Home page logo
/

203 messages starting May 11 11 and ending May 16 11
Date index | Thread index | Author index

abhijeet

[Announcement] ClubHACK Magazine Issue 16-May 2011 released abhijeet (May 11)
[Annoucement] ClubHack Magazine - Call for Articles abhijeet (May 16)

ACROS Security Lists

The Anatomy of COM Server-Based Binary Planting Exploits ACROS Security Lists (May 25)

Advisories Toucan-System

TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write Advisories Toucan-System (May 09)
TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection Advisories Toucan-System (May 09)

advisory

HTB22967: Multiple SQL Injection in Shutter advisory (May 03)
HTB22966: XSS in (e)2 interactive Photo Gallery advisory (May 03)
HTB22964: XSS in SelectaPix Image Gallery advisory (May 03)
HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery advisory (May 03)
HTB22962: Multiple XSS in YaPiG advisory (May 03)
HTB22968: XSS in PHP Directory Listing Script advisory (May 05)
HTB22970: Multiple XSS vulnerabilities in PHPDug advisory (May 05)
HTB22973: XSS in AJAX Calendar advisory (May 05)
HTB22971: XSRF (CSRF) in PHPDug advisory (May 05)
HTB22972: Multiple SQL injection vulnerabilities in PHPDug advisory (May 05)
HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar advisory (May 05)
HTB22974: Multiple XSS in Calendarix advisory (May 10)
HTB22975: SQL injection in Calendarix advisory (May 10)
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo advisory (May 10)
HTB22977: XSRF (CSRF) in poMMo advisory (May 10)
HTB22980: XSRF (CSRF) in Open Classifieds advisory (May 12)
HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social advisory (May 12)
HTB22978: XSRF (CSRF) in Argyle Social advisory (May 12)
HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic advisory (May 17)
HTB22995: XSS in Ajax Chat advisory (May 24)
HTB22987: Multiple XSS in phpScheduleIt advisory (May 24)
HTB22986: SQL injection in ExtCalendar 2 advisory (May 24)

Barry Greene

Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones Barry Greene (May 07)

Bkis

[Bkis] sNews 1.7.1 XSS vulnerability Bkis (May 12)

bolok . boloke80

SQL injection in 4images bolok . boloke80 (May 03)
XSS in GOT.MY CLASSMATES bolok . boloke80 (May 03)
XSS in DEAL INFORMER bolok . boloke80 (May 03)
Path disclousure in MEGA PORTAL bolok . boloke80 (May 03)
XSS in CLASSIFIED ADS bolok . boloke80 (May 03)
CSRF (Cross-Site Request Forgery) in FREELANCER bolok . boloke80 (May 03)

Carsten Eilers

WebTech Conference 2011 Call for Papers Carsten Eilers (May 16)

cfp

Ruxcon 2011 Call For Papers cfp (May 17)

Cisco Systems Product Security Incident Response Team

Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (May 05)
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (May 25)

CORE Security Technologies Advisories

CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass CORE Security Technologies Advisories (May 12)
CORE-2011-0204: Adobe Audition vulnerability processing malformed session file CORE Security Technologies Advisories (May 12)
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow CORE Security Technologies Advisories (May 25)

cxib

Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion cxib (May 02)
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc) cxib (May 16)

Damien Miller

Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv Damien Miller (May 03)

Daniel Clemens

CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Daniel Clemens (May 18)

dann frazier

[SECURITY] [DSA 2240-1] linux-2.6 security update dann frazier (May 25)

DeepSec Conference

Announcement - DeepSec 2011 - Call for Papers DeepSec Conference (May 04)

Deng Ching

[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Deng Ching (May 27)
[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Deng Ching (May 27)

Dennis Brunnen

NNT Change Tracker - Hard-Coded Encryption Key Dennis Brunnen (May 24)

eko security conference

CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina] eko security conference (May 30)

Fernando Gont

Viewpoint: Security implications of IPv6 Fernando Gont (May 27)

Florian Weimer

[SECURITY] [DSA 2232-1] exim4 security update Florian Weimer (May 07)
[SECURITY] [DSA 2231-1] otrs2 security update Florian Weimer (May 07)
[SECURITY] [DSA 2233-1] postfix security update Florian Weimer (May 11)
[SECURITY] [DSA 2236-1] exim4 security update Florian Weimer (May 16)
[SECURITY] [DSA 2243-1] unbound security update Florian Weimer (May 30)
[SECURITY] [DSA 2244-1] bind9 security update Florian Weimer (May 30)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-11:02.bind FreeBSD Security Advisories (May 30)

