Home page logo
/

184 messages starting Jun 09 11 and ending Jun 29 11
Date index | Thread index | Author index

abhijeet

[Announcement] ClubHACK Magazine Issue 17-June 2011 released abhijeet (Jun 09)
[Annoucement] ClubHack Magazine - Call for Articles abhijeet (Jun 14)

ACROS Security Lists

COM Server-Based Binary Planting Proof Of Concept ACROS Security Lists (Jun 02)
RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept ACROS Security Lists (Jun 02)

adam . baso

AppSec USA 2011 CFP Reminder, CTF Pre-Conference Challenge #2 adam . baso (Jun 06)
Last Day for AppSec USA 2011 CFP! adam . baso (Jun 14)

advisory

HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC) advisory (Jun 01)
HTB22997: XSS in A Really Simple Chat (ARSC) advisory (Jun 01)
HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability advisory (Jun 16)
HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog advisory (Jun 18)
HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS advisory (Jun 18)
HTB23004: Multiple Vulnerabilities in e107 advisory (Jun 18)
HTB23005: Multiple XSS in N-13 News advisory (Jun 19)
HTB23016: Kofax e-Transactions Sender Sendbox ActiveX Control Insecure Method advisory (Jun 23)
HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods advisory (Jun 25)
Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method advisory (Jul 01)

Apple Product Security

APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5 Apple Product Security (Jun 30)

bede

Javascript Injection in Microsoft Lync 4.0.7577.0 bede (Jun 13)

Brad Hards

Re: Perfect PDF products distributed with vulnerable MSVC++ libraries Brad Hards (Jun 26)

Carsten Eilers

International PHP Conference - Call for Papers Carsten Eilers (Jun 02)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Cisco Systems Product Security Incident Response Team (Jun 01)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series Cisco Systems Product Security Incident Response Team (Jun 01)
Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 Cisco Systems Product Security Incident Response Team (Jun 01)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Cisco Systems Product Security Incident Response Team (Jun 01)

CORE Security Technologies Advisories

CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability CORE Security Technologies Advisories (Jun 18)
CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery CORE Security Technologies Advisories (Jun 18)

Dan Kaminsky

Re: [Full-disclosure] COM Server-Based Binary Planting Proof Of Concept Dan Kaminsky (Jun 02)
Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Dan Kaminsky (Jun 03)

dann frazier

[SECURITY] [DSA 2264-1] linux-2.6 security update dann frazier (Jun 21)

Fernando Gont

IPv6 RA-Guard evasion (and neighbor discovery monitoring) vulnerabilities Fernando Gont (Jun 01)
Re: Ra-Guard evasion (new Internet-Drafts) Fernando Gont (Jun 01)

Florian Weimer

[SECURITY] [DSA 2263-1] movabletype-opensource security update Florian Weimer (Jun 18)
[SECURITY] [DSA 2259-1] rails security update Florian Weimer (Jun 18)
[SECURITY] [DSA 2265-1] perl security update Florian Weimer (Jun 21)

Fly, Kate

ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability Fly, Kate (Jun 07)

Hafez Kamal

[HITB-Announce] HITB2011AMS Conference Materials & Photos Hafez Kamal (Jun 08)
[HITB-Announce] HITB eZine Issue #006 Released! Hafez Kamal (Jun 13)

Henri Salo

Re: HTB22943: XSS in Dalbum Henri Salo (Jun 13)
Re: [Full-disclosure] XSS Vulnerability in Redmine 1.0.1 to 1.1.1 Henri Salo (Jun 18)

info

myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique info (Jun 18)

iPower N/A

EQDKP plus Cross Site Scripting and Bypass file extension iPower N/A (Jun 18)

Javier Bassi

Post Revolution 0.8.0c Multiple Remote Vulnerabilities Javier Bassi (Jun 01)

Jeffrey Walton

Re: Perfect PDF products distributed with vulnerable MSVC++ libraries Jeffrey Walton (Jun 30)

Jonathan Rose

AST-2011-007 Jonathan Rose (Jun 03)

justinzzhan

CFP: IEEE SocialCom11 /PASSAT11 justinzzhan (Jun 03)
IEEE SocialCom/PASSAT Call For Paper Deadline: June 15, 2011 justinzzhan (Jun 10)

Konrad Rieck

Call for Participation: DIMVA 2011 Konrad Rieck (Jun 10)

labs-no-reply

iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability labs-no-reply (Jun 03)
iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability labs-no-reply (Jun 06)
iDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerability labs-no-reply (Jun 17)
iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability labs-no-reply (Jun 18)
iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability labs-no-reply (Jun 18)
iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability labs-no-reply (Jun 18)

Luciano Bello

[SECURITY] [DSA 2254-1] oprofile security update Luciano Bello (Jun 06)
[SECURITY] [DSA-2210-2] tiff security update Luciano Bello (Jun 30)

Luigi Auriemma

Multiple vulnerabilities in Winamp 5.61 Luigi Auriemma (Jul 01)

ma+bt

fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947) ma+bt (Jun 06)

mailinglists

phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges mailinglists (Jun 13)

Major Malfunction

DC4420 - London DEFCON - June meet - Tuesday 21st June 2011 Major Malfunction (Jun 14)

Marc Heuse

Re: Ra-Guard evasion (new Internet-Drafts) Marc Heuse (Jun 01)

Michal Zalewski

Re: WOOT '11 Call for Papers (reminder) Michal Zalewski (Jun 18)

Mitja Kolsek

RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek (Jun 02)
RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek (Jun 03)
Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek (Jun 03)

Moritz Muehlenhoff

[SECURITY] [DSA 2252-1] dovecot security update Moritz Muehlenhoff (Jun 03)
[SECURITY] [DSA 2262-1] moodle security update Moritz Muehlenhoff (Jun 18)

Nico Golde

[SECURITY] [DSA 2248-1] ejabberd security update Nico Golde (Jun 01)
[SECURITY] [DSA 2249-1] jabberd14 security update Nico Golde (Jun 01)
[SECURITY] [DSA 2250-1] citadel security update Nico Golde (Jun 01)
[SECURITY] [DSA 2257-1] vlc security update Nico Golde (Jun 10)
[SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update Nico Golde (Jun 13)
[SECURITY] [DSA 2259-1] fex security update Nico Golde (Jun 13)

NNT Support

Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011 /May/460 NNT Support (Jul 01)

nospam

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability nospam (Jun 03)

NSFOCUS Security Team

NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability NSFOCUS Security Team (Jun 18)

Patrick Webster

Squiz Matrix - Cross-Site Scripting Vulnerability Patrick Webster (Jun 06)
JFreeChart - Path Disclosure vulnerability Patrick Webster (Jun 18)

psiinon

OWASP Zed Attack Proxy version 1.3.0 psiinon (Jun 07)

Robert Gilbert

[CVE-ID REQUEST] vBulletin - Multiple Open Redirects Robert Gilbert (Jun 03)

roberto . paleari

Multiple vulnerabilities in several IP camera products roberto . paleari (Jun 08)

robkraus

CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability robkraus (Jun 01)
PDFill Insecure Library Loading robkraus (Jun 09)

root

PopScript Multiple Vulnerabilities root (Jun 06)

security

[ MDVSA-2011:104 ] bind security (Jun 01)
[ MDVSA-2011:105 ] wireshark security (Jun 01)
[ MDVSA-2011:106 ] subversion security (Jun 06)
[ MDVSA-2011:107 ] fetchmail security (Jun 07)
[ MDVSA-2011:109 ] webmin security (Jun 13)
[ MDVSA-2011:108 ] xerces-j2 security (Jun 13)
[ MDVSA-2011:110 ] gimp security (Jun 17)

Security_Alert

ESA-2011-009 (revised): RSA, The Security Division of EMC, announces new fix for potential security vulnerability in RSA(r) Access Manager Server. Security_Alert (Jun 06)

security-alert

[security bulletin] HPSBMA02652 SSRT100432 rev.4 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure security-alert (Jun 03)
[security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject security-alert (Jun 08)
[security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert (Jun 09)
[security bulletin] HPSBMA02627 SSRT090246 rev.2 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code security-alert (Jun 14)
[security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Jun 17)

signaladvisory

[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution signaladvisory (Jun 16)

Slackware Security Team

[slackware-security] fetchmail (SSA:2011-171-01) Slackware Security Team (Jun 25)
[slackware-security] mozilla-firefox (SSA:2011-174-01) Slackware Security Team (Jun 30)

sschurtz

Cross-Site Scripting vulnerability in Icinga sschurtz (Jun 01)
Cross-Site Scripting vulnerability in Nagios sschurtz (Jun 01)
Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS sschurtz (Jun 07)

Stefan Kanthak

Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries Stefan Kanthak (Jun 17)
Perfect PDF products distributed with vulnerable MSVC++ libraries Stefan Kanthak (Jun 21)
Re: Perfect PDF products distributed with vulnerable MSVC++ libraries Stefan Kanthak (Jun 24)

support

Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460 support (Jun 30)

techhelperjax

2wire password reset module techhelperjax (Jun 28)

Thijs Kinkhorst

[SECURITY] [DSA 2251-1] subversion security update Thijs Kinkhorst (Jun 02)
[SECURITY] [DSA 2253-1] fontforge security update Thijs Kinkhorst (Jun 06)
[SECURITY] [DSA 2255-1] libxml2 security update Thijs Kinkhorst (Jun 06)
[SECURITY] [DSA 2256-1] tiff security update Thijs Kinkhorst (Jun 10)
[SECURITY] [DSA 2261-1] redmine security update Thijs Kinkhorst (Jun 18)

Thor (Hammer of God)

RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept Thor (Hammer of God) (Jun 02)

Trustwave Advisories

TWSL2011-006: IBM Web Application Firewall Bypass Trustwave Advisories (Jun 29)

VSR Advisories

VMware Tools Multiple Vulnerabilities VSR Advisories (Jun 06)

VUPEN Security Research

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research (Jun 10)
VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research (Jun 10)
VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research (Jun 10)
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research (Jun 10)
VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research (Jun 10)
VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research (Jun 10)
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038) VUPEN Security Research (Jun 18)

Zacheusz Siedlecki

Java HotSpot Cryptographic Provider signature verification vulnerability Zacheusz Siedlecki (Jun 06)

ZDI Disclosures

ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability ZDI Disclosures (Jun 01)
ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability ZDI Disclosures (Jun 03)
ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability ZDI Disclosures (Jun 07)
ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 08)
ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability ZDI Disclosures (Jun 16)
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 16)
TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 17)
TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 17)
ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability ZDI Disclosures (Jun 17)
TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 17)
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 17)
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures (Jun 17)
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability ZDI Disclosures (Jun 18)
ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability ZDI Disclosures (Jun 22)
ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability ZDI Disclosures (Jun 22)
ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability ZDI Disclosures (Jun 25)
ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability ZDI Disclosures (Jun 29)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]