bugtraq  

Messages by Thread

• • RE: Regarding MS12-020 Thor (Hammer of God)
• [security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
• [MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability david . kurz
• [SECURITY] [DSA 2435-1] gnash security update Gabriele Giacone
• [SECURITY] [DSA 2434-1] nginx security update Luciano Bello
• [SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update Thijs Kinkhorst
• Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass RGill
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products sumanj
• VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768) VUPEN Security Research
• ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability nospam
• Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug" CXySuYg5DuKktzX
• Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability nospam
• ESA-2012-014: RSA enVision Multiple Vulnerabilities Security_Alert
• at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability demonalex
• [security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
• Android wipe unreliable Jan Schejbal
• [ MDVSA-2012:031 ] firefox security
• VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues VMware Security Team
• [ MDVSA-2012:030 ] systemd security
• [ MDVSA-2012:029 ] pidgin security
• VMSA-2012-0004 VMware View privilege escalation and cross-site scripting VMware Security Team
• AST-2012-003: Stack Buffer Overflow in HTTP Manager Asterisk Security Team
• AST-2012-002: Remote Crash Vulnerability in Milliwatt Application Asterisk Security Team
• [SECURITY] [DSA 2433-1] iceweasel security update Moritz Muehlenhoff
• WikyBlog 1.7.3RC2 XSS vulnerability sschurtz
  • Re: WikyBlog 1.7.3RC2 XSS vulnerability Henri Salo
• nginx fix for malformed HTTP responses from upstream servers security-bulletin
• Oracle Exadata Infiniband Switch default logins and world readable shadow file larry0
• Struts2 Security Challenge Ivan Buetler
• Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
• PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability moshez
• Announcing Hackademic CFP B Potter
• Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417] Narendra Shinde
• [security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code security-alert
• [SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update Moritz Muehlenhoff
• APPLE-SA-2012-03-12-1 Safari 5.1.4 Apple Product Security
• Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004 Lists
• Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List
  • Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List
  • Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) vince
  • RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Joe Arnold
• OSI Security: CheckPoint Firewall VPN - Information Disclosure Patrick Webster
• [SECURITY] [DSA 2431-1] libdbd-pg-perl security update Moritz Muehlenhoff
• [SECURITY] [DSA 2430-1] python-pam security update Moritz Muehlenhoff
• Wikidforum 2.10 Multiple security vulnerabilities sschurtz
• Synology Photo Station 5 - Reflected Cross-Site Scripting simon . ganiere
• LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption Markus Vervier
• Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS Henri Salo
• VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE VMware Security Team
• VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Team
• [SECURITY] [DSA 2428-1] freetype security update Moritz Muehlenhoff
• Eleytt Research ER-03-2012 Michal Bucko
• gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Mark Krenz
  • Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Dmitry Yu. Bolkhovityanov
• Iciniti Store SQL Injection - Security Advisory - SOS-12-003 Lists
• SAP Business Objects XI R2 Infoview Multiple XSS vulns
• Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability resea...@vulnerability-lab.com
• Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities resea...@vulnerability-lab.com
• [Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability resea...@vulnerability-lab.com
• APPLE-SA-2012-03-07-3 Apple TV 5.0 Apple Product Security
• APPLE-SA-2012-03-07-2 iOS 5.1 Software Update Apple Product Security
• APPLE-SA-2012-03-07-1 iTunes 10.6 Apple Product Security
• [SECURITY] [DSA 2429-1] mysql-5.1 security update Florian Weimer
• [security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert
• OSClass directory traversal (leads to arbitrary file upload) Filippo Cavallarin
• Multiple SQL injections in rivettracker <=1.03 ali . raheem
• Multiple XSS in Fork CMS advisory
• XCon 2012 XFocus Information Security Conference Call for Paper xcon
• [security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert
• [SECURITY] [DSA 2427-1] imagemagick security update Florian Weimer
• [SECURITY] [DSA 2426-1] gimp security update Florian Weimer
• ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability Security_Alert
• [TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection Joao Paulo Caldas Campello
• [TSI-ADV-1201] Path Traversal on Polycom Web Management Interface Joao Paulo Caldas Campello
• 11in1 CMS v1.2.1 - SQL Injection Vulnerabilities admin@v-lab
• Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
• Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group
• Timesheet Next Gen 1.5.2 Multiple SQLi Thomas Richards
• Symfony2 Local File Disclosure - Security Advisory - SOS-12-002 Lists
• [SECURITY] [DSA 2425-1] plib security update Florian Weimer
• %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process) Stefan Kanthak
• [SECURITY] [DSA 2424-1] libxml-atom-perl security update Florian Weimer
• Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability demonalex
• Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D) Fernando Gont
• [SECURITY] [DSA 2423-1] movabletype-opensource security update Florian Weimer
• [Suspected Spam] FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability resea...@vulnerability-lab.com
• [ MDVSA-2012:028 ] libxslt security
• [SECURITY] [DSA 2422-1] file security update Florian Weimer
• [SECURITY] [DSA 2421-1] moodle security update Moritz Muehlenhoff
• Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
• [ MDVSA-2012:027 ] postgresql8.3 security
• [ MDVSA-2012:026 ] postgresql security
• Multiple XSS in Dotclear advisory
• [SECURITY] [DSA 2420-1] openjdk-6 security update Florian Weimer
• [ MDVSA-2012:025 ] samba security