Giuseppe Iuculano

[SECURITY] [DSA 2246-1] mahara security update Giuseppe Iuculano (May 30)
[SECURITY] [DSA 2245-1] chromium-browser security update Giuseppe Iuculano (May 30)

Henri Lindberg

NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon Henri Lindberg (May 16)

iccc

NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia. iccc (May 03)

ISecAuditors Security Advisories

[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g ISecAuditors Security Advisories (May 02)

Ivan Buetler

Swiss Cyber Storm 3 Ivan Buetler (May 09)

Jamie Strandboge

Ubuntu Security Notice publication update Jamie Strandboge (May 19)

jeffto

Session hacking via authentication cookie on Oracle CRM on Demand jeffto (May 20)

Kacper Szczesniak

Gadu-Gadu 0-Day Remote Code Execution Kacper Szczesniak (May 24)

Kees Cook

[USN-1111-1] Linux kernel vulnerabilities Kees Cook (May 07)
[USN-1130-1] Exim vulnerability Kees Cook (May 11)

Kotas, Kevin J

CA20110510-01: Security Notice for CA eHealth Kotas, Kevin J (May 11)

labs-no-reply

iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)

Lists

Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005 Lists (May 03)
Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 Lists (May 19)
PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SO S-11-007 Lists (May 20)

Luciano Bello

[SECURITY] [DSA 2234-1] zodb security update Luciano Bello (May 11)

Major Malfunction

DC4420 - London DEFCON - May meet - Tuesday 24th May 2011 Major Malfunction (May 16)

Marc Deslauriers

[USN-1127-1] usb-creator vulnerability Marc Deslauriers (May 03)
[USN-1129-1] Perl vulnerabilities Marc Deslauriers (May 03)
[USN-1128-1] Vino vulnerabilities Marc Deslauriers (May 03)
[USN-1131-1] Postfix vulnerability Marc Deslauriers (May 11)
[USN-1132-1] apturl vulnerability Marc Deslauriers (May 16)

Marc Heuse

Bypassing Cisco's ICMPv6 Router Advertisement Guard feature Marc Heuse (May 24)

marian . ventuneac

Apache Struts 2 Multiple Reflected XSS in XWork error pages marian . ventuneac (May 11)
Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure marian . ventuneac (May 19)

Mark Thomas

[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass Mark Thomas (May 17)

matthew

[CVE-REQUEST] Plone XSS and permission errors matthew (May 26)

Micah Gersten

[USN-1121-1] firefox vulnerabilities Micah Gersten (May 02)
[USN-1112-1] Firefox and Xulrunner vulnerabilities Micah Gersten (May 02)
[USN-1123-1] xulrunner-1.9.1 vulnerabilities Micah Gersten (May 02)
Fwd: [USN-1122-1] Thunderbird vulnerabilities Micah Gersten (May 05)
[USN-1122-2] Thunderbird vulnerabilities Micah Gersten (May 05)

Mitja Kolsek

Silently Pwning Protected-Mode IE9 and Innocent Windows Applications Mitja Kolsek (May 07)

Moritz Muehlenhoff

[SECURITY] [DSA 2227-1] iceape security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2230-1] qemu-kvm security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2229-1] spip security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2228-1] iceweasel security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2235-1] icedove security update Moritz Muehlenhoff (May 11)
[SECURITY] [DSA 2238-1] vino security update Moritz Muehlenhoff (May 19)
[SECURITY] [DSA 2239-1] libmojolicious-perl security update Moritz Muehlenhoff (May 24)
[SECURITY] [DSA 2241-1] qemu-kvm security update Moritz Muehlenhoff (May 25)
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update Moritz Muehlenhoff (May 26)

Netsparker Advisories

XSS vulnerability in TWiki < 5.0.2 Netsparker Advisories (May 18)

paranoia

Paranoia 2011: Call for papers paranoia (May 31)

Patrick Webster

OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability Patrick Webster (May 02)
OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability Patrick Webster (May 10)

psirt

Re: Cisco IOS UDP Denial of Service Vulnerability psirt (May 05)
Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability psirt (May 05)

RedTeam Pentesting GmbH

[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface RedTeam Pentesting GmbH (May 04)
[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances RedTeam Pentesting GmbH (May 04)

research

PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management research (May 05)
PR10-17 Various XSS and information disclosure flaws within KeyFax response management system research (May 09)
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing) research (May 16)
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager) research (May 24)

