Bugtraq

Date Index

[Prev Page][Next Page]

[SECURITY] [DSA 2278-1] horde3 security update, Steffen Joeris
[SECURITY] [DSA 2254-2] oprofile security update, Luciano Bello
APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update, Apple Product Security
APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone, Apple Product Security
ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability, Security_Alert
[slackware-security] seamonkey (SSA:2011-195-01), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2011-195-02), Slackware Security Team
iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability, labs-no-reply
[oCERT-2011-001] Chyrp input sanitization errors, Andrea Barisani
[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities, Mark Thomas
DC4420 - London DEFCON - July meet - Tuesday 19th July 2011, Major Malfunction
- Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011, Major Malfunction
Torque Server Buffer Overflow Vulnerability, pi3
Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability, nospam
Paltalk Messenger ActiveX Control Multiple Insecure Methods, advisory
CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite, Aditya K Sood
Alice (Telefonica Germany) Modem 1111 DoS + XSS, Moritz Naumann
Static Analysis Tool Exposition (SATE) - Call for Participation, Delaitre, Aurelien
ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability, ZDI Disclosures
[Announcement] ClubHack Magazine Issue 18-July2011 Released, abhijeet
Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss), randy
[SECURITY] [DSA 2276-2] asterisk regression update, Luciano Bello
ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability, ZDI Disclosures
[HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th, Hafez Kamal
[SECURITY] [DSA 2277-1] xml-security-c security update, Nico Golde
[SECURITY] [DSA 2276-1] asterisk security update, Luciano Bello
phpMyAdmin 3.x Multiple Remote Code Executions, Mango
POC2011 Call for Paper, pocadm
Wireshark 1.4.0 Malformed IKE Packet Denial of Service, vuln
- <Possible follow-ups>
- Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service, gerald
Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities, admin
[slackware-security] bind (SSA:2011-189-01), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2011-189-02), Slackware Security Team
phpMyAdmin 3.x preg_replace RCE POC, Mango
Re: [Full-disclosure] Binary Planting Goes "Any File Type", Dan Kaminsky
- Re: [Full-disclosure] Binary Planting Goes "Any File Type", Mitja Kolsek
  - Re: [Full-disclosure] Binary Planting Goes "Any File Type", Dan Kaminsky
[security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 2275-1] openoffice.org security update, Nico Golde
ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2274-1] wireshark security update, Moritz Muehlenhoff
[security bulletin] HPSBMA02674 SSRT100487 rev.2 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject, security-alert
Security Advisory: CVE-2011-2516, Cantor, Scott E.
Aruba Advisory AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces, RGill
[SECURITY] [DSA 2273-1] icedove security update, Moritz Muehlenhoff
Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations, Barry Greene
Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers, Barry Greene
Arbitrary files deletion in HP OpenView Communication Broker, Luigi Auriemma
Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
aTube Catcher ActiveX Control Insecure Method, advisory
IDrive Online Backup ActiveX control Insecure Method, advisory
[security bulletin] HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS), security-alert
Ubuntu: reseed(8), random.org, and HTTP request, Jeffrey Walton
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, coderman
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, Jamie Strandboge
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, Michal Zalewski
  - Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, Michal Zalewski
Fwd: RFC 6274 on Security Assessment of the Internet Protocol Version 4, Fernando Gont
[SECURITY] [DSA 2272-1] bind9 security update, Florian Weimer
MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526], Tom Yu
NGS00060 Technical Advisory: Blue Coat BCAAA Remote Code Execution Vulnerability, Research@NGSSecure
Integer overflow in foobar2000 1.1.7, Luigi Auriemma
NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow, Research@NGSSecure
Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD, Darren Tucker
NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation, Research@NGSSecure
NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows, Research@NGSSecure
NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow, Research@NGSSecure
Multiple vulnerabilities in Open-Realty, advisory
[SECURITY] [DSA 2270-1] qemu-kvm security update, Moritz Muehlenhoff
Vega beta release: a new open-source web-application security assessment platform, David Mirza
[SECURITY] [DSA 2269-1] iceape security update, Moritz Muehlenhoff
[SECURITY] [DSA 2262-2] php5 update, Moritz Muehlenhoff
[SECURITY] [DSA 2268-1] iceweasel security update, Moritz Muehlenhoff
[SECURITY] [DSA 2267-1] perl security update, Moritz Muehlenhoff
NetBSD 5.1 libc/net multiple functions stack buffer overflow, cxib
Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used, pierre . ernst
[security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code, security-alert
SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress, SEC Consult Vulnerability Lab
- Re: SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress, Henri Salo
in_midi multiple vulnerabilities in Winamp 5.61, Luigi Auriemma
- Re: in_midi multiple vulnerabilities in Winamp 5.61, Henri Salo
ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2266-1] php5 security update, Moritz Muehlenhoff
[security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability, CORE Security Technologies Advisories
bcksrvr format string in Sybase Adaptive Server 15.5, Luigi Auriemma
- <Possible follow-ups>
- bcksrvr format string in Sybase Adaptive Server 15.5, Luigi Auriemma
Multiple Cross-Site Scripting vulnerabilities in WebCalendar, sschurtz
- Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar, Henri Salo
- <Possible follow-ups>
- Re: Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar, sschurtz
Arbitrary files deletion in HP OpenView Performance Agent, Luigi Auriemma
[SECURITY] [DSA 2271-1] curl security update, Giuseppe Iuculano
ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability, ZDI Disclosures
Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD), HI-TECH .
