[Full-disclosure] [Security-news] SA-CONTRIB-2012-154 - Basic webmail - Multiple vulnerabilities

View online: http://drupal.org/node/1808852 * Advisory ID: DRUPAL-SA-CONTRIB-2012-154 * Project: Basic webmail [1] (third-party module) * Version: 6.x * Date: 2012-October-10 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1808856 * Advisory ID: DRUPAL-SA-CONTRIB-2012-155 * Project: ShareThis [1] (third-party module) * Version: 7.x * Date: 2012-October-10 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 --- VMware Security Advisory Advisory ID: VMSA-2012-0014 Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates Issue

[Full-disclosure] [ MDVSA-2012:151-1 ] ghostscript

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:151-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:150-1 ] java-1.6.0-openjdk

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:150-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:160 ] imagemagick

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:160 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:157 ] openjpeg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:157 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:158 ] gc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:158 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:159 ] freeradius

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:159 http://www.mandriva.com/security

[Full-disclosure] [Security-news] SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1802218 * Advisory ID: DRUPAL-SA-CONTRIB-2012-149 * Project: Hostip [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-October-03 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1802230 * Advisory ID: DRUPAL-SA-CONTRIB-2012-150 * Project: Twitter Pull [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-October-03 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request Forgery

View online: http://drupal.org/node/1802258 * Advisory ID: DRUPAL-SA-CONTRIB-2012-151 * Project: Commerce extra panes [1] (third-party module) * Version: 7.x * Date: 2012-October-3 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request

[Full-disclosure] [ MDVSA-2012:152-1 ] bind

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:152-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:156 ] inn

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:156 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:155-1 ] xinetd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:155-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:153-1 ] dhcp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:153-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:154-1 ] apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:154-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:154 ] apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:154 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:155 ] xinetd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:155 http://www.mandriva.com/security

Re: [Full-disclosure] [SE-2012-01] Critical security issue affecting Java SE 5/6/7

to the public regarding security risks identified in a given software / technology. Due to our old fashioned approach to communication (we don't tweet, blog, etc.), we carry these warnings by the means of sending posts to Bugtraq and Full Disclosure mailing lists. I am not sure if you remember these times

[Full-disclosure] Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

to the vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability

updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips Note: The September 26, 2012, Cisco IOS Software

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability

at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability

traffic from transiting the affected interfaces. Cisco has released free software updates that addresses this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

the DHCP version 6 (DHCPv6) server feature enabled, causing a reload. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6 Note

[Full-disclosure] Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability

released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp Note: The September 26, 2012

[Full-disclosure] Cisco Security Advisory: Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability

that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc Note: The September 26, 2012, Cisco IOS Software Security Advisory

[Full-disclosure] [Security-news] SA-CONTRIB-2012-148 - OG - Access Bypass

View online: http://drupal.org/node/1796036 * Advisory ID: DRUPAL-SA-CONTRIB-2012-148 * Project: Organic groups [1] (third-party module) * Version: 7.x * Date: 2012-September-26 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass

[Full-disclosure] [SE-2012-01] Critical security issue affecting Java SE 5/6/7

Hello All, We've recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The impact of this issue is critical - we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6

[Full-disclosure] [2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20120620-ac Revision 2.0 Last Updated 2012 September 19 16:01 UTC (GMT) For Public Release 2012 June 20 16:00 UTC (GMT

[Full-disclosure] [Security-news] SA-CONTRIB-2012-142 - Spambot - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1789242 * Advisory ID: DRUPAL-SA-CONTRIB-2012-142 * Project: Spambot [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-September-19 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-143 PRH Search - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1789252 * Advisory ID: DRUPAL-SA-CONTRIB-2012-143 * Project: PRH Search [1] (third-party module) * Version: 7.x * Date: 2012-September-19 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-144 Fonecta verify - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1789258 * Advisory ID: DRUPAL-SA-CONTRIB-2012-144 * Project: Fonecta verify [1] (third-party module) * Version: 7.x * Date: 2012-September-19 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-145 - Imagemenu - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1789260 * Advisory ID: DRUPAL-SA-CONTRIB-2012-145 * Project: Imagemenu [1] (third-party module) * Version: 6.x * Date: 2012-September-19 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution

View online: http://drupal.org/node/1789284 * Advisory ID: DRUPAL-SA-CONTRIB-2012-146 * Project: Simplenews Scheduler [1] (third-party module) * Version: 6.x * Date: 2012-September-19 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Arbitrary PHP

[Full-disclosure] [Security-news] SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1789306 * Advisory ID: DRUPAL-SA-CONTRIB-2012-147 * Project: FileField Sources [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-September-19 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site

[Full-disclosure] [ MDVSA-2012:153 ] dhcp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:153 http://www.mandriva.com/security

[Full-disclosure] [IA38] NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION --- Product:Sound Editor Pro v7.5.1 Vendor URL: www.soundeditorpro.com Type: Stack-based Buffer Overflow [CWE-121] Date found: 2012-08-15 Date published: 2012-09-16 CVSSv2 Score

