Home page logo
/

230 messages starting Nov 26 10 and ending Nov 27 10
Date index | Thread index | Author index

0kn0ck

CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp 0kn0ck (Nov 26)
NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) 0kn0ck (Nov 27)

ACROS Security Lists

ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player ACROS Security Lists (Nov 05)
ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010 ACROS Security Lists (Nov 10)
ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 ACROS Security Lists (Nov 10)
ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 ACROS Security Lists (Nov 10)
Additional information on the Microsoft Office 2010 binary planting bugs ACROS Security Lists (Nov 12)

advisories

Seo Panel 2.1.0 - Critical File Disclosure advisories (Nov 08)
vBulletin 4.0.8 - Persistent XSS via Profile Customization advisories (Nov 15)
vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization advisories (Nov 22)

Advisories Toucan-System

TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption Advisories Toucan-System (Nov 27)

advisory

Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal advisory (Nov 02)
Stored XSS vulnerability in Webmedia Explorer advisory (Nov 02)
XSS vulnerability in Kandidat CMS advisory (Nov 02)
XSS vulnerability in MemHT Portal advisory (Nov 02)
XSS vulnerability in Kandidat CMS advisory (Nov 02)
XSS vulnerability in MemHT Portal advisory (Nov 02)
XSS vulnerability in Kandidat CMS advisory (Nov 02)
BBcode XSS in MiniBB advisory (Nov 04)
SQL injection in SweetRice CMS advisory (Nov 04)
RFI in JAF CMS advisory (Nov 04)
Shell create & command execution in JAF CMS advisory (Nov 04)
XSS in SweetRice CMS advisory (Nov 04)
Reset admin password in SweetRice CMS advisory (Nov 04)
SQL injection in MiniBB advisory (Nov 04)
XSS in Textpattern CMS advisory (Nov 04)
LFI in eoCMS advisory (Nov 04)
Path disclosure in eoCMS advisory (Nov 04)
SQL injection in eoCMS advisory (Nov 04)
LFI in eoCMS advisory (Nov 04)
BBcode XSS in eoCMS advisory (Nov 04)
Information disclosure in IceBB advisory (Nov 17)
Path disclosure in IceBB advisory (Nov 17)
BBcode XSS in CLANSPHERE advisory (Nov 17)
Path disclosure in CLANSPHERE advisory (Nov 17)
XSS in CLANSPHERE advisory (Nov 17)
SQL Injection in CLANSPHERE advisory (Nov 17)
SQL injection in CompactCMS advisory (Nov 17)
Information disclosure in IceBB advisory (Nov 17)
SQL injection in IceBB advisory (Nov 17)
XSS in CompactCMS advisory (Nov 18)
XSS in CompactCMS advisory (Nov 18)
XSS vulnerability in Wolf CMS advisory (Nov 26)
XSRF (CSRF) in Frog CMS advisory (Nov 26)
XSS vulnerability in Frog CMS advisory (Nov 26)
XSS vulnerability in Frog CMS advisory (Nov 26)
XSS vulnerability in Frog CMS advisory (Nov 26)
XSRF (CSRF) in Wolf CMS advisory (Nov 26)
XSS vulnerability in Wolf CMS advisory (Nov 26)
XSS vulnerability in Wolf CMS advisory (Nov 27)

Amit Klein

Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer Amit Klein (Nov 16)
Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability Amit Klein (Nov 22)

apa-iutcert

AOL Instant Messenger Insecure Library Loading Vulnerability apa-iutcert (Nov 29)
Google Desktop Insecure Library Loading Vulnerability apa-iutcert (Nov 29)

Arturo 'Buanzo' Busleiman

Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer Arturo 'Buanzo' Busleiman (Nov 04)

ascii

Vtiger CRM 5.2.0 Multiple Vulnerabilities ascii (Nov 19)

asmo

Re: D-Link DIR-300 authentication bypass asmo (Nov 15)

bt

[eVuln.com] Cookie Auth Bypass in Hot Links SQL bt (Nov 19)
[eVuln.com] URL and Title XSS in AxsLinks bt (Nov 19)
[eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version) bt (Nov 22)
[eVuln.com] url XSS in Hot Links Lite bt (Nov 22)
[eVuln.com] URL XSS in Easy Banner Free bt (Nov 26)
[eVuln.com] SQL injections in FreeTicket bt (Nov 26)
[eVuln.com] SQL injection Auth Bypass in Easy Banner Free bt (Nov 26)
[eVuln.com] Multiple XSS inj in Wernhart Guestbook bt (Nov 30)
[eVuln.com] Multiple SQL injections in Wernhart Guestbook bt (Nov 30)

bugtraq

Packet Storm - New Site bugtraq (Nov 15)

