection Vulnerabilitiy, Amir
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite, nospam
Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite, nospam
[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7, Florent Daigniere
[ MDVSA-2012:054 ] libtiff, security
[SECURITY] [DSA 2447-1] tiff security update, Moritz Muehlenhoff
DirectAdmin v1.403 - Cross Site Scripting Vulnerability, Research
ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities, Research
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities, Research
[SECURITY] [DSA 2446-1] libpng security update, Moritz Muehlenhoff
Sourcefire Defense Center - multiple vulnerabilities., Filip Palian
[SE-2012-01] Security vulnerabilities in Java SE, Security Explorations
[ MDVSA-2012:053 ] ocsinventory, security
Arbor Networks Peakflow SP web interface XSS, b . saleh
- Re: Arbor Networks Peakflow SP web interface XSS, Jose Nazario
- Re: Arbor Networks Peakflow SP web interface XSS, Jose Nazario
'phpPaleo' Local File Inclusion (CVE-2012-1671), Mark Stanislav
[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS), security-alert
'Hotel Booking Portal' SQL Injection (CVE-2012-1672), Mark Stanislav
[ MDVSA-2012:048 ] mutt, security
IPv6 stable privacy addresses, Fernando Gont
[DCA-2011-0016] - Tufin SecureTrack Cross Site Script, Ewerson Guimarães (Crash) - Dclabs
'e-ticketing' SQL Injection (CVE-2012-1673), Mark Stanislav
Hackito 2012 Crypto Challenge, Jonathan Brossard
Multiple vulnerabilities in osCmax, advisory
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7, Apple Product Security
[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities, Research
- <Possible follow-ups>
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities, Research
[ MDVSA-2012:052 ] libvorbis, security
[ MDVSA-2012:051 ] libvorbis, security
[security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS), security-alert
[ MDVSA-2012:050 ] phpmyadmin, security
[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection, security-alert
[ MDVSA-2012:049 ] nagios, security
[ MDVSA-2012:047 ] freeradius, security
[SECURITY] [DSA 2442-2] openarena regression, Florian Weimer
[ MDVSA-2012:046 ] libpng, security
[SECURITY] [DSA 2398-2] curl regression, Florian Weimer
SQL injection in Wordpress plugin Buddypress, ivan_terkin
[SECURITY] [DSA 2445-1] typo3-src security update, Florian Weimer
VMSA-2012-0006 VMware ESXi and ESX address several security issues, VMware Security Team
Landshop v0.9.2 - Multiple Web Vulnerabilities, Research
Intuit Help System Protocol File Retrieval, ds . adv . pub
VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation, ds . adv . pub
Intuit Help System Protocol URL Heap Corruption and Memory Leak, ds . adv . pub
[ MDVSA-2012:045 ] gnutls, security
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability, Research
PHP 5.4/5.3 deprecated eregi() memory_limit bypass, cxib
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18, come2waraxe
Cross-site scripting vulnerability in Invision Power Board version 3.2.3, Netsparker Advisories
[ MDVSA-2012:044 ] cvs, security
[ MDVSA-2012:043 ] nginx, security
NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user, Research@NGSSecure
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked, Research@NGSSecure
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI, Research@NGSSecure
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators, Research@NGSSecure
NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts, Research@NGSSecure
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens, Research@NGSSecure
[SECURITY] [DSA 2444-1] tryton-server security update, Florian Weimer
OWASP AppSec Research EU CFP/CFT, OWASP AppSec EU
Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability, Cisco Systems Product Security Incident Response Team
Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability, nospam
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features, Cisco Systems Product Security Incident Response Team
D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability, nospam
Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution, nospam
TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow, nospam
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data, security-alert
[security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information, security-alert
[security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS), security-alert
[ MDVSA-2012:042 ] wireshark, security
[ MDVSA-2012:041 ] expat, security
[ MDVSA-2012:040 ] gnutls, security
[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0, come2waraxe
[ MDVSA-2012:039 ] libtasn1, security
