Bugtraq

Date Index

[Prev Page][Next Page]

Fwd: RA-Guard: Advice on the implementation (feedback requested), Fernando Gont
Call For Paper, asemailing
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001, Apple Product Security
[ MDVSA-2012:012 ] apache, security
XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge), andsarmiento
ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability, Security_Alert
Multiple vulnerabilities in OpenEMR, advisory
Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14, LpSolit
802.1X password exploit on many HTC Android devices, Bret Jordan
[Announce] Apache HTTP Server 2.2.22 Released, William A. Rowe Jr.
[security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege, security-alert
ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2399-2] php5 regression fix, Thijs Kinkhorst
[SECURITY] [DSA 2399-1] php5 security update, Thijs Kinkhorst
VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console, VMware Security Team
[security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[SECURITY] [DSA 2398-1] curl security update, Moritz Muehlenhoff
[security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
Advisory: sudo 1.8 Format String Vulnerability, joernchen of Phenoelit
[ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities, Alex Legler
[ GLSA 201201-18 ] bip: Multiple vulnerabilities, Alex Legler
Multiple vulnerabilities in postfixadmin, Filippo Cavallarin
Mibew messenger multiple XSS, Filippo Cavallarin
[ MDVSA-2012:011 ] openssl, security
[SECURITY] [DSA 2397-1] icu security update, Moritz Muehlenhoff
FAA US Academy (AFS) - Auth Bypass Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
eBank IT Online Banking - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
[ GLSA 201201-17 ] Chromium: Multiple vulnerabilities, Tim Sammut
[ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass, Alex Legler
[SECURITY] [DSA 2396-1] qemu-kvm security update, Moritz Muehlenhoff
[SECURITY] [DSA 2395-1] wireshark security update, Moritz Muehlenhoff
AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS, Thomas Quinot
[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon, Hafez Kamal
[ GLSA 201201-15 ] ktsuss: Privilege escalation, Sean Amoss
[SECURITY] [DSA 2394-1] libxml2 security update, Luciano Bello
ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision, Security_Alert
ESA-2012-005: EMC NetWorker buffer overflow vulnerability, Security_Alert
Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability, ZDI Disclosures
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability, otr
[SECURITY] [DSA-2393-1] bip security update, dann frazier
D-Link DIR-601 TFTP Directory Traversal Vulnerability, robkraus
CSRF (Cross-Site Request Forgery) in DClassifieds, advisory
Multiple vulnerabilities in OSclass, advisory
- <Possible follow-ups>
- Multiple vulnerabilities in OSClass, Filippo Cavallarin
NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation, Research@NGSSecure
NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM, Research@NGSSecure
[security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, security-alert
[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
TWSL2012-002: Multiple Vulnerabilities in WordPress, Trustwave Advisories
Only 7 Days Left: SANS AppSec 2012 CFP, SANS AppSec CFP
NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption, Research@NGSSecure
[ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities, Sean Amoss
[ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities, Sean Amoss
Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability, n0b0d13s
[ GLSA 201201-12 ] Tor: Multiple vulnerabilities, Sean Amoss
SQL injection in Bigware shop software, rwenzel
- <Possible follow-ups>
- SQL injection in Bigware shop software, rwenzel
[SECURITY] [DSA 2392-1] openssl security update, Florian Weimer
[SECURITY] [DSA 2301-2] rails regression, Florian Weimer
DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass, ddivulnalert
- <Possible follow-ups>
- Re: DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass, brian . radovich
Bart`s CMS - SQL Injection Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload, pavel
[SECURITY] [DSA 2391-1] phpmyadmin security update, Thijs Kinkhorst
ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[ GLSA 201201-04 ] Logsurfer: Arbitrary code execution, Sean Amoss
[ MDVSA-2012:010 ] cacti, security
Webcalendar 1.2.4 'location' XSS, tom
DC4420 - London DEFCON - 24 January 2012, Major Malfunction
InfoSec Southwest 2012 Open Registration, I)ruid
[Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability, n0b0d13s
Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow, Stefan Esser
Microsoft Anti-XSS Library Bypass (MS12-007), adic
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information, security-alert
Xpra memory disclosure, Antoine Martin
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS, InterN0T Advisories
Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:009 ] perl, security
[ MDVSA-2012:008 ] perl, security
XSS in OneOrZero AIMS, advisory
Reflection Scan: an Off-Path Attack on TCP, Jan Wrobel
ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability., Security_Alert
[SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service, Mark Thomas
pwgen: non-uniform distribution of passwords, Solar Designer
- Re: pwgen: non-uniform distribution of passwords, Solar Designer
  - Message not available
    - Re: pwgen: non-uniform distribution of passwords, Solar Designer
      - Re: pwgen: non-uniform distribution of passwords, Solar Designer
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure, Mark Thomas
[ MDVSA-2012:007 ] openssl, security
[ MDVSA-2012:006 ] openssl, security
[ MDVSA-2012:005 ] libxml2, security
[SECURITY] [DSA 2390-1] openssl security update, Florian Weimer
[Announcement] ClubHack Mag - Call for Articles, abhijeet
- <Possible follow-ups>
- [Announcement] ClubHack Mag - Call for Articles, abhijeet
- [Announcement] ClubHack Mag - Call for Articles, abhijeet
(CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean, Fernando Gont
Beehive Forum 101 Multiple XSS vulnerabilities, sschurtz
phpVideoPro Multiple XSS vulnerabilities, sschurtz
Family Connections 2.7.2 Multiple XSS, tom
First-hop security in IPv6, Fernando Gont
[Announcement] ClubHack Mag Issue 24-Jan 2012 Released, abhijeet
[SECURITY] [DSA 2389-1] linux-2.6 security update, dann frazier
[SECURITY] [DSA 2388-1] t1lib security update, Yves-Alexis Perez
ATutor 2.0.3 Multiple XSS vulnerabilities, sschurtz
BoltWire 3.4.16 Multiple XSS vulnerabilities, sschurtz
PHP 5.3.8 Multiple vulnerabilities, cxib
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code, security-alert
ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389, Henri Salo
ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities, ZDI Disclosures
ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution, ZDI Disclosures
[ MDVSA-2012:004 ] t1lib, security
SafeSEH+SEHOP all-at-once bypass explotation method principles, geinblues
Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation, Fernando Gont
AthCon 2012 CFP is now OPEN!, Christian Papathanasiou
Office arbitrary ClickOnce application execution vulnerability, Akita Software Security
GreenBrowser iframe content Double Free Vulnerability, vuln
[security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 2386-1] openttd security update, Luk Claes
[PT-2011-04] Cross-Site Scripting in Kayako Support Suite, noreply
[SECURITY] [DSA 2387-1] simplesamlphp security update, Thijs Kinkhorst
Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability, Secunia Research
Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities, Secunia Research
[PT-2011-03] Information disclosure in Kayako Support Suite, noreply
- <Possible follow-ups>
- [PT-2011-03] Information disclosure in Kayako Support Suite, noreply
Multiple Cross-Site-Scripting vulnerabilities in x3cms, security
Multiple XSS in KnowledgeTree Community Edition, advisory
- Re: Multiple XSS in KnowledgeTree Community Edition, Henri Salo
  - Re: Multiple XSS in KnowledgeTree Community Edition, advisory
[PT-2011-02] PHP code Injection in Kayako Support Suite, noreply
[PT-2011-01] Cross-Site Scripting in Kayako Support Suite, noreply
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01), VUPEN Security Research
ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2385-1] pdns security update, Florian Weimer
ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[ MDVSA-2012:003 ] apache, security
Is Your Online Bank Vulnerable To Currency Rounding Attacks?, ACROS Security Lists
p0f3 release candidate, Michal Zalewski
- Re: p0f3 release candidate, Michal Zalewski
AppSec DC 2012 CFP EXTENDED!, AppSec DC
Simple Mail Server - SMTP Authentication Bypass Vulnerability, demonalex
- Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability, Peter Conrad
DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785), ddivulnalert
[SECURITY] [DSA 2384-1] cacti security update, <@securityfocus.com Luk Claes
[security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files, security-alert
[security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
[SECURITY] [DSA 2383-1] super security update, Moritz Muehlenhoff
[ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities, Tim Sammut
[SECURITY] [DSA 2382-1] ecryptfs-utils security update, Jonathan Wiltshire
[ GLSA 201201-02 ] MySQL: Multiple vulnerabilities, Tim Sammut
ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability, ZDI Disclosures
IpTools - Rcmd Remote Overflow Vulnerability, demonalex
IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability, demonalex
[SECURITY] [DSA 2381-1] squid3 security update, Florian Weimer
ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities, ZDI Disclosures
VertrigoServ 2.25 Cross-Site-Scripting vulnerability, security
SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities, security
VLC media player v1.1.11 (.amr) Local Crash PoC, hapsec
Ggb Guestbook - XSS Vulnerabilities, demonalex
SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2, SEC Consult Vulnerability Lab
NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability, Research@NGSSecure
NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS, Research@NGSSecure
HServer webserver - Directory Traversal Vulnerability, demonalex
Revised IETF I-D: Advice on IPv6 RA-Guard Implementation, Fernando Gont
[ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities, Tim Sammut
[SECURITY] [DSA 2380-1] foomatic-filters security update, Florian Weimer
[SECURITY] [DSA 2379-1] krb5 security update, Florian Weimer
Open Redirection Vulnerability in Orchard 1.3.9, Netsparker Advisories
Multiple vulnerabilities in ImpressCMS, advisory
InfoSec Southwest 2012 CFP First-round Speaker Selections, I)ruid
Google Chrome HTTPS Address Bar Spoofing, ACROS Security Lists
TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System, Trustwave Advisories
[SECURITY] [DSA 2378-1] ffmpeg security update, Moritz Muehlenhoff
SQL Injection Vulnerability in OpenEMR 4.1.0, Netsparker Advisories
[SE-2011-01] Security vulnerabilities in a digital satellite TV platform, Security Explorations
- Message not available
  - Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform, Security Explorations
- Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform, Security Explorations
[RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator, RedTeam Pentesting GmbH
mavili guestbook - SQL Injection and XSS Vulnerabilities, demonalex
BigACE CMS - XSS Vulnerabilities, demonalex
Tinyguestbook XSS, tom
- Re: Tinyguestbook XSS, Henri Salo
OpenKM 5.1.7 OS Command Execution (XSRF based), Cyrill Brunschwiler
OpenKM 5.1.7 Privilege Escalation, Cyrill Brunschwiler
- <Possible follow-ups>
- Re: OpenKM 5.1.7 Privilege Escalation, pavila
[ MDVSA-2012:002 ] t1lib, security
[ MDVSA-2012:001 ] fcgi, security
[SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update, Nico Golde
[ MDVSA-2011:198 ] phpmyadmin, security
[SECURITY] [DSA 2376-2] ipmitool security update, Thijs Kinkhorst
[SECURITY] [DSA 2263-2] movabletype-opensource security update, Thijs Kinkhorst
SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416, SEC Consult Vulnerability Lab
[ MDVSA-2011:197 ] php, security
[SECURITY] [DSA 2376-1] ipmitool security update, Thijs Kinkhorst
Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13, LpSolit
Winn Guestbook v2.4.8c Stored XSS, tom
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision, Andrea Barisani
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table, security
[security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
[ MDVSA-2011:196 ] ipmitool, security
[ MDVSA-2011:195 ] krb5-appl, security
[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities, security-alert
[ MDVSA-2011:194 ] icu, security
[ MDVSA-2011:193 ] squid, security
Merry Christmas from the FreeBSD Security Team, FreeBSD Security Officer
MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862], Tom Yu
[SECURITY] [DSA 2375-1] krb5. krb5-appl security update, Florian Weimer
[SECURITY] [DSA 2374-1] openswan security update, Moritz Muehlenhoff
[SECURITY] [DSA 2373-1] inetutils security update, Florian Weimer
[SECURITY] [DSA 2372-1] heimdal security update, Florian Weimer
Lighttpd Proof of Concept code for CVE-2011-4362, pi3
[ MDVSA-2011:192 ] mozilla, security
FreeBSD Security Advisory FreeBSD-SA-11:07.chroot, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:10.pam, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:06.bind, FreeBSD Security Advisories
Xmas 2011 Security Puzzle, Ivan Buetler
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection, n0b0d13s
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin, Trustwave Advisories
ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities, ZDI Disclosures
ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities, ZDI Disclosures
ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[MATTA-2011-001] pfSense x509 Insecure Certificate Creation, Florent Daigniere
[SECURITY] [DSA 2369-1] libsoup2.4 security update, Nico Golde
Exploit for Asterisk Security Advisory AST-2011-013, Ben Williams
[SECURITY] [DSA 2370-1] unbound security update, Florian Weimer
Multiple vulnerabilities in epesi BIM, advisory
Multiple vulnerabilities in OBM, advisory
[SECURITY] [DSA 2368-1] lighttpd security update, Nico Golde
[SECURITY] [DSA 2381-] lighttpd security update, Nico Golde
post-XSS landscape, Michal Zalewski
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface, Trustwave Advisories
Tiki Wiki CMS Groupware Stored Cross-Site-Scripting, security
Multiple vulnerabilities in PHPShop CMS Free, advisory
[security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2367-1] asterisk security update, Moritz Muehlenhoff
[SECURITY] [DSA 2363-1] tor security update, Moritz Muehlenhoff
SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp, SEC Consult Vulnerability Lab
appRain CMF v0.1.5 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011, Fernando Gont
[SECURITY] [DSA 2366-1] mediawiki security update, Jonathan Wiltshire
Syhunt: Time-Based Blind NoSQL Injection, Felipe M. Aragon
VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459), VUPEN Security Research
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal, Andrea Fabrizi
SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet, SEC Consult Vulnerability Lab
[ MDVSA-2011:191 ] libarchive, security
[ MDVSA-2011:190 ] libarchive, security
IFIP NTMS'2012 - Deadline Extended to 12 January 2012, publicity
[SECURITY] [DSA 2365-1] dtc security update, Moritz Muehlenhoff
PHP Booking Calendar 10e XSS, tom
- Re: PHP Booking Calendar 10e XSS, Henri Salo
SASHA v0.2.0 Mutiple XSS, tom
- Re: SASHA v0.2.0 Mutiple XSS, Henri Salo
[Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
[SECURITY] [DSA 2364-1] xorg security update, Moritz Muehlenhoff
VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090), VUPEN Security Research
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092), VUPEN Security Research
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090), VUPEN Security Research
silly PoCs continue: X-Frame-Options give you less than expected, Michal Zalewski
[security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[ MDVSA-2011:189 ] jasper, security
[security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
<BASE> tag used for hijacking external resources (XSS), Bouke van Laethem
- Re: <BASE> tag used for hijacking external resources (XSS), Jann Horn
  - Re: <BASE> tag used for hijacking external resources (XSS), Mario Vilas
  - Message not available
    - Re: <BASE> tag used for hijacking external resources (XSS), Bouke van Laethem
      - Re: <BASE> tag used for hijacking external resources (XSS), Mario Vilas
        
        Re: <BASE> tag used for hijacking external resources (XSS), Bouke van Laethem
        
        Re: <BASE> tag used for hijacking external resources (XSS), Mario Vilas
[ MDVSA-2011:188 ] libxml2, security
Seotoaster SQL-Injection Admin Login Bypass, security
New IETF I-Ds on Fragmentation-related security issues, Fernando Gont
New IETF I-D on "Stable Privacy Addresses", Fernando Gont
[RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes, RedTeam Pentesting GmbH
[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass, RedTeam Pentesting GmbH
NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI, Research@NGSSecure
NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM, Research@NGSSecure
NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI, Research@NGSSecure
[ MDVSA-2011:187 ] php-pear, security
NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI, Research@NGSSecure
HTML 5 Security Report, Ivan Buetler
ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r), Security_Alert
- <Possible follow-ups>
- Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r), security_alert
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability, sschurtz
0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9, 0a29 40
0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9, 0a29 40
[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202, Tavaris Desamito
Multiple vulnerabilities in Browser CRM, advisory
Citrix Receiver, XenDesktop "Pass-the-hash" Attack, vtek63
ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability, ZDI Disclosures
Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability, Secunia Research
[ MDVSA-2011:186 ] nfs-utils, security
[ MDVSA-2011:185 ] libcap, security
Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities, Amir
ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise), Security_Alert
OSI Security: Squiz Matrix - User Account Enumeration, Troy Rose
Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected, Michal Zalewski
[ MDVSA-2011:184 ] krb5, security
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities, Secunia Research
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability, Amir
- Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability, Henri Salo
Introduction to R-sequence public key cryptography attack, Michal Bucko
- <Possible follow-ups>
- Re:Re: Introduction to R-sequence public key cryptography attack, Michal Bucko
[ MDVSA-2011:183 ] pidgin, security
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal, security
Call for Papers -YSTS 6 - Security Conference, Brazil, Luiz Eduardo
[SECURITY] [DSA 2362-1] acpid security update, Moritz Muehlenhoff
the week of silly PoCs continues: data://www.mybank.com/, Michal Zalewski
- <Possible follow-ups>
- Re: the week of silly PoCs continues: data://www.mybank.com/, nothanks
*CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers, AppSec DC
[SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption, signaladvisory
CA20111208-01: Security Notice for CA SiteMinder, Williams, James K
AST-2011-014: Remote crash possibility with SIP and the �automon� feature enabled, Asterisk Security Team
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings, Asterisk Security Team
DC4420 - London DEFCON - 13 December 2011, Major Malfunction
Call for Papers - 2012 Rocky Mountain Information Security Conference, president
[ MDVSA-2011:182 ] dhcp, security
[DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure, Ewerson Guimarães (Crash) - Dclabs
0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11, 0a29 40
seamless bait-and-switch, Michal Zalewski
- Message not available
  - Message not available
    - Re: seamless bait-and-switch, Michal Zalewski
      - Message not available
        
        Re: seamless bait-and-switch, Michal Zalewski
        
        Re: seamless bait-and-switch, Jann Horn
        
        Re: seamless bait-and-switch, Charles Morris
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2361-1] chasen security update, Florian Weimer
DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection, ddivulnalert
[ MDVSA-2011:181 ] proftpd, security
[security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable, Moritz Muehlenhoff
[SECURITY] [DSA 2359-1] mojarra security update, Florian Weimer
MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530], Tom Yu
[security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access, security-alert
Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities, irist . ir
- Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities, Henri Salo
- Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities, Henri Salo
Meditate Web Content Editor 'username_input' SQL-Injection vulnerability, sschurtz
[SECURITY] [DSA 2358-1] openjdk-6 security update, Florian Weimer
[DCA-2011-0014] - Elxis CMS Cross Site Script, Ewerson Guimarães (Crash) - Dclabs
Vulnerabilities in Serv-U 11.1.0.3, Luigi Auriemma
Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012), Matthieu Suiche
fast and somewhat reliable cache timing, Michal Zalewski
[security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
XSSer v1.6 -beta- aka "Grey Swarm!" released., psy
InfoSec Southwest 2012 CFP, I)ruid
Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store, advisory
[PT-2011-43] Database information disclosure in Kayako Fusion, noreply
SANS AppSec 2012 CFP reminder, SANS AppSec CFP
FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit, HI-TECH .
[security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service, security-alert
[SECURITY] [DSA 2356-1] openjdk-6 security update, Florian Weimer
[SECURITY] [DSA 2355-1] clearsilver security update, Moritz Muehlenhoff
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
Ariadne 2.7.6 Multiple XSS vulnerabilities, sschurtz
- Re: Ariadne 2.7.6 Multiple XSS vulnerabilities, Henri Salo
Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities, Amir
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities, Henri Salo
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities, Henri Salo
[SECURITY] [DSA 2354-1] cups security update, Yves-Alexis Perez
Sql injection in SugarCRM, advisory
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities, Amir
- Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities, Henri Salo
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability, security
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities, n0b0d13s
- <Possible follow-ups>
- Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities, brian
- Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities, n0b0d13s
New issue of PenTest Magazine is out - 21 pages of free content., maciej . kozuszek
Multiple vulnerabilities in OrangeHRM, advisory
- <Possible follow-ups>
- Multiple vulnerabilities in OrangeHRM, advisory
Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2, Daniel Roethlisberger
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011, Dragos Ruiu
Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2, Luigi Auriemma
Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits, Nick Freeman
Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities, Alex Davis
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability, demonalex
MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter, marian . ventuneac
ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[ MDVSA-2011:180 ] php-suhosin, security
Vulnerabilities in Siemens Automation License Manager, Luigi Auriemma
Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2, Luigi Auriemma
Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities, Amir
- <Possible follow-ups>
- Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities, support
[ MDVSA-2011:179 ] glibc, security
[ MDVSA-2011:178 ] glibc, security
[SECURITY] [DSA 2353-1] ldns security update, Moritz Muehlenhoff
0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10, 0a29 40
[security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege, security-alert
TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181, Tobias Glemser
Debut issue of Web App Pentesting Magazine - Free Download!, maciej . kozuszek
Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities, Amir
- Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities, Henri Salo
[ MDVSA-2011:177 ] freetype2, security
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability, n0b0d13s
Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities, Amir
Wordpress enable-latex plugin Remote File Include Vulnerabilities, Amir
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities, Henri Salo
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities, Henri Salo
Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities, Amir
NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution, Research@NGSSecure
NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution, Research@NGSSecure
NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution, Research@NGSSecure
Multiple vulnerabilities in Dolibarr, advisory
[SECURITY] [DSA 2352-1] puppet security update, Moritz Muehlenhoff
[security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access, security-alert
[SECURITY] [DSA 2351-1] wireshark security update, Moritz Muehlenhoff
[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities, Tim Sammut
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab, Ivan Buetler
Wordpress adminimize Plugin Vulnerabilities, Amir
Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities, Amir
Wordpress advanced-text-widget Plugin Vulnerabilities, Amir
- Re: Wordpress advanced-text-widget Plugin Vulnerabilities, Henri Salo
Implications of IPv6 on network firewalls, Fernando Gont
[SECURITY] [DSA 2348-1] systemtap security update, Moritz Muehlenhoff
[SECURITY] [DSA 2350-1] freetype security update, Moritz Muehlenhoff
[ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code, Alex Legler
[ GLSA 201111-10 ] Evince: Multiple vulnerabilities, Alex Legler
[ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection, Alex Legler
[ GLSA 201111-08 ] radvd: Multiple vulnerabilities, Alex Legler
[ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities, Alex Legler
[ GLSA 201111-06 ] MaraDNS: Arbitrary code execution, Alex Legler
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability, n0b0d13s
[SECURITY] [DSA 2349-1] spip security update, Moritz Muehlenhoff
wordpress Lanoba Social Plugin Xss Vulnerabilities, Amir
- Re: wordpress Lanoba Social Plugin Xss Vulnerabilities, Henri Salo
Freelancer calendar <= 1.01 SQL Injection Vulnerability, muuratsalo experimental hack lab
Valid tiny-erp <= 1.6 SQL Injection Vulnerability, muuratsalo experimental hack lab
Blogs manager <= 1.101 SQL Injection Vulnerability, muuratsalo experimental hack lab
[ MDVSA-2011:176-2 ] bind, security
[ MDVSA-2011:176-1 ] bind, security
VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability, VMware Security Team
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering), Alexandr Polyakov
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW), Alexandr Polyakov
[ MDVSA-2011:176 ] bind, security
Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus, James Webb
Multiple vulnerabilities in webERP, advisory
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability, Alexandr Polyakov
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose, Alexandr Polyakov
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation, Alexandr Polyakov
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay, Alexandr Polyakov
[SECURITY] [DSA 2346-2] proftpd-dfsg regression fix, Florian Weimer
[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS, Alexandr Polyakov
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability, Alexandr Polyakov
[DSECRG-11-037] SAP BW Doc - Multiple XSS, Alexandr Polyakov
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS, Alexandr Polyakov
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose, Alexandr Polyakov
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities, security
Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability, Secunia Research
[security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS), security-alert
CA20111116-01: Security Notice for CA Directory, Kotas, Kevin J
[SECURITY] [DSA 2347-1] bind9 security update, Florian Weimer
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability, ZDI Disclosures
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities, Amir
- <Possible follow-ups>
- wordpress Flexible Custom Post Type plugin Xss Vulnerabilities, Amir
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability, n0b0d13s
[SECURITY] [DSA 2346-1] proftpd-dfsg security update, Florian Weimer
[ MDVSA-2011:174 ] graphite2, security
[ MDVSA-2011:175 ] poppler, security
APPLE-SA-2011-11-14-1 iTunes 10.5.1, Apple Product Security
[Announcement] ClubHack Mag Issue 22- Nov 2011 Released, abhijeet
[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities, Tim Sammut
[security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code, security-alert
CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass, CORE Security Technologies Advisories
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update, Apple Product Security
Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability, n0b0d13s
[Announcement] ClubHack 2011 Hacking and Security Conference, abhijeet
[ MDVSA-2011:173 ] openssl0.9.8, security
[ MDVSA-2011:172 ] libreoffice, security
[ MDVSA-2011:171 ] networkmanager, security
[ GLSA 201111-04 ] phpDocumentor: Function call injection, Tim Sammut
[SECURITY] [DSA 2344-1] python-django-piston security update, Florian Weimer
iGuard Biometric Access Control - Multiple Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
[ MDVSA-2011:170 ] java-1.6.0-openjdk, security
[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access, security-alert
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6, Apple Product Security
[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities, Jose Carlos de Arriba
- [FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS, Jose Carlos de Arriba
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information, security-alert
XSS vulnerability in Joomla 1.6.3, Netsparker Advisories
[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS), security-alert
[SECURITY] [DSA 2342-1] iceape security update, Moritz Muehlenhoff
[SECURITY] [DSA 2343-1] openssl security update, Raphael Geissert
[SECURITY] [DSA 2341-1] iceweasel security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error, Cisco Systems Product Security Incident Response Team
[ MDVSA-2011:168 ] apache, security
- <Possible follow-ups>
- [ MDVSA-2011:168 ] apache, security
DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November, Major Malfunction
Multiple security vulnerabilities in AShop, security
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0, security
- Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0, Henri Salo
LabWiki <= 1.1 Multiple Vulnerabilities, muuratsalo experimental hack lab
- Re: LabWiki <= 1.1 Multiple Vulnerabilities, muuratsalo experimental hack lab
Local file inclusion in VtigerCRM, advisory
- <Possible follow-ups>
- Re: Local file inclusion in VtigerCRM, n0b0d13s
[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability, Code Audit Labs
[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities, Code Audit Labs
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6, Apple Product Security
LabStoRe <= 1.5.4 Sql Injection Vulnerabilities, muuratsalo experimental hack lab
OrderSys <= 1.6.4 Sql Injection Vulnerabilities, muuratsalo experimental hack lab
[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app, Mark Thomas
osCSS2 "_ID" parameter Local file inclusion, sschurtz
[security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification, security-alert
New online security challenge - GotWurzel, Ivan Buetler
IPv6 security (slides and training), Fernando Gont
Cisco CUCM - Multiple Vulnerabilities, entomology
[SECURITY] [DSA 2340-1] postgresql security update, Thijs Kinkhorst
[SECURITY] [DSA 2336-1] ffmpeg security update, Yves-Alexis Perez
[SECURITY] [DSA 2339-1] nss security update, Moritz Muehlenhoff
TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon, Trustwave Advisories
[SECURITY] [DSA 2338-1] moodle security update, Moritz Muehlenhoff
foofus.net security advisory - Lexmark Multifunction Printer Information Leakage, percx
- Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage, Sergio Gelato
- <Possible follow-ups>
- Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage, percx
[SECURITY] [DSA 2337-1] xen security update, Thijs Kinkhorst
[SECURITY] [DSA 2335-1] man2html security update, Nico Golde
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities, Alex Legler
Malware detection evasion in antivirus software, reset557
[ MDVSA-2011:167 ] gimp, security
[SECURITY] [DSA 2334-1] mahara security update, Moritz Muehlenhoff
[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access, security-alert
[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS), security-alert
Multiple BSD libc/regcomp(3) Multiple Vulnerabilities, cxib
[ MDVSA-2011:166 ] php, security
ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1, Security_Alert
[ MDVSA-2011:165 ] php, security
[security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS), security-alert
CmyDocument Content Management Application - XSS Vulnerabilities, demonalex
ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability., Security_Alert
Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting, sschurtz
Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability, sschurtz
- Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability, Henri Salo
Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
[ MDVSA-2011:164 ] wireshark, security
NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295), Research@NGSSecure
[ MDVSA-2011:163 ] phpldapadmin, security
Multiple vulnerabilities in Efront, advisory
Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability, nospam
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3, Netsparker Advisories
XSS Vulnerabilities in eFront, Netsparker Advisories
[ MDVSA-2011:162 ] kdelibs4, security
[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, security-alert
GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability, demonalex
[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities, Alex Legler
IBSng all version Cross-Site Scripting Vulnerability, apa-iutcert
CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY, tan
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359], ddivulnalert
YaTFTPSvr TFTP Server Directory Traversal Vulnerability, demonalex
Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce), nospam
PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow, demonalex
Apple's Mail.app mail of death, Paul
[SECURITY] [DSA 2333-1] phpldapadmin security update, Jonathan Wiltshire
[SECURITY] [DSA 2332-1] python-django security update, Thijs Kinkhorst
[security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities, n0b0d13s
[SECURITY] [DSA 2331-1] tor security update, Moritz Muehlenhoff
[SECURITY] [DSA 2323-1] radvd security update, Yves-Alexis Perez
[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router, noreply
[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300, noreply
[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS, noreply
[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS, noreply
VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX, VMware Security Response Team
[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges, security-alert
[security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2330-1] simplesamlphp security update, Thijs Kinkhorst
foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage, percx
APPLE-SA-2011-10-26-1 QuickTime 7.7.1, Apple Product Security
[ GLSA 201110-26 ] libxml2: Multiple vulnerabilities, Tim Sammut
[ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities, Tim Sammut
[ GLSA 201110-24 ] Squid: Multiple vulnerabilities, Tim Sammut
DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315], ddivulnalert
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability, ZDI Disclosures
SANS AppSec 2012 CFP is Open, SANS AppSec CFP
[SECURITY] [DSA 2329-1] torque security update, Nico Golde
ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability, ZDI Disclosures
Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player, Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information, security-alert
Path disclosure in SPIP, advisory
[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection, Alex Legler
[ GLSA 201110-19 ] X.Org X Server: Multiple vulnerabilities, Alex Legler
[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities, Alex Legler
zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability, YGN Ethical Hacker Group
[SECURITY] [DSA 2328-1] freetype security update, Moritz Muehlenhoff
[security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[ MDVSA-2011:161 ] postgresql, security
[ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities, Tim Sammut
[SECURITY] [DSA 2327-1] libfcgi-perl security-update, Nico Golde
TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite, Tobias Glemser
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit, n0b0d13s
jara 1.6 sql injection vulnerability, muuratsalo experimental hack lab
- Re: jara 1.6 sql injection vulnerability, Henri Salo
- Re: jara 1.6 sql injection vulnerability, Henri Salo
- Re: jara 1.6 sql injection vulnerability, Henri Salo
[CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues., 0x9950
- RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues., Paul Oxman (poxman)
[SECURITY] [DSA 2326-1] pam security update, Moritz Muehlenhoff
[SECURITY] [DSA 2325-1] kfreebsd-8 security update, Aurelien Jarno
[ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities, Tim Sammut
[ MDVSA-2011:160 ] krb5, security
[ MDVSA-2011:159 ] krb5, security
[ GLSA 201110-18 ] rgmanager: Privilege escalation, Tobias Heinlein
[ GLSA 201110-17 ] Avahi: Denial of Service, Tobias Heinlein
[ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabilities, Tim Sammut
[ GLSA 201110-15 ] GnuPG: User-assisted execution of arbitrary code, Tim Sammut
[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities, Stefan Behte

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]