[Full-disclosure] [ MDVSA-2012:152 ] bind

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:152 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:151 ] ghostscript

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:151 http://www.mandriva.com/security

[Full-disclosure] Cisco Security Advisory: Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

exploitation of this vulnerability. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp -BEGIN PGP SIGNATURE- Version: GnuPG

[Full-disclosure] Cisco Security Advisory: Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability

) +- Summary === Cisco ASA-CX Context-Aware Security appliance and Cisco Prime Security Manager (PRSM) contain a denial of service (DoS) vulnerability in versions prior to 9.0.2-103. Successful exploitation of this vulnerability on the Cisco ASA-CX could cause the device to stop processing user

[Full-disclosure] [Security-news] SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1782686 * Advisory ID: DRUPAL-SA-CONTRIB-2012-140 * Project: Inf08 [1] (third-party module) * Version: 6.x * Date: 2012-September-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-141 - Mass Contact - Access bypass

View online: http://drupal.org/node/1782832 * Advisory ID: DRUPAL-SA-CONTRIB-2012-141 * Project: Mass Contact [1] (third-party module) * Version: 6.x * Date: 2012-September-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass

[Full-disclosure] [Security-news] SA-CONTRIB-2012-139 - PDFThumb OS Injection

View online: http://drupal.org/node/1782580 * Advisory ID: DRUPAL-SA-CONTRIB-2012-139 * Project: PDFThumb [1] (third-party module) * Version: 7.x * Date: 2012-September-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: OS Injection

[Full-disclosure] [SE-2012-01] Security vulnerabilities in IBM Java

Hello All, Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software [1]. This is IBM [2] implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can

[Full-disclosure] [ MDVSA-2012:150 ] java-1.6.0-openjdk

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:150 http://www.mandriva.com/security

[Full-disclosure] [Security-news] SA-CONTRIB-2012-137 - Heartbeat - Cross Site Request Forgery (CSRF) in heartbeat_comments

View online: http://drupal.org/node/1775470 * Advisory ID: DRUPAL-SA-CONTRIB-2012-137 * Project: Heartbeat [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-September-5 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request

[Full-disclosure] [Security-news] SA-CONTRIB-2012-138 - Exposed Filter Data - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1775582 * Advisory ID: DRUPAL-SA-CONTRIB-2012-138 * Project: Exposed Filter Data [1] (third-party module) * Version: 6.x * Date: 2012-September-05 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] ekoparty Security Conference and Trainings - 8th edition

[ * ] ekoparty Security Conference and Trainings - 8th edition [ * ] http://www.ekoparty.org Trainings: September 17-18 / Conference: September 19-21, 2012 Ciudad Autónoma de Buenos Aires, Argentina [*] WHAT? ekoparty is a one-of-a-kind event in South America; an annual security conference

[Full-disclosure] [ MDVSA-2012:149 ] fetchmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:149 http://www.mandriva.com/security

[Full-disclosure] VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2012-0013 Synopsis: VMware vSphere and vCOps updates to third party libraries Issue date: 2012-08-30

Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack

-up where we will present many new details of security issues found. We'll send notification about the paper release to Bugtraq / Full Disclosure mailing lists. We do not plan to do that prior to the release of the necessary security fixes by Oracle though. Thank you. Best Regards, Adam Gowdiak

Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack

method is used to achieve a complete JVM sandbox bypass is different from what was demonstrated to Oracle (different exploitation path). Thanks. -- Best Regards, Adam Gowdiak - Security Explorations http://www.security-explorations.com We bring security

[Full-disclosure] [SE-2012-01] New security issue affecting Java SE 7 Update 7

vector with the use of the sun.awt.SunToolkit class. Removing getField and getMethod methods from the implementation of the aforementioned class caused all of our full sandbox bypass Proof of Concept codes [2] not to work any more (please note, that not all security issues that were reported in Apr

[Full-disclosure] [ MDVSA-2012:074-1 ] ffmpeg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:074-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:148 ] ffmpeg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:148 http://www.mandriva.com/security

[Full-disclosure] AST-2012-012: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

[Full-disclosure] AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users

Asterisk Project Security Advisory - AST-2012-013 ProductAsterisk SummaryACL rules ignored when placing outbound calls by certain IAX2 users

[Full-disclosure] [ MDVSA-2012:145 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:145 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:146 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:146 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:147 ] mozilla-thunderbird

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:147 http://www.mandriva.com/security

[Full-disclosure] [Security-news] SA-CONTRIB-2012-132 - Announcements - Access Bypass

View online: http://drupal.org/node/1762480 * Advisory ID: DRUPAL-SA-CONTRIB-2012-132 * Project: Announcements [1] (third-party module) * Version: 6.x * Date: 2012-August-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass

[Full-disclosure] [Security-news] SA-CONTRIB-2012-131 - Email Field - Access Bypass

View online: http://drupal.org/node/1762470 * Advisory ID: DRUPAL-SA-CONTRIB-2012-131 * Project: Email Field [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-29 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access bypass

[Full-disclosure] [Security-news] SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) Arbitrary PHP code execution

View online: http://drupal.org/node/1762482 * Advisory ID: DRUPAL-SA-CONTRIB-2012-133 * Project: Taxonomy Image [1] (third-party module) * Version: 6.x * Date: 2012-August-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-130 - Jstool - Multiple Vulnerabilities

View online: http://drupal.org/node/1762220 * Advisory ID: DRUPAL-SA-CONTRIB-2012-130 * Project: Javascript Tool [1] (third-party module) * Version: 7.x * Date: 2012-August-29 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Multiple vulnerabilities

[Full-disclosure] [Security-news] SA-CONTRIB-2012-129 - Activism - Access Bypass

View online: http://drupal.org/node/1762160 * Advisory ID: DRUPAL-SA-CONTRIB-2012-129 * Project: Activism [1] (third-party module) * Version: 6.x * Date: 2012-08-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access Bypass

[Full-disclosure] [Security-news] SA-CONTRIB-2012-134 - Views - Privilege Escalation

View online: http://drupal.org/node/1762492 * Advisory ID: DRUPAL-SA-CONTRIB-2012-134 * Project: (third-party module) * Version: 6.x * Date: 2012-August-29 * Security risk: Critical [1] * Exploitable from: Remote * Vulnerability: Privilege escalation DESCRIPTION

[Full-disclosure] [Security-news] SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention

View online: http://drupal.org/node/1762496 * Advisory ID: DRUPAL-SA-CONTRIB-2012-135 * Project: CAPTCHA [1] (third-party module) * Version: 6.x * Date: 2011-August-29 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION

[Full-disclosure] [Security-news] SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1762734 * Advisory ID: DRUPAL-SA-CONTRIB-2012-136 * Project: Apache Solr Autocomplete [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross

[Full-disclosure] [ MDVSA-2012:144 ] tetex

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:144 http://www.mandriva.com/security

[Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack

Hello All, This post is made in reference to recently discovered attack against Java SE 7 platform [1][2]. We discovered that the vulnerabilities used by the attack code are similar to some of the weaknesses that we have found as part of our SE-2012-01 Java SE security research project [3

[Full-disclosure] [IA23] Aoop CMS v0.3.6 Multiple Vulnerabilities

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION --- Product:Aoop CMS Vendor URL: www.annonyme.de Type: Cross-site Scripting [CWE-79], SQL-Injection [CWE-89] Date found: 2012-04-07 Date published: 2012-08-24 CVSSv2 Score

[Full-disclosure] [ MDVSA-2012:143 ] python-django

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:143 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:141 ] openslp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:141 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:142 ] gimp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:142 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:140 ] mono

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:139 ] postgresql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:139 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:136 ] phpmyadmin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:136 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:138 ] acpid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:138 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:137 ] acpid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:137 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:133 ] usbmuxd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:133 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:134 ] wireshark

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:134 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:135 ] wireshark

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:135 http://www.mandriva.com/security

[Full-disclosure] [2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability

software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org

[Full-disclosure] [ MDVSA-2012:132 ] glpi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:132 http://www.mandriva.com/security

[Full-disclosure] [Security-news] SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS)

View online: http://drupal.org/node/1732946 * Advisory ID: DRUPAL-SA-CONTRIB-2012-126 * Project: HotBlocks [1] (third-party module) * Version: 6.x * Date: 2012-August-15 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1733056 * Advisory ID: DRUPAL-SA-CONTRIB-2012-128 * Project: Elegant Theme [1] (third-party module) * Version: 7.x * Date: 2012-August-15 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability

View online: http://drupal.org/node/1732980 * Advisory ID: DRUPAL-SA-CONTRIB-2012-127 * Project: Custom Publishing Options [1] (third-party module) * Version: 6.x * Date: 2012-August-15 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site

[Full-disclosure] [ MDVSA-2012:131 ] libotr

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:131 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:130 ] openldap

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:130 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:129 ] busybox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:129 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:129-1 ] busybox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:129-1 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:128 ] bash

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:128 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:126 ] libxml2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:126 http://www.mandriva.com/security

[Full-disclosure] [ MDVSA-2012:127 ] libtiff

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:127 http://www.mandriva.com/security

[Full-disclosure] [Security-news] SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1719392 * Advisory ID: DRUPAL-SA-CONTRIB-2012-121 * Project: Shorten URLs [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-8 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

[Full-disclosure] [Security-news] SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS)

View online: http://drupal.org/node/1719402 * Advisory ID: DRUPAL-SA-CONTRIB-2012-122 * Project: Better Revisions [1] (third-party module) * Version: 7.x * Date: 2012-August-08 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting

<    3   4   5   6   7   8   9   10   11   12   >