Bugtraq
[Prev Page][Next Page]
- [security bulletin] HPSBUX02655 SSRT100353 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- nSense-2011-001: VeryPDF pdf2tif,
Henri Lindberg
- [DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption,
Flavio do Carmo Junior aka waKKu
- ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability,
ZDI Disclosures
- Announcing TakeDownCon Dallas - May 14-19 - Dallas, TX,
EC-Council USA
- ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS),
security-alert
- HTB22928: Multiple SQL Injections in WebsiteBaker,
advisory
- HTB22929: Multiple Path disclosure in WebsiteBaker,
advisory
- Stack overflow in Microsoft HTML Help 6.1 (CHM files),
Luigi Auriemma
- HTB22925: Path disclosure in Plogger,
advisory
- HTB22926: XSS vulnerability in Plogger,
advisory
- [SECURITY] [DSA 2218-1] vlc security update,
Nico Golde
- HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe,
advisory
- CFP for BugCON 2011 @ Mexico City,
Carlos A. Lozano
- HTB22930: Multiple XSS in WebCalendar,
advisory
- Medium severity flaw in Konqueror,
Tim Brown
- [USN-1108-1] DHCP vulnerability,
Marc Deslauriers
- rPSA-2011-0014-1 httpd mod_ssl,
rPath Update Announcements
- rPSA-2011-0013-1 openssl openssl-scripts,
rPath Update Announcements
- ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability,
ZDI Disclosures
- Vulnerabilities in Microsoft Reader and HIS,
Luigi Auriemma
- ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2217-1] dhcp3 security update,
Nico Golde
- Linksys WRT54G - read router password from file placed on FTP,
rafdw
- [ MDVSA-2011:073 ] dhcp,
security
- [Tool] sqlmap 0.9 released,
Miroslav Stampar
- [SECURITY] [DSA 2216-1] isc-dhcp security update,
Nico Golde
- [SECURITY] [DSA 2215-1] gitolite security update,
Nico Golde
- WOOT '11 Call for Papers (reminder),
Michal Zalewski
- Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1,
by_argos
- [SECURITY] [DSA 2214-1] ikiwiki security update,
Nico Golde
- [SECURITY] [DSA 2213-1] x11-xserver-utils security update,
Nico Golde
- joomlacontenteditor (com_jce) BLIND sql injection vulnerability,
eidelweiss
- [ MDVSA-2011:072 ] gwenhywfar,
security
- [ MDVSA-2011:071 ] kdelibs4,
security
- [ MDVSA-2011:070 ] gdm,
security
- [ MDVSA-2011:069 ] php,
security
- LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package),
by_argos
- XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package),
by_argos
- Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package),
by_argos
- LFI Vulnerability in 024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package),
by_argos
- XSS Vulnerabilities in 1024cms Admin Control Panel v1.1.0 Beta,
by_argos
- [SECURITY] [DSA 2212-1] tmux security update,
Nico Golde
- phplist: cross site request forgery (CSRF), CVE-2011-0748,
Hanno Böck
- O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF),
Hanno Böck
- HTB22916: XSRF (CSRF) in phpCollab,
advisory
- HTB22917: XSS vulnerabilities in phpCollab,
advisory
- HTB22918: Path disclosure in phpCollab,
advisory
- HTB22920: Path disclosure in Viscacha,
advisory
- HTB22915: Path disclosure in Joomla,
advisory
- HTB22919: Multiple XSS in Viscacha,
advisory
- HTB22921: SQL Injection in Viscacha,
advisory
- SEC Consult SA-20110407-0 :: Libmodplug ReadS3M Stack Overflow,
SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2211-1] vlc security update,
Moritz Muehlenhoff
- Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities,
robkraus
- [USN-1107-1] x11-xserver-utils vulnerability,
Marc Deslauriers
- [SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass,
Mark Thomas
- [USN-1106-1] NSS vulnerabilities,
Micah Gersten
- [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure,
Mark Thomas
- Sonexis ConferenceManager SQL Injection,
robkraus
- ICMPv6 Router Announcement flooding denial of service affecting multiple systems,
Marc Heuse
- [ MDVSA-2011:066 ] rsync,
security
- [USN-1105-1] Linux kernel vulnerabilities,
Kees Cook
- XSS Vulnerability in Redmine 1.0.1 to 1.1.1,
Netsparker Advisories
- [ MDVSA-2011:065 ] logrotate,
security
- StartSite.ir Cross-site Scripting Vulnerability,
md . r00t . defacer
- [security bulletin] HPSBMA02652 SSRT100432 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure,
security-alert
- HTB22911: XSS in Eleanor CMS,
advisory
- HTB22912: Multiple SQL Injections in Eleanor CMS,
advisory
- HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB,
advisory
- HTB22914: Local File Inclusion in UseBB,
advisory
- [USN-1104-1] FFmpeg vulnerabilities,
Marc Deslauriers
- [USN-1102-1] tiff vulnerability,
Marc Deslauriers
- [USN-1103-1] tex-common vulnerability,
Marc Deslauriers
- RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities,
nospam
- ZDI-11-041: (0day) Multiple Browser Node Processing Stack Overflow Vulnerability,
ZDI Disclosures
- RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution and Code Execution Vulnerabilities,
nospam
- ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2011:064 ] libtiff,
security
- DC4420 - London DEFCON - April meet - Wednesday 22nd April 2011,
Major Malfunction
- Xymon monitor cross-site scripting vulnerabilities,
Henrik Størner
- THOMSON Router XSS,
edgard . chammas
- ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2209-1] tgt security update,
Moritz Muehlenhoff
- [ MDVSA-2011:063 ] xmlsec1,
security
- [ MDVSA-2011:062 ] ffmpeg,
security
- [SECURITY] [DSA 2210-1] tiff security update,
Thijs Kinkhorst
- XCon 2011 XFocus Information Security Conference Call for Paper,
xcon
- Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang),
mike
- [ MDVSA-2011:061 ] ffmpeg,
security
- [ MDVSA-2011:060 ] ffmpeg,
security
- Movie Player v4.82 0Day Buffer overflow/DOS Exploit,
^Xecuti0N3r
- Flag this message Windows Media player 11.0.5721.5145 Buffer overflow/DOS Exploit,
^Xecuti0N3r
- AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability,
SecPod Research
- [security bulletin] HPSBUX02639 SSRT100293 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02646 SSRT100396 rev.1 - HP-UX, Local Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02645 SSRT100387 rev.1 - HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS),
security-alert
- [ MDVSA-2011:059 ] ffmpeg,
security
- 6-year FreeBSD-SA-05:02.sendfile exploit,
Solar Designer
- Microsoft VISTA TCP/IP heap buffer underflow,
J. Oquendo
- [ MDVSA-2011:057 ] apache,
security
- iDefense Security Advisory 03.31.10: RealNetworks Helix DNA Server RTSP Stack Buffer Overflow,
labs-no-reply
- [ MDVSA-2011:058 ] quagga,
security
- [security bulletin] HPSBMA02650 SSRT100429 rev.1 - HP Operations for UNIX, Remote Cross Site Scripting (XSS), Unauthorized Access,
security-alert
- BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload,
Tavis Ormandy
- [USN-1100-1] OpenLDAP vulnerabilities,
Jamie Strandboge
- HTB22931: XSS vulnerability in InTerra Blog Machine,
advisory
- HTB22908: XSRF (CSRF) in Collabtive,
advisory
- HTB22909: Path disclosure in Tine 2.0,
advisory
- HTB22910: XSRF (CSRF) in Feng Office,
advisory
- HTB22906: XSS vulnerabilities in Collabtive,
advisory
- HTB22907: Directory Traversal in Collabtive,
advisory
- [SECURITY] [DSA 2208-2] bind9 security update,
Florian Weimer
- [USN-1099-1] GDM vulnerability,
Steve Beattie
- 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546),
Mark Stanislav
- [SECURITY] [DSA 2208-1] bind9 security update,
Florian Weimer
- [ MDVSA-2011:056 ] openldap,
security
- Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications,
Security_Alert
- [USN-1095-1] Quagga vulnerabilities,
Marc Deslauriers
- [USN-1094-1] Libvirt vulnerability,
Jamie Strandboge
- [USN-1096-1] Subversion vulnerability,
Marc Deslauriers
- [SECURITY] [DSA 2207-1] tomcat5.5 security update,
Moritz Muehlenhoff
- [USN-1098-1] vsftpd vulnerability,
Marc Deslauriers
- [ MDVSA-2011:055 ] openldap,
security
- [USN-1097-1] Tomcat vulnerabilities,
Marc Deslauriers
- DataDynamics Report Library CoreHandler XSS,
david . daly
- VMSA-2011-0006 VMware vmrun utility local privilege escalation,
VMware Security Team
- [SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities,
Martin Schulze
- HTB22903: XSS in Spitfire CMS,
advisory
- Solaris 10 Port Stealing Vulnerability,
Chris O'Regan
XSS Vulnerability in Tracks 1.7.2,
Netsparker Advisories
HTB22905: Path disclosure in Wordpress,
advisory
<Possible follow-ups>
Re: Re: HTB22905: Path disclosure in Wordpress,
mike
HTB22904: Path disclosure in bbPress,
advisory
"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path,
cseye_ut
[SECURITY] [DSA 2205-1] gdm3 security update,
Florian Weimer
"Simple PHP Newsletter" Remote Admin Password Change With install path,
cseye_ut
ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability,
ZDI Disclosures
Unidesk ReportingService Forceful Browsing Vulnerability,
np
[ MDVSA-2011:054 ] java-1.6.0-openjdk,
security
[AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities,
Michele Orru
Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003,
Lists
[USN-1093-1] Linux Kernel vulnerabilities (Marvell Dove),
Jamie Strandboge
[USN-1092-1] Linux Kernel vulnerabilities,
Jamie Strandboge
TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution,
Advisories Toucan-System
SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting,
root
[SECURITY] [DSA 2204-1] imp4 security update,
Steffen Joeris
SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability,
root
[security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS),
