Home page logo
/

189 messages starting Nov 25 11 and ending Nov 28 11
Date index | Thread index | Author index

0a29 40

0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 0a29 40 (Nov 25)

abhijeet

[Announcement] ClubHack Mag Issue 22- Nov 2011 Released abhijeet (Nov 14)
[Announcement] ClubHack 2011 Hacking and Security Conference abhijeet (Nov 14)

advisory

Multiple vulnerabilities in Efront advisory (Nov 02)
Local file inclusion in VtigerCRM advisory (Nov 09)
Multiple vulnerabilities in webERP advisory (Nov 17)
Multiple vulnerabilities in Dolibarr advisory (Nov 23)
Multiple vulnerabilities in OrangeHRM advisory (Nov 30)
Sql injection in SugarCRM advisory (Nov 30)

Alexandr Polyakov

[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS Alexandr Polyakov (Nov 17)
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay Alexandr Polyakov (Nov 17)
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose Alexandr Polyakov (Nov 17)
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose Alexandr Polyakov (Nov 17)
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS Alexandr Polyakov (Nov 17)
[DSECRG-11-037] SAP BW Doc - Multiple XSS Alexandr Polyakov (Nov 17)
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability Alexandr Polyakov (Nov 17)
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW) Alexandr Polyakov (Nov 17)
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation Alexandr Polyakov (Nov 17)
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering) Alexandr Polyakov (Nov 17)
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vuln erability Alexandr Polyakov (Nov 17)

Alex Davis

Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Alex Davis (Nov 29)

Alex Legler

[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities Alex Legler (Nov 01)
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities Alex Legler (Nov 07)
[ GLSA 201111-06 ] MaraDNS: Arbitrary code execution Alex Legler (Nov 21)
[ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities Alex Legler (Nov 21)
[ GLSA 201111-08 ] radvd: Multiple vulnerabilities Alex Legler (Nov 21)
[ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection Alex Legler (Nov 21)
[ GLSA 201111-10 ] Evince: Multiple vulnerabilities Alex Legler (Nov 21)
[ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code Alex Legler (Nov 21)

Amir

wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir (Nov 17)
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir (Nov 17)
wordpress Lanoba Social Plugin Xss Vulnerabilities Amir (Nov 21)
Wordpress advanced-text-widget Plugin Vulnerabilities Amir (Nov 21)
Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities Amir (Nov 21)
Wordpress adminimize Plugin Vulnerabilities Amir (Nov 21)
Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
Wordpress enable-latex plugin Remote File Include Vulnerabilities Amir (Nov 23)
Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Amir (Nov 28)
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Amir (Nov 30)
Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Amir (Nov 30)

apa-iutcert

IBSng all version Cross-Site Scripting Vulnerability apa-iutcert (Nov 01)

Apple Product Security

APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Apple Product Security (Nov 09)
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update Apple Product Security (Nov 14)
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 Apple Product Security (Nov 14)
APPLE-SA-2011-11-14-1 iTunes 10.5.1 Apple Product Security (Nov 15)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Cisco Systems Product Security Incident Response Team (Nov 09)

Code Audit Labs

[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities Code Audit Labs (Nov 09)
[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability Code Audit Labs (Nov 09)

CORE Security Technologies Advisories

CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass CORE Security Technologies Advisories (Nov 14)

cxib

Multiple BSD libc/regcomp(3) Multiple Vulnerabilities cxib (Nov 04)

Daniel Roethlisberger

Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 Daniel Roethlisberger (Nov 30)

ddivulnalert

DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359] ddivulnalert (Nov 01)

demonalex

GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability demonalex (Nov 01)
CmyDocument Content Management Application - XSS Vulnerabilities demonalex (Nov 03)
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability demonalex (Nov 29)

Dragos Ruiu

CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011 Dragos Ruiu (Nov 30)

entomology

Cisco CUCM - Multiple Vulnerabilities entomology (Nov 08)

Fernando Gont

IPv6 security (slides and training) Fernando Gont (Nov 08)
Implications of IPv6 on network firewalls Fernando Gont (Nov 21)

