Bugtraq
[Prev Page][Next Page]
- TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes,
Shatter
- TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites,
Shatter
- TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function),
Shatter
- [ MDVSA-2011:158 ] phpmyadmin,
security
- inCommand Technologies, Inc. Cross-site Scripting Vulnerability,
md . r00t . defacer
- VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability,
VUPEN Security Research
- [ MDVSA-2011:157 ] freetype2,
security
- Metasploit 4.1.0 Web UI stored XSS vulnerability,
sschurtz
- [SECURITY] [DSA 2324-1] wireshark security update,
Moritz Muehlenhoff
- GotRoot Security Challenge,
Ivan Buetler
- OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024),
Nicolas DEROUET
- Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability,
nospam
- [security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code,
security-alert
- Multiple vulnerabilities in Tine 2.0,
advisory
- DNS Poisoning via Port Exhaustion,
Roee Hay
- [security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure,
security-alert
- Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities,
sschurtz
- Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability,
ZDI Disclosures
- [ GLSA 201110-13 ] Tor: Multiple vulnerabilities,
Tim Sammut
- MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529],
Tom Yu
- [ MDVSA-2011:156 ] tomcat5,
security
- Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection,
n0b0d13s
- Site@School 2.4.10 SQL Injection & XSS vulnerabilities,
sschurtz
- [PT-2011-14] SQL injection vulnerability in BoonEx Dolphin,
noreply
- [ MDVSA-2011:155 ] systemtap,
security
- AST-2011-012: Remote crash vulnerability in SIP channel driver,
Asterisk Security Team
- ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability,
ZDI Disclosures
- ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2011:154 ] systemtap,
security
- [ MDVSA-2011:153 ] libxfont,
security
- [ MDVSA-2011:152 ] ncompress,
security
- WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012,
Lists
- DAEMON Tools IOCTL local denial-of-service vulnerability,
tanda
- foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass,
percx
- [ MDVSA-2011:151 ] libpng,
security
- [ MDVSA-2011:150 ] squid,
security
- ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability,
ZDI Disclosures
- [ GLSA 201110-12 ] Unbound: Denial of Service,
Tobias Heinlein
- [slackware-security] httpd (SSA:2011-284-01),
Slackware Security Team
- [ MDVSA-2011:149 ] cyrus-imapd,
security
- [PTResearch] SAP DIAG Decompress plugin for Wireshark,
noreply
- DC4420 - London DEFCON - October meet - Tuesday October 18th 2011,
Major Malfunction
- [ GLSA 201110-11 ] Adobe Flash Player: Multiple vulnerabilities,
Tim Sammut
- [ GLSA 201110-10 ] Wget: User-assisted file creation or overwrite,
Tim Sammut
- [ GLSA 201110-09 ] Conky: Privilege escalation,
Stefan Behte
- [ GLSA 201110-08 ] feh: Multiple vulnerabilities,
Stefan Behte
- iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability,
labs-no-reply
- iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability,
labs-no-reply
- Multiple G-WAN vulnerabilities,
Fredrik Widlund
- Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass,
Drew Calcott
- SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969),
SEC Consult Vulnerability Lab
- VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console,
VMware Security Team
- Two Remote Code Execution Vulnerabilities in Internet Explorer,
Ivan Fratric
- APPLE-SA-2011-10-12-4 Safari 5.1.1,
Apple Product Security
- iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability,
labs-no-reply
- APPLE-SA-2011-10-12-6 Numbers for iOS v1.5,
Apple Product Security
- APPLE-SA-2011-10-12-5 Pages for iOS v1.5,
Apple Product Security
- APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006,
Apple Product Security
- APPLE-SA-2011-10-12-1 iOS 5 Software Update,
Apple Product Security
- APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4,
Apple Product Security
- CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption,
CORE Security Technologies Advisories
- AppSec DC 2012 CFP is OPEN!,
AppSec DC
- Multiple vulnerabilities in Pretty Link WordPress Plugin,
advisory
- Multiple vulnerabilities in BugFree,
advisory
- LedgerSMB 1.3.0 released, includes anti-XSRF framework,
Chris Travers
- Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364),
Adi Sharabani
- [ MDVSA-2011:148 ] samba,
security
- APPLE-SA-2011-10-11-1 iTunes 10.5,
Apple Product Security
- [ GLSA 201110-06 ] PHP: Multiple vulnerabilities,
Tobias Heinlein
- ZOHO ManageEngine ADSelfService Plus Administrative Access,
roberto . paleari
- Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities,
admin
- [ GLSA 201110-07 ] vsftpd: Denial of Service,
Tobias Heinlein
- [ GLSA 201110-05 ] GnuTLS: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 201110-04 ],
Stefan Behte
- [ GLSA 201110-03 ],
Stefan Behte
- [security bulletin] HPSBMU02710 SSRT100601 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access,
