bugtraq  

Messages by Thread

• IpTools - Rcmd Remote Overflow Vulnerability demonalex
• IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability demonalex
• [SECURITY] [DSA 2381-1] squid3 security update Florian Weimer
• [ GLSA 201201-02 ] MySQL: Multiple vulnerabilities Tim Sammut
• ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities ZDI Disclosures
• SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities security
• VertrigoServ 2.25 Cross-Site-Scripting vulnerability security
• VLC media player v1.1.11 (.amr) Local Crash PoC hapsec
• Ggb Guestbook - XSS Vulnerabilities demonalex
• SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 SEC Consult Vulnerability Lab
• NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability Research@NGSSecure
• NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS Research@NGSSecure
• HServer webserver - Directory Traversal Vulnerability demonalex
• Revised IETF I-D: Advice on IPv6 RA-Guard Implementation Fernando Gont
• [ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities Tim Sammut
• [SECURITY] [DSA 2380-1] foomatic-filters security update Florian Weimer
• [SECURITY] [DSA 2379-1] krb5 security update Florian Weimer
• Open Redirection Vulnerability in Orchard 1.3.9 Netsparker Advisories
• Multiple vulnerabilities in ImpressCMS advisory
• TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System Trustwave Advisories
• InfoSec Southwest 2012 CFP First-round Speaker Selections I)ruid
• [SECURITY] [DSA 2378-1] ffmpeg security update Moritz Muehlenhoff
• SQL Injection Vulnerability in OpenEMR 4.1.0 Netsparker Advisories
• [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations
  • Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations
  • Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations
• [RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting GmbH
• mavili guestbook - SQL Injection and XSS Vulnerabilities demonalex
• Tinyguestbook XSS tom
  • Re: Tinyguestbook XSS Henri Salo
• OpenKM 5.1.7 OS Command Execution (XSRF based) Cyrill Brunschwiler
• OpenKM 5.1.7 Privilege Escalation Cyrill Brunschwiler
  • Re: OpenKM 5.1.7 Privilege Escalation pavila
• BigACE CMS - XSS Vulnerabilities demonalex
• [ MDVSA-2012:002 ] t1lib security
• [ MDVSA-2012:001 ] fcgi security
• [SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update Nico Golde
• [ MDVSA-2011:198 ] phpmyadmin security
• [SECURITY] [DSA 2376-2] ipmitool security update Thijs Kinkhorst
• SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416 SEC Consult Vulnerability Lab
• [ MDVSA-2011:197 ] php security
• [SECURITY] [DSA 2263-2] movabletype-opensource security update Thijs Kinkhorst
• [SECURITY] [DSA 2376-1] ipmitool security update Thijs Kinkhorst
• Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13 LpSolit
• Winn Guestbook v2.4.8c Stored XSS tom
• [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani
• n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table security
• [ MDVSA-2011:196 ] ipmitool security
• [ MDVSA-2011:195 ] krb5-appl security
• [security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code security-alert
• [security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
• [security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert
• [ MDVSA-2011:194 ] icu security
• [ MDVSA-2011:193 ] squid security
• MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] Tom Yu
• [SECURITY] [DSA 2375-1] krb5. krb5-appl security update Florian Weimer
• [SECURITY] [DSA 2374-1] openswan security update Moritz Muehlenhoff
• [SECURITY] [DSA 2373-1] inetutils security update Florian Weimer
• [SECURITY] [DSA 2372-1] heimdal security update Florian Weimer
• Lighttpd Proof of Concept code for CVE-2011-4362 pi3
• [ MDVSA-2011:192 ] mozilla security
• Merry Christmas from the FreeBSD Security Team FreeBSD Security Officer
• FreeBSD Security Advisory FreeBSD-SA-11:10.pam FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:07.chroot FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:06.bind FreeBSD Security Advisories
• Xmas 2011 Security Puzzle Ivan Buetler
• Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection n0b0d13s
• TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin Trustwave Advisories
• ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities ZDI Disclosures
• ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities ZDI Disclosures
• ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability ZDI Disclosures
• [MATTA-2011-001] pfSense x509 Insecure Certificate Creation Florent Daigniere
• Exploit for Asterisk Security Advisory AST-2011-013 Ben Williams
• [SECURITY] [DSA 2370-1] unbound security update Florian Weimer
• [SECURITY] [DSA 2369-1] libsoup2.4 security update Nico Golde
• Multiple vulnerabilities in epesi BIM advisory
• Multiple vulnerabilities in OBM advisory
• [SECURITY] [DSA 2368-1] lighttpd security update Nico Golde
• [SECURITY] [DSA 2381-] lighttpd security update Nico Golde
• post-XSS landscape Michal Zalewski
• TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface Trustwave Advisories
• Tiki Wiki CMS Groupware Stored Cross-Site-Scripting security
• Multiple vulnerabilities in PHPShop CMS Free advisory
• [security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
• ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability ZDI Disclosures
• [SECURITY] [DSA 2367-1] asterisk security update Moritz Muehlenhoff
• Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011 Fernando Gont
• [SECURITY] [DSA 2366-1] mediawiki security update Jonathan Wiltshire
• Syhunt: Time-Based Blind NoSQL Injection Felipe M. Aragon
• Novell Sentinel Log Manager <=1.2.0.1 Path Traversal Andrea Fabrizi
• SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp SEC Consult Vulnerability Lab
• SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet SEC Consult Vulnerability Lab
• [ MDVSA-2011:191 ] libarchive security
• [ MDVSA-2011:190 ] libarchive security
• IFIP NTMS'2012 - Deadline Extended to 12 January 2012 publicity
• [SECURITY] [DSA 2365-1] dtc security update Moritz Muehlenhoff
• PHP Booking Calendar 10e XSS tom
  • Re: PHP Booking Calendar 10e XSS Henri Salo
• SASHA v0.2.0 Mutiple XSS tom
  • Re: SASHA v0.2.0 Mutiple XSS Henri Salo
• appRain CMF v0.1.5 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• [Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• [SECURITY] [DSA 2364-1] xorg security update Moritz Muehlenhoff
• [SECURITY] [DSA 2363-1] tor security update Moritz Muehlenhoff
• VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) VUPEN Security Research
• VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) VUPEN Security Research
• VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) VUPEN Security Research
• VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) VUPEN Security Research
• silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski
• [ MDVSA-2011:189 ] jasper security
• [security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
• [security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
• <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem
  • Re: <BASE> tag used for hijacking external resources (XSS) Jann Horn
  • Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas
  • Re: <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem
  • Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas
  • Re: <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem
  • Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas
• [ MDVSA-2011:188 ] libxml2 security
• Seotoaster SQL-Injection Admin Login Bypass security
• New IETF I-Ds on Fragmentation-related security issues Fernando Gont
• New IETF I-D on "Stable Privacy Addresses" Fernando Gont
• [RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes RedTeam Pentesting GmbH
• [RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass RedTeam Pentesting GmbH
• NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI Research@NGSSecure
• NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM Research@NGSSecure
• NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI Research@NGSSecure
• [ MDVSA-2011:187 ] php-pear security
• NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI Research@NGSSecure
• HTML 5 Security Report Ivan Buetler
• ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) Security_Alert
  • Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) security_alert
• PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability sschurtz
• 0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9 0a29 40
• 0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9 0a29 40
• [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202 Tavaris Desamito
• Multiple vulnerabilities in Browser CRM advisory
• Citrix Receiver, XenDesktop "Pass-the-hash" Attack vtek63
• ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability ZDI Disclosures
• Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability Secunia Research
• Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities Amir
• ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise) Security_Alert
• [ MDVSA-2011:186 ] nfs-utils security
• [ MDVSA-2011:185 ] libcap security
• Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski
• [ MDVSA-2011:184 ] krb5 security
• Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities Secunia Research
• WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Amir
  • Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Henri Salo
• OSI Security: Squiz Matrix - User Account Enumeration Troy Rose
• Introduction to R-sequence public key cryptography attack Michal Bucko
  • Re:Re: Introduction to R-sequence public key cryptography attack Michal Bucko
• [ MDVSA-2011:183 ] pidgin security
• zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal security
• Call for Papers -YSTS 6 - Security Conference, Brazil Luiz Eduardo
• [SECURITY] [DSA 2362-1] acpid security update Moritz Muehlenhoff
• the week of silly PoCs continues: data://www.mybank.com/ Michal Zalewski
  • Re: the week of silly PoCs continues: data://www.mybank.com/ nothanks
• *CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers AppSec DC
• [SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption signaladvisory
• CA20111208-01: Security Notice for CA SiteMinder Williams, James K
• AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled Asterisk Security Team
• AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings Asterisk Security Team
• DC4420 - London DEFCON - 13 December 2011 Major Malfunction
• Call for Papers - 2012 Rocky Mountain Information Security Conference president
• [ MDVSA-2011:182 ] dhcp security
• [DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure Crash
• 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11 0a29 40
• seamless bait-and-switch Michal Zalewski
  • Re: seamless bait-and-switch Michal Zalewski
  • Re: seamless bait-and-switch Michal Zalewski
  • Re: seamless bait-and-switch Jann Horn
  • Re: seamless bait-and-switch Charles Morris
• ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability ZDI Disclosures
• [SECURITY] [DSA 2361-1] chasen security update Florian Weimer
• DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection ddivulnalert
• [ MDVSA-2011:181 ] proftpd security
• [security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
• [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable Moritz Muehlenhoff
• [SECURITY] [DSA 2359-1] mojarra security update Florian Weimer
• MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530] Tom Yu
• [security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert
• Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities irist . ir

• Earlier messages
• Later messages