Research () NGSSecure

NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption Research () NGSSecure (May 24)

roberto . paleari

Linux Kernel 2.6.38 Remote NULL Pointer Dereference roberto . paleari (May 16)

security

[ MDVSA-2011:079 ] firefox security (May 02)
[ MDVSA-2011:081 ] kdenetwork4 security (May 02)
[ MDVSA-2011:080 ] mozilla-thunderbird security (May 02)
[ MDVSA-2011:082 ] python-feedparser security (May 03)
[ MDVSA-2011:083 ] wireshark security (May 16)
[ MDVSA-2011:084 ] apr security (May 16)
[ MDVSA-2011:085 ] libmodplug security (May 16)
[ MDVSA-2011:086 ] polkit security (May 16)
[ MDVSA-2011:087 ] vino security (May 16)
[ MDVSA-2011:088 ] mplayer security (May 16)
[ MDVSA-2011:089 ] mplayer security (May 16)
[ MDVSA-2011:090 ] postfix security (May 17)
[ MDVSA-2011:092 ] perl-IO-Socket-SSL security (May 18)
[ MDVSA-2011:093 ] gnome-screensaver security (May 18)
[ MDVSA-2011:094 ] pure-ftpd security (May 19)
[ MDVSA-2011:095 ] apr security (May 20)
[ MDVSA-2011:096 ] python security (May 24)
[ MDVSA-2011:098 ] ruby security (May 24)
[ MDVSA-2011:099 ] libzip security (May 24)
[ MDVSA-2011:100 ] cyrus-imapd security (May 24)
[ MDVSA-2011:097 ] ruby security (May 24)
[ MDVSA-2011:095-1 ] apr security (May 24)
[ MDVSA-2011:101 ] dovecot security (May 26)
[ MDVSA-2011:103 ] gimp security (May 30)
[ MDVSA-2011:102 ] rdesktop security (May 30)

Security_Alert

ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability Security_Alert (May 16)

security-alert

[security bulletin] HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert (May 03)
[security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection security-alert (May 04)
[security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS) security-alert (May 09)
[security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS) security-alert (May 09)
[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification security-alert (May 09)
[security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert (May 09)
[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification security-alert (May 09)
[security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code security-alert (May 11)
[security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access security-alert (May 11)
[security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files security-alert (May 11)
[security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) security-alert (May 11)
[security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert (May 12)
[security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS) security-alert (May 16)

security curmudgeon

Re: SQL Injection in Pixie security curmudgeon (May 10)

Shatter

TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html Shatter (May 03)
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU Shatter (May 03)
TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component Shatter (May 03)

sschurtz

Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag" sschurtz (May 31)

Stefan Fritsch

[SECURITY] [DSA 2237-1] apr security update Stefan Fritsch (May 16)
[SECURITY] [DSA 2237-2] apr security update Stefan Fritsch (May 24)

Stefan Kanthak

Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer Stefan Kanthak (May 16)

Stefano Di Paola

DOMinator - The DOMXss Analyzer Tool - is finally public Stefano Di Paola (May 18)

Steve Beattie

[USN-1126-2] PHP Regressions Steve Beattie (May 05)

supernothing

Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others supernothing (May 25)

Thijs Kinkhorst

[SECURITY] [DSA 2247-1] rails security update Thijs Kinkhorst (May 31)

Timo Warns

[PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel Timo Warns (May 11)

Tomi Tuominen

t2'11: Call for Papers 2011 (Helsinki / Finland) Tomi Tuominen (May 05)

Veronica

Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure Veronica (May 26)

VMware Security Team

VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities VMware Security Team (May 07)

vuln

Cisco IOS UDP Denial of Service Vulnerability vuln (May 04)
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability vuln (May 04)

VUPEN Security Research

VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption VUPEN Security Research (May 24)

Walikar Riyaz Ahemed Dawalmalik

[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities Walikar Riyaz Ahemed Dawalmalik (May 31)
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities Walikar Riyaz Ahemed Dawalmalik (May 31)

Wietse Venema

Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) Wietse Venema (May 09)

Williams, James K

RE: CA20110420-02: Security Notice for CA Output Management Web Viewer Williams, James K (May 19)

Wouter Coekaerts

E-mail address spoofing with RLO Wouter Coekaerts (May 24)

Xiaobo

MalBox Release! A Program Behavior Analysis System! Xiaobo (May 16)

ZDI Disclosures

ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability ZDI Disclosures (May 09)
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability ZDI Disclosures (May 09)
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability ZDI Disclosures (May 09)
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability ZDI Disclosures (May 10)
ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability ZDI Disclosures (May 16)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault