Home page logo
/

226 messages starting Aug 01 12 and ending Aug 31 12
Date index | Thread index | Author index

Wednesday, 01 August

[SECURITY] [DSA 2518-1] krb5 security update Yves-Alexis Perez
Barracuda Appliances - Validation Filter Bypass Vulnerability Vulnerability Lab
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Vulnerability Lab
ME Application Manager 10 - Multiple Web Vulnerabilities Vulnerability Lab
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Vulnerability Lab
ME Mobile Application Manager v10 - SQL Vulnerabilities Vulnerability Lab
Kaspersky PM 5.0.0.164 - Software Filter Vulnerability Vulnerability Lab
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow Secunia Research
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow Secunia Research
[ MDVSA-2012:111 ] krb5 security
[SECURITY] [DSA 2519-1] isc-dhcp security update Nico Golde

Thursday, 02 August

[ MDVSA-2012:121 ] libjpeg-turbo security
[security bulletin] HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code security-alert
Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability Socket_0x03
Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability Vulnerability Lab
My ROP mitigation Young Jun Ko

Friday, 03 August

[SECURITY] [DSA 2520-1] openoffice.org security update Yves-Alexis Perez
[ MDVSA-2012:122 ] icedtea-web security
29C3: Call for Participation for 29th Chaos Communication Congress fukami

Monday, 06 August

ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) ZDI Disclosures
ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities ZDI Disclosures
ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2012:123 ] libreoffice security
[SECURITY] [DSA 2521-1] libxml2 security update Moritz Muehlenhoff
[ MDVSA-2012:124 ] openoffice.org security
[security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert
Joomla com_package - SQL Injection Vulnerability Vulnerability Lab
[SECURITY] [DSA 2522-1] fckeditor security update Yves-Alexis Perez
[SECURITY] [DSA 2519-2] isc-dhcp regression Nico Golde
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution nospam
iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Vulnerability Lab
Inout Mobile Webmail APP - Multiple Web Vulnerabilities Vulnerability Lab
[ MDVSA-2012:125 ] wireshark security
Joomla com_photo - SQL Injection Vulnerability Vulnerability Lab
BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability Vulnerability Lab
[CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities lorenzo . cantoni86
[CVE-2012-3872] Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities lorenzo . cantoni86
[CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability lorenzo . cantoni86
[CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities lorenzo . cantoni86
Dir2web3 Mutiple Vulnerabilities Daniel Correa

Tuesday, 07 August

[SECURITY] [DSA 2523-1] globus-gridftp-server security update Moritz Muehlenhoff
[SECURITY] [DSA 2524-1] openttd security update Moritz Muehlenhoff
[SECURITY] [DSA 2525-1] expat security update Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-12:05.bind FreeBSD Security Advisories
Oracle Business Transaction Management Server FlashTunnelService WriteToFile Message Remote Code Execution nospam
Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion nospam
nullcon International security conference Delhi 2012 Highlights nullcon
[security bulletin] HPSBMU02781 SSRT100617 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert

Wednesday, 08 August

[ MDVSA-2012:126 ] libxml2 security
[ MDVSA-2012:127 ] libtiff security
ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability Security Alert
MobileCartly 1.0 <= Remote Code Execution Vulnerability pereira
Multiple vulnerabilities in PBBoard advisory
Multiple Vulnerabilities in phpList advisory

Thursday, 09 August

[ MDVSA-2012:128 ] bash security
Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Vulnerability Lab
Joomla com_fireboard - SQL Injection Vulnerability Vulnerability Lab
Arasism (IR) CMS - File Upload Vulnerability Vulnerability Lab
[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions Hafez Kamal

Friday, 10 August

Another Solaris 10 Patch Cluster Symlink Attack larry Cashdollar
How well does Microsoft support (and follow) their mantra "keep your PC updated"? Stefan Kanthak
WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities sschurtz
[PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice Timo Warns

Monday, 13 August

[ MDVSA-2012:129 ] busybox security
[ MDVSA-2012:129-1 ] busybox security
[ MDVSA-2012:130 ] openldap security
[SECURITY] [DSA 2526-1] libotr security update Nico Golde
Last reminder for Passwords^12 : Call for Presentations Per Thorsheim
[ MDVSA-2012:131 ] libotr security
[SECURITY] [DSA 2527-1] php5 security update Moritz Muehlenhoff
[security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS) security-alert

Tuesday, 14 August

GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012 Fabien DUCHENE
[Announcement] ClubHack Magazine's Aug 2012 Issue Released abhijeet
TCExam Edit SQL Injection research
[security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information security-alert
[security bulletin] HPSBMU02802 SSRT100923 rev.1 - HP Fortify Software Security Center, Remote Disclosure of Privileged Information security-alert
[security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBMU02803 SSRT100926 rev.1 - HP Service Manager and HP Service Center Web Tier, Remote Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Vulnerability Lab
Re: How well does Microsoft support (and follow) their mantra "keep your PC updated"? Thomas D.
NeoInvoice Blind SQL Injection (CVE-2012-3477) Adam Caudill
7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities Vulnerability Lab
Total Shop UK eCommerce Generic Cross-Site Scripting research
TCExam Edit Cross-Site Scripting research
Group-Office Cleartext Credentials Stored in Cookies research

Wednesday, 15 August

[SECURITY] [DSA 2528-1] icedove security update Florian Weimer
CFP for ZeroNights conference Moscow 19-20 November 2012 Alexander Polyakov
[2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:132 ] glpi security
[SECURITY] [DSA 2530-1] rssh security update Florian Weimer

Thursday, 16 August

[slackware-security] t1lib (SSA:2012-228-01) Slackware Security Team
[ MDVSA-2012:133 ] usbmuxd security
vulnerabilities in Samsung Epic 4G Touch with 2.3.6 and probably other Samsung Galaxies Alexander Pruss

Friday, 17 August

[ MDVSA-2012:135 ] wireshark security
[security bulletin] HPSBUX02806 SSRT100789 rev.1 - HP Serviceguard, Remote Denial of Service (DoS) security-alert
[ MDVSA-2012:137 ] acpid security
[ MDVSA-2012:138 ] acpid security
[ MDVSA-2012:136 ] phpmyadmin security
NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3 Research () NGSSecure
GIMP Scriptfu Python Remote Command Execution research
Social Engine v4.2.5 - Multiple Web Vulnerabilities Vulnerability Lab
ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Vulnerability Lab
ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Vulnerability Lab
Nike+ Panel & Mobile App - Multiple Web Vulnerabilities Vulnerability Lab
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Vulnerability Lab
[FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS Jose Carlos de Arriba
[ MDVSA-2012:134 ] wireshark security
Internet Explorer Script Interjection Code Execution ds . adv . pub
[slackware-security] emacs (SSA:2012-228-02) Slackware Security Team
ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty ZDI Disclosures
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability ZDI Disclosures

Monday, 20 August

[SECURITY] [DSA 2531-1] xen security update Luciano Bello
[ MDVSA-2012:139 ] postgresql security
[ MDVSA-2012:140 ] mono security
ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
ocPoral CMS 8.x | Session Hijacking Vulnerability YGN Ethical Hacker Group
NGS00330 Patch Notification: Squiz CMS Directory Traversal Research () NGSSecure
NGS00208 Patch Notification: Moodle CMS stored XSS Research () NGSSecure
NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection Research () NGSSecure
NGS00242 Patch Notification: SysAid Helpdesk stored XSS Research () NGSSecure
APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1 Apple Product Security

Tuesday, 21 August

[ MDVSA-2012:141 ] openslp security

Wednesday, 22 August

apache struts2 remote code execute voidloafer
[ MDVSA-2012:142 ] gimp security
XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Netsparker Advisories
XSS and SQL Injection Vulnerabilities in OrderSys Netsparker Advisories
XSS Vulnerabilities in LabWiki Netsparker Advisories
XSS and SQL Injection Vulnerabilities in Jara Netsparker Advisories

Thursday, 23 August

ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability ZDI Disclosures
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. ZDI Disclosures
ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS) security-alert
SaltOS 3.1 Cross-Site Scripting vulnerability sschurtz
Ad Manager Pro v. 4 Remote FLI CorryL
[ MDVSA-2012:143 ] python-django security

Friday, 24 August

ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability Security Alert
[security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS) security-alert
[SECURITY] [DSA 2533-1] pcp security update Florian Weimer
Re: [Full-disclosure] XSS Vulnerabilities in LabWiki Henri Salo
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Lists
Re: [Full-disclosure] XSS and SQL Injection Vulnerabilities in Jara Henri Salo

Monday, 27 August

[slackware-security] dhcp (SSA:2012-237-01) Slackware Security Team
Chamilo 1.8.8.4 Multiple Vulnerabilities beford
Paliz CMS Full Path Disclosure Vulnerability advisories
Exploit Title: Mihalism Multi Host v 5.0 explo21ter
Wordpress fckeditor Arbitrary File Upload Vulnerability irist . ir
CommPort 1.01 <= SQL Injection Vulnerability pereira

Tuesday, 28 August

CA20111208-01: Security Notice for CA SiteMinder [updated] Williams, James K
CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0 Rob Weir
[ MDVSA-2012:144 ] tetex security
[SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations
ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability Security Alert
[security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert

Wednesday, 29 August

ToorCon 14 Call For Papers h1kari
[ MDVSA-2012:145 ] firefox security
t2′12: Challenge to be released 2012-09 -01 10:00 EEST Tomi Tuominen
Cross-Site Scripting (XSS) in Phorum advisory
XSS in PrestaShop advisory
[ MDVSA-2012:146 ] firefox security
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2012:147 ] mozilla-thunderbird security
Sistem Biwes Multiple Vulnerability admin
Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing Seeker Research Center
ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability ZDI Disclosures
squidGuard 1.4 - Remote Denial of Service - POC Stefan Bauer
Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations
[SECURITY] [DSA 2535-1] rtfm security update Florian Weimer

Thursday, 30 August

[security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code security-alert
SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor SEC Consult Vulnerability Lab
[ MDVSA-2012:074-1 ] ffmpeg security
[ MDVSA-2012:148 ] ffmpeg security
ESA-2012-038: EMC NetWorker Format String Vulnerability Security Alert

Friday, 31 August

[SECURITY] [DSA 2536-1] otrs2 security update Florian Weimer
[SECURITY] [DSA 2537-1] typo3-src security update Florian Weimer
AST-2012-012: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team
AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users Asterisk Security Team
Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11 LpSolit
VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries VMware Security Team
[SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]