Florian Weimer

[SECURITY] [DSA 2344-1] python-django-piston security update Florian Weimer (Nov 14)
[SECURITY] [DSA 2346-1] proftpd-dfsg security update Florian Weimer (Nov 16)
[SECURITY] [DSA 2346-2] proftpd-dfsg regression fix Florian Weimer (Nov 17)
[SECURITY] [DSA 2347-1] bind9 security update Florian Weimer (Nov 17)

Henri Salo

Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo (Nov 21)
Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Henri Salo (Nov 21)
Re: XSS in Tiki Wiki CMS Groupware Henri Salo (Nov 22)
Re: jara 1.6 sql injection vulnerability Henri Salo (Nov 22)

Ivan Buetler

New online security challenge - GotWurzel Ivan Buetler (Nov 08)
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Ivan Buetler (Nov 21)

James Webb

Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus James Webb (Nov 17)

Jose Carlos de Arriba

[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities Jose Carlos de Arriba (Nov 14)

Kotas, Kevin J

CA20111116-01: Security Notice for CA Directory Kotas, Kevin J (Nov 17)

Luigi Auriemma

Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2 Luigi Auriemma (Nov 28)
Vulnerabilities in Siemens Automation License Manager Luigi Auriemma (Nov 28)
Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 Luigi Auriemma (Nov 29)

maciej . kozuszek

Debut issue of Web App Pentesting Magazine - Free Download! maciej . kozuszek (Nov 23)
New issue of PenTest Magazine is out - 21 pages of free content. maciej . kozuszek (Nov 30)

Major Malfunction

DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November Major Malfunction (Nov 09)

marian . ventuneac

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter marian . ventuneac (Nov 29)

Mark Thomas

[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Mark Thomas (Nov 08)

Moritz Muehlenhoff

[SECURITY] [DSA 2334-1] mahara security update Moritz Muehlenhoff (Nov 04)
[SECURITY] [DSA 2338-1] moodle security update Moritz Muehlenhoff (Nov 08)
[SECURITY] [DSA 2339-1] nss security update Moritz Muehlenhoff (Nov 08)
[SECURITY] [DSA 2341-1] iceweasel security update Moritz Muehlenhoff (Nov 09)
[SECURITY] [DSA 2342-1] iceape security update Moritz Muehlenhoff (Nov 10)
[SECURITY] [DSA 2349-1] spip security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2350-1] freetype security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2348-1] systemtap security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2351-1] wireshark security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2352-1] puppet security update Moritz Muehlenhoff (Nov 23)
[SECURITY] [DSA 2353-1] ldns security update Moritz Muehlenhoff (Nov 25)

muuratsalo experimental hack lab

OrderSys <= 1.6.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab (Nov 09)
LabStoRe <= 1.5.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab (Nov 09)
LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab (Nov 09)
Re: LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab (Nov 09)
Blogs manager <= 1.101 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
Valid tiny-erp <= 1.6 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
Freelancer calendar <= 1.01 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)

n0b0d13s

Re: Local file inclusion in VtigerCRM n0b0d13s (Nov 10)
Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability n0b0d13s (Nov 14)
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability n0b0d13s (Nov 17)
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability n0b0d13s (Nov 21)
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability n0b0d13s (Nov 23)
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities n0b0d13s (Nov 30)

Netsparker Advisories

XSS Vulnerabilities in eFront Netsparker Advisories (Nov 01)
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3 Netsparker Advisories (Nov 01)
XSS vulnerability in Joomla 1.6.3 Netsparker Advisories (Nov 14)

Nick Freeman

Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits Nick Freeman (Nov 29)

Nico Golde

[SECURITY] [DSA 2335-1] man2html security update Nico Golde (Nov 07)

nospam

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability nospam (Nov 01)

percx

foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx (Nov 08)
Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx (Nov 14)

Raphael Geissert

[SECURITY] [DSA 2343-1] openssl security update Raphael Geissert (Nov 09)