• ImgPals Photo Host Version 1.0 Admin Account Disactivation CorryL
• [ MDVSA-2012:023-1 ] libvpx security
• [SECURITY] [DSA 2419-1] puppet security update Florian Weimer
• Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec cfp2012
• [SECURITY] [DSA 2418-1] postgresql-8.4 security update Moritz Muehlenhoff
• Wolf CMS v0.7.5 - Multiple Web Vulnerabilities resea...@vulnerability-lab.com
• OSQA CMS v3b - Multiple Persistent Vulnerabilities resea...@vulnerability-lab.com
• Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability resea...@vulnerability-lab.com
• [ MDVSA-2012:023 ] libvpx security
• FrameJammer DOM based XSS mkey
• DeepSec "Sector v6" - Call for Papers DeepSec Conference
• pidgin OTR information leakage Dimitris Glynos
  • Re: pidgin OTR information leakage Jann Horn
  • Re: [Full-disclosure] pidgin OTR information leakage Michele Orru
  • Re: [Full-disclosure] pidgin OTR information leakage Rich Pieri
  • Re: [Full-disclosure] pidgin OTR information leakage Jeffrey Walton
  • Re: [Full-disclosure] pidgin OTR information leakage Dimitris Glynos
  • Re: [Full-disclosure] pidgin OTR information leakage Dimitris Glynos
• [SECURITY] [DSA 2414-2] fex regression Nico Golde
• NGS00237 Patch Notification: Samba Andx request Remote Code Execution Research@NGSSecure
• Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps Felipe M. Aragon
• Kongreg8 1.7.3 Mutiple XSS Thomas Richards
• TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform Trustwave Advisories
• Dropbear SSH server use-after-free vulnerability Danny Fullerton
• PHP Gift Registry 1.5.5 SQL Injection Thomas Richards
  • Fwd: PHP Gift Registry 1.5.5 SQL Injection Thomas Richards
• [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure Onapsis Research Labs
• [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification Onapsis Research Labs
• [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service Onapsis Research Labs
• [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure Onapsis Research Labs
• [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure Onapsis Research Labs
• [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read Onapsis Research Labs
• [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure Onapsis Research Labs
• [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write Onapsis Research Labs
• [security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code security-alert
• [security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert
• [SECURITY] [DSA 2416-1] notmuch security update Thijs Kinkhorst
• CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability demonalex
• Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities Cisco Systems Product Security Incident Response Team
• Security advisory for Bugzilla 4.2 and 4.0.5 LpSolit
• YVS Image Gallery Sql injection CorryL
  • Case YVS Image Gallery Henri Salo
  • Re: [oss-security] Case YVS Image Gallery Henri Salo
  • Re: [oss-security] Case YVS Image Gallery Kurt Seifried
• NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution Research@NGSSecure
• [SECURITY] [DSA 2417-1] libxml2 security update Nico Golde
• TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution ZDI Disclosures
• ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability ZDI Disclosures
• ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures
• Mobile Mp3 Search Engine HTTP Response Splitting CorryL
• [ MDVSA-2012:023 ] libxml2 security
• Multiple XSS in Chyrp advisory
• [ MDVSA-2012:022 ] libpng security
• Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines Simon McVittie
• [SECURITY] [DSA 2415-1] libmodplug security update Nico Golde
• [SECURITY] [DSA 2414-1] fex security update Nico Golde
• Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability demonalex
• IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements Fernando Gont
• F*EX 20111129-2 Cross Site Scripting Vulnerability muuratsalo experimental hack lab
• F*EX <= 20100208 Cross Site Scripting Vulnerabilities muuratsalo experimental hack lab
• Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab
  • Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab
• [SECURITY] [DSA 2413-1] libarchive security update Luk Claes
• Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
  • Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried
• OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
  • Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried
• DC4420 - London DEFCON - February meet - Tuesday February 21st 2012 Major Malfunction
• SQL Injection Vulnerabilities in TestLink jnatal
• SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional SEC Consult Vulnerability Lab
• SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5 SEC Consult Vulnerability Lab
• [SECURITY] [DSA 2412-1] libvorbis security update Moritz Muehlenhoff
• [SECURITY] [DSA 2411-1] mumble security update Florian Weimer
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated] YGN Ethical Hacker Group
• WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability sschurtz
• [ MDVSA-2012:021 ] java-1.6.0-openjdk security
• Puppet Dashboard insecure by default Schweiss, Chip
• PHP 5.2.x Remote Code Execution Vulnerability Worawit Wang
• IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains Fernando Gont
• [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
• 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) Kousuke Ebihara
  • Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) Rodrigo Rubira Branco (BSDaemon)
• [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability resea...@vulnerability-lab.com
• Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session resea...@vulnerability-lab.com
• Hackito Ergo sum // HES2012 Final CFP // Call for Hackers Jonathan Brossard
• [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip Timo Warns
• 2012 Honeynet Project Security Workshop Guillaume Arcas
• [SECURITY] [DSA 2410-1] libpng security update Moritz Muehlenhoff
• Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
• TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution noreply
• [SECURITY] [DSA 2409-1] devscripts security update Raphael Geissert
• Multiple vulnerabilities in LEPTON advisory
• Multiple vulnerabilities in 11in1 advisory
• [ MDVSA-2012:020 ] phpldapadmin security

• Earlier messages
• Later messages