[SECURITY] [DSA 2441-1] gnutls26 security update, Florian Weimer
PcwRunAs Password Obfuscation Design Flaw, otr
[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip, Timo Warns
[SECURITY] [DSA 2443-1] linux-2.6 security update, dann frazier
[SECURITY] [DSA 2442-1] openarena security update, Florian Weimer
Matthew1471s ASP BlogX - XSS Vulnerabilities, demonalex
[ MDVSA-2012:038 ] openssl, security
Traffic amplification via Quake 3-based servers, Simon McVittie
SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver, Steffen Dettmer
[SECURITY] [DSA 2440-1] libtasn1-3 security update, Florian Weimer
CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected), VSR Advisories
- Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected), Solar Designer
[ MDVSA-2012:035 ] file, security
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669), Mark Stanislav
[ MDVSA-2012:037 ] cyrus-imapd, security
[ MDVSA-2012:036 ] libsoup, security
struts2 xsltResult Local code execution vulnerability, voidloafer
[ MDVSA-2012:034 ] libzip, security
[SECURITY] [DSA 2439-1] libpng security update, Moritz Muehlenhoff
[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256, Leif Hedstrom
[SECURITY] [DSA 2438-1] raptor security update, Moritz Muehlenhoff
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670), Mark Stanislav
Prado TJavaScript::encode() script injection vulnerability, gabor . berczi
[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability, Martin Grigorov
[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter, Martin Grigorov
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability, nospam
CA20120320-01: Security Notice for CA ARCserve Backup, Kotas, Kevin J
Multiple vulnerabilities in Open Journal Systems (OJS), advisory
[SECURITY] [DSA 2437-1] icedove security update, Moritz Muehlenhoff
Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter), Irene Abezgauz
[ MDVSA-2012:033 ] libpng, security
CMSimple_XH 1.5.2 Cross-site Scripting vulnerability, sschurtz
Cyberoam Unified Threat Management: OS Command Execution, Saurabh Harit
Cyberoam Unified Threat Management: Insecure Password Handling, Saurabh Harit
Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1, Security
[ MDVSA-2012:032 ] mozilla, security
Regarding MS12-020, Thor (Hammer of God)
- RE: Regarding MS12-020, Jim Harrison
  - RE: Regarding MS12-020, Thor (Hammer of God)
[security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability, david . kurz
[SECURITY] [DSA 2435-1] gnash security update, Gabriele Giacone
[SECURITY] [DSA 2434-1] nginx security update, Luciano Bello
[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update, Thijs Kinkhorst
Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass, RGill
Evasion attacks expoliting file-parsing vulnerabilities in antivirus products, sumanj
VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768), VUPEN Security Research
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability, nospam
Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug", CXySuYg5DuKktzX
at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability, demonalex
SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom, SEC Consult Vulnerability Lab
Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability, nospam
ESA-2012-014: RSA enVision Multiple Vulnerabilities, Security_Alert
[security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
Android wipe unreliable, Jan Schejbal
[ MDVSA-2012:031 ] firefox, security
VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues, VMware Security Team
AST-2012-002: Remote Crash Vulnerability in Milliwatt Application, Asterisk Security Team
[ MDVSA-2012:030 ] systemd, security
[ MDVSA-2012:029 ] pidgin, security
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting, VMware Security Team
AST-2012-003: Stack Buffer Overflow in HTTP Manager, Asterisk Security Team
[SECURITY] [DSA 2433-1] iceweasel security update, Moritz Muehlenhoff
WikyBlog 1.7.3RC2 XSS vulnerability, sschurtz
- Re: WikyBlog 1.7.3RC2 XSS vulnerability, Henri Salo
nginx fix for malformed HTTP responses from upstream servers, security-bulletin
Oracle Exadata Infiniband Switch default logins and world readable shadow file, larry0
Struts2 Security Challenge, Ivan Buetler
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability, moshez
Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417], Narendra Shinde
Announcing Hackademic CFP, B Potter
[security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update, Moritz Muehlenhoff
APPLE-SA-2012-03-12-1 Safari 5.1.4, Apple Product Security
Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004, Lists