- Message not available
  - Re: [Full-disclosure] Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD), HI-TECH .
CORE-2011-0514: Multiple vulnerabilities in HP Data Protector, CORE Security Technologies Advisories
Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities, YGN Ethical Hacker Group
[slackware-security] pidgin (SSA:2011-178-01), Slackware Security Team
ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
AST-2011-011: Possible enumeration of SIP users due to differing authentication responses, Asterisk Security Team
ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability, ZDI Disclosures
Multiple vulnerabilities in Winamp 5.61, Luigi Auriemma
Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011/May/460, NNT Support
Breaking the links: Exploiting the linker, Tim Brown
- Re: [Full-disclosure] Breaking the links: Exploiting the linker, Tim Brown
Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method, advisory
XSS in FlatPress, advisory
[slackware-security] mozilla-firefox (SSA:2011-174-01), Slackware Security Team
APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10, Apple Product Security
APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5, Apple Product Security
[SECURITY] [DSA-2210-2] tiff security update, Luciano Bello
Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460, support
- <Possible follow-ups>
- Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460, dennis . brunnen
Off-by-one in Sybase Advantage Server 10.0.0.3, Luigi Auriemma
Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2, Luigi Auriemma
ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability, ZDI Disclosures
2wire password reset module, techhelperjax
[PRE-SA-2011-05] Buffer overflow in tftp-hpa daemon, Timo Warns
TWSL2011-006: IBM Web Application Firewall Bypass, Trustwave Advisories
HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods, advisory
HTB23017: XSS in FanUpdate, advisory
HTB23016: Kofax e-Transactions Sender Sendbox ActiveX Control Insecure Method, advisory
ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability, ZDI Disclosures
[slackware-security] fetchmail (SSA:2011-171-01), Slackware Security Team
[SECURITY] [DSA 2265-1] perl security update, Florian Weimer
Perfect PDF products distributed with vulnerable MSVC++ libraries, Stefan Kanthak
- Re: Perfect PDF products distributed with vulnerable MSVC++ libraries, Brad Hards
  - Re: Perfect PDF products distributed with vulnerable MSVC++ libraries, Stefan Kanthak
  - Re: Perfect PDF products distributed with vulnerable MSVC++ libraries, Jeffrey Walton
[SECURITY] [DSA 2264-1] linux-2.6 security update, dann frazier
NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability, NSFOCUS Security Team
HTB23005: Multiple XSS in N-13 News, advisory
CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery, CORE Security Technologies Advisories
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability, ZDI Disclosures
CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability, CORE Security Technologies Advisories
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2262-1] moodle security update, Moritz Muehlenhoff
TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability, ZDI Disclosures
iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability, labs-no-reply
[SECURITY] [DSA 2259-1] rails security update, Florian Weimer
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability, ZDI Disclosures
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038), VUPEN Security Research
ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability, ZDI Disclosures
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability, ZDI Disclosures
EQDKP plus Cross Site Scripting and Bypass file extension, iPower N/A
TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability, ZDI Disclosures
HTB23004: Multiple Vulnerabilities in e107, advisory
HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS, advisory
iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability, labs-no-reply
HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog, advisory
[SECURITY] [DSA 2263-1] movabletype-opensource security update, Florian Weimer
[SECURITY] [DSA 2261-1] redmine security update, Thijs Kinkhorst
JFreeChart - Path Disclosure vulnerability, Patrick Webster
myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique, info
ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries, Stefan Kanthak
iDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerability, labs-no-reply
iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability, labs-no-reply
[security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[ MDVSA-2011:110 ] gimp, security
TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability, ZDI Disclosures
TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability, ZDI Disclosures
TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution, signaladvisory
ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability, ZDI Disclosures
HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability, advisory
[security bulletin] HPSBMA02627 SSRT090246 rev.2 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code, security-alert
DC4420 - London DEFCON - June meet - Tuesday 21st June 2011, Major Malfunction
Last Day for AppSec USA 2011 CFP!, adam . baso
phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges, mailinglists
[ MDVSA-2011:109 ] webmin, security
[HITB-Announce] HITB eZine Issue #006 Released!, Hafez Kamal
[ MDVSA-2011:108 ] xerces-j2, security
[SECURITY] [DSA 2259-1] fex security update, Nico Golde
[SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update, Nico Golde
Javascript Injection in Microsoft Lync 4.0.7577.0, bede
[SECURITY] [DSA 2257-1] vlc security update, Nico Golde
Call for Participation: DIMVA 2011, Konrad Rieck
VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability, VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability, VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability, VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability, VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability, VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability, VUPEN Security Research
IEEE SocialCom/PASSAT Call For Paper Deadline: June 15, 2011, justinzzhan
[SECURITY] [DSA 2256-1] tiff security update, Thijs Kinkhorst
PDFill Insecure Library Loading, robkraus
[Announcement] ClubHACK Magazine Issue 17-June 2011 released, abhijeet
[security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject, security-alert
ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability, ZDI Disclosures
Multiple vulnerabilities in several IP camera products, roberto . paleari
[HITB-Announce] HITB2011AMS Conference Materials & Photos, Hafez Kamal
OWASP Zed Attack Proxy version 1.3.0, psiinon
[ MDVSA-2011:107 ] fetchmail, security
Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS, sschurtz
ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability, Fly, Kate
ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability, ZDI Disclosures
ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability, ZDI Disclosures
Java HotSpot Cryptographic Provider signature verification vulnerability, Zacheusz Siedlecki
[SECURITY] [DSA 2255-1] libxml2 security update, Thijs Kinkhorst
ESA-2011-009 (revised): RSA, The Security Division of EMC, announces new fix for potential security vulnerability in RSA(r) Access Manager Server., Security_Alert
Squiz Matrix - Cross-Site Scripting Vulnerability, Patrick Webster
PopScript Multiple Vulnerabilities, root
[SECURITY] [DSA 2254-1] oprofile security update, Luciano Bello
[ MDVSA-2011:106 ] subversion, security
AppSec USA 2011 CFP Reminder, CTF Pre-Conference Challenge #2, adam . baso
[SECURITY] [DSA 2253-1] fontforge security update, Thijs Kinkhorst
VMware Tools Multiple Vulnerabilities, VSR Advisories
iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability, labs-no-reply
fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947), ma+bt
ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBMA02652 SSRT100432 rev.4 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure, security-alert
WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability, nospam
CFP: IEEE SocialCom11 /PASSAT11, justinzzhan
iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability, labs-no-reply
[SECURITY] [DSA 2252-1] dovecot security update, Moritz Muehlenhoff
[CVE-ID REQUEST] vBulletin - Multiple Open Redirects, Robert Gilbert
- <Possible follow-ups>
- Re: [CVE-ID REQUEST] vBulletin - Multiple Open Redirects, rgilbert
AST-2011-007, Jonathan Rose
COM Server-Based Binary Planting Proof Of Concept, ACROS Security Lists
- Re: [Full-disclosure] COM Server-Based Binary Planting Proof Of Concept, Dan Kaminsky
  - RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept, ACROS Security Lists
    - RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept, Thor (Hammer of God)
      - RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept, Mitja Kolsek
      - RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept, Mitja Kolsek
        
        Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept, Dan Kaminsky
        
        Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept, Mitja Kolsek
[SECURITY] [DSA 2251-1] subversion security update, Thijs Kinkhorst
International PHP Conference - Call for Papers, Carsten Eilers
Cross-Site Scripting vulnerability in Icinga, sschurtz