security-alert
[SECURITY] [DSA 2203-1] nss security update,
Moritz Muehlenhoff
[USN-1091-1] Firefox and Xulrunner vulnerabilities,
Micah Gersten
Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability,
YGN Ethical Hacker Group
NGS00051 Patch Notification: Cisco VPN Client Privilege Escalation,
Research@NGSSecure
ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability,
Security_Alert
HTB22901: SQL injection in SyndeoCMS,
advisory
HTB22896: SQL injection vulnerability in Ripe website manager,
advisory
HTB22899: Path disclosure in SyndeoCMS,
advisory
HTB22902: XSS in SyndeoCMS,
advisory
HTB22898: XSRF (CSRF) in Ripe website manager,
advisory
HTB22897: SQL injection vulnerability in Ripe website manager,
advisory
HTB22895: XSS vulnerability in Ripe website manager,
advisory
HTB22900: Multiple XSS vulnerabilities in SyndeoCMS,
advisory
[SECURITY] [DSA 2202-1] apache2 security update,
Stefan Fritsch
[SECURITY] [DSA 2201-1] wireshark security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2200-1] iceweasel security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2199-1] iceape security update,
Moritz Muehlenhoff
CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files,
CORE Security Technologies Advisories
ZDI-11-111: (0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability,
ZDI Disclosures
PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability,
YGN Ethical Hacker Group
[ MDVSA-2011:053 ] php,
security
[ MDVSA-2011:052 ] php,
security
PHP-Nuke 8.x <= Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability,
YGN Ethical Hacker Group
ZDI-11-112: (0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability,
ZDI Disclosures
Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability,
YGN Ethical Hacker Group
ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability,
ZDI Disclosures
[SECURITY] [DSA 2198-1] tex-common security update,
Nico Golde
SCADA Trojans: Attacking the Grid + Advantech vulnerabilities,
Reversemode
NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows,
Research@NGSSecure
[security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration,
security-alert
Apple HFS+ Information Disclosure Vulnerability,
VSR Advisories
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability,
ZDI Disclosures
NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability,
NSO Research
NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow,
Research@NGSSecure
CMS Balitbang 3.3 Arbitary File Upload Vulnerability,
eidelweiss
NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration,
Research@NGSSecure
iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability,
labs-no-reply
ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability,
ZDI Disclosures
NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow,
Research@NGSSecure
[SECURITY] [DSA 2197-1] quagga security update,
Florian Weimer
[ MDVSA-2011:050 ] pidgin,
security
[ MDVSA-2011:049 ] vsftpd,
security
Douran Portal File Download/Source Code Disclosure Vulnerability,
support
[SECURITY] [DSA 2196-1] maradns security update,
Raphael Geissert
[USN-1089-1] Linux kernel vulnerabilities,
Kees Cook
[ MDVSA-2011:051 ] kernel,
security
ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability,
ZDI Disclosures
Heap overflow in RealPlayer 14.0.1.633,
Luigi Auriemma
[SECURITY] [DSA 2195-1] php5 security update,
Raphael Geissert
ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability,
ZDI Disclosures
Vulnerabilities in some SCADA server softwares,
Luigi Auriemma
Privacy, Security, Trust (PST 2011) - Call for Papers (EXTENDED Deadline: April 3, 2011),
Serguei A. Mokhov on behalf of PST-11
[USN-1090-1] Linux kernel vulnerabilities,
Kees Cook
XSS vulnerability in Web Poll Pro,
Hector . x90
Buffer overflow in libtiff in Imagemagick,
zgmzgm
Tugux CMS (nid) BLIND sql injection vulnerability,
eidelweiss
[SECURITY] [DSA 2186-2] vimperator regression fix,
Moritz Muehlenhoff
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5),
cxib
[ MDVSA-2011:048 ] krb5,
security
XOOPS 2.5.0 <= Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
OWASP AppSec USA 2011 Call for Papers,
Adam Baso
[ MDVSA-2011:047 ] proftpd,
security
[SECURITY] [DSA 2194-1] libvirt security update,
Thijs Kinkhorst
[USN-1079-3] OpenJDK 6 vulnerabilities,
Steve Beattie
[ MDVSA-2011:046 ] pure-ftpd,
security
[TEHTRI-Security] Quick BlackBerry Security Check,
Laurent OUDOT at TEHTRI-Security
Deferral Announcement for the March 2011 Cisco IOS Software Security Advisories,
Cisco Systems Product Security Incident Response Team
AST-2011-003:,
Asterisk Security Team
AST-2011-004:,
Asterisk Security Team
[PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel,
Timo Warns
[Announcement] ClubHACK Magazine Issue 14-March 2011 released,
abhijeet
HTB22889: XSS in Rating-Widget wordpress plugin,
advisory
HTB22890: XSS in Rating-Widget wordpress plugin,
advisory
HTB22891: XSS in Rating-Widget wordpress plugin,
advisory
HTB22892: Path disclosure in Smen Social Button wordpress plugin,
advisory
HTB22893: XSS in Sodahead Polls wordpress plugin,
advisory
HTB22894: XSS in Sodahead Polls wordpress plugin,
advisory
[SECURITY] [DSA 2193-1] libcgroup security update,
Thijs Kinkhorst
[ MDVSA-2011:045 ] postfix,
security
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS,
Alexandr Polyakov
[DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking,
Alexandr Polyakov
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS,
Alexandr Polyakov
[DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS,
Alexandr Polyakov
MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled,
Tom Yu
[USN-1088-1] Kerberos vulnerability,
Steve Beattie
[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution,
RedTeam Pentesting GmbH
[SECURITY] [DSA 2192-1] chromium-browser security update,
Giuseppe Iuculano
[RT-SA-2011-002] SugarCRM list privilege restriction bypass,
RedTeam Pentesting GmbH
ESA-2011-006: EMC Avamar privilege escalation vulnerability,
Security_Alert
HTB22877: Path disclosure in xt:Commerce,
advisory
ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server,
Security_Alert
ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability,
Security_Alert
HTB22887: XSS vulnerability in LotusCMS,
advisory
HTB22886: XSRF (CSRF) in LotusCMS,
advisory
HTB22885: XSS vulnerability in LotusCMS,
advisory
HTB22884: XSS vulnerability in LotusCMS,
advisory
HTB22882: Path disclosure in OXID eShop,
advisory
HTB22883: XSS vulnerability in LotusCMS,
advisory
VMSA-2011-0005 VMware vCenter Orchestrator remote code execution vulnerability,
VMware Security Team
HTB22888: File Content Disclosure in LotusCMS,
advisory
[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass,
Mark Thomas
[USN-1079-2] OpenJDK 6 vulnerabilities,
Steve Beattie
[USN-1085-2] tiff regression,
Kees Cook
[DSECRG-11-010] SAP NetWeaver logon.html - XSS,
Alexandr Polyakov
[DCA-2011-0004] - Trend WebReputation API Bypass,
Ewerson Guimarães (Crash) - Dclabs
[security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code,
security-alert
[SECURITY] [DSA 2191-1] proftpd security update,
Moritz Muehlenhoff
Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability,
YGN Ethical Hacker Group
[USN-1087-1] libvpx vulnerability,
Micah Gersten
[DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS,
Alexandr Polyakov
ClubHACK Magazine: Call for Articles,
abhijeet
BoutikOne Multiples SQL Injection Vulnerability,
cdx . security
Joomla! 1.6.0 | SQL Injection Vulnerability,
YGN Ethical Hacker Group
bbPress 1.0.2 <= Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
Checkpoint VPN - Priviledge Escalation,
Thierry Zoller
Privacy, Security, Trust (PST 2011) - 2nd Call for Papers (Deadline: March 20),
Serguei A. Mokhov on behalf of PST-11
VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling Integer Overflow,
VUPEN Security Research
VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free,
VUPEN Security Research
VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free,
VUPEN Security Research
DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011,
Major Malfunction
[SECURITY] [DSA 2190-1] wordpress security update,
Giuseppe Iuculano
Swiss Cyber Storm 3 2011 Announcement,
Ivan Buetler
Medium severity flaw in QNX Neutrino RTOS,
Tim Brown
[security bulletin] HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS),
security-alert
HTB22881: SQL injection vulnerability in CosmoShop,
advisory
HTB22879: Multiple XSS vulnerabilities in CosmoShop,
advisory
Cross-Site Scripting vulnerability in Nagios,
sschurtz
Call for Papers: Passwords^11,
Per Thorsheim
[SECURITY] [DSA 2188-1] webkit security update,
Giuseppe Iuculano
[SECURITY] [DSA 2187-1] icedove security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2186-1] iceweasel security update,
Moritz Muehlenhoff
HTB22874: Path disclosure in Lazyest Gallery wordpress plugin,
advisory
HTB22880: XSS vulnerability in CosmoShop,
advisory
[DCA-2011-0007] Air Contacts Lite (iPhone / iPod App Denial Of Service),
Rodrigo Escobar
HTB22875: XSS in Lazyest Gallery wordpress plugin,
advisory
HTB22878: XSS vulnerability in CosmoShop,
advisory
RecordPress Multiple Vulnerabilities,
irancrash
[SECURITY] [DSA 2185-1] proftpd-dfsg security update,
Moritz Mühlenhoff
[USN-1086-1] Linux kernel (EC2) vulnerabilities,
Kees Cook
[ MDVSA-2011:044 ] wireshark,
security
NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass),
NSO Research
AthCon 2011 Announcement,
kyprianos
