bugtraq  

Messages by Thread

• [ MDVSA-2012:016 ] glpi security
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group
• Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities resea...@vulnerability-lab.com
• OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities resea...@vulnerability-lab.com
• [Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability Leonardo Uribe
• [ MDVSA-2012:015 ] wireshark security
• [SECURITY] [DSA 2407-1] cvs security update Florian Weimer
• ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities ZDI Disclosures
• ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution ZDI Disclosures
• ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability ZDI Disclosures
• ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability ZDI Disclosures
• ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability ZDI Disclosures
• ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability ZDI Disclosures
• [security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information security-alert
• Multiple vulnerabilities in ZENphoto advisory
• [security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert
• Unauthenticated remote code execution on D-Link ShareCenter products roberto . paleari
• eFronts Community++ v3.6.10 - Cross Site Vulnerability resea...@vulnerability-lab.com
• [security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information security-alert
• SQL Injection Vulnerability in Batavi 1.1.2 Netsparker Advisories
• CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly Colm O hEigeartaigh
• DEF CON 20 Capture the Flag Announcement The Dark Tangent
• SimpleGroupware 0.742 Cross-Site-Scripting vulnerability security
• [SECURITY] [DSA 2403-2] php5 security update Thijs Kinkhorst
• [ MDVSA-2012:014 ] glpi security
• Mathopd - Directory Traversal Vulnerability Mateusz Goik
• [SECURITY] [DSA 2405-1] apache2 security update Stefan Fritsch
• [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update Florian Weimer
• [SECURITY] [DSA 2384-2] cacti regression Luk Claes
• ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability Security_Alert
• RFC 6528 on Defending against Sequence Number Attacks Fernando Gont
• [SECURITY] [DSA 2403-1] php5 security update Thijs Kinkhorst
• [SECURITY] [DSA 2402-1] iceape security update Moritz Muehlenhoff
• [SECURITY] [DSA 2400-1] iceweasel security update Moritz Muehlenhoff
• [SECURITY] [DSA 2401-1] tomcat6 security update Moritz Muehlenhoff
• [security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code security-alert
• GLSA (Gentoo Linux Security Advisory) publication changes Alex Legler
• [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code security-alert
• [CAL-2012-0004] opera array integer overflow Code Audit Labs
• Fwd: RA-Guard: Advice on the implementation (feedback requested) Fernando Gont
• Call For Paper asemailing
• APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 Apple Product Security
• [ MDVSA-2012:012 ] apache security
• XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge) andsarmiento
• ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability Security_Alert
• Multiple vulnerabilities in OpenEMR advisory
• Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14 LpSolit
• 802.1X password exploit on many HTC Android devices Bret Jordan
• [Announce] Apache HTTP Server 2.2.22 Released William A. Rowe Jr.
• [SECURITY] [DSA 2399-2] php5 regression fix Thijs Kinkhorst
• [SECURITY] [DSA 2399-1] php5 security update Thijs Kinkhorst
• VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security Team
• [security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert
• [security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
• [security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert
• [security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access security-alert
• [SECURITY] [DSA 2398-1] curl security update Moritz Muehlenhoff
• ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability ZDI Disclosures
• Advisory: sudo 1.8 Format String Vulnerability joernchen of Phenoelit
• [ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities Alex Legler
• [ GLSA 201201-18 ] bip: Multiple vulnerabilities Alex Legler
• Multiple vulnerabilities in postfixadmin Filippo Cavallarin
• Mibew messenger multiple XSS Filippo Cavallarin
• [ MDVSA-2012:011 ] openssl security
• [SECURITY] [DSA 2397-1] icu security update Moritz Muehlenhoff
• FAA US Academy (AFS) - Auth Bypass Vulnerability resea...@vulnerability-lab.com
• eBank IT Online Banking - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• [ GLSA 201201-17 ] Chromium: Multiple vulnerabilities Tim Sammut
• [ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Alex Legler
• [SECURITY] [DSA 2396-1] qemu-kvm security update Moritz Muehlenhoff
• [SECURITY] [DSA 2395-1] wireshark security update Moritz Muehlenhoff
• AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS Thomas Quinot
• [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon Hafez Kamal
• [ GLSA 201201-15 ] ktsuss: Privilege escalation Sean Amoss
• [SECURITY] [DSA 2394-1] libxml2 security update Luciano Bello
• ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision Security_Alert
• ESA-2012-005: EMC NetWorker buffer overflow vulnerability Security_Alert
• Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
• ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability ZDI Disclosures
• [SECURITY] [DSA-2393-1] bip security update dann frazier
• NX Web Companion Spoofing Arbitrary Code Execution Vulnerability otr
• D-Link DIR-601 TFTP Directory Traversal Vulnerability robkraus
• Multiple vulnerabilities in OSclass advisory
  • Multiple vulnerabilities in OSClass Filippo Cavallarin
• NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation Research@NGSSecure
• NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM Research@NGSSecure
• [security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
• [security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
• [security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert
• [security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
• TWSL2012-002: Multiple Vulnerabilities in WordPress Trustwave Advisories
• Only 7 Days Left: SANS AppSec 2012 CFP SANS AppSec CFP
• NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Research@NGSSecure
• [ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities Sean Amoss
• [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities Sean Amoss
• Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability n0b0d13s
• [ GLSA 201201-12 ] Tor: Multiple vulnerabilities Sean Amoss
• SQL injection in Bigware shop software rwenzel
• [SECURITY] [DSA 2392-1] openssl security update Florian Weimer
• [SECURITY] [DSA 2301-2] rails regression Florian Weimer
• DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass ddivulnalert
• [Suspected Spam] Bart`s CMS - SQL Injection Vulnerability resea...@vulnerability-lab.com
• AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload pavel
• [SECURITY] [DSA 2391-1] phpmyadmin security update Thijs Kinkhorst
• ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
• [ GLSA 201201-04 ] Logsurfer: Arbitrary code execution Sean Amoss
• [ MDVSA-2012:010 ] cacti security
• DC4420 - London DEFCON - 24 January 2012 Major Malfunction
• InfoSec Southwest 2012 Open Registration I)ruid
• [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• Webcalendar 1.2.4 'location' XSS tom
• appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability n0b0d13s
• Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Stefan Esser
• Microsoft Anti-XSS Library Bypass (MS12-007) adic
• [security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information security-alert
• Xpra memory disclosure Antoine Martin
• Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS InterN0T Advisories
• Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
• [ MDVSA-2012:009 ] perl security
• [ MDVSA-2012:008 ] perl security
• XSS in OneOrZero AIMS advisory
• Reflection Scan: an Off-Path Attack on TCP Jan Wrobel
• ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. Security_Alert
• pwgen: non-uniform distribution of passwords Solar Designer
  • Re: pwgen: non-uniform distribution of passwords Solar Designer
  • Re: pwgen: non-uniform distribution of passwords Solar Designer
  • Re: pwgen: non-uniform distribution of passwords Solar Designer
• [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service Mark Thomas
• [SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure Mark Thomas
• [ MDVSA-2012:007 ] openssl security
• [ MDVSA-2012:006 ] openssl security
• [ MDVSA-2012:005 ] libxml2 security
• [Announcement] ClubHack Mag - Call for Articles abhijeet
• (CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean Fernando Gont
• Beehive Forum 101 Multiple XSS vulnerabilities sschurtz
• phpVideoPro Multiple XSS vulnerabilities sschurtz
• Family Connections 2.7.2 Multiple XSS tom
• First-hop security in IPv6 Fernando Gont
• [Announcement] ClubHack Mag Issue 24-Jan 2012 Released abhijeet
• [SECURITY] [DSA 2389-1] linux-2.6 security update dann frazier
• [SECURITY] [DSA 2390-1] openssl security update Florian Weimer
• [SECURITY] [DSA 2388-1] t1lib security update Yves-Alexis Perez
• ATutor 2.0.3 Multiple XSS vulnerabilities sschurtz
• BoltWire 3.4.16 Multiple XSS vulnerabilities sschurtz
• PHP 5.3.8 Multiple vulnerabilities cxib
• [security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code security-alert
• ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389 Henri Salo
• ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities ZDI Disclosures
• ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution ZDI Disclosures
• [ MDVSA-2012:004 ] t1lib security
• SafeSEH+SEHOP all-at-once bypass explotation method principles geinblues
• Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation Fernando Gont
• AthCon 2012 CFP is now OPEN! Christian Papathanasiou
• Office arbitrary ClickOnce application execution vulnerability Akita Software Security
• GreenBrowser iframe content Double Free Vulnerability vuln
• [security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code security-alert
• [SECURITY] [DSA 2386-1] openttd security update Luk Claes
• [SECURITY] [DSA 2387-1] simplesamlphp security update Thijs Kinkhorst
• Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability Secunia Research
• Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities Secunia Research
• [PT-2011-04] Cross-Site Scripting in Kayako Support Suite noreply
• [PT-2011-03] Information disclosure in Kayako Support Suite noreply
  • [PT-2011-03] Information disclosure in Kayako Support Suite noreply
• Multiple XSS in KnowledgeTree Community Edition advisory
  • Re: Multiple XSS in KnowledgeTree Community Edition Henri Salo
  • Re: Multiple XSS in KnowledgeTree Community Edition advisory
• [PT-2011-02] PHP code Injection in Kayako Support Suite noreply
• [PT-2011-01] Cross-Site Scripting in Kayako Support Suite noreply
• VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01) VUPEN Security Research
• Multiple Cross-Site-Scripting vulnerabilities in x3cms security
• [SECURITY] [DSA 2385-1] pdns security update Florian Weimer
• ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability ZDI Disclosures
• [ MDVSA-2012:003 ] apache security
• p0f3 release candidate Michal Zalewski
  • Re: p0f3 release candidate Michal Zalewski
• AppSec DC 2012 CFP EXTENDED! AppSec DC
• Simple Mail Server - SMTP Authentication Bypass Vulnerability demonalex
  • Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability Peter Conrad
• DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785) ddivulnalert
• [SECURITY] [DSA 2384-1] cacti security update luk
• [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert
• [security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
• [SECURITY] [DSA 2383-1] super security update Moritz Muehlenhoff
• [ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities Tim Sammut
• [SECURITY] [DSA 2382-1] ecryptfs-utils security update Jonathan Wiltshire

• Earlier messages