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar, Cisco Systems Product Security Incident Response Team
[ MDVSA-2011:105 ] wireshark, security
[ MDVSA-2011:104 ] bind, security
HTB22997: XSS in A Really Simple Chat (ARSC), advisory
HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC), advisory
Re: Ra-Guard evasion (new Internet-Drafts), Marc Heuse
- Re: Ra-Guard evasion (new Internet-Drafts), Fernando Gont
Post Revolution 0.8.0c Multiple Remote Vulnerabilities, Javier Bassi
CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability, robkraus
[SECURITY] [DSA 2250-1] citadel security update, Nico Golde
[SECURITY] [DSA 2249-1] jabberd14 security update, Nico Golde
IPv6 RA-Guard evasion (and neighbor discovery monitoring) vulnerabilities, Fernando Gont
[SECURITY] [DSA 2248-1] ejabberd security update, Nico Golde
ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability, ZDI Disclosures
[SECURITY] [DSA 2247-1] rails security update, Thijs Kinkhorst
Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag", sschurtz
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities, Walikar Riyaz Ahemed Dawalmalik
[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities, Walikar Riyaz Ahemed Dawalmalik
Paranoia 2011: Call for papers, paranoia
[SECURITY] [DSA 2245-1] chromium-browser security update, Giuseppe Iuculano
CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina], eko security conference
FreeBSD Security Advisory FreeBSD-SA-11:02.bind, FreeBSD Security Advisories
[ MDVSA-2011:102 ] rdesktop, security
[SECURITY] [DSA 2246-1] mahara security update, Giuseppe Iuculano
[SECURITY] [DSA 2244-1] bind9 security update, Florian Weimer
[ MDVSA-2011:103 ] gimp, security
[SECURITY] [DSA 2243-1] unbound security update, Florian Weimer
Viewpoint: Security implications of IPv6, Fernando Gont
[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability, Deng Ching
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability, Deng Ching
[CVE-REQUEST] Plone XSS and permission errors, matthew
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update, Moritz Muehlenhoff
[ MDVSA-2011:101 ] dovecot, security
Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure, Veronica
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow, labs-no-reply
[SECURITY] [DSA 2241-1] qemu-kvm security update, Moritz Muehlenhoff
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow, labs-no-reply
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow, labs-no-reply
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow, labs-no-reply
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability, Cisco Systems Product Security Incident Response Team
Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others, supernothing
[SECURITY] [DSA 2240-1] linux-2.6 security update, dann frazier
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow, CORE Security Technologies Advisories
The Anatomy of COM Server-Based Binary Planting Exploits, ACROS Security Lists
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption, VUPEN Security Research
[SECURITY] [DSA 2239-1] libmojolicious-perl security update, Moritz Muehlenhoff
E-mail address spoofing with RLO, Wouter Coekaerts
[ MDVSA-2011:095-1 ] apr, security
Gadu-Gadu 0-Day Remote Code Execution, Kacper Szczesniak
HTB22986: SQL injection in ExtCalendar 2, advisory
[ MDVSA-2011:097 ] ruby, security
[ MDVSA-2011:100 ] cyrus-imapd, security
HTB22987: Multiple XSS in phpScheduleIt, advisory
NNT Change Tracker - Hard-Coded Encryption Key, Dennis Brunnen
[SECURITY] [DSA 2237-2] apr security update, Stefan Fritsch
[ MDVSA-2011:099 ] libzip, security
[ MDVSA-2011:098 ] ruby, security
HTB22995: XSS in Ajax Chat, advisory
[ MDVSA-2011:096 ] python, security
Bypassing Cisco's ICMPv6 Router Advertisement Guard feature, Marc Heuse
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager), research
NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption, Research@NGSSecure
Session hacking via authentication cookie on Oracle CRM on Demand, jeffto
PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007, Lists
[ MDVSA-2011:095 ] apr, security
[SECURITY] [DSA 2238-1] vino security update, Moritz Muehlenhoff
Ubuntu Security Notice publication update, Jamie Strandboge
Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure, marian . ventuneac
[ MDVSA-2011:094 ] pure-ftpd, security
Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006, Lists
[ MDVSA-2011:093 ] gnome-screensaver, security
DOMinator - The DOMXss Analyzer Tool - is finally public, Stefano Di Paola
XSS vulnerability in TWiki < 5.0.2, Netsparker Advisories
[ MDVSA-2011:092 ] perl-IO-Socket-SSL, security
CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability, Daniel Clemens
Ruxcon 2011 Call For Papers, cfp
HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic, advisory
[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass, Mark Thomas
[ MDVSA-2011:090 ] postfix, security
ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability, ZDI Disclosures
[USN-1132-1] apturl vulnerability, Marc Deslauriers
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer, Stefan Kanthak
[ MDVSA-2011:089 ] mplayer, security
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing), research
[ MDVSA-2011:088 ] mplayer, security
MalBox Release! A Program Behavior Analysis System!, Xiaobo
WebTech Conference 2011 Call for Papers, Carsten Eilers
[ MDVSA-2011:087 ] vino, security
Linux Kernel 2.6.38 Remote NULL Pointer Dereference, roberto . paleari
DC4420 - London DEFCON - May meet - Tuesday 24th May 2011, Major Malfunction
NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon, Henri Lindberg
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc), cxib
[ MDVSA-2011:086 ] polkit, security
[SECURITY] [DSA 2236-1] exim4 security update, Florian Weimer
[SECURITY] [DSA 2237-1] apr security update, Stefan Fritsch
[ MDVSA-2011:085 ] libmodplug, security
ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability, Security_Alert
[ MDVSA-2011:084 ] apr, security
[Annoucement] ClubHack Magazine - Call for Articles, abhijeet
- <Possible follow-ups>
- [Annoucement] ClubHack Magazine - Call for Articles, abhijeet
- [Annoucement] ClubHack Magazine - Call for Articles, abhijeet
- [Annoucement] ClubHack Magazine - Call for Articles, abhijeet
[security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS), security-alert
[ MDVSA-2011:083 ] wireshark, security
CORE-2011-0204: Adobe Audition vulnerability processing malformed session file, CORE Security Technologies Advisories
HTB22978: XSRF (CSRF) in Argyle Social, advisory
HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social, advisory
[security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure, security-alert
HTB22980: XSRF (CSRF) in Open Classifieds, advisory
[Bkis] sNews 1.7.1 XSS vulnerability, Bkis
- Re: [Full-disclosure] [Bkis] sNews 1.7.1 XSS vulnerability, Henri Salo
CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass, CORE Security Technologies Advisories
[security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS), security-alert
[USN-1130-1] Exim vulnerability, Kees Cook
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability, ZDI Disclosures
[PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel, Timo Warns
CA20110510-01: Security Notice for CA eHealth, Kotas, Kevin J
ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files, security-alert
[Announcement] ClubHACK Magazine Issue 16-May 2011 released, abhijeet
ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access, security-alert
[SECURITY] [DSA 2233-1] postfix security update, Florian Weimer
ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability, ZDI Disclosures
[USN-1131-1] Postfix vulnerability, Marc Deslauriers
[SECURITY] [DSA 2234-1] zodb security update, Luciano Bello
ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code, security-alert
Apache Struts 2 Multiple Reflected XSS in XWork error pages, marian . ventuneac
[SECURITY] [DSA 2235-1] icedove security update, Moritz Muehlenhoff
HTB22977: XSRF (CSRF) in poMMo, advisory
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo, advisory
HTB22975: SQL injection in Calendarix, advisory
HTB22974: Multiple XSS in Calendarix, advisory
OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability, Patrick Webster
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability, ZDI Disclosures
PR10-17 Various XSS and information disclosure flaws within KeyFax response management system, research
[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
[security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification, security-alert
[security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS), security-alert
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720), Wietse Venema
TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection, Advisories Toucan-System
TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write, Advisories Toucan-System
Swiss Cyber Storm 3, Ivan Buetler
[SECURITY] [DSA 2232-1] exim4 security update, Florian Weimer
[SECURITY] [DSA 2231-1] otrs2 security update, Florian Weimer
VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities, VMware Security Team
Silently Pwning Protected-Mode IE9 and Innocent Windows Applications, Mitja Kolsek
[USN-1111-1] Linux kernel vulnerabilities, Kees Cook
PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management, research
[USN-1122-2] Thunderbird vulnerabilities, Micah Gersten
HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar, advisory
- Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones, Barry Greene
HTB22972: Multiple SQL injection vulnerabilities in PHPDug, advisory
HTB22971: XSRF (CSRF) in PHPDug, advisory
HTB22973: XSS in AJAX Calendar, advisory
HTB22970: Multiple XSS vulnerabilities in PHPDug, advisory
HTB22968: XSS in PHP Directory Listing Script, advisory
Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
Fwd: [USN-1122-1] Thunderbird vulnerabilities, Micah Gersten
t2'11: Call for Papers 2011 (Helsinki / Finland), Tomi Tuominen
[USN-1126-2] PHP Regressions, Steve Beattie
Announcement - DeepSec 2011 - Call for Papers, DeepSec Conference
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability, vuln
- <Possible follow-ups>
- Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability, psirt
[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances, RedTeam Pentesting GmbH
[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface, RedTeam Pentesting GmbH
[security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection, security-alert
Cisco IOS UDP Denial of Service Vulnerability, vuln
- <Possible follow-ups>
- Re: Cisco IOS UDP Denial of Service Vulnerability, psirt
CSRF (Cross-Site Request Forgery) in FREELANCER, bolok . boloke80
TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component, Shatter
[USN-1128-1] Vino vulnerabilities, Marc Deslauriers
Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005, Lists
NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia., iccc
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU, Shatter
XSS in CLASSIFIED ADS, bolok . boloke80
Path disclousure in MEGA PORTAL, bolok . boloke80
[USN-1129-1] Perl vulnerabilities, Marc Deslauriers
TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html, Shatter
Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv, Damien Miller
HTB22962: Multiple XSS in YaPiG, advisory
[ MDVSA-2011:082 ] python-feedparser, security
HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery, advisory
XSS in GOT.MY CLASSMATES, bolok . boloke80
HTB22964: XSS in SelectaPix Image Gallery, advisory
[USN-1127-1] usb-creator vulnerability, Marc Deslauriers
HTB22966: XSS in (e)2 interactive Photo Gallery, advisory
HTB22967: Multiple SQL Injection in Shutter, advisory
XSS in DEAL INFORMER, bolok . boloke80
[security bulletin] HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure, security-alert
SQL injection in 4images, bolok . boloke80
[ MDVSA-2011:080 ] mozilla-thunderbird, security
[USN-1123-1] xulrunner-1.9.1 vulnerabilities, Micah Gersten
Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion, cxib
[USN-1112-1] Firefox and Xulrunner vulnerabilities, Micah Gersten
[SECURITY] [DSA 2228-1] iceweasel security update, Moritz Muehlenhoff
OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability, Patrick Webster
[SECURITY] [DSA 2230-1] qemu-kvm security update, Moritz Muehlenhoff
[SECURITY] [DSA 2229-1] spip security update, Moritz Muehlenhoff
[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g, ISecAuditors Security Advisories
[USN-1121-1] firefox vulnerabilities, Micah Gersten
[ MDVSA-2011:081 ] kdenetwork4, security
[SECURITY] [DSA 2227-1] iceape security update, Moritz Muehlenhoff
[ MDVSA-2011:079 ] firefox, security
[USN-1126-1] PHP vulnerabilities, Steve Beattie
ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability, ZDI Disclosures
ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-145: HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability, ZDI Disclosures
ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention, Security_Alert
[security bulletin] HPSBMA02668 SSRT100474 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
[Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities, Onapsis Research Labs
[Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities, Onapsis Research Labs
[Onapsis Security Advisory 2011-007] Oracle JD Edwards JDENET Kernel Shutdown, Onapsis Research Labs
[Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure, Onapsis Research Labs
[Onapsis Security Advisory 2011-008] Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution, Onapsis Research Labs
[Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure, Onapsis Research Labs
ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability, ZDI Disclosures
[Onapsis Security Advisory 2011-006] Oracle JD Edwards JDENET Kernel Denial of Service, Onapsis Research Labs
VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console, VMware Security Team
[Onapsis Security Advisory 2011-013] Oracle JD Edwards JDENET USRBROADCAST Denial of Service, Onapsis Research Labs
[Onapsis Security Advisory 2011-012] Oracle JD Edwards JDENET Firewall Bypass, Onapsis Research Labs
