Home page logo
/

320 messages starting Mar 14 11 and ending Mar 21 11
Date index | Thread index | Author index

abhijeet

ClubHACK Magazine: Call for Articles abhijeet (Mar 14)
[Announcement] ClubHACK Magazine Issue 14-March 2011 released abhijeet (Mar 17)

Adam Baso

OWASP AppSec USA 2011 Call for Papers Adam Baso (Mar 18)

admin

Re: HTB22884: XSS vulnerability in LotusCMS admin (Mar 21)

Advisories Toucan-System

TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution Advisories Toucan-System (Mar 28)

advisory

HTB22862: Path disclosure in NextGEN Gallery wordpress plugin advisory (Mar 01)
HTB22861: XSS in Question and Answer Forum wordpress plugin advisory (Mar 01)
HTB22860: SQL Injection in WP Forum wordpress plugin advisory (Mar 01)
HTB22859: SQL Injection in WP Forum wordpress plugin advisory (Mar 01)
HTB22858: SQL Injection in WP Forum wordpress plugin advisory (Mar 01)
HTB22849: Path disclosure in Mingle Forum wordpress plugin advisory (Mar 01)
HTB22848: XSS in Mingle Forum wordpress plugin advisory (Mar 01)
HTB22863: XSS vulnerability in xtcModified advisory (Mar 03)
HTB22857: Path disclosure in Tribiq CMS advisory (Mar 03)
HTB22866: XSS vulnerability in xtcModified advisory (Mar 03)
HTB22855: XSRF (CSRF) in Pragyan CMS advisory (Mar 03)
HTB22856: XSS vulnerability in Pragyan CMS advisory (Mar 03)
HTB22853: XSS vulnerability in Pragyan CMS advisory (Mar 03)
HTB22865: XSS vulnerability in xtcModified advisory (Mar 03)
HTB22837: Path disclosure in PrestaShop advisory (Mar 03)
HTB22872: Path disclosure in Cool Video Gallery wordpress plugin advisory (Mar 08)
HTB22873: XSS in Inline Gallery wordpress plugin advisory (Mar 08)
HTB22870: SQL Injection in GRAND Flash Album Gallery wordpress plugin advisory (Mar 08)
HTB22869: SQL Injection in 1 Flash Gallery wordpress plugin advisory (Mar 08)
HTB22868: XSS in 1 Flash Gallery wordpress plugin advisory (Mar 08)
HTB22867: XSS in PhotoSmash wordpress plugin advisory (Mar 08)
HTB22871: File Content Disclosure in GRAND Flash Album Gallery wordpress plugin advisory (Mar 08)
HTB22878: XSS vulnerability in CosmoShop advisory (Mar 10)
HTB22875: XSS in Lazyest Gallery wordpress plugin advisory (Mar 10)
HTB22880: XSS vulnerability in CosmoShop advisory (Mar 10)
HTB22874: Path disclosure in Lazyest Gallery wordpress plugin advisory (Mar 10)
HTB22879: Multiple XSS vulnerabilities in CosmoShop advisory (Mar 10)
HTB22881: SQL injection vulnerability in CosmoShop advisory (Mar 10)
HTB22888: File Content Disclosure in LotusCMS advisory (Mar 15)
HTB22883: XSS vulnerability in LotusCMS advisory (Mar 15)
HTB22882: Path disclosure in OXID eShop advisory (Mar 15)
HTB22884: XSS vulnerability in LotusCMS advisory (Mar 15)
HTB22885: XSS vulnerability in LotusCMS advisory (Mar 15)
HTB22886: XSRF (CSRF) in LotusCMS advisory (Mar 15)
HTB22887: XSS vulnerability in LotusCMS advisory (Mar 15)
HTB22877: Path disclosure in xt:Commerce advisory (Mar 15)
HTB22894: XSS in Sodahead Polls wordpress plugin advisory (Mar 17)
HTB22893: XSS in Sodahead Polls wordpress plugin advisory (Mar 17)
HTB22892: Path disclosure in Smen Social Button wordpress plugin advisory (Mar 17)
HTB22891: XSS in Rating-Widget wordpress plugin advisory (Mar 17)
HTB22890: XSS in Rating-Widget wordpress plugin advisory (Mar 17)
HTB22889: XSS in Rating-Widget wordpress plugin advisory (Mar 17)
HTB22900: Multiple XSS vulnerabilities in SyndeoCMS advisory (Mar 24)
HTB22895: XSS vulnerability in Ripe website manager advisory (Mar 24)
HTB22897: SQL injection vulnerability in Ripe website manager advisory (Mar 24)
HTB22898: XSRF (CSRF) in Ripe website manager advisory (Mar 24)
HTB22902: XSS in SyndeoCMS advisory (Mar 24)
HTB22899: Path disclosure in SyndeoCMS advisory (Mar 24)
HTB22901: SQL injection in SyndeoCMS advisory (Mar 24)
HTB22896: SQL injection vulnerability in Ripe website manager advisory (Mar 24)
HTB22904: Path disclosure in bbPress advisory (Mar 29)
HTB22905: Path disclosure in Wordpress advisory (Mar 29)
HTB22903: XSS in Spitfire CMS advisory (Mar 29)
HTB22907: Directory Traversal in Collabtive advisory (Mar 31)
HTB22906: XSS vulnerabilities in Collabtive advisory (Mar 31)
HTB22910: XSRF (CSRF) in Feng Office advisory (Mar 31)
HTB22909: Path disclosure in Tine 2.0 advisory (Mar 31)
HTB22908: XSRF (CSRF) in Collabtive advisory (Mar 31)
HTB22931: XSS vulnerability in InTerra Blog Machine advisory (Mar 31)

Alexandr Polyakov

[DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS Alexandr Polyakov (Mar 14)
[DSECRG-11-010] SAP NetWeaver logon.html - XSS Alexandr Polyakov (Mar 14)
[DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS Alexandr Polyakov (Mar 16)
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS Alexandr Polyakov (Mar 16)
[DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking Alexandr Polyakov (Mar 16)
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS Alexandr Polyakov (Mar 16)

Antonio S.M

Re: Re: prestashop vuln: sql injection submitted to bugtraq () securityfocus com Antonio S.M (Mar 01)
Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS) Antonio S.M (Mar 02)

antonio_s_martino

Re: prestashop vuln: sql injection submitted to bugtraq () securityfocus com antonio_s_martino (Mar 01)

Asterisk Security Team

AST-2011-003: Asterisk Security Team (Mar 17)
AST-2011-004: Asterisk Security Team (Mar 17)

bugtraq

Re: Vulnerabilities in some SCADA server softwares bugtraq (Mar 24)

Casper . Dik

Re: Solaris 10 Port Stealing Vulnerability Casper . Dik (Mar 31)

cdx . security

BoutikOne Multiples SQL Injection Vulnerability cdx . security (Mar 14)

Chris O'Regan

Solaris 10 Port Stealing Vulnerability Chris O'Regan (Mar 29)
RE: Solaris 10 Port Stealing Vulnerability Chris O'Regan (Mar 31)

Christian Sciberras

Re: HTB22905: Path disclosure in Wordpress Christian Sciberras (Mar 30)

Cisco Systems Product Security Incident Response Team

Deferral Announcement for the March 2011 Cisco IOS Software Security Advisories Cisco Systems Product Security Incident Response Team (Mar 17)
Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Mar 30)
Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability Cisco Systems Product Security Incident Response Team (Mar 30)

CJC

Re: Vulnerabilities in some SCADA server softwares CJC (Mar 24)

CORE Security Technologies Advisories

CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files CORE Security Technologies Advisories (Mar 23)

Crash

[DCA-2011-0001] TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS Crash (Mar 04)
[DCA-2011-0004] - Trend WebReputation API Bypass Crash (Mar 14)

cseye_ut

"Simple PHP Newsletter" Remote Admin Password Change With install path cseye_ut (Mar 29)
"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path cseye_ut (Mar 29)
"Simple PHP Newsletter" Remote Admin Password Change With install path cseye_ut (Mar 29)
"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path cseye_ut (Mar 29)

cxib

vsftpd 2.3.2 remote denial-of-service cxib (Mar 01)
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) cxib (Mar 18)

david . daly

DataDynamics Report Library CoreHandler XSS david . daly (Mar 30)

ddivulnalert

DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] ddivulnalert (Mar 01)

difficult-511

SnapProof (cart.php) Cross Site Scripting difficult-511 (Mar 01)

eidelweiss

Tugux CMS (nid) BLIND sql injection vulnerability eidelweiss (Mar 21)
CMS Balitbang 3.3 Arbitary File Upload Vulnerability eidelweiss (Mar 22)

Flavio do Carmo Junior aka waKKu

[DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration Flavio do Carmo Junior aka waKKu (Mar 04)
[DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection Flavio do Carmo Junior aka waKKu (Mar 04)

Florian Weimer

[SECURITY] [DSA 2177-1] pywebdav security update Florian Weimer (Mar 03)
[SECURITY] [DSA 2178-1] pango1.0 security update Florian Weimer (Mar 03)
[SECURITY] [DSA 2179-1] dtc security update Florian Weimer (Mar 03)
[SECURITY] [DSA 2181-1] subversion security update Florian Weimer (Mar 04)
[SECURITY] [DSA 2182-1] logwatch security update Florian Weimer (Mar 07)
[SECURITY] [DSA 2184-1] isc-dhcp security update Florian Weimer (Mar 07)
[SECURITY] [DSA 2197-1] quagga security update Florian Weimer (Mar 22)
[SECURITY] [DSA 2205-1] gdm3 security update Florian Weimer (Mar 29)
[SECURITY] [DSA 2208-1] bind9 security update Florian Weimer (Mar 31)
[SECURITY] [DSA 2208-2] bind9 security update Florian Weimer (Mar 31)

Giuseppe Iuculano

[SECURITY] [DSA 2188-1] webkit security update Giuseppe Iuculano (Mar 10)
[SECURITY] [DSA 2190-1] wordpress security update Giuseppe Iuculano (Mar 11)
[SECURITY] [DSA 2192-1] chromium-browser security update Giuseppe Iuculano (Mar 15)

Hafez Kamal

[HITB-Announce] HITB Magazine Call for Articles Hafez Kamal (Mar 08)

Hector . x90

XSS vulnerability in Web Poll Pro Hector . x90 (Mar 21)

hfortier

RECON 2011 CFP hfortier (Mar 07)

irancrash

RecordPress Multiple Vulnerabilities irancrash (Mar 09)

Ivan Buetler

Swiss Cyber Storm 3 2011 Announcement Ivan Buetler (Mar 11)

Jamie Riden

Re: Vulnerabilities in some SCADA server softwares Jamie Riden (Mar 24)

Jamie Strandboge

[USN-1050-1] Thunderbird vulnerabilities Jamie Strandboge (Mar 03)
[USN-1092-1] Linux Kernel vulnerabilities Jamie Strandboge (Mar 28)
[USN-1093-1] Linux Kernel vulnerabilities (Marvell Dove) Jamie Strandboge (Mar 28)
[USN-1094-1] Libvirt vulnerability Jamie Strandboge (Mar 30)
[USN-1100-1] OpenLDAP vulnerabilities Jamie Strandboge (Mar 31)

Jim Harrison

RE: Vulnerabilities in some SCADA server softwares Jim Harrison (Mar 23)
RE: Vulnerabilities in some SCADA server softwares Jim Harrison (Mar 23)

john . doe

weechat does not properly use gnutls and allow an attacker to bypass certificate verification john . doe (Mar 01)

J. Oquendo

Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 22)
Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 23)
Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 23)
Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 24)

Kees Cook

[USN-1074-2] Linux kernel vulnerabilities Kees Cook (Mar 01)
[USN-1081-1] Linux kernel vulnerabilities Kees Cook (Mar 02)
[USN-1080-1] Linux kernel vulnerabilities Kees Cook (Mar 02)
[USN-1083-1] Linux kernel vulnerabilities Kees Cook (Mar 03)
[USN-1080-2] Linux kernel vulnerabilities Kees Cook (Mar 03)
[USN-1086-1] Linux kernel (EC2) vulnerabilities Kees Cook (Mar 09)
[USN-1085-2] tiff regression Kees Cook (Mar 15)
[USN-1090-1] Linux kernel vulnerabilities Kees Cook (Mar 21)
[USN-1089-1] Linux kernel vulnerabilities Kees Cook (Mar 21)

Kent Borg

Re: Vulnerabilities in some SCADA server softwares Kent Borg (Mar 23)
Re: Vulnerabilities in some SCADA server softwares Kent Borg (Mar 24)

kyprianos

AthCon 2011 Announcement kyprianos (Mar 09)

labs-no-reply

iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability labs-no-reply (Mar 03)
iDefense Security Advisory 03.02.11: Apple CoreGraphics Library Heap Memory Corruption Vulnerability labs-no-reply (Mar 03)
iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability labs-no-reply (Mar 22)

Laurent OUDOT at TEHTRI-Security

[TEHTRI-Security] Security and iPhone iOS 4.3 Personal Hotspot feature Laurent OUDOT at TEHTRI-Security (Mar 07)
[TEHTRI-Security] Quick BlackBerry Security Check Laurent OUDOT at TEHTRI-Security (Mar 17)

lazyest

Re: HTB22875: XSS in Lazyest Gallery wordpress plugin lazyest (Mar 10)
Re: HTB22874: Path disclosure in Lazyest Gallery wordpress plugin lazyest (Mar 11)

Lists

Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Lists (Mar 28)

Luigi Auriemma

Vulnerabilities in some SCADA server softwares Luigi Auriemma (Mar 21)
Heap overflow in RealPlayer 14.0.1.633 Luigi Auriemma (Mar 21)
Re: Vulnerabilities in some SCADA server softwares Luigi Auriemma (Mar 22)
Re: Vulnerabilities in some SCADA server softwares Luigi Auriemma (Mar 23)

Major Malfunction

DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011 Major Malfunction (Mar 11)

Marc Deslauriers

[USN-1082-1] Pango vulnerabilities Marc Deslauriers (Mar 02)
[USN-1085-1] tiff vulnerabilities Marc Deslauriers (Mar 07)
[USN-1084-1] avahi vulnerability Marc Deslauriers (Mar 07)
[USN-1098-1] vsftpd vulnerability Marc Deslauriers (Mar 30)
[USN-1097-1] Tomcat vulnerabilities Marc Deslauriers (Mar 30)
[USN-1096-1] Subversion vulnerability Marc Deslauriers (Mar 30)
[USN-1095-1] Quagga vulnerabilities Marc Deslauriers (Mar 30)

Mark Stanislav

'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099) Mark Stanislav (Mar 07)
'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546) Mark Stanislav (Mar 31)

Mark Thomas

[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass Mark Thomas (Mar 15)

Martin Schulze

[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities Martin Schulze (Mar 30)

Micah Gersten

[USN-1087-1] libvpx vulnerability Micah Gersten (Mar 14)
[USN-1091-1] Firefox and Xulrunner vulnerabilities Micah Gersten (Mar 25)

Michal Zalewski

Re: Vulnerabilities in some SCADA server softwares Michal Zalewski (Mar 23)
Re: Vulnerabilities in some SCADA server softwares Michal Zalewski (Mar 23)
Re: Vulnerabilities in some SCADA server softwares Michal Zalewski (Mar 24)

Michele Orru

[AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities Michele Orru (Mar 28)

Michele Spagnuolo

XSS in CubeCart <= 2.0.7 Michele Spagnuolo (Mar 07)

mike

Re: Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS) mike (Mar 03)
Re: Re: HTB22905: Path disclosure in Wordpress mike (Mar 31)

Mike Hoskins

Re: Vulnerabilities in some SCADA server softwares Mike Hoskins (Mar 23)

Moritz Muehlenhoff

[SECURITY] [DSA 2175-1] samba security update Moritz Muehlenhoff (Mar 01)
[SECURITY] [DSA 2176-1] cups security update Moritz Muehlenhoff (Mar 02)
[SECURITY] [DSA 2180-1] iceape security update Moritz Muehlenhoff (Mar 04)
[SECURITY] [DSA 2187-1] icedove security update Moritz Muehlenhoff (Mar 10)
[SECURITY] [DSA 2186-1] iceweasel security update Moritz Muehlenhoff (Mar 10)
[SECURITY] [DSA 2191-1] proftpd security update Moritz Muehlenhoff (Mar 14)
[SECURITY] [DSA 2186-2] vimperator regression fix Moritz Muehlenhoff (Mar 18)
[SECURITY] [DSA 2199-1] iceape security update Moritz Muehlenhoff (Mar 24)
[SECURITY] [DSA 2200-1] iceweasel security update Moritz Muehlenhoff (Mar 24)
[SECURITY] [DSA 2201-1] wireshark security update Moritz Muehlenhoff (Mar 24)
[SECURITY] [DSA 2203-1] nss security update Moritz Muehlenhoff (Mar 28)
[SECURITY] [DSA 2207-1] tomcat5.5 security update Moritz Muehlenhoff (Mar 30)

Moritz Mühlenhoff

[SECURITY] [DSA 2185-1] proftpd-dfsg security update Moritz Mühlenhoff (Mar 09)

Netsparker Advisories

XSS Vulnerability in Tracks 1.7.2 Netsparker Advisories (Mar 29)

Nico Golde

[SECURITY] [DSA 2198-1] tex-common security update Nico Golde (Mar 23)

np

Unidesk ReportingService Forceful Browsing Vulnerability np (Mar 28)

NSO Research

NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass) NSO Research (Mar 09)
NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability NSO Research (Mar 22)

Patrick Kelley

Re: "Simple PHP Newsletter" Remote Admin Password Change With install path Patrick Kelley (Mar 30)
Re: HTB22905: Path disclosure in Wordpress Patrick Kelley (Mar 30)
Re: HTB22905: Path disclosure in Wordpress Patrick Kelley (Mar 30)

paul . szabo

XSS in Oracle default fcgi-bin/echo paul . szabo (Mar 23)

Pavel Kankovsky

Re: Vulnerabilities in some SCADA server softwares Pavel Kankovsky (Mar 24)

Per Thorsheim

Call for Papers: Passwords^11 Per Thorsheim (Mar 10)

Raphael Geissert

[SECURITY] [DSA 2183-1] nbd security update Raphael Geissert (Mar 07)
[SECURITY] [DSA 2195-1] php5 security update Raphael Geissert (Mar 21)
[SECURITY] [DSA 2196-1] maradns security update Raphael Geissert (Mar 21)

RedTeam Pentesting GmbH

[RT-SA-2011-002] SugarCRM list privilege restriction bypass RedTeam Pentesting GmbH (Mar 15)
[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution RedTeam Pentesting GmbH (Mar 15)

Research () NGSSecure

NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow Research () NGSSecure (Mar 22)
NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration Research () NGSSecure (Mar 22)
NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow Research () NGSSecure (Mar 22)
NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows Research () NGSSecure (Mar 22)
NGS00051 Patch Notification: Cisco VPN Client Privilege Escalation Research () NGSSecure (Mar 25)

Reversemode

SCADA Trojans: Attacking the Grid + Advantech vulnerabilities Reversemode (Mar 23)

R Michael Williams

Re: Vulnerabilities in some SCADA server softwares R Michael Williams (Mar 23)

Rodrigo Escobar

[DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service Rodrigo Escobar (Mar 07)
[DCA-2011-0009] Weborf 0.12.4 Denial-of-Service Rodrigo Escobar (Mar 07)
[DCA-2011-0007] Air Contacts Lite (iPhone / iPod App Denial Of Service) Rodrigo Escobar (Mar 10)

Root

VidiScript (index.php) Cross Site Scripting Root (Mar 02)
CubeCart 2.0.6 SQL injection / Cross Site Scripting Root (Mar 02)
PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting Root (Mar 02)
SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability root (Mar 28)
SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting root (Mar 28)

security

[ MDVSA-2011:039 ] webkit security (Mar 02)
[ MDVSA-2011:040 ] pango security (Mar 03)
[ MDVSA-2011:041 ] firefox security (Mar 07)
[ MDVSA-2011:042 ] mozilla-thunderbird security (Mar 07)
[ MDVSA-2011:043 ] libtiff security (Mar 08)
[ MDVSA-2011:044 ] wireshark security (Mar 09)
[ MDVSA-2011:045 ] postfix security (Mar 16)
[ MDVSA-2011:046 ] pure-ftpd security (Mar 17)
[ MDVSA-2011:047 ] proftpd security (Mar 18)
[ MDVSA-2011:048 ] krb5 security (Mar 18)
[ MDVSA-2011:051 ] kernel security (Mar 21)
[ MDVSA-2011:049 ] vsftpd security (Mar 21)
[ MDVSA-2011:050 ] pidgin security (Mar 21)
[ MDVSA-2011:052 ] php security (Mar 23)
[ MDVSA-2011:053 ] php security (Mar 23)
[ MDVSA-2011:054 ] java-1.6.0-openjdk security (Mar 28)
[ MDVSA-2011:055 ] openldap security (Mar 30)
[ MDVSA-2011:056 ] openldap security (Mar 30)

Security_Alert

ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability Security_Alert (Mar 15)
ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server Security_Alert (Mar 15)
ESA-2011-006: EMC Avamar privilege escalation vulnerability Security_Alert (Mar 15)
ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability Security_Alert (Mar 25)
ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications Security_Alert (Mar 30)

security-alert

[security bulletin] HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS) security-alert (Mar 01)
[security bulletin] HPSBUX02638 SSRT100339 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass security-alert (Mar 03)
[security bulletin] HPSBPI02640 SSRT100410 rev.1 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass security-alert (Mar 03)
[security bulletin] HPSBUX02641 SSRT100412 rev.1 - HP OpenView Network Node Manager (OV NNM) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) security-alert (Mar 08)
[security bulletin] HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) security-alert (Mar 10)
[security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code security-alert (Mar 14)
[security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration security-alert (Mar 22)
[security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS) security-alert (Mar 28)

Serguei A. Mokhov on behalf of PST-11

Privacy, Security, Trust (PST 2011) - 2nd Call for Papers (Deadline: March 20) Serguei A. Mokhov on behalf of PST-11 (Mar 14)
Privacy, Security, Trust (PST 2011) - Call for Papers (EXTENDED Deadline: April 3, 2011) Serguei A. Mokhov on behalf of PST-11 (Mar 21)

Simple Nomad

Re: Vulnerabilities in some SCADA server softwares Simple Nomad (Mar 23)
Re: Vulnerabilities in some SCADA server softwares Simple Nomad (Mar 24)

sschurtz

Cross-Site Scripting vulnerabilities in Icinga sschurtz (Mar 08)
Cross-Site Scripting vulnerability in Nagios sschurtz (Mar 10)
Re: Cross-Site Scripting vulnerability in Nagios sschurtz (Mar 10)

Stefan Fritsch

[SECURITY] [DSA 2202-1] apache2 security update Stefan Fritsch (Mar 24)

Steffen Joeris

[SECURITY] [DSA 2204-1] imp4 security update Steffen Joeris (Mar 28)

Steve Beattie

[USN-1078-1] Logwatch vulnerability Steve Beattie (Mar 01)
[USN-1079-1] OpenJDK 6 vulnerabilities Steve Beattie (Mar 01)
[USN-1079-2] OpenJDK 6 vulnerabilities Steve Beattie (Mar 15)
[USN-1088-1] Kerberos vulnerability Steve Beattie (Mar 15)
[USN-1079-3] OpenJDK 6 vulnerabilities Steve Beattie (Mar 17)
[USN-1099-1] GDM vulnerability Steve Beattie (Mar 31)

support

Douran Portal File Download/Source Code Disclosure Vulnerability support (Mar 21)

Theo de Raadt

Re: Vulnerabilities in some SCADA server softwares Theo de Raadt (Mar 23)
Re: Vulnerabilities in some SCADA server softwares Theo de Raadt (Mar 23)

Thierry Zoller

Checkpoint VPN - Priviledge Escalation Thierry Zoller (Mar 14)

Thijs Kinkhorst

[SECURITY] [DSA 2163-2] dajaxice regression fix Thijs Kinkhorst (Mar 01)
[SECURITY] [DSA 2193-1] libcgroup security update Thijs Kinkhorst (Mar 17)
[SECURITY] [DSA 2194-1] libvirt security update Thijs Kinkhorst (Mar 18)

Tim Brown

Medium severity flaw in QNX Neutrino RTOS Tim Brown (Mar 11)

Timo Warns

[PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel Timo Warns (Mar 17)

Tom Yu

MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled Tom Yu (Mar 15)

Travis Lee

Mutare Software EVM - CSRF and XSS Vulnerabilities Travis Lee (Mar 07)

Vladimir '3APA3A' Dubrovin

Re: Buffer overflow in libtiff in Imagemagick Vladimir '3APA3A' Dubrovin (Mar 23)

VMware Security Team

VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. VMware Security Team (Mar 08)
VMSA-2011-0005 VMware vCenter Orchestrator remote code execution vulnerability VMware Security Team (Mar 15)
VMSA-2011-0006 VMware vmrun utility local privilege escalation VMware Security Team (Mar 30)

VSR Advisories

Apple HFS+ Information Disclosure Vulnerability VSR Advisories (Mar 22)

vulns

Kodak InSite Login Page Cross-Site Scripting vulns (Mar 07)
InSite Troubleshooting Cross-Site Scripting vulns (Mar 07)

VUPEN Security Research

VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free VUPEN Security Research (Mar 14)
VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free VUPEN Security Research (Mar 14)
VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling Integer Overflow VUPEN Security Research (Mar 14)

Wietse Venema

Plaintext injection in STARTTLS (multiple implementations) Wietse Venema (Mar 07)

Willy Tarreau

Re: Vulnerabilities in some SCADA server softwares Willy Tarreau (Mar 25)

YGN Ethical Hacker Group

bbPress 1.0.2 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 14)
Joomla! 1.6.0 | SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 14)
Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 14)
XOOPS 2.5.0 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability YGN Ethical Hacker Group (Mar 23)
PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability YGN Ethical Hacker Group (Mar 23)
PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 23)
PHP-Nuke 8.x <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 23)
Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Mar 25)

ZDI Disclosures

ZDI-11-094: (0 day) Hewlett-Packard StorageWorks File Migration Agent Remote Archive Tampering Vulnerability ZDI Disclosures (Mar 01)
ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability ZDI Disclosures (Mar 03)
ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability ZDI Disclosures (Mar 21)
ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability ZDI Disclosures (Mar 21)
ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability ZDI Disclosures (Mar 22)
ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability ZDI Disclosures (Mar 22)
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability ZDI Disclosures (Mar 22)
ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability ZDI Disclosures (Mar 23)
ZDI-11-112: (0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability ZDI Disclosures (Mar 23)
ZDI-11-111: (0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability ZDI Disclosures (Mar 23)
ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability ZDI Disclosures (Mar 28)

zgmzgm

Buffer overflow in libtiff in Imagemagick zgmzgm (Mar 21)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault