192 messages starting Feb 01 12 and ending Feb 29 12 Date index | Thread index | Author index
[Announce] Apache HTTP Server 2.2.22 Released William A. Rowe Jr. 802.1X password exploit on many HTC Android devices Bret Jordan Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14 LpSolit Multiple vulnerabilities in OpenEMR advisory ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability Security_Alert XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge) andsarmiento
[ MDVSA-2012:012 ] apache security APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 Apple Product Security Call For Paper asemailing Fwd: RA-Guard: Advice on the implementation (feedback requested) Fernando Gont [CAL-2012-0004] opera array integer overflow Code Audit Labs [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code security-alert GLSA (Gentoo Linux Security Advisory) publication changes Alex Legler
[security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code security-alert [SECURITY] [DSA 2401-1] tomcat6 security update Moritz Muehlenhoff [SECURITY] [DSA 2400-1] iceweasel security update Moritz Muehlenhoff [SECURITY] [DSA 2402-1] iceape security update Moritz Muehlenhoff [SECURITY] [DSA 2403-1] php5 security update Thijs Kinkhorst RFC 6528 on Defending against Sequence Number Attacks Fernando Gont ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability Security_Alert [