Cisco Systems Product Security Incident Response Team

Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products Cisco Systems Product Security Incident Response Team (Nov 17)

CORE Security Technologies Advisories

[CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch CORE Security Technologies Advisories (Nov 09)
CORE-2010-1018 - Landesk OS command injection CORE Security Technologies Advisories (Nov 12)

danieljcrteixeira

Common consumer routers password disclosure danieljcrteixeira (Nov 05)

dann frazier

[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues dann frazier (Nov 30)

Dan Rosenberg

Kernel 0-day Dan Rosenberg (Nov 10)
Re: Kernel 0-day Dan Rosenberg (Nov 19)
Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :( Dan Rosenberg (Nov 26)

Deng Ching

[CVE-2010-3449] Apache Archiva CSRF Vulnerability Deng Ching (Nov 30)

ecco

Re: Saved XSS vulnerability in Internet Explorer ecco (Nov 19)

eidelweiss

AWCM v2.2 Auth Bypass Vulnerabilities eidelweiss (Nov 17)

Fatih Kilic

IBM OmniFind - several vulnerabilities Fatih Kilic (Nov 09)

Felipe Martins

Re: Kernel 0-day Felipe Martins (Nov 18)

Florent Daigniere

Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038 Florent Daigniere (Nov 17)

Florian Weimer

[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses Florian Weimer (Nov 02)
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities Florian Weimer (Nov 02)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs FreeBSD Security Advisories (Nov 12)
FreeBSD Security Advisory FreeBSD-SA-10:10.openssl FreeBSD Security Advisories (Nov 30)

g . maone

Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) g . maone (Nov 26)

Hafez Kamal

[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal (Nov 12)
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal (Nov 18)

Hans Wolters

RE: Saved XSS vulnerability in Internet Explorer Hans Wolters (Nov 19)

Henri Lindberg

nSense-2010-003: Cisco Unified Communications Manager Henri Lindberg (Nov 08)

info

Mozilla Firefox 3.6.12 Denial of Service Vulnerability info (Nov 26)

Ivan Buetler

Wargame Qualifications - Win a car !!! Ivan Buetler (Nov 05)

James Lay

Re: Kernel 0-day James Lay (Nov 10)

Jamie Strandboge

[USN-1011-3] Xulrunner vulnerability Jamie Strandboge (Nov 01)
[USN-1008-4] libvirt regression Jamie Strandboge (Nov 09)
[USN-1015-1] libvpx vulnerability Jamie Strandboge (Nov 10)
[USN-1016-1] libxml2 vulnerability Jamie Strandboge (Nov 12)

Juan Galiana Lara

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities Juan Galiana Lara (Nov 30)

Karol Celiński

D-Link DIR-300 authentication bypass Karol Celiński (Nov 09)
Re: D-Link DIR-300 authentication bypass Karol Celiński (Nov 09)
Re: D-Link DIR-300 authentication bypass Karol Celiński (Nov 19)

k g

Call for Papers: The International Conference on Cyber Conflict, Estonia k g (Nov 01)

Konrad Rieck

CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment Konrad Rieck (Nov 08)

labs-no-reply

iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability labs-no-reply (Nov 10)
iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability labs-no-reply (Nov 12)

Laurent OUDOT at TEHTRI-Security

[TEHTRI-Security] CVE-2010-1752: Update your MacOSX Laurent OUDOT at TEHTRI-Security (Nov 12)

Les Hazlewood

CVE-2010-3863: Apache Shiro information disclosure vulnerability Les Hazlewood (Nov 03)

Lorenzo Cavallaro

DIMVA 2011 Call for Workshops Proposals Lorenzo Cavallaro (Nov 08)

Luiz Eduardo

Call for Papers -YSTS V - Security Conference, Brazil Luiz Eduardo (Nov 01)

Marc Deslauriers

[USN-1012-1] CUPS vulnerability Marc Deslauriers (Nov 04)
[USN-1013-1] FreeType vulnerabilities Marc Deslauriers (Nov 04)
[USN-1014-1] Pidgin vulnerabilities Marc Deslauriers (Nov 04)
[USN-1017-1] MySQL vulnerabilities Marc Deslauriers (Nov 12)
[USN-1022-1] APR-util vulnerability Marc Deslauriers (Nov 26)
[USN-1021-1] Apache vulnerabilities Marc Deslauriers (Nov 27)
[USN-1024-1] OpenJDK vulnerability Marc Deslauriers (Nov 30)

Mark Stanislav

'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) Mark Stanislav (Nov 01)
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) Mark Stanislav (Nov 22)
'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313) Mark Stanislav (Nov 30)

Mark Thomas

[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability Mark Thomas (Nov 22)

Max Kanat-Alexander

Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 Max Kanat-Alexander (Nov 04)

md . r00t . defacer

Adsoft Remote Sql Injection Vulnerability md . r00t . defacer (Nov 04)

mfardiles

Re: D-Link DIR-300 authentication bypass mfardiles (Nov 12)

Michal Zalewski

some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability) Michal Zalewski (Nov 08)
Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability Michal Zalewski (Nov 26)

MustLive

XSS and SQL Injection vulnerabilities in CMS WebManager-Pro MustLive (Nov 01)
Vulnerabilities in PHPShop MustLive (Nov 08)
Vulnerability in Google AJAX Search MustLive (Nov 12)
Saved XSS vulnerability in Internet Explorer MustLive (Nov 15)
Re: Saved XSS vulnerability in Internet Explorer MustLive (Nov 19)
New vulnerabilities in CMS SiteLogic MustLive (Nov 22)
[Suspected Spam]Vulnerabilities in Register Plus for WordPress MustLive (Nov 26)
Vulnerabilities in Joomla MustLive (Nov 29)

Nelson Brito

[DEMO] Sample videos about IDS/IPS evasions... Nelson Brito (Nov 01)

neza0x

Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer neza0x (Nov 04)

Nick Freeman

Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability Nick Freeman (Nov 02)

nullcon

nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November nullcon (Nov 17)

Onapsis Research Labs

[Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation Onapsis Research Labs (Nov 03)
[Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access Onapsis Research Labs (Nov 03)
[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution Onapsis Research Labs (Nov 03)

Philippe Langlois

Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP Philippe Langlois (Nov 08)

Research () NGSSecure

NGS00015 Patch Notification: ImageIO Memory Corruption Research () NGSSecure (Nov 22)

Rodrigo Branco

Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086 Rodrigo Branco (Nov 01)
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 Rodrigo Branco (Nov 01)
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088 Rodrigo Branco (Nov 01)
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087 Rodrigo Branco (Nov 01)
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089 Rodrigo Branco (Nov 01)
Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978 Rodrigo Branco (Nov 08)
Apple Directory Services Memory Corruption - CVE-2010-1840 Rodrigo Branco (Nov 12)

Rodrigo Rubira Branco (BSDaemon)

H2HC 2010 - Final Speakers List Available Rodrigo Rubira Branco (BSDaemon) (Nov 01)
Malware Collections and Feed Exchange Rodrigo Rubira Branco (BSDaemon) (Nov 08)
H2CSO (Hackers to CSO) debate second edition - Free Live Streaming Rodrigo Rubira Branco (BSDaemon) (Nov 19)
H2HC Cancun - Free Entrance! Rodrigo Rubira Branco (BSDaemon) (Nov 22)

Roee Hay

Babylon Cross-Application Scripting Code Execution Roee Hay (Nov 10)

Salvatore Fresta aka Drosophila

Audacity <= 1.3 Beta Multiple Local Vulnerabilities Salvatore Fresta aka Drosophila (Nov 01)
Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability Salvatore Fresta aka Drosophila (Nov 01)
Zen Cart 1.3.9h Local File Inclusion Vulnerability Salvatore Fresta aka Drosophila (Nov 04)
JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability Salvatore Fresta aka Drosophila (Nov 09)
eBlog 1.7 Multiple SQL Injection Vulnerabilities Salvatore Fresta aka Drosophila (Nov 10)

SecPod Research

LFI and XSS vulnerability in openEngine SecPod Research (Nov 16)

