bugtraq  

Messages by Date

• 2012/04/20 DC4420 - London DEFCON - April meet - Tuesday April 24th 2012 Major Malfunction
• 2012/04/20 [security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege security-alert
• 2012/04/20 [SECURITY] [DSA 2454-1] openssl security update Raphael Geissert
• 2012/04/19 Vulnerabilities in Samsung TV (remote controller protocol) Luigi Auriemma
• 2012/04/19 [ MDVSA-2012:060 ] openssl security
• 2012/04/19 Re: Squid URL Filtering Bypass Mario Vilas
• 2012/04/19 [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64) Ange Albertini
• 2012/04/19 VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773) VUPEN Security Research
• 2012/04/19 Ruxcon 2012 Call For Papers cfp
• 2012/04/19 [SECURITY] [DSA 2453-2] gajim regression Nico Golde
• 2012/04/19 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9 LpSolit
• 2012/04/19 The history of a -probably- 13 years old Oracle bug: TNS Poison Joxean Koret
• 2012/04/19 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities Security_Alert
• 2012/04/19 Re: Squid URL Filtering Bypass Gabriel Menezes Nunes
• 2012/04/19 Re: Squid URL Filtering Bypass Richard Barrett
• 2012/04/18 [security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS) security-alert
• 2012/04/18 Multiple vulnerabilities in Newscoop advisory
• 2012/04/18 Multiple XSS vulnerabilities in XOOPS advisory
• 2012/04/18 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Tobias Glemser
• 2012/04/18 [ MDVSA-2012:032-1 ] mozilla security
• 2012/04/18 VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172) VUPEN Security Research
• 2012/04/18 ClubHack Magazine's April 2012 Issue is released. v . hirve
• 2012/04/18 Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Henri Salo
• 2012/04/18 Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Henri Salo
• 2012/04/18 Re: Wordpress advanced-text-widget Plugin Vulnerabilities Henri Salo
• 2012/04/18 McAfee Web Gateway URL Filtering Bypass Gabriel Menezes Nunes
• 2012/04/18 [security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS) security-alert
• 2012/04/17 [security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alert
• 2012/04/17 [security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alert
• 2012/04/17 [security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alert
• 2012/04/17 Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo
• 2012/04/17 Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability Vikram Dhillon
• 2012/04/17 Fwd: PHP Gift Registry 1.5.5 SQL Injection Thomas Richards
• 2012/04/16 [ MDVSA-2012:059 ] python-sqlalchemy security
• 2012/04/16 [SECURITY] [DSA 2453-1] gajim security update Nico Golde
• 2012/04/16 [SECURITY] [DSA 2452-1] apache2 security update Stefan Fritsch
• 2012/04/16 Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
• 2012/04/16 FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
• 2012/04/16 [CVE-2012-1622] Apache OFBiz information disclosure vulnerability Jacopo Cappellato
• 2012/04/16 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability Jacopo Cappellato
• 2012/04/16 Passwords^12 : Call for Presentations Per Thorsheim
• 2012/04/16 Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Research
• 2012/04/16 Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo
• 2012/04/16 Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities CrAzY_CrAcKeR
• 2012/04/16 Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012 Fernando Gont
• 2012/04/16 APPLE-SA-2012-04-13-1 Flashback malware removal tool Apple Product Security
• 2012/04/13 ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Research
• 2012/04/13 Re: Erronous post concerning Backtrack 5 R2 0day Jamie Riden
• 2012/04/13 [ MDVSA-2012:058 ] curl security
• 2012/04/13 [SECURITY] [DSA 2451-1] puppet security update Nico Golde
• 2012/04/13 VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security Team
• 2012/04/13 Erronous post concerning Backtrack 5 R2 0day Adam Behnke
• 2012/04/13 Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise InterN0T Advisories
• 2012/04/13 APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 Apple Product Security
• 2012/04/13 [SECURITY] [DSA 2450-1] samba security update Thijs Kinkhorst
• 2012/04/12 [SE-2012-01] Security weakness in Apple Quicktime Java extensions Security Explorations
• 2012/04/12 [SECURITY] [DSA 2449-1] sqlalchemy security update Nico Golde
• 2012/04/12 online newspaper university"newsdesc.php" SQL Injection Vulnerabilities CrAzY_CrAcKeR
• 2012/04/12 [ MDVSA-2012:057 ] freetype2 security
• 2012/04/12 TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Trustwave Advisories
• 2012/04/12 [waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0 come2waraxe
• 2012/04/12 [Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Research
• 2012/04/12 Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Research
• 2012/04/12 [ MDVSA-2012:056 ] rpm security
• 2012/04/12 TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command Shatter
