TOORCON 14 CALL FOR PAPERS
It's that time of year again! ToorCon 14 is coming so get your code finished
and submit a talk this time around. We're letting you decide if you want to be
a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and
75-minute talks for our Deep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:145
http://www.mandriva.com/security/
It is that time of the year again - we’re pleased to announce the
release of the t2’12 Challenge!
This year’s challenge starts from the homepage of a young woman who is
rumored to be the girlfriend of an infamous carder. To solve the
challenge, the participants need to step into investigator's
Advisory ID: HTB23109
Product: Phorum
Vendor: Phorum Team
Vulnerable Version(s): 5.2.18 and probably prior
Tested Version: 5.2.18
Vendor Notification: August 8, 2012
Public Disclosure: August 29, 2012
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2012-4234
CVSSv2 Base
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:146
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-168
August 29, 2012
- -- CVE ID:
CVE-2011-0340
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-167
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM
sprintf Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-171
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-169
August 29, 2012
- -- CVE ID:
CVE 2012-2516
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX
Control Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-170
August 29, 2012
- -- CVE ID:
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC
Connector Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-172
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-173
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-176
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-175
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-177
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-178
August 29, 2012
- -- CVE ID:
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-179
August 29, 2012
- -- CVE ID:
CVE-2012-2289
- -- CVSS:
7.5,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-181
August 29, 2012
- -- CVE ID:
CVE-2011-4186
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-180
August 29, 2012
- -- CVE ID:
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected Vendors:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-182
August 29, 2012
- -- CVE ID:
CVE-2012-2289
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:147
http://www.mandriva.com/security/
===
Sistem Biwes Multiple Vulnerability
===
Author: eidelweiss (@randyarios)
Product / software: SISTEM BIWES
Vendor Site: http://sistembiwes.com/
.Net Cross Site Scripting - Request Validation Bypassing
==
Seeker Research Center
By Zamir Paltiel, August 2012
Overview
A vulnerability in the .Net Request Validation mechanism allows bypassing the
filter and execution of malicious scripts in
ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-174
August 29, 2012
-- CVE ID:
-- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard
We're using squidGuard 1.4 and discovered a possible denial of service. When a
user is accessing a very long URL, a internal buffer is too small and
squidguard is entering emergency mode. In this mode, no blocking is done
anymore.
The URL for reference:
Hi,
found as part of our SE-2012-01 Java SE security research project [3].
Well, it seems Oracle did not feel the issues Security Explorations
shared were a priority. Blogging about these things has not produced
optimal results either.
Have you reported the issues to US Cert?
Will you be
On 2012-08-29 18:10, Jeffrey Walton wrote:
Have you reported the issues to US Cert?
No. Per our Disclosure Policy, we stick to reporting issues to original
vendors only.
Will you be disclosing details on Bugtraq/Full Disclosure?
Yes. As indicated, we are planning to release a technical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2535-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
August 29, 2012
28 matches
Mail list logo