[security bulletin] HPSBUX02641 SSRT100412 rev.1 - HP OpenView Network Node Manager (OV NNM) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS),
security-alert
Cross-Site Scripting vulnerabilities in Icinga,
sschurtz
[HITB-Announce] HITB Magazine Call for Articles,
Hafez Kamal
[ MDVSA-2011:043 ] libtiff,
security
HTB22867: XSS in PhotoSmash wordpress plugin,
advisory
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.,
VMware Security Team
HTB22868: XSS in 1 Flash Gallery wordpress plugin,
advisory
HTB22869: SQL Injection in 1 Flash Gallery wordpress plugin,
advisory
HTB22870: SQL Injection in GRAND Flash Album Gallery wordpress plugin,
advisory
HTB22871: File Content Disclosure in GRAND Flash Album Gallery wordpress plugin,
advisory
HTB22873: XSS in Inline Gallery wordpress plugin,
advisory
HTB22872: Path disclosure in Cool Video Gallery wordpress plugin,
advisory
Plaintext injection in STARTTLS (multiple implementations),
Wietse Venema
[ MDVSA-2011:042 ] mozilla-thunderbird,
security
[TEHTRI-Security] Security and iPhone iOS 4.3 Personal Hotspot feature,
Laurent OUDOT at TEHTRI-Security
[USN-1084-1] avahi vulnerability,
Marc Deslauriers
[USN-1085-1] tiff vulnerabilities,
Marc Deslauriers
InSite Troubleshooting Cross-Site Scripting,
vulns
Kodak InSite Login Page Cross-Site Scripting,
vulns
RECON 2011 CFP,
hfortier
[DCA-2011-0009] Weborf 0.12.4 Denial-of-Service,
Rodrigo Escobar
XSS in CubeCart <= 2.0.7,
Michele Spagnuolo
'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099),
Mark Stanislav
[SECURITY] [DSA 2184-1] isc-dhcp security update,
Florian Weimer
[SECURITY] [DSA 2183-1] nbd security update,
Raphael Geissert
[ MDVSA-2011:041 ] firefox,
security
[DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service,
Rodrigo Escobar
[SECURITY] [DSA 2182-1] logwatch security update,
Florian Weimer
Mutare Software EVM - CSRF and XSS Vulnerabilities,
Travis Lee
[DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection,
Flavio do Carmo Junior aka waKKu
[DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration,
Flavio do Carmo Junior aka waKKu
[DCA-2011-0001] TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS,
Ewerson Guimarães (Crash) - Dclabs
[SECURITY] [DSA 2181-1] subversion security update,
Florian Weimer
[SECURITY] [DSA 2180-1] iceape security update,
Moritz Muehlenhoff
[security bulletin] HPSBPI02640 SSRT100410 rev.1 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass,
security-alert
[ MDVSA-2011:040 ] pango,
security
HTB22837: Path disclosure in PrestaShop,
advisory
HTB22865: XSS vulnerability in xtcModified,
advisory
HTB22853: XSS vulnerability in Pragyan CMS,
advisory
HTB22856: XSS vulnerability in Pragyan CMS,
advisory
HTB22855: XSRF (CSRF) in Pragyan CMS,
advisory
HTB22866: XSS vulnerability in xtcModified,
advisory
HTB22857: Path disclosure in Tribiq CMS,
advisory
HTB22863: XSS vulnerability in xtcModified,
advisory
[USN-1050-1] Thunderbird vulnerabilities,
Jamie Strandboge
iDefense Security Advisory 03.02.11: Apple CoreGraphics Library Heap Memory Corruption Vulnerability,
labs-no-reply
ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability,
ZDI Disclosures
[USN-1080-2] Linux kernel vulnerabilities,
Kees Cook
ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
[security bulletin] HPSBUX02638 SSRT100339 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass,
security-alert
ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability,
ZDI Disclosures
iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability,
labs-no-reply
[SECURITY] [DSA 2179-1] dtc security update,
Florian Weimer
[USN-1083-1] Linux kernel vulnerabilities,
Kees Cook
[SECURITY] [DSA 2178-1] pango1.0 security update,
Florian Weimer
[SECURITY] [DSA 2177-1] pywebdav security update,
Florian Weimer
Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS),
Antonio S.M
CubeCart 2.0.6 SQL injection / Cross Site Scripting,
Root
PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting,
Root
VidiScript (index.php) Cross Site Scripting,
Root
[USN-1082-1] Pango vulnerabilities,
Marc Deslauriers
[ MDVSA-2011:039 ] webkit,
security
[SECURITY] [DSA 2176-1] cups security update,
Moritz Muehlenhoff
[USN-1080-1] Linux kernel vulnerabilities,
Kees Cook
[USN-1081-1] Linux kernel vulnerabilities,
Kees Cook
[SECURITY] [DSA 2163-2] dajaxice regression fix,
Thijs Kinkhorst
DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ],
ddivulnalert
HTB22848: XSS in Mingle Forum wordpress plugin,
advisory
HTB22849: Path disclosure in Mingle Forum wordpress plugin,
advisory
HTB22858: SQL Injection in WP Forum wordpress plugin,
advisory
HTB22859: SQL Injection in WP Forum wordpress plugin,
advisory
HTB22860: SQL Injection in WP Forum wordpress plugin,
advisory
HTB22861: XSS in Question and Answer Forum wordpress plugin,
advisory
HTB22862: Path disclosure in NextGEN Gallery wordpress plugin,
advisory
Re: Re: prestashop vuln: sql injection submitted to bugtraq () securityfocus com,
Antonio S.M
vsftpd 2.3.2 remote denial-of-service,
cxib
[USN-1079-1] OpenJDK 6 vulnerabilities,
Steve Beattie
SnapProof (cart.php) Cross Site Scripting,
difficult-511
[USN-1078-1] Logwatch vulnerability,
Steve Beattie
[security bulletin] HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS),
security-alert
ZDI-11-094: (0 day) Hewlett-Packard StorageWorks File Migration Agent Remote Archive Tampering Vulnerability,
ZDI Disclosures
[SECURITY] [DSA 2175-1] samba security update,
Moritz Muehlenhoff
weechat does not properly use gnutls and allow an attacker to bypass certificate verification,
john . doe
[USN-1074-2] Linux kernel vulnerabilities,
Kees Cook
[USN-1077-1] FUSE vulnerabilities,
Marc Deslauriers
[USN-1076-1] ClamAV vulnerability,
Marc Deslauriers
[USN-1075-1] Samba vulnerability,
Marc Deslauriers
[ MDVSA-2011:038 ] samba,
security
FreeBSD crontab information leakage,
Dan Rosenberg
[security bulletin] HPSBPI02635 SSRT100391 rev.1 - HP Web Jetadmin Running on Windows, Local Unauthorized Access to Managed Resources,
security-alert
CONFidence 2011- CfP only 6 days left, we are still waiting for your submission,
Andrzej Targosz
Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability,
difficult-511
[SECURITY] [DSA 2174-1] avahi security update,
Thijs Kinkhorst
[SECURITY] [DSA 2173-1] pam-pgsql security update,
Thijs Kinkhorst
[USN-1074-1] Linux kernel vulnerabilities,
Kees Cook
[USN-1073-1] Linux kernel vulnerabilities,
Kees Cook
[USN-1072-1] Linux vulnerabilities,
Kees Cook
[USN-1071-1] Linux kernel vulnerabilities,
Marc Deslauriers
DoS Condition with Altigen VoIP Phone Systems,
Patrick Kelley
[BMSA-2011-01] Insecure secure cookie in web.go,
Nam Nguyen
CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System,
Williams, James K
prestashop vuln: sql injection submitted to bugtraq@xxxxxxxxxxxxxxxxx,
Antonio S.M
Linksys Cisco Wag120N CSRF Vulnerability,
irancrash
ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability,
ZDI Disclosures
[ MDVSA-2011:037 ] avahi,
security
ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability,
ZDI Disclosures
HTB22850: SQL Injection in WP Forum Server wordpress plugin,
advisory
HTB22847: XSS in IWantOneButton wordpress plugin,
advisory
HTB22846: SQL Injection in IWantOneButton wordpress plugin,
advisory
ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability,
ZDI Disclosures
WordPress Uploadify Plugin 1.0 Remote File Upload,
Leonardo Rota Botelho
ZDI-11-090: Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability,
ZDI Disclosures
[USN-1070-1] Bind vulnerability,
Marc Deslauriers
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager,
Cisco Systems Product Security Incident Response Team
[ MDVSA-2011:036 ] mailman,
security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices,
Cisco Systems Product Security Incident Response Team
[PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables,
Timo Warns
[SECURITY] [DSA 2172-1] moodle security update,
Moritz Muehlenhoff
[USN-1069-1] Mailman vulnerabilities,
Marc Deslauriers
Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
HTB22839: SQL Injection in Z-Vote wordpress plugin,
advisory
HTB22838: Path disclosure in Vote It Up wordpress plugin,
advisory
[USN-1068-1] Aptdaemon vulnerability,
Marc Deslauriers
HTB22840: Path disclosure in Starbox Voting wordpress plugin,
advisory
HTB22841: SQL Injection in Comment Rating wordpress plugin,
advisory
[ MDVSA-2011:035 ] tomboy,
security
HTB22843: Path disclosure in GD Star Rating wordpress plugin,
advisory
HTB22842: Path disclosure in Comment Rating wordpress plugin,
advisory
HTB22844: XSS in GD Star Rating wordpress plugin,
advisory
HTB22845: SQL Injection in cdnvote wordpress plugin,
advisory
AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code,
Asterisk Security Team
[ MDVSA-2011:034 ] banshee,
security
[SECURITY] [DSA 2171-1] asterisk security update,
Moritz Muehlenhoff
[ MDVSA-2011:030 ] tomcat5,
security
[security bulletin] HPSBUX02628 SSRT090183 rev.1 - HP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary Code,
security-alert
[ MDVSA-2011:033 ] awstats,
security
Domino Sametime Multiple Reflected Cross-Site Scripting,
david . daly
www.eVuln.com : "time" SQL Injection vulnerability in WSN Guest,
bt
[ MDVSA-2011:032 ] eclipse,
security
[SECURITY] [DSA 2170-1] mailman security update,
Thijs Kinkhorst
[ MDVSA-2011:031 ] python-django,
security
Privacy, Security, Trust (PST 2011) - Call for Papers,
Serguei A. Mokhov on behalf of PST-11