Research () NGSSecure

NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295) Research () NGSSecure (Nov 02)
NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution Research () NGSSecure (Nov 23)
NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution Research () NGSSecure (Nov 23)
NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution Research () NGSSecure (Nov 23)

research () vulnerability-lab com

iGuard Biometric Access Control - Multiple Vulnerabilities research () vulnerability-lab com (Nov 14)

reset557

Malware detection evasion in antivirus software reset557 (Nov 07)

Secunia Research

Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability Secunia Research (Nov 17)

security

[ MDVSA-2011:162 ] kdelibs4 security (Nov 01)
[ MDVSA-2011:163 ] phpldapadmin security (Nov 02)
[ MDVSA-2011:164 ] wireshark security (Nov 02)
[ MDVSA-2011:165 ] php security (Nov 03)
[ MDVSA-2011:166 ] php security (Nov 03)
[ MDVSA-2011:167 ] gimp security (Nov 04)
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 security (Nov 09)
Multiple security vulnerabilities in AShop security (Nov 09)
[ MDVSA-2011:168 ] apache security (Nov 09)
[ MDVSA-2011:168 ] apache security (Nov 09)
[ MDVSA-2011:170 ] java-1.6.0-openjdk security (Nov 14)
[ MDVSA-2011:171 ] networkmanager security (Nov 14)
[ MDVSA-2011:172 ] libreoffice security (Nov 14)
[ MDVSA-2011:173 ] openssl0.9.8 security (Nov 14)
[ MDVSA-2011:174 ] graphite2 security (Nov 15)
[ MDVSA-2011:175 ] poppler security (Nov 15)
[ MDVSA-2011:176 ] bind security (Nov 17)
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities security (Nov 17)
[ MDVSA-2011:176-1 ] bind security (Nov 18)
[ MDVSA-2011:176-2 ] bind security (Nov 18)
[ MDVSA-2011:177 ] freetype2 security (Nov 23)
[ MDVSA-2011:178 ] glibc security (Nov 28)
[ MDVSA-2011:179 ] glibc security (Nov 28)
[ MDVSA-2011:180 ] php-suhosin security (Nov 28)
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability security (Nov 30)

Security_Alert

ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. Security_Alert (Nov 03)
ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Security_Alert (Nov 03)

security-alert

[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Nov 01)
[security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS) security-alert (Nov 03)
[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert (Nov 04)
[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access security-alert (Nov 04)
[security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification security-alert (Nov 08)
[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert (Nov 10)
[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access security-alert (Nov 10)
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Nov 14)
[security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code security-alert (Nov 14)
[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access security-alert (Nov 14)
[security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert (Nov 17)
[security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert (Nov 22)
[security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert (Nov 24)
[security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) security-alert (Nov 24)

Sergio Gelato

Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage Sergio Gelato (Nov 10)

sschurtz

Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability sschurtz (Nov 03)
Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting sschurtz (Nov 03)
osCSS2 "_ID" parameter Local file inclusion sschurtz (Nov 08)

tan

CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY tan (Nov 01)

Thijs Kinkhorst

[SECURITY] [DSA 2337-1] xen security update Thijs Kinkhorst (Nov 07)
[SECURITY] [DSA 2340-1] postgresql security update Thijs Kinkhorst (Nov 08)

Tim Sammut

[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities Tim Sammut (Nov 14)
[ GLSA 201111-04 ] phpDocumentor: Function call injection Tim Sammut (Nov 14)
[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities Tim Sammut (Nov 21)

Tobias Glemser

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Tobias Glemser (Nov 23)

Trustwave Advisories

TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon Trustwave Advisories (Nov 08)

VMware Security Team

VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Team (Nov 18)

Yves-Alexis Perez

[SECURITY] [DSA 2336-1] ffmpeg security update Yves-Alexis Perez (Nov 08)
[SECURITY] [DSA 2354-1] cups security update Yves-Alexis Perez (Nov 30)

ZDI Disclosures

ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability ZDI Disclosures (Nov 17)
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability ZDI Disclosures (Nov 17)
ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]