Home page logo
/

218 messages starting Oct 03 11 and ending Oct 31 11
Date index | Thread index | Author index

Monday, 03 October

Elastix PBX Extensions Enumeration Bassem Ammar
[ MDVSA-2011:139 ] firefox security
[ MDVSA-2011:140 ] mozilla-thunderbird security
[ MDVSA-2011:141 ] firefox security
[ MDVSA-2011:142 ] mozilla-thunderbird security
SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability research () vulnerability-lab com
Netvolution referer header SQL injection vulnerability Dimitris Glynos
Vulnerabilities in Cytel Studio 9 Luigi Auriemma
Vulnerabilities in GenStat 14.1.0.5943 Luigi Auriemma
DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal ddivulnalert
Phorum 5.2.18 Cross-site scripting vulnerability sschurtz
DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval ddivulnalert
[SECURITY] [DSA 2314-1] puppet security update Nico Golde

Tuesday, 04 October

vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Multiple vulnerabilities in SonicWall hvazquez
New open source Security Framework noreply

Wednesday, 05 October

FreeBSD Security Advisory FreeBSD-SA-11:05.unix [REVISED] FreeBSD Security Advisories
VMSA-2011-0011 VMware hosted products address remote code execution vulnerability VMware Security Team
vTiger CRM 5.2.x <= Remote Code Execution Vulnerability YGN Ethical Hacker Group
vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability YGN Ethical Hacker Group
Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability Secunia Research
[SECURITY] [DSA 2315-1] openoffice.org security update Giuseppe Iuculano

Thursday, 06 October

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager Cisco Systems Product Security Incident Response Team
Re: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability Steven Nuhn
[SECURITY] [DSA 2316-1] quagga security update Florian Weimer
[ MDVSA-2011:143 ] rpm security
[SECURITY] [DSA 2317-1] icedove security update Moritz Muehlenhoff
Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability sschurtz

Friday, 07 October

[SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update Nico Golde
Secunia Research: Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability Secunia Research
Secunia Research: Autonomy Keyview Ichitaro Text Parsing Buffer Overflow Secunia Research
Secunia Research: Autonomy Keyview Ichitaro Object Reconstruction Logic Vulnerability Secunia Research
VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability VUPEN Security Research
VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability VUPEN Security Research
Medium severity flaw with Ark Tim Brown
Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM Tim Brown

Tuesday, 11 October

ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams) Marco van Berkum
Contao 2.10.1 Cross-site scripting vulnerability sschurtz
SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities sschurtz
[ MDVSA-2011:144 ] apache security
[SECURITY] [DSA 2319-1] policykit-1 security update Thijs Kinkhorst
[SECURITY] [DSA 2320-1] dokuwiki regression fix Thijs Kinkhorst
openEngine 2.0 'key' Blind SQL Injection vulnerability sschurtz
KaiBB 2.0.1 XSS and SQL Injection vulnerabilities sschurtz
[ GLSA 201110-01 ] OpenSSL: Multiple vulnerabilities Tobias Heinlein
[ MDVSA-2011:131-1 ] libxml security
[ MDVSA-2011:145 ] libxml2 security
NGS00062 Technical Advisory: Apple OSX / iPhone ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow Research () NGSSecure
[Announcement] ClubHack Mag Issue 21- October 2011 Released abhijeet
[ MDVSA-2011:146 ] cups security
[ MDVSA-2011:147 ] cups security
[SECURITY] [DSA 2321-1] moin security update Moritz Muehlenhoff
[SECURITY] [DSA 2322-1] bugzilla security update Jonathan Wiltshire
[security bulletin] HPSBMU02710 SSRT100601 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access security-alert
[ GLSA 201110-03 ] Stefan Behte
[ GLSA 201110-04 ] Stefan Behte
[ GLSA 201110-05 ] GnuTLS: Multiple vulnerabilities Tobias Heinlein
[ GLSA 201110-07 ] vsftpd: Denial of Service Tobias Heinlein
Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities admin
ZOHO ManageEngine ADSelfService Plus Administrative Access roberto . paleari
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities Tobias Heinlein
APPLE-SA-2011-10-11-1 iTunes 10.5 Apple Product Security

Wednesday, 12 October

[ MDVSA-2011:148 ] samba security
Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364) Adi Sharabani
LedgerSMB 1.3.0 released, includes anti-XSRF framework Chris Travers
Multiple vulnerabilities in BugFree advisory
Multiple vulnerabilities in Pretty Link WordPress Plugin advisory
Re: SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities Henri Salo
AppSec DC 2012 CFP is OPEN! AppSec DC
CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption CORE Security Technologies Advisories
APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4 Apple Product Security
APPLE-SA-2011-10-12-1 iOS 5 Software Update Apple Product Security
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 Apple Product Security
APPLE-SA-2011-10-12-5 Pages for iOS v1.5 Apple Product Security
APPLE-SA-2011-10-12-6 Numbers for iOS v1.5 Apple Product Security
iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability labs-no-reply
APPLE-SA-2011-10-12-4 Safari 5.1.1 Apple Product Security

Thursday, 13 October

Two Remote Code Execution Vulnerabilities in Internet Explorer Ivan Fratric
VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console VMware Security Team
SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969) SEC Consult Vulnerability Lab
Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass Drew Calcott
Multiple G-WAN vulnerabilities Fredrik Widlund
iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability labs-no-reply
iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability labs-no-reply

Friday, 14 October

[ GLSA 201110-08 ] feh: Multiple vulnerabilities Stefan Behte
[ GLSA 201110-09 ] Conky: Privilege escalation Stefan Behte
[ GLSA 201110-10 ] Wget: User-assisted file creation or overwrite Tim Sammut
[ GLSA 201110-11 ] Adobe Flash Player: Multiple vulnerabilities Tim Sammut
DC4420 - London DEFCON - October meet - Tuesday October 18th 2011 Major Malfunction
[PTResearch] SAP DIAG Decompress plugin for Wireshark noreply

Monday, 17 October

[ MDVSA-2011:149 ] cyrus-imapd security
[slackware-security] httpd (SSA:2011-284-01) Slackware Security Team
[ GLSA 201110-12 ] Unbound: Denial of Service Tobias Heinlein
ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2011:150 ] squid security
[ MDVSA-2011:151 ] libpng security
Re: [Full-disclosure] Breaking the links: Exploiting the linker Tim Brown
foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass percx
DAEMON Tools IOCTL local denial-of-service vulnerability tanda
WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012 Lists
[Announcement] ClubHack Magazine - Call for Articles abhijeet
[ MDVSA-2011:152 ] ncompress security
[ MDVSA-2011:153 ] libxfont security
[ MDVSA-2011:154 ] systemtap security
ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability ZDI Disclosures
ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability ZDI Disclosures
AST-2011-012: Remote crash vulnerability in SIP channel driver Asterisk Security Team
[ MDVSA-2011:155 ] systemtap security

Tuesday, 18 October

[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin noreply
Site () School 2.4.10 SQL Injection & XSS vulnerabilities sschurtz
Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection n0b0d13s
[ MDVSA-2011:156 ] tomcat5 security

Thursday, 20 October

MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529] Tom Yu
[ GLSA 201110-13 ] Tor: Multiple vulnerabilities Tim Sammut
ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability ZDI Disclosures
Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities sschurtz
[security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure security-alert
DNS Poisoning via Port Exhaustion Roee Hay
Multiple vulnerabilities in Tine 2.0 advisory
[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code security-alert
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability nospam
OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024) Nicolas DEROUET
GotRoot Security Challenge Ivan Buetler
[SECURITY] [DSA 2324-1] wireshark security update Moritz Muehlenhoff

Friday, 21 October

Metasploit 4.1.0 Web UI stored XSS vulnerability sschurtz
[ MDVSA-2011:157 ] freetype2 security
VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability VUPEN Security Research
inCommand Technologies, Inc. Cross-site Scripting Vulnerability md . r00t . defacer
[ MDVSA-2011:158 ] phpmyadmin security
TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function) Shatter
TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites Shatter
TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes Shatter

Monday, 24 October

[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities Stefan Behte
[ GLSA 201110-15 ] GnuPG: User-assisted execution of arbitrary code Tim Sammut
[ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabilities Tim Sammut
[ GLSA 201110-17 ] Avahi: Denial of Service Tobias Heinlein
[ GLSA 201110-18 ] rgmanager: Privilege escalation Tobias Heinlein
[ MDVSA-2011:159 ] krb5 security
[ MDVSA-2011:160 ] krb5 security
[ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities Tim Sammut
[SECURITY] [DSA 2325-1] kfreebsd-8 security update Aurelien Jarno
[SECURITY] [DSA 2326-1] pam security update Moritz Muehlenhoff
[CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. 0x9950
jara 1.6 sql injection vulnerability muuratsalo experimental hack lab
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit n0b0d13s
TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite Tobias Glemser

Tuesday, 25 October

[SECURITY] [DSA 2327-1] libfcgi-perl security-update Nico Golde
[ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities Tim Sammut
[ MDVSA-2011:161 ] postgresql security
[security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code security-alert
[SECURITY] [DSA 2328-1] freetype security update Moritz Muehlenhoff
zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability YGN Ethical Hacker Group
[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities Alex Legler
[ GLSA 201110-19 ] X.Org X Server: Multiple vulnerabilities Alex Legler
Re: jara 1.6 sql injection vulnerability Henri Salo

Wednesday, 26 October

[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection Alex Legler
Path disclosure in SPIP advisory
[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert
Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities Cisco Systems Product Security Incident Response Team
ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability ZDI Disclosures

Friday, 28 October

[SECURITY] [DSA 2329-1] torque security update Nico Golde
SANS AppSec 2012 CFP is Open SANS AppSec CFP
ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability ZDI Disclosures
DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315] ddivulnalert
[ GLSA 201110-24 ] Squid: Multiple vulnerabilities Tim Sammut
[ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities Tim Sammut
[ GLSA 201110-26 ] libxml2: Multiple vulnerabilities Tim Sammut
APPLE-SA-2011-10-26-1 QuickTime 7.7.1 Apple Product Security
foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage percx
[SECURITY] [DSA 2330-1] simplesamlphp security update Thijs Kinkhorst
ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges security-alert
VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Response Team
Re: jara 1.6 sql injection vulnerability Henri Salo
[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS noreply
[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS noreply
[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300 noreply
[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router noreply
[SECURITY] [DSA 2323-1] radvd security update Yves-Alexis Perez
[SECURITY] [DSA 2331-1] tor security update Moritz Muehlenhoff
eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities n0b0d13s
RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. Paul Oxman \(poxman\)

Monday, 31 October

[security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert
[SECURITY] [DSA 2332-1] python-django security update Thijs Kinkhorst
[SECURITY] [DSA 2333-1] phpldapadmin security update Jonathan Wiltshire
Apple's Mail.app mail of death Paul
PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow demonalex
Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce) nospam
YaTFTPSvr TFTP Server Directory Traversal Vulnerability demonalex
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]