security-alert
- [SECURITY] [DSA 2322-1] bugzilla security update,
Jonathan Wiltshire
- [SECURITY] [DSA 2321-1] moin security update,
Moritz Muehlenhoff
- [ MDVSA-2011:147 ] cups,
security
- [ MDVSA-2011:146 ] cups,
security
- [Announcement] ClubHack Mag Issue 21- October 2011 Released,
abhijeet
- NGS00062 Technical Advisory: Apple OSX / iPhone ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow,
Research@NGSSecure
- [ MDVSA-2011:145 ] libxml2,
security
- [ MDVSA-2011:131-1 ] libxml,
security
- [ GLSA 201110-01 ] OpenSSL: Multiple vulnerabilities,
Tobias Heinlein
- KaiBB 2.0.1 XSS and SQL Injection vulnerabilities,
sschurtz
- openEngine 2.0 'key' Blind SQL Injection vulnerability,
sschurtz
- [SECURITY] [DSA 2320-1] dokuwiki regression fix,
Thijs Kinkhorst
- [SECURITY] [DSA 2319-1] policykit-1 security update,
Thijs Kinkhorst
- [ MDVSA-2011:144 ] apache,
security
- SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities,
sschurtz
- Contao 2.10.1 Cross-site scripting vulnerability,
sschurtz
- ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams),
Marco van Berkum
- Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM,
Tim Brown
- Medium severity flaw with Ark,
Tim Brown
- VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability,
VUPEN Security Research
- VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability,
VUPEN Security Research
- Secunia Research: Autonomy Keyview Ichitaro Object Reconstruction Logic Vulnerability,
Secunia Research
- Secunia Research: Autonomy Keyview Ichitaro Text Parsing Buffer Overflow,
Secunia Research
- Secunia Research: Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability,
Secunia Research
- [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update,
Nico Golde
- Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability,
sschurtz
- [SECURITY] [DSA 2317-1] icedove security update,
Moritz Muehlenhoff
- [ MDVSA-2011:143 ] rpm,
security
- [SECURITY] [DSA 2316-1] quagga security update,
Florian Weimer
- Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2315-1] openoffice.org security update,
Giuseppe Iuculano
- Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability,
Secunia Research
- vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability,
YGN Ethical Hacker Group
- vTiger CRM 5.2.x <= Remote Code Execution Vulnerability,
YGN Ethical Hacker Group
- VMSA-2011-0011 VMware hosted products address remote code execution vulnerability,
VMware Security Team
- FreeBSD Security Advisory FreeBSD-SA-11:05.unix [REVISED],
FreeBSD Security Advisories
- New open source Security Framework,
noreply
- Multiple vulnerabilities in SonicWall,
hvazquez
- vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities,
YGN Ethical Hacker Group
- [SECURITY] [DSA 2314-1] puppet security update,
Nico Golde
- Phorum 5.2.18 Cross-site scripting vulnerability,
sschurtz
- DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal,
ddivulnalert
- DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval,
ddivulnalert
- Vulnerabilities in GenStat 14.1.0.5943,
Luigi Auriemma
- Vulnerabilities in Cytel Studio 9,
Luigi Auriemma
- Netvolution referer header SQL injection vulnerability,
Dimitris Glynos
- SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability,
research@xxxxxxxxxxxxxxxxxxxxx
- [ MDVSA-2011:142 ] mozilla-thunderbird,
security
- [ MDVSA-2011:141 ] firefox,
security
- [ MDVSA-2011:140 ] mozilla-thunderbird,
security
- [ MDVSA-2011:139 ] firefox,
security
- Elastix PBX Extensions Enumeration,
Bassem Ammar
- [SECURITY] [DSA 2313-1] iceweasel security update,
Moritz Muehlenhoff
- DeepSec 2011 Conference - Final Schedule Published,
DeepSec Conference
- [SECURITY] [DSA 2312-1] iceape security update,
Moritz Muehlenhoff
- Arbitrary memory corruption in NCSS 07.1.21,
Luigi Auriemma
- Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities,
sschurtz
- Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities,
YGN Ethical Hacker Group
- [ MDVSA-2011:138 ] wireshark,
security
- [security bulletin] HPSBUX02707 SSRT100626 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS),
security-alert
- [ MDVSA-2011:136 ] openssl,
security
- Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2011:137 ] openssl,
security
- Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability,
labs-no-reply
- Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability,
labs-no-reply
- iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability,
labs-no-reply
- Integer overflow in Sterling Trader 7.0.2,
Luigi Auriemma
- Vulnerabilities in EViews 7.2,
Luigi Auriemma
- Multiple vulnerabilities in Traq,
advisory
- Vulnerabilities in PcVue 10 (SCADA),
Luigi Auriemma
- VUPEN Security Research - Novell GroupWise "RRULE" Remote Buffer Overflow Vulnerability,
VUPEN Security Research
- FreeBSD Security Advisory FreeBSD-SA-11:05.unix,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:04.compress,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:03.bind,
FreeBSD Security Advisories
- VUPEN Security Research - Novell GroupWise "integerList" Remote Buffer Overflow Vulnerability,
VUPEN Security Research
- VUPEN Security Research - Novell GroupWise "BYWEEKNO" Remote Memory Corruption Vulnerability,
VUPEN Security Research
- VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability,
VUPEN Security Research
- Barracuda Backup v2.0 - Multiple Web Vulnerabilities,
research@xxxxxxxxxxxxxxxxxxxxx
- European Security Services GPS v1.0 - Multiple Vulnerabilities,
research@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] [DSA 2311-1] openjdk-6 security update,
Florian Weimer
- iDefense Security Advisory 09.26.11: Novell GroupWise iCal TZNAME Heap Overflow Vulnerability,
labs-no-reply
- Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow,
Secunia Research
- Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability,
Secunia Research
- NGS00109 Patch Notification: ImpressPages CMS Remote code execution,
Research@NGSSecure
- openEngine 2.0 'id' Blind SQL Injection vulnerability,
sschurtz
- [security bulletin] HPSBUX02702 SSRT100606 rev.4 - HP-UX Apache Web Server, Remote Denial of Service (DoS),
security-alert
- Vulnerability found in Flynax Classifieds products,
Nasel Pentest
- [SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication,
Mark Thomas
- [CVE-2011-3645] Multiple vulnerability in Newgen's Omnidocs,
sohil_garg
- AdaptCMS 2.0.1 Multiple security vulnerabilities,
sschurtz
- Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability,
YGN Ethical Hacker Group
- Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability,
sschurtz
- PunBB 1.3.6 bug,
Amir
- Hackito Ergo Sum 2012 dates,
Philippe Langlois
- TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server,
Trustwave Advisories
- TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation,
Trustwave Advisories
- Security issue is_a function in PHP 5.3.7+,
cipri
- XSS Vulnerabilities in TWiki < 5.1.0,
Netsparker Advisories
- TLS/SSL Compatibility Report 2011,
Thierry Zoller
- secureURL.php design flaws,
Boldizsar Bencsath
- [SECURITY] [DSA 2310-1] linux-2.6 security update,
dann frazier
- Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA),
Luigi Auriemma
- [ MDVSA-2011:135 ] iproute2,
security
- [security bulletin] HPSBOV02497 SSRT090245 rev.4 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- IPv6 security presentation at Hack.lu 2011,
Fernando Gont
- Trusteer Rapport and anti-keylogging,
mu-b
- Multiple vulnerabilities in Help Desk Software,
advisory
- NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux,
Research@NGSSecure
- Advisory: Dolphin Browser HD Cross-Application Scripting,
Roee Hay
- Advisory: Opera Mobile Cache Poisoning XAS,
Roee Hay
- NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF - SOS-11-011,
Lists
- [security bulletin] HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code,
security-alert
- VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability,
VUPEN Security Research
- Cisco TelePresence Multiple Vulnerabilities - SOS-11-010,
Lists
- [SECURITY] [DSA 2305-1] vsftpd security update,
Nico Golde
- [ MDVSA-2011:130-1 ] apache,
security
- [ MDVSA-2011:134-1 ] rsyslog,
security
- [ MDVSA-2011:132-1 ] pidgin,
security
- [ MDVSA-2011:133-1 ] mozilla,
security
- [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan),
Alexandr Polyakov
- [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan),
Alexandr Polyakov
- CFP for first independent international Security Conference in Russia - ZeroNights (by Defcon-Russia),
Alexandr Polyakov
- [Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation,
Onapsis Research Labs
- [Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting,
Onapsis Research Labs
- [Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service,
Onapsis Research Labs
- Microsoft's Binary Planting Clean-Up Mission,
ACROS Security Lists
XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke,
Nicolas Grégoire
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit,
nospam
CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus,
CORE Security Technologies Advisories
Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities,
Cisco Systems Product Security Incident Response Team
ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products,
Security_Alert
Invitation to Register and Participate in the Entretiens Jacques Cartier (EJC) Colloquium on IT Security, Cyber Forensics and Combating Cybercrime,
Serguei A. Mokhov (on behalf of EJC2011SecForensics-11)
VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability,
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability,
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability,
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability,
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability,
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability,
VUPEN Security Research
Multiple vulnerabilities in SiT! Support Incident Tracker,
advisory
Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal,
Irene Abezgauz
Colasoft Capsa7.2.1 Malformed SNMP Packet Denial of Service,
vuln
[SECURITY] [DSA 2309-1] openssl security update,
Raphael Geissert
iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability,
labs-no-reply
iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability,
labs-no-reply
iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability,
labs-no-reply
Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal,
Irene Abezgauz
[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification,
security-alert
Vulnerabilities in trading and SCADA softwares,
Luigi Auriemma
XSS vulnerability in FortiMail Messaging Security Appliance,
sschurtz
Advisory for MS11-035 / ZDI-11-167,
Luigi Auriemma
[SECURITY] [DSA 2308-1] mantis security update,
Moritz Muehlenhoff
ESA-2011-018: Domain administration privilege enforcement bypass in EMC Avamar,
Security_Alert
Multiple XSS vulnerabilities in CMS Papoo Light Version,
sschurtz
[NTMS 2012] Call for Papers, Istanbul- Turkey, 7 - 10 May 2012,
mbadra
[Announcement] ClubHack Magazine - Call for Articles,
abhijeet
[SECURITY] [DSA 2304-1] squid3 security update,
Nico Golde
[SECURITY] [DSA 2307-1] chromium-browser security update,
Giuseppe Iuculano
[SECURITY] [DSA 2306-1] ffmpeg security update,
Giuseppe Iuculano
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression,
dann frazier
APPLE-SA-2011-09-09-1 Security Update 2011-005,
Apple Product Security
[slackware-security] httpd (SSA:2011-252-01),
Slackware Security Team
[ MDVSA-2011:134 ] rsyslog,
security
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager,
s2-security
CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities,
s2-security
CVE-2011-2732: Spring Security header injection vulnerability,
s2-security
CVE-2011-2730: Spring Framework Information Disclosure,
s2-security
Disassembling .NET Client Challenge,
Ivan Buetler
28C3: CFP for 28th Chaos Communication Congress,
fukami
[security bulletin] HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS),
security-alert
[SECURITY] [DSA 2303-1] linux-2.6 security update,
dann frazier
[security bulletin] HPSBUX02702 SSRT100606 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS),
security-alert
Multiple XSS vulnerabilities in LightNEasy 3.2.4,
sschurtz
[SECURITY] [DSA 2302-1] bcfg2 security update,
Nico Golde
[ MDVSA-2011:133 ] mozilla,
security
OWASP AppSec USA 2011 - Two Weeks Away,
Adam Baso
Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
XSS in Zikula,
advisory
Embarcadero ER/Studio XE2 Server Portal Tom Sawyer's Default GET Extension Factory ActiveX Control Remote Code Execution,
nospam
Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin,
supernothing
[slackware-security] mozilla-thunderbird (SSA:2011-249-02),
Slackware Security Team
[slackware-security] seamonkey (SSA:2011-249-03),
Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2011-249-01),
Slackware Security Team
Windows server 2008 R1 local DoS,
Aliz 'Randomdude'
openvas 2.x race condition,
Bugs NotHugs
[ MDVSA-2011:132 ] pidgin,
security
[SECURITY] [DSA 2301-1] rails security update,
Luciano Bello
[SECURITY] [DSA 2300-2] nss security update,
Thijs Kinkhorst
[SECURITY] [DSA 2298-2] apache2 regression fix,
Stefan Fritsch
[Announcement] ClubHack Mag Issue 20- September 2011 Released,
abhijeet
Multiple vulnerabilities in MantisBT,
advisory
[ MDVSA-2011:131 ] libxml,
security
[ MDVSA-2011:130 ] apache,
security
Extended submission deadline for: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)!,
Call for papers
Pranian Group e107 Cross Site Scripting Vulnerabilities,
ehsan_hp200
TTW (ricetta.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Abarkam (detail.php?input) Remote SQL injection Vulnerability,
ehsan_hp200
MaiNick (ricetta.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
WSTAFF Remote SQL injection Vulnerability,
ehsan_hp200
BvCom (dettaglio.php?idnews) Remote SQL injection Vulnerability,
ehsan_hp200
Editel (news-dettaglio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
[ MDVSA-2011:129 ] mozilla,
security
ZDI-11-279: (0day) Witness Systems eQuality Unify Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability,
ZDI Disclosures
XSS Ebuddy (responsible disclosure),
Rener Silva
Manifattura Web (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Loop (ricetta.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Virtualismi (prodotto.php?id) Cross Site Scripting Vulnerabilities,
ehsan_hp200
Vulnerabilities in BroadWin WebAccess Client 1.0.0.10,
Luigi Auriemma
[PT-2011-19] SQL injection vulnerability in Help Request System,
noreply
ph5gruppo (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
ITTWeb Remote SQL injection Vulnerability,
ehsan_hp200
KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow,
liuqx
PMCMA: Post Memory Corruption Memory Analysis,
Jonathan Brossard
Studio Linea (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability,
ehsan_hp200
Fulci (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)],