Secunia Research

Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability Secunia Research (Nov 01)
Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability Secunia Research (Nov 01)
Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow Secunia Research (Nov 01)
Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability Secunia Research (Nov 09)
Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability Secunia Research (Nov 09)
Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability Secunia Research (Nov 12)

security

[ MDVSA-2010:219 ] mozilla-thunderbird security (Nov 01)
[ MDVSA-2010:214 ] kernel security (Nov 01)
[ MDVSA-2010:215 ] python security (Nov 01)
[ MDVSA-2010:218 ] php security (Nov 01)
[ MDVSA-2010:216 ] python security (Nov 01)
[ MDVSA-2010:217 ] dovecot security (Nov 01)
[ MDVSA-2010:202-1 ] krb5 security (Nov 03)
[ MDVSA-2010:220 ] pam security (Nov 04)
[ MDVSA-2010:221 ] openoffice.org security (Nov 08)
[ MDVSA-2010:155-1 ] mysql security (Nov 08)
[ MDVSA-2010:222 ] mysql security (Nov 09)
[ MDVSA-2010:223 ] mysql security (Nov 09)
[ MDVSA-2010:225 ] libmbfl security (Nov 10)
[ MDVSA-2010:224 ] php security (Nov 10)
[ MDVSA-2010:225-1 ] libmbfl security (Nov 10)
[ MDVSA-2010:226 ] dhcp security (Nov 10)
[ MDVSA-2010:227 ] proftpd security (Nov 12)
[ MDVSA-2010:228 ] xpdf security (Nov 12)
[ MDVSA-2010:229 ] kdegraphics security (Nov 12)
[ MDVSA-2010:231 ] poppler security (Nov 12)
[ MDVSA-2010:230 ] poppler security (Nov 12)
[ MDVSA-2010:235 ] freetype2 security (Nov 16)
[ MDVSA-2010:234 ] cups security (Nov 16)
[ MDVSA-2010:233 ] cups security (Nov 16)
[ MDVSA-2010:237 ] perl-CGI security (Nov 16)
[ MDVSA-2010:236 ] freetype2 security (Nov 16)
[ MDVSA-2010:232 ] cups security (Nov 16)
[ MDVSA-2010:238 ] openssl security (Nov 18)
[ MDVSA-2010:239 ] php security (Nov 19)
[ MDVSA-2010:240 ] mono security (Nov 26)
[ MDVSA-2010:241 ] gnucash security (Nov 26)
[ MDVSA-2010:242 ] wireshark security (Nov 29)
n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface security (Nov 29)
[ MDVSA-2010:243 ] libxml2 security (Nov 29)
[ MDVSA-2010:244 ] phpmyadmin security (Nov 30)

security-alert

[security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download security-alert (Nov 01)
[security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access security-alert (Nov 01)
[security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF) security-alert (Nov 01)
[security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF) security-alert (Nov 01)
[security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF) security-alert (Nov 01)
[security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download security-alert (Nov 01)
[security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download security-alert (Nov 01)
[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert (Nov 16)
[security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized security-alert (Nov 26)

Soporte CERT

Multiple vulnerabilities in chCounter <= 3.1.3 Soporte CERT (Nov 18)

Stefan Fritsch

[SECURITY] [DSA-2127-1] New wireshark packages fix denial of service Stefan Fritsch (Nov 29)

Steve Beattie

[USN-1018-1] OpenSSL vulnerability Steve Beattie (Nov 19)

Thijs Kinkhorst

[SECURITY] [DSA 2038-3] New pidgin packages fix regression Thijs Kinkhorst (Nov 15)

Tobias Heinlein

[ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities Tobias Heinlein (Nov 16)

Tom Yu

MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] Tom Yu (Nov 30)

Trustwave Advisories

TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera Trustwave Advisories (Nov 15)

u6q

SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X u6q (Nov 29)

underground stockholm

jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload underground stockholm (Nov 29)

VMware Security team

VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components VMware Security team (Nov 16)
VMSA-2010-0017 VMware ESX third party update for Service Console kernel VMware Security Team (Nov 30)

VUPEN Security Research

VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246) VUPEN Security Research (Nov 19)
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245) VUPEN Security Research (Nov 19)

Wesley Kerfoot

Angel LMS Exploit Wesley Kerfoot (Nov 05)

xpzhang

[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability xpzhang (Nov 05)

YGN Ethical Hacker Group

Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group (Nov 01)
Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group (Nov 05)
Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Nov 16)

Zach C

Re: Seo Panel 2.1.0 - Critical File Disclosure Zach C (Nov 08)

zed

Re: [DCA-00015] YOPS Web Server Remote Command Execution zed (Nov 27)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]