ZDI-11-089: Novell ZenWorks TFTPD Remote Code Execution Vulnerability,
ZDI Disclosures
www.eVuln.com : "wsnuser" Cookie SQL Injection vulnerability in WSN Guest,
bt
[ MDVSA-2011:029 ] kernel,
security
[USN-1067-1] Telepathy Gabble vulnerability,
Jamie Strandboge
[USN-1066-1] Django vulnerabilities,
Jamie Strandboge
HTB22835: DoS (Denial of Service) Risk in FlatnuX,
advisory
HTB22834: Path disclosure in FlatnuX,
advisory
HTB22836: Path disclosure in Coppermine,
advisory
ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-087: Novell iPrint LPD Remote Code Execution Vulnerability,
ZDI Disclosures
PHP 5.3.5 grapheme_extract() NULL Pointer Dereference,
cxib
[SECURITY] [DSA 2169-1] telepathy-gabble security update,
Nico Golde
[SECURITY] [DSA 2168-1] openafs security update,
Moritz Muehlenhoff
[SECURITY] [DSA 2167-1] phpmyadmin security update,
Thijs Kinkhorst
Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
ZDI-11-086: Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability,
ZDI Disclosures
[SECURITY] [DSA 2164-1] shadow security update,
Nico Golde
[SECURITY] [DSA 2166-1] chromium-browser security update,
Giuseppe Iuculano
ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability,
ZDI Disclosures
[USN-1065-1] shadow vulnerability,
Kees Cook
[USN-1064-1] OpenSSL vulnerability,
Steve Beattie
ZDI-11-085: Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability,
ZDI Disclosures
[SECURITY] [DSA 2165-1] ffmpeg-debian security update,
Luciano Bello
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-082: Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability,
ZDI Disclosures
Gain Windows Domain Admin Privileges - Online Challenge,
Ivan Buetler
[SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability,
Brett Porter
Tembria Server Monitor Multiple Cross-site Scripting (XSS) Vulnerabilities,
robkraus
Tembria Server Monitor Weak Cryptographic Password Storage Vulnerability,
robkraus
HTB22825: SQL Injection in Seo Panel,
advisory
HTB22827: File Content Disclosure in Wikipad,
advisory
HTB22833: Information Disclosure in Arctic Fox CMS,
advisory
HTB22829: Path disclosure in Xaraya,
advisory
[ MDVSA-2011:028 ] openssl,
security
HTB22823: SQL Injection in Seo Panel,
advisory
HTB22824: SQL Injection in Seo Panel,
advisory
HTB22828: Multiple XSS vulnerabilities in Photopad,
advisory
HTB22826: Multiple XSS vulnerabilities in Wikipad,
advisory
HTB22830: Multiple XSS vulnerabilities in Gollos,
advisory
HTB22832: Path disclosure in ArtGK CMS,
advisory
HTB22831: XSS vulnerability in Gollos,
advisory
[USN-1062-1] Kerberos vulnerabilities,
Steve Beattie
[USN-1063-1] QEMU vulnerability,
Kees Cook
[ MDVSA-2011:027 ] openoffice.org,
security
[SECURITY] [DSA 2161-2] OpenJDK security update,
Florian Weimer
[SECURITY] [DSA 2162-1] openssl security update,
Nico Golde
[SECURITY] [DSA 2163-1] python-django security update,
Nico Golde
[SECURITY] [DSA 2161-1] OpenJDK security update,
Florian Weimer
[USN-1061-1] iTALC vulnerability,
Kees Cook
VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability,
VUPEN Security Research
ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader,
ACROS Security Lists
ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player,
ACROS Security Lists
VUPEN Security Research - Microsoft Windows Shell Graphics BMP "height" Integer Overflow Vulnerability,
VUPEN Security Research
VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX,
VMware Security team
VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" Integer Overflow Vulnerability,
VUPEN Security Research
Kunena SQL Injection Vulnerability & Information Leakage,
Red Matter
HTB22822: XSS vulnerability in RunCMS,
advisory
[SECURITY] [DSA 2160-1] tomcat6 security update,
Moritz Muehlenhoff
[ MDVSA-2011:026 ] phpmyadmin,
security
HTB22821: Path disclosure in RunCMS,
advisory
HTB22820: SQL Injection in RunCMS,
advisory
VUPEN Security Research - Microsoft Internet Explorer "mshtml.dll" Dangling Pointer Vulnerability (CVE-2011-0036),
VUPEN Security Research
CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities,
CORE Security Technologies Advisories
HTB22851: SQL Injection in WP Forum Server wordpress plugin,
advisory
[SECURITY] [DSA 2159-1] vlc security update,
Moritz Muehlenhoff
HTB22852: SQL Injection in WP Forum Server wordpress plugin,
advisory
VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01),
VUPEN Security Research
[USN-1060-1] Exim vulnerabilities,
Marc Deslauriers
[SECURITY] [DSA-2158-1] cgiirc security update,
Steve Kemp
[SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability,
Brett Porter
Linksys WAP610N Unauthenticated Root Consle,
Matteo Ignaccolo
[SECURITY] CVE-2010-3449: Apache Continuum CSRF vulnerability,
Brett Porter
TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability,
ZDI Disclosures
SourceBans Version 1.4.7 XSS,
null
TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability,
ZDI Disclosures
TPTI-11-03: Adobe Shockwave Font Xtra String Decoding Remote Code Execution Vulnerability,
ZDI Disclosures
TPTI-11-04: Adobe Shockwave GIF Logical Screen Descriptor Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
[HITB-Announce] HITB Magazine Issue 005 Released,
Hafez Kamal
CGI:IRC XSS issue (CVE-2011-0050),
David Leadbeater
iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Memory Corruption Vulnerability,
labs-no-reply
iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Integer Overflow Vulnerability,
labs-no-reply
ZDI-11-081: Adobe Flash Player Point Object Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability,
ZDI Disclosures
iDefense Security Advisory 02.08.11: Adobe Shockwave Player Memory Corruption Vulnerability,
labs-no-reply
ZDI-11-077: Adobe Acrobat Reader U3D Texture Parser ILBM Remote Code Execution Vulnerability,
ZDI Disclosures
iDefense Security Advisory 02.08.11: Adobe Reader and Acrobat JP2K Invalid Indexing Vulnerability,
labs-no-reply
ZDI-11-076: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-075: Adobe Acrobat Reader rt3d.dll Multimedia Playing Arbitrary Memory Overwite Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-074: Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-071: Adobe Reader BMP RLE_8 Decompression Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-065: Adobe Reader Controlled memset Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-070: Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-069: Adobe Acrobat Reader U3D Texture psd RLE Decompression Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-068: Adobe Acrobat Reader U3D Texture bmp RLE Decompression Remote Code Execution Vulnerability,
ZDI Disclosures
CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution,
Rodrigo Rubira Branco (BSDaemon)
ZDI-11-067: Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code Execution Vulnerability,
ZDI Disclosures
[ MDVSA-2011:024 ] krb5,
security
ZDI-11-066: Adobe Acrobat Reader U3D Texture .iff RLE Decompression Remote Code Execution Vulnerability,
ZDI Disclosures
MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283],
Tom Yu
iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library,
labs-no-reply
DC4420 - London DEFCON - February meet - Tuesday 22nd February 2011,
Major Malfunction
MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022],
Tom Yu
ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
[security bulletin] HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF),
security-alert
HTB22818: Stored XSS vulnerability in WebAsyst Shop-Script,
advisory
ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability,
ZDI Disclosures
rPSA-2011-0010-1 kernel,
rPath Update Announcements
ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability,
ZDI Disclosures
ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability,
ZDI Disclosures
ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability,
ZDI Disclosures
HTB22812: XSRF (CSRF) in UMI.CMS,
advisory
ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability,
ZDI Disclosures
ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability,
ZDI Disclosures
[USN-1059-1] Dovecot vulnerabilities,
Marc Deslauriers
Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial of Service,
Digit Security Research
HTB22813: XSS vulnerability in UMI.CMS,
advisory
[ MDVSA-2011:023 ] proftpd,
security
ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability,
ZDI Disclosures
[security bulletin] HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access,
security-alert
HTB22817: XSS vulnerability in WebAsyst Shop-Script,
advisory
VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi,
VMware Security Team
ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability,
ZDI Disclosures
R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities,
HD Moore
HTB22819: XSS vulnerability in WebAsyst Shop-Script,
advisory
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability,
ZDI Disclosures
HTB22814: XSS vulnerability in ViArt Shop,
advisory
ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability,
ZDI Disclosures
R7-0038: Check Point Endpoint Security Server Information Disclosure,
HD Moore
HTB22815: XSS vulnerability in ViArt Shop,
advisory
ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability,
ZDI Disclosures
HTB22816: XSS vulnerability in ViArt Shop,
advisory
HTB22811: XSS vulnerability in UMI.CMS,
advisory
ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability,
ZDI Disclosures
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