[Onapsis Security Advisory 2011-011] Oracle JD Edwards JDENET Buffer Overflow, Onapsis Research Labs
[Onapsis Security Advisory 2011-010] Oracle JD Edwards JDENET Remote Logging Deactivation, Onapsis Research Labs
HTB22960: XSS in Daily Maui Photo Widget wordpress plugin, advisory
HTB22965: Multiple XSS vulnerabilities in BackupPC, advisory
HTB22961: XSS in WP Photo Album wordpress plugin, advisory
HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy, advisory
hashdays 2011 - Call for Papers (#days CFP), Hashdays CFP
HTB22958: XSS in phpGraphy, advisory
CFP: Hacktivity 2011, September 17-18, Budapest, Hungary, jozsef . tiborcz
[USN-1125-1] PCSC-Lite vulnerability, Marc Deslauriers
Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager, Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager, Cisco Systems Product Security Incident Response Team
[USN-1124-1] rsync vulnerability, Marc Deslauriers
NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write, Research@NGSSecure
B-Sides Vienna | NinjaCon 11 Call For Participation, astera
[security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection, security-alert
CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server, Kotas, Kevin J
[SECURITY] [DSA 2226-1] libmodplug security update, Moritz Muehlenhoff
[SECURITY] [DSA 2225-1] asterisk security update, Moritz Muehlenhoff
[security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
HTB22955: Path disclosure in BuddyPress WordPress plugin, advisory
HTB22952: XSS vulnerabilities in Noah's Classifieds, advisory
HTB22948: Path disclosure in Cotonti, advisory
HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin, advisory
HTB22954: Path disclousure in yappa-ng Photo Gallery, advisory
HTB22956: XSS vulnerabilities in phpList, advisory
HTB22957: XSRF (CSRF) in phpList, advisory
HTB22953: XSS in Max's PHP Photo Album, advisory
[TOOL RELEASE] T50 - an Experimental Mixed Packet Injector ( v5.3), Nelson Brito
AST-2011-006: Asterisk Manager User Shell Access, Asterisk Security Team
AT-TFTP Server Remote Denial of Service Vulnerability, SecPod Research
XSS in Webmin 1.540 + exploit for privilege escalation, Javier Bassi
[ MDVSA-2011:078 ] libtiff, security
[ MDVSA-2011:077 ] krb5, security
[ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011), ACM CCS 2011
[DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay, Alexandr Polyakov
- Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay, Vladimir '3APA3A' Dubrovin
AST-2011-005: File Descriptor Resource Exhaustion, Asterisk Security Team
[security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure, security-alert
[security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection, security-alert
[ MDVSA-2011:076 ] xrdb, security
[USN-1120-1] tiff vulnerability, Marc Deslauriers
hack.lu 2011 CFP, hack.lu 2011 information team
HTB22944: Path disclousure in ZENphoto, advisory
HTB22949: Multiple Path disclousure in 4images, advisory
HTB22950: SQL injection in 4images, advisory
HTB22945: Multiple XSS in ZENphoto, advisory
- Re: HTB22945: Multiple XSS in ZENphoto, Christian Kujau
HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin, advisory
FreeBSD Security Advisory FreeBSD-SA-11:01.mountd, FreeBSD Security Advisories
HTB22947: XSS in Ajax Category Dropdown wordpress plugin, advisory
CA20110420-01: Security Notice for CA SiteMinder, Williams, James K
[USN-1119-1] Linux kernel (OMAP4) vulnerabilities, Kees Cook
CA20110420-02: Security Notice for CA Output Management Web Viewer, Williams, James K
- <Possible follow-ups>
- RE: CA20110420-02: Security Notice for CA Output Management Web Viewer, Williams, James K
[SECURITY] [DSA 2224-1] openjdk-6 security update, Florian Weimer
[security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation, security-alert
[security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF), security-alert
[SECURITY] [DSA 2223-1] doctrine security update, Florian Weimer
[SECURITY] [DSA 2222-1] tinyproxy security update, Moritz Muehlenhoff
[ MDVSA-2011:075 ] kdelibs4, security
[USN-1117-1] PolicyKit vulnerability, Kees Cook
[SECURITY] [DSA 2220-1] Request Tracker security update, Florian Weimer
Directory Traversal Vulnerability in Viola DVR VIO-4/1000, by_argos
[USN-1116-1] Kerberos vulnerability, Kees Cook
[security bulletin] HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information, security-alert
[USN-1115-1] language-selector vulnerability, Kees Cook
ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability, ZDI Disclosures
[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Service (DoS), security-alert
ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability, ZDI Disclosures
ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability, ZDI Disclosures
[USN-1108-2] DHCP vulnerability, Marc Deslauriers
[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure, security-alert
ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability, ZDI Disclosures
[USN-1118-1] OpenSLP vulnerability, Marc Deslauriers
[SECURITY] [DSA 2221-1] Mojolicious security update, Moritz Muehlenhoff
[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS), security-alert
HTB22938: Multiple XSS in Universal Post Manager wordpress plugin, advisory
HTB22937: Path disclosure in Universal Post Manager wordpress plugin, advisory
HTB22943: XSS in Dalbum, advisory
- Re: HTB22943: XSS in Dalbum, Henri Salo
HTB22942: Path disclousure in Dalbum, advisory
Windows Synchronization Object Vulnerabilites in Antivirus Suites, Lists
[security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
[USN-1114-1] KDENetwork vulnerability, Jamie Strandboge
[SECURITY] [DSA 2219-1] xmlsec1 security update, Thijs Kinkhorst
HTB22933: Multiple Path disclosure in webSPELL, advisory
ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability, ZDI Disclosures
HTB22940: XSS in SocialGrid wordpress plugin, advisory
HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin, advisory
[Annoucement] CHMag Call for Articles, abhijeet
[DCA-2011-0011] - Ocomon Multiple SQL Injection, Ewerson Guimarães (Crash) - Dclabs
HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum, advisory
HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin, advisory
HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin, advisory
HTB22932: Multiple XSS in webSPELL, advisory
ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch, Security_Alert
cPassMan v1.82 Arbitrary File Download - SOS-11-004, Lists
Announcement: ClubHACK Magazine Issue 15-April 2011 released, abhijeet
ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability, Security_Alert
[USN-1113-1] Postfix vulnerabilities, Marc Deslauriers
Does anyone know how to contact OpenSSH non-public?, Jann Horn
- Re: Does anyone know how to contact OpenSSH non-public?, Rico Secada
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094), VUPEN Security Research
VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105), VUPEN Security Research
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability, ZDI Disclosures
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034), VUPEN Security Research
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344), VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345), VUPEN Security Research
ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability, ZDI Disclosures
[USN-1110-1] KDE-Libs vulnerabilities, Jamie Strandboge
Recon 2011 - Accepted Talks , Training, Call For Papers Reminder - July 8 to 10, 2011 - Montreal, Quebec, hfortier
The BodgeIt Store - another vulnerable web app, psiinon
[security bulletin] HPSBMA02652 SSRT100432 rev.3 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure, security-alert
HTB22922: XSS vulnerabilities in phpAlbum.net, advisory
HTB22923: XSRF (CSRF) in phpAlbum.net, advisory
HTB22924: Arbitrary Command Execution in phpAlbum.net, advisory
ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability, ZDI Disclosures
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability, ZDI Disclosures
ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability, ZDI Disclosures
ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability, ZDI Disclosures
CA20110413-01: Security Notice for CA Total Defense, Kotas, Kevin J
ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability, ZDI Disclosures
ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability, ZDI Disclosures
ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability, ZDI Disclosures
ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability, ZDI Disclosures
ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability, ZDI Disclosures
Microsoft Patches Binary Planting Issues In Various Vendors' Products, ACROS Security Lists
MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285], Tom Yu
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability, VUPEN Security Research
[ MDVSA-2011:074 ] qt4, security
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability, ZDI Disclosures
[PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel, Timo Warns
[USN-1109-1] GIMP vulnerabilities, Marc Deslauriers
iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability, labs-no-reply
[security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS), security-alert
iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability, labs-no-reply
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability, VUPEN Security Research
[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS), security-alert

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]