• 2012/04/11 Backtrack 5 R2 priv escalation 0day found in CTF exercise Adam Behnke
• 2012/04/11 Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed! info
• 2012/04/11 Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress advisory
• 2012/04/11 Android information leak sumanj
• 2012/04/11 [ MDVSA-2012:055 ] samba security
• 2012/04/11 [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus security-alert
• 2012/04/10 GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Research
• 2012/04/10 Matterdaddy Market v1.1 - SQL Injection Vulnerabilities Research
• 2012/04/10 [SECURITY] [DSA 2448-1] inspircd security update Jonathan Wiltshire
• 2012/04/09 CVE-2012-0769, the case of the perfect info leak Fermín J . Serna
• 2012/04/09 Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities Secunia Research
• 2012/04/09 Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue Secunia Research
• 2012/04/09 OWASP ZAP 1.4.0 released psiinon
• 2012/04/09 [Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Research
• 2012/04/09 [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research
• 2012/04/09 CsForum v0.8 - Cross Site Scripting Vulnerability Research
• 2012/04/09 osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Research
• 2012/04/09 idev Game Site CMS v1.0 - Multiple Web Vulnerabilites Research
• 2012/04/09 [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities Research
• 2012/04/09 CitrusDB 2.4.1 - LFI/SQLi Vulnerability blaszczakm
• 2012/04/09 [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin come2waraxe
• 2012/04/09 [waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1 come2waraxe
• 2012/04/09 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability Aaron T. Myers
• 2012/04/09 PHPNuke Module's Name Download SQL Injection Vulnerabilities CrAzY_CrAcKeR
• 2012/04/05 [security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
• 2012/04/05 [security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS) security-alert
• 2012/04/05 [security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
• 2012/04/05 [waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4 come2waraxe
• 2012/04/05 [waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0 come2waraxe
• 2012/04/05 Wordpress taggator plugin Sql Injection Vulnerabilities Amir
• 2012/04/05 Sony Bravia Remote Denial of Service - CVE-2012-2210 gab . mnunes
• 2012/04/05 vBulletin 4.1.10 Sql Injection Vulnerabilitiy Amir
• 2012/04/05 [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7 Florent Daigniere
• 2012/04/05 [ MDVSA-2012:054 ] libtiff security
• 2012/04/05 Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario
• 2012/04/04 Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario
• 2012/04/04 [SECURITY] [DSA 2447-1] tiff security update Moritz Muehlenhoff
• 2012/04/04 DirectAdmin v1.403 - Cross Site Scripting Vulnerability Research
• 2012/04/04 ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Research
• 2012/04/04 Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Research
• 2012/04/04 [SECURITY] [DSA 2446-1] libpng security update Moritz Muehlenhoff
• 2012/04/04 Sourcefire Defense Center - multiple vulnerabilities. Filip Palian
• 2012/04/04 [SE-2012-01] Security vulnerabilities in Java SE Security Explorations
• 2012/04/04 [ MDVSA-2012:053 ] ocsinventory security
• 2012/04/04 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Systems Product Security Incident Response Team
• 2012/04/04 [security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS) security-alert
• 2012/04/04 'Hotel Booking Portal' SQL Injection (CVE-2012-1672) Mark Stanislav
• 2012/04/04 [DCA-2011-0016] - Tufin SecureTrack Cross Site Script Crash
• 2012/04/04 'phpPaleo' Local File Inclusion (CVE-2012-1671) Mark Stanislav
• 2012/04/04 'e-ticketing' SQL Injection (CVE-2012-1673) Mark Stanislav
• 2012/04/04 Multiple vulnerabilities in osCmax advisory
• 2012/04/04 APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 Apple Product Security
• 2012/04/04 Arbor Networks Peakflow SP web interface XSS b . saleh
• 2012/04/04 [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research
• 2012/04/04 [ MDVSA-2012:052 ] libvorbis security
• 2012/04/04 [ MDVSA-2012:051 ] libvorbis security
• 2012/04/04 [security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS) security-alert
• 2012/04/04 [ MDVSA-2012:050 ] phpmyadmin security
• 2012/04/04 [security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection security-alert
• 2012/04/04 [ MDVSA-2012:049 ] nagios security
• 2012/04/04 [ MDVSA-2012:048 ] mutt security
• 2012/04/04 [ MDVSA-2012:047 ] freeradius security
• 2012/04/04 [ MDVSA-2012:046 ] libpng security
• 2012/04/04 Hackito 2012 Crypto Challenge Jonathan Brossard
• 2012/04/04 IPv6 stable privacy addresses Fernando Gont
• 2012/04/04 [SECURITY] [DSA 2398-2] curl regression Florian Weimer
• 2012/04/04 SQL injection in Wordpress plugin Buddypress ivan_terkin
• 2012/04/04 [SECURITY] [DSA 2442-2] openarena regression Florian Weimer
• 2012/04/04 [SECURITY] [DSA 2445-1] typo3-src security update Florian Weimer
• 2012/04/04 VMSA-2012-0006 VMware ESXi and ESX address several security issues VMware Security Team
• 2012/04/04 Landshop v0.9.2 - Multiple Web Vulnerabilities Research
• 2012/03/30 VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation ds . adv . pub
• 2012/03/30 Intuit Help System Protocol File Retrieval ds . adv . pub
• 2012/03/30 Intuit Help System Protocol URL Heap Corruption and Memory Leak ds . adv . pub
• 2012/03/30 [ MDVSA-2012:045 ] gnutls security
• 2012/03/30 PHP 5.4/5.3 deprecated eregi() memory_limit bypass cxib
• 2012/03/30 Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Research
• 2012/03/29 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 come2waraxe
• 2012/03/29 Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Netsparker Advisories
• 2012/03/29 [ MDVSA-2012:044 ] cvs security
• 2012/03/29 [ MDVSA-2012:043 ] nginx security
• 2012/03/29 NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user Research@NGSSecure
• 2012/03/29 NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked Research@NGSSecure
• 2012/03/29 NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI Research@NGSSecure
• 2012/03/29 NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators Research@NGSSecure
• 2012/03/29 NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts Research@NGSSecure
• 2012/03/29 NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens Research@NGSSecure
• 2012/03/29 [SECURITY] [DSA 2444-1] tryton-server security update Florian Weimer
• 2012/03/29 OWASP AppSec Research EU CFP/CFT OWASP AppSec EU
• 2012/03/28 Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability nospam
• 2012/03/28 D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability nospam
• 2012/03/28 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution nospam
• 2012/03/28 TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow nospam
• 2012/03/28 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team
• 2012/03/28 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features Cisco Systems Product Security Incident Response Team
• 2012/03/28 Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
• 2012/03/28 [security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
• 2012/03/28 [security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data security-alert
• 2012/03/28 [security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert
• 2012/03/28 [security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) security-alert
• 2012/03/28 [security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS) security-alert
• 2012/03/28 [ MDVSA-2012:042 ] wireshark security
• 2012/03/27 [ MDVSA-2012:041 ] expat security
• 2012/03/27 Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer
• 2012/03/27 [ MDVSA-2012:040 ] gnutls security
• 2012/03/27 PcwRunAs Password Obfuscation Design Flaw otr
• 2012/03/27 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0 come2waraxe
• 2012/03/27 [ MDVSA-2012:039 ] libtasn1 security
• 2012/03/27 [PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip Timo Warns
• 2012/03/27 [SECURITY] [DSA 2443-1] linux-2.6 security update dann frazier
• 2012/03/27 [SECURITY] [DSA 2442-1] openarena security update Florian Weimer
• 2012/03/27 Matthew1471s ASP BlogX - XSS Vulnerabilities demonalex
• 2012/03/27 [ MDVSA-2012:038 ] openssl security
• 2012/03/27 Traffic amplification via Quake 3-based servers Simon McVittie
• 2012/03/27 [SECURITY] [DSA 2441-1] gnutls26 security update Florian Weimer
• 2012/03/27 SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer
• 2012/03/27 [SECURITY] [DSA 2440-1] libtasn1-3 security update Florian Weimer
• 2012/03/27 CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories
• 2012/03/23 [ MDVSA-2012:037 ] cyrus-imapd security
• 2012/03/23 [ MDVSA-2012:036 ] libsoup security
• 2012/03/23 [ MDVSA-2012:035 ] file security
• 2012/03/23 [ MDVSA-2012:034 ] libzip security
• 2012/03/23 [SECURITY] [DSA 2439-1] libpng security update Moritz Muehlenhoff
• 2012/03/23 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 Leif Hedstrom
• 2012/03/23 [SECURITY] [DSA 2438-1] raptor security update Moritz Muehlenhoff
• 2012/03/23 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) Mark Stanislav
• 2012/03/23 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) Mark Stanislav
• 2012/03/23 Prado TJavaScript::encode() script injection vulnerability gabor . berczi
• 2012/03/23 [CVE-2012-1089] Apache Wicket serving of hidden files vulnerability Martin Grigorov
• 2012/03/23 [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter Martin Grigorov
• 2012/03/22 CA20120320-01: Security Notice for CA ARCserve Backup Kotas, Kevin J
• 2012/03/21 RE: Regarding MS12-020 Thor (Hammer of God)
• 2012/03/21 RE: Regarding MS12-020 Jim Harrison
• 2012/03/21 [SECURITY] [DSA 2437-1] icedove security update Moritz Muehlenhoff
• 2012/03/21 Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter) Irene Abezgauz

• Earlier messages
• Later messages