Android wireless accepts fake response (No interaction requires) (Vulnerability ?), Security Mailing List
- Message not available
  - Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?), Security Mailing List
    - Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?), vince
- <Possible follow-ups>
- RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?), Joe Arnold
OSI Security: CheckPoint Firewall VPN - Information Disclosure, Patrick Webster
[SECURITY] [DSA 2431-1] libdbd-pg-perl security update, Moritz Muehlenhoff
Synology Photo Station 5 - Reflected Cross-Site Scripting, simon . ganiere
[SECURITY] [DSA 2430-1] python-pam security update, Moritz Muehlenhoff
Wikidforum 2.10 Multiple security vulnerabilities, sschurtz
LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption, Markus Vervier
VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE, VMware Security Team
VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service, VMware Security Team
[SECURITY] [DSA 2428-1] freetype security update, Moritz Muehlenhoff
Eleytt Research ER-03-2012, Michal Bucko
SAP Business Objects XI R2 Infoview Multiple XSS, vulns
gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk, Mark Krenz
- Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk, Dmitry Yu. Bolkhovityanov
Iciniti Store SQL Injection - Security Advisory - SOS-12-003, Lists
APPLE-SA-2012-03-07-3 Apple TV 5.0, Apple Product Security
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
[Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
[Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update, Apple Product Security
APPLE-SA-2012-03-07-1 iTunes 10.6, Apple Product Security
[SECURITY] [DSA 2429-1] mysql-5.1 security update, Florian Weimer
[security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information, security-alert
OSClass directory traversal (leads to arbitrary file upload), Filippo Cavallarin
Multiple SQL injections in rivettracker <=1.03, ali . raheem
Multiple XSS in Fork CMS, advisory
XCon 2012 XFocus Information Security Conference Call for Paper, xcon
[security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, security-alert
[SECURITY] [DSA 2427-1] imagemagick security update, Florian Weimer
[SECURITY] [DSA 2426-1] gimp security update, Florian Weimer
ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability, Security_Alert
[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection, Joao Paulo Caldas Campello
[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface, Joao Paulo Caldas Campello
11in1 CMS v1.2.1 - SQL Injection Vulnerabilities, admin@v-lab
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability, YGN Ethical Hacker Group
Timesheet Next Gen 1.5.2 Multiple SQLi, Thomas Richards
[SECURITY] [DSA 2423-1] movabletype-opensource security update, Florian Weimer
Symfony2 Local File Disclosure - Security Advisory - SOS-12-002, Lists
[SECURITY] [DSA 2425-1] plib security update, Florian Weimer
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process), Stefan Kanthak
- Re: %windir%\temp\sso\ssoexec.dll (or: howtrustworthy is Microsoft's build process), Stefan Kanthak
[SECURITY] [DSA 2424-1] libxml-atom-perl security update, Florian Weimer
Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability, demonalex
Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D), Fernando Gont
Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
[ MDVSA-2012:028 ] libxslt, security
[SECURITY] [DSA 2422-1] file security update, Florian Weimer
[SECURITY] [DSA 2421-1] moodle security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection, Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:027 ] postgresql8.3, security
Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:026 ] postgresql, security
Multiple XSS in Dotclear, advisory
[SECURITY] [DSA 2420-1] openjdk-6 security update, Florian Weimer
[ MDVSA-2012:025 ] samba, security
[ MDVSA-2012:023-1 ] libvpx, security
ImgPals Photo Host Version 1.0 Admin Account Disactivation, CorryL
Reliable Windows 7 Exploitation: A Case Study, Ivan Fratric
[ MDVSA-2012:022-1 ] mozilla, security
[SECURITY] [DSA 2419-1] puppet security update, Florian Weimer
Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec, cfp2012
[SECURITY] [DSA 2418-1] postgresql-8.4 security update, Moritz Muehlenhoff
Wolf CMS v0.7.5 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
OSQA CMS v3b - Multiple Persistent Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
[SECURITY] [DSA 2414-2] fex regression, Nico Golde
[ MDVSA-2012:023 ] libvpx, security
FrameJammer DOM based XSS, mkey
DeepSec "Sector v6" - Call for Papers, DeepSec Conference
pidgin OTR information leakage, Dimitris Glynos
- Re: pidgin OTR information leakage, Jann Horn
  - Re: [Full-disclosure] pidgin OTR information leakage, Michele Orru
    - Re: [Full-disclosure] pidgin OTR information leakage, Rich Pieri
      - Re: [Full-disclosure] pidgin OTR information leakage, Jeffrey Walton
      - Message not available
        
        Re: [Full-disclosure] pidgin OTR information leakage, Dimitris Glynos
        
        Re: [Full-disclosure] pidgin OTR information leakage, Dimitris Glynos
NGS00237 Patch Notification: Samba Andx request Remote Code Execution, Research@NGSSecure
Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps, Felipe M. Aragon
Kongreg8 1.7.3 Mutiple XSS, Thomas Richards
TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform, Trustwave Advisories
Dropbear SSH server use-after-free vulnerability, Danny Fullerton
PHP Gift Registry 1.5.5 SQL Injection, Thomas Richards
- Fwd: PHP Gift Registry 1.5.5 SQL Injection, Thomas Richards
[Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure, Onapsis Research Labs
[Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification, Onapsis Research Labs
[Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service, Onapsis Research Labs
[security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
[Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure, Onapsis Research Labs
[Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure, Onapsis Research Labs
[SECURITY] [DSA 2416-1] notmuch security update, Thijs Kinkhorst
[Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read, Onapsis Research Labs
[Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure, Onapsis Research Labs
Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities, Cisco Systems Product Security Incident Response Team
[Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write, Onapsis Research Labs
[security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code, security-alert
[ MDVSA-2012:022 ] mozilla, security
CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability, demonalex
Security advisory for Bugzilla 4.2 and 4.0.5, LpSolit
YVS Image Gallery Sql injection, CorryL
- Case YVS Image Gallery, Henri Salo
  - Message not available
    - Re: [oss-security] Case YVS Image Gallery, Henri Salo
      - Re: [oss-security] Case YVS Image Gallery, Kurt Seifried
NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution, Research@NGSSecure
[SECURITY] [DSA 2417-1] libxml2 security update, Nico Golde
TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution, ZDI Disclosures
ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
Mobile Mp3 Search Engine HTTP Response Splitting, CorryL
[ MDVSA-2012:023 ] libxml2, security
[SECURITY] [DSA 2415-1] libmodplug security update, Nico Golde
Multiple XSS in Chyrp, advisory
[ MDVSA-2012:022 ] libpng, security
Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines, Simon McVittie
[SECURITY] [DSA 2414-1] fex security update, Nico Golde
Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability, demonalex
IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements, Fernando Gont
F*EX 20111129-2 Cross Site Scripting Vulnerability, muuratsalo experimental hack lab
F*EX <= 20100208 Cross Site Scripting Vulnerabilities, muuratsalo experimental hack lab
Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2., muuratsalo experimental hack lab
- Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2., muuratsalo experimental hack lab
[SECURITY] [DSA 2413-1] libarchive security update, Luk Claes
Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
- Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities, Kurt Seifried
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
- Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities, Kurt Seifried
SQL Injection Vulnerabilities in TestLink, jnatal
DC4420 - London DEFCON - February meet - Tuesday February 21st 2012, Major Malfunction
SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional, SEC Consult Vulnerability Lab
SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5, SEC Consult Vulnerability Lab
[SECURITY] [DSA 2412-1] libvorbis security update, Moritz Muehlenhoff
[SECURITY] [DSA 2411-1] mumble security update, Florian Weimer
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated], YGN Ethical Hacker Group
WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability, sschurtz
Downloads Folder: A Binary Planting Minefield, ACROS Security Lists
[ MDVSA-2012:021 ] java-1.6.0-openjdk, security
PHP 5.2.x Remote Code Execution Vulnerability, Worawit Wang
Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session, research@xxxxxxxxxxxxxxxxxxxxx
Puppet Dashboard insecure by default, Schweiss, Chip
IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains, Fernando Gont
[security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
[Spam] Skype v5.6.59.x - Memory Corruption Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
2012 Honeynet Project Security Workshop, Guillaume Arcas
Hackito Ergo sum // HES2012 Final CFP // Call for Hackers, Jonathan Brossard
[PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip, Timo Warns
[SECURITY] [DSA 2410-1] libpng security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution, noreply
[ MDVSA-2012:020 ] phpldapadmin, security
[SECURITY] [DSA 2409-1] devscripts security update, Raphael Geissert
Multiple vulnerabilities in LEPTON, advisory
[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow, Code Audit Labs
Multiple vulnerabilities in 11in1, advisory
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability, Code Audit Labs
FreePBX Remote Exploit, dougw
[ MDVSA-2012:019 ] apr, security
[SECURITY] [DSA 2408-1] php5 security update, Moritz Muehlenhoff
OWASP AppSec USA 2011 Video & Slides Posted, adam
[slackware-security] php (SSA:2012-041-02), Slackware Security Team
[slackware-security] httpd (SSA:2012-041-01), Slackware Security Team
[slackware-security] vsftpd (SSA:2012-041-05), Slackware Security Team
[ MDVSA-2012:018 ] mozilla-thunderbird, security
[ MDVSA-2012:017 ] firefox, security
sqlinjection bug in nova cms, rezahmail
- Re: sqlinjection bug in nova cms, Henri Salo
eFront Community++ v3.6.10 - SQL Injection Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
[slackware-security] proftpd (SSA:2012-041-04), Slackware Security Team
[slackware-security] glibc (SSA:2012-041-03), Slackware Security Team
[ MDVSA-2012:016 ] glpi, security
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability, YGN Ethical Hacker Group
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
- <Possible follow-ups>
- Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities, regis
eFront Community++ v3.6.10 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability, Leonardo Uribe
[ MDVSA-2012:015 ] wireshark, security
[SECURITY] [DSA 2407-1] cvs security update, Florian Weimer
ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities, ZDI Disclosures
ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution, ZDI Disclosures
ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability, ZDI Disclosures
ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability, ZDI Disclosures
ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability, ZDI Disclosures
ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information, security-alert
[security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, security-alert
Multiple vulnerabilities in ZENphoto, advisory
Cyberoam Central Console v2.00.2 - File Include Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
Unauthenticated remote code execution on D-Link ShareCenter products, roberto . paleari
eFronts Community++ v3.6.10 - Cross Site Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
[security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information, security-alert
CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly, Colm O hEigeartaigh
SQL Injection Vulnerability in Batavi 1.1.2, Netsparker Advisories
DEF CON 20 Capture the Flag Announcement, The Dark Tangent
SimpleGroupware 0.742 Cross-Site-Scripting vulnerability, security
[SECURITY] [DSA 2403-2] php5 security update, Thijs Kinkhorst
[ MDVSA-2012:014 ] glpi, security
Mathopd - Directory Traversal Vulnerability, Mateusz Goik
[SECURITY] [DSA 2405-1] apache2 security update, Stefan Fritsch
[SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update, Florian Weimer
[SECURITY] [DSA 2384-2] cacti regression, Luk Claes
[ MDVSA-2012:013 ] mozilla, security
ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability, Security_Alert
- ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities, Security_Alert
RFC 6528 on Defending against Sequence Number Attacks, Fernando Gont
[SECURITY] [DSA 2403-1] php5 security update, Thijs Kinkhorst
[SECURITY] [DSA 2402-1] iceape security update, Moritz Muehlenhoff
[SECURITY] [DSA 2400-1] iceweasel security update, Moritz Muehlenhoff
[SECURITY] [DSA 2401-1] tomcat6 security update, Moritz Muehlenhoff
[security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code, security-alert
GLSA (Gentoo Linux Security Advisory) publication changes, Alex Legler
[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code, security-alert
[CAL-2012-0004] opera array integer overflow, Code Audit Labs

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]