Dan Luedtke
More on IPv6 RA-Guard evasion (IPv6 security),
Fernando Gont
Sana Net (viewpages.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Secunia Research: InduSoft ISSymbol ActiveX Control Buffer Overflow Vulnerabilities,
Secunia Research
[security bulletin] HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability,
ZDI Disclosures
XSS in Redirection wordpress plugin,
advisory
Sana Net (viewnews.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Dexanet Remote SQL injection Vulnerability,
ehsan_hp200
CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability,
ehsan_hp200
Mediagrafic (prodotto.asp?id) (records.asp?id_p) Remote SQL injection Vulnerability,
ehsan_hp200
[SECURITY] [DSA 2200-1] nss security update,
Moritz Muehlenhoff
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger,
Chris Travers
[SECURITY] [DSA 2299-1] ca-certificates security update,
Thijs Kinkhorst
Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs,
Cisco Systems Product Security Incident Response Team
Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
XSS in IBM Open Admin Tool,
sk
[SECURITY] [DSA 2298-1] apache2 security update,
Stefan Fritsch
[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure,
Mark Thomas
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal,
ddivulnalert
LifeSize Room Vulnerabilities,
smcintyre
Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability,
ehsan_hp200
Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities,
admin
[Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting,
Jose Carlos de Arriba
phpWebSite (publisher) Remote SQL injection Vulnerability,
ehsan_hp200
Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution,
YGN Ethical Hacker Group
Jcow CMS 4.2 <= | Cross Site Scripting,
YGN Ethical Hacker Group
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability,
ehsan_hp200
OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability,
ehsan_hp200
Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability,
ehsan_hp200
TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability,
ehsan_hp200
Marinet Remote SQL injection Vulnerability,
ehsan_hp200
Spherica Remote SQL injection Vulnerability,
ehsan_hp200
Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability,
ehsan_hp200
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability,
ehsan_hp200
BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability,
ehsan_hp200
B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability,
ehsan_hp200
NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption,
Research@NGSSecure
Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine,
Cisco Systems Product Security Incident Response Team
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability,
ZDI Disclosures
LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability,
ehsan_hp200
Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability,
ehsan_hp200
Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability,
ehsan_hp200
Nafis Group (review.php?ID) Remote SQL injection Vulnerability,
ehsan_hp200
[PT-2011-23] Database information disclosure in GLPI,
noreply
JagoanStore CMS Arbitary file upload vulnerability,
eidelweiss
ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability,
ZDI Disclosures
SQL-Ledger patch update for SQL injection,
Chris Travers
Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls,
info
NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure,
robkraus
Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability,
ehsan_hp200
Simply Media Web (archivio.asp?categoria_id) Remote SQL injection Vulnerability,
ehsan_hp200
Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability,
ehsan_hp200
Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability,
ehsan_hp200
CreatiWeb Remote SQL injection Vulnerability,
ehsan_hp200
ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability,
ehsan_hp200
[slackware-security] php (SSA:2011-237-01),
Slackware Security Team
PHP 5.3.6 ZipArchive invalid use glob(3),
cxib
[PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS,
Timo Warns
ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
[CVE-2011-2712] Apache Wicket XSS vulnerability,
Martin Grigorov
PHP 5.3.6 multiple null pointer dereference,
cxib
ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower,
Chris Travers
Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution,
Brett Moore
[SECURITY] [DSA 2297-1] icedove security update,
Moritz Muehlenhoff
ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision,
Security_Alert
Concrete CMS 5.4.1.1 <= Cross Site Scripting,
YGN Ethical Hacker Group
Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server,
Cisco Systems Product Security Incident Response Team
Grupo Argentina Web Remote SQL injection Vulnerability,
ehsan_hp200
ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability,
ehsan_hp200
ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart,
Security_Alert
ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox,
ACROS Security Lists
ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird,
ACROS Security Lists
Elgg 1.7.10 <= | Multiple Vulnerabilities,
YGN Ethical Hacker Group
ToorCon 13 Call For Papers,
h1kari
[ MDVSA-2011:128 ] dhcp,
security
[SECURITY] [DSA 2296-1] iceweasel security update,
Moritz Muehlenhoff
ZDI-11-272: (0day) FlexNet License Server Manager Remote Code Execution Vulnerability,
ZDI Disclosures
[SECURITY] [DSA 2295-1] iceape security update,
Moritz Muehlenhoff
Xplace Company (dettaglio.asp?id) (alloggi-dett.asp?id) (eventi.asp?id) Remote SQL injection Vulnerability,
ehsan_hp200
[ MDVSA-2011:127 ] mozilla,
security
ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability,
ZDI Disclosures
WebRising (dettaglio.asp?id) Remote SQL injection Vulnerability,
ehsan_hp200
ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability,
ZDI Disclosures
StudioLine Photo Basic 3 ActiveX control Insecure Method,
advisory
Multiple XSS in WP-Stats-Dashboard,
advisory
XSS in Fast Secure Contact Form wordpress plugin,
advisory
ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise),
Security_Alert
lab382 (dettaglio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
ZDI-11-269: RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-268: RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-267: RealNetworks Realplayer MP3 ID3 tags Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-266: RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability,
ZDI Disclosures
InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability,
ehsan_hp200
Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
dedacom (dettaglio.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
phpWebSite (userpage) Cross Site Scripting Vulnerabilities,
ehsan_hp200
Malformed DHCPv6 packets cause RPC to become unresponsive,
tunterleitner
CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products,
Matthew Flanagan
phpList Improper Access Control and Information Leakage vulnerabilities,
Davide Canali
{Lostmon´s Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection,
Lostmon lords
[ MDVSA-2011:126 ] java-1.6.0-openjdk,
security
Call for Papers: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)!,
Call for papers
NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability,
robkraus
NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability,
robkraus
The LAD Melbourne Cms Sql Injection Vulnerability,
cyber netron
[security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS),
security-alert
Ruxcon 2011 Final Call For Papers,
cfp
awiki 20100125 multiple local file inclusion vulnerabilities,
muuratsalo experimental hack lab
SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
BACKEND (categoria.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability,
ehsan_hp200
WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability,
YGN Ethical Hacker Group
WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability,
YGN Ethical Hacker Group
[slackware-security] bind (SSA:2011-224-01),
Slackware Security Team
ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability,
ZDI Disclosures
INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit,
runlvl
PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
CdeVision Cross Site Scripting Vulnerabilities,
ehsan_hp200
cdeVision (index.php?page) Remote File Inclusion Vulnerability,
ehsan_hp200
QOLQA (categoria.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
[SECURITY] [DSA 2293-1] libxfont security update,
Thijs Kinkhorst
Neox (categoria.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
[SECURITY] CVE-2011-2481: Apache Tomcat information disclosure vulnerability,
Mark Thomas
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat),
Mark Thomas
Calisto light, light plus and full, Sql Injection And user or Admin bypass,
Lostmon lords
[SECURITY] [DSA 2294-1] freetype security update,
Moritz Muehlenhoff
[ MDVSA-2011:125 ] foomatic-filters,
security
[ MDVSA-2011:124 ] phpmyadmin,
security
[ MDVSA-2011:123 ] squirrelmail,
security
[ MDVSA-2011:122 ] clamav,
security
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21),
VUPEN Security Research
VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19),
VUPEN Security Research
CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass,
s2-security
[SECURITY] [DSA 2292-1] ISC DHCP security update,
Florian Weimer
SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827,
SEC Consult Vulnerability Lab
iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow,
labs-no-reply
iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability,
labs-no-reply
CA20110809-01: Security Notice for CA ARCserve D2D,
ken
[oCERT-2011-002] libavcodec insufficient boundary check,
Daniele Bianco
[security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code,
security-alert
SQL injection in Social Slider,
advisory
[security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code,
security-alert
Multiple XSS in eShop for Wordpress,
advisory
[security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure,
security-alert
CfP for 4th OWASP Day Germany 2011 now open,
Tobias Glemser
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability,
ZDI Disclosures
ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability,
ZDI Disclosures
Fwd: {Lostmon´s Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability,
Lostmon lords
TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability,
ZDI Disclosures
[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access,
security-alert
XWeavers (page.asp?id) Remote SQL injection Vulnerability,
ehsan_hp200
Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Kimia Remote SQL injection Vulnerability,
ehsan_hp200
XWeavers (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities,
ehsan_hp200
Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
EasyContent CMS (participant.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
IPv6 Hackers mailing-list,
Fernando Gont
SEO New York (prod.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
TWSL2011-008: Focus Stealing Vulnerability in Android,
Trustwave Advisories
THE STUDIO (prod.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Webdesigns-studio (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities,
ehsan_hp200
6House Design (product_details.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Amigot Corp (story.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Liberating IT (picture.php?gid) Remote SQL injection Vulnerability,
ehsan_hp200
Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability,
ehsan_hp200
Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability,
ZDI Disclosures
[security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code,
security-alert
[SECURITY] [DSA 2291-1] squirrelmail security update,
Thijs Kinkhorst
[SECURITY] [DSA 2290-1] samba security update,
Florian Weimer
[SECURITY] [DSA 2289-1] typo3-src security update,
Florian Weimer
Sophos Antivirus Review,
Tavis Ormandy
Useless OpenSSH resources exhausion bug via GSSAPI,
pi3
Community Server - Stored Cross-Site Scripting in User's Signature,
Advisories PontoSec
Community Server - Reflected Cross-Site Scripting -,
Advisories PontoSec
Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation,
Henri Salo
APPLE-SA-2011-08-03-1 QuickTime 7.7,
Apple Product Security
ThreeDify Designer ActiveX control multiple buffer overflow vulnerabilities,
advisory
ThreeDify Designer ActiveX control Insecure Method,
advisory
Multiple XSS in HESK,
advisory
XSS in WP e-Commerce,
advisory
Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5,
haroon
Android Browser Cross-Application Scripting (CVE-2011-2357),
Roee Hay
NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write,
Research@NGSSecure
CFP open for ClubHack2011,
Abhijeet Patil
Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities,
YGN Ethical Hacker Group
cgcraft llc (collections.php?id) Cross Site Scripting Vulnerabilities,
ehsan_hp200
[slackware-security] libpng (SSA:2011-210-01),
Slackware Security Team
[slackware-security] samba (SSA:2011-210-03),
Slackware Security Team
[slackware-security] dhcpcd (SSA:2011-210-02),
Slackware Security Team
ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability,
ZDI Disclosures
n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption,
security
n.runs-SA-2011.001 - Citrix XenApp / XenDesktop Stack-Based Buffer Overflow,
security
Gopal Systems (products.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
[security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion,
security-alert
[security bulletin] HPSBUX02689 SSRT100494 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBMU02693 SSRT100583 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS),
security-alert
[SECURITY] [DSA 2287-1] libpng security update,
Luciano Bello
[security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack,
security-alert
Two security issues fixed in ioQuake3 engine,
Thilo Schulz
Wireshark 1.6.1 Malformed IKE Packet Denial of Service,
vuln
CobraScripts (selloffers.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
indiacon (selloffers.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
Web Fusion Nepal (tour.php?category) XSS Vulnerability,
ehsan_hp200
Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities,
ehsan_hp200
Zones Web Solution (StoneDetails.php?stone) XSS Vulnerability,
ehsan_hp200
Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability,
ehsan_hp200
WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
Coherendz (products.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (metricDetail$type page),
Shatter
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page),
Shatter
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (notifRuleInfo$mode page),
Shatter
FootBall Cms (view_table_lig.php?group) XSS Vulnerability,
ehsan_hp200
Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability,
ZDI Disclosures
[ MDVSA-2011:121 ] samba,
security
Redirection vulnerability in MBoard,
advisory
Multiple XSS in GBook PHP guestbook,
advisory
Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability,
ehsan_hp200
Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability,
ehsan_hp200
[ MDVSA-2011:120 ] freetype2,
security
SA500 vulnerabilities - details,
michal . sajdak
Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability,
ehsan_hp200
ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability,
Security_Alert
ESA-2011-024: EMC Captiva eInput multiple vulnerabilities,
Security_Alert
[SECURITY] [DSA 2286-1] phpmyadmin security update,
Thijs Kinkhorst
[Tool] DoS for OpenSLP (and others),
Nicolas Grégoire
Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials,
Williams, James K
Hacking IPv6 Networks (slides),
Fernando Gont
[PT-2011-05] Cross-Site Scripting in Koha Library Software,
noreply
[PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker,
noreply
[PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1,
noreply
Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability,
ehsan_hp200
Precision (products.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability,
ehsan_hp200
Funnel Web (pages.php?page) Remote SQL injection Vulnerability,
ehsan_hp200
Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability,
ehsan_hp200
Funnel Web (directory.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability,
ehsan_hp200
Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability,
ehsan_hp200
CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution,
nospam
PHP-Barcode 0.3pl1 Remote Code Execution,
beford
[SECURITY] [DSA 2285-1] mapserver security update,
Nico Golde
TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain,
Trustwave Advisories
APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone,
Apple Product Security
APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update,
Apple Product Security
APPLE-SA-2011-07-20-2 iWork 9.1 Update,
Apple Product Security
OWASP AppSec USA 2011 Pre-conference Challenge #3 - July,
adam . baso
[DSB-2011-01] Security Advisory FreeRADIUS 2.1.11,
advisory
[ MDVSA-2011:119 ] libsndfile,
security
[SECURITY] [DSA 2284-1] opensaml2 security update,
Moritz Muehlenhoff
phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability,
spamgoeshere
[SECURITY] [DSA 2283-1] krb5-appl security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2282-1] qemu-kvm security update,
Moritz Muehlenhoff
NGS00042 Patch Notification: Solaris USB configuration descriptor kernel stack overflow,
Research@NGSSecure
phpMyAdmin 3.x Conditional Session Manipulation,
Mango
CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability,
ehsan_hp200
[ MDVSA-2011:118 ] wireshark,
security
Hiding Backdoors in plain sight, again,
CoreTex Team
[ MDVSA-2011:117 ] krb5-appl,
security
[ MDVSA-2011:116 ] curl,
security
Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities,
YGN Ethical Hacker Group
Permutation Oriented Programming,
Nelson Brito
Foxit Reader Insecure Library Loading,
robkraus
ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability,
ZDI Disclosures
Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure,
adic
Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability,
fb1h2s Hack 2 Secure
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability,
labs-no-reply
iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability,
labs-no-reply
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability,
labs-no-reply
iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability,
labs-no-reply
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability,
labs-no-reply
[SECURITY] [DSA 2281-1] opie security update,
Steffen Joeris
Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation,
Digit Security Research
CA20110720-01: Security Notice for CA Gateway Security and Total Defense,
Kotas, Kevin J
Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities,
Cisco Systems Product Security Incident Response Team
ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability,
ZDI Disclosures
Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6,
Apple Product Security
[ MDVSA-2011:115 ] bind,
security
XSS in Tiki Wiki CMS Groupware,
advisory
OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability,
Patrick Webster
HTC / Android OBEX FTP Service Directory Traversal Vulnerability,
alberto . morenot
Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009,
Lists
H2HC Brazil (Hackers 2 Hackers Conference) 8th Edition - Call for Papers,
Rodrigo Rubira Branco (BSDaemon)
[SECURITY] [DSA 2280-1] libvirt security update,
Steffen Joeris
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update,
Steffen Joeris
[ MDVSA-2011:114 ] blender,
security
[ MDVSA-2011:112 ] blender,
security
ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability,
ZDI Disclosures
Call for Papers: ICITST-2011,
Call for papers
Reminder - DeepSec 2011 Call For Papers,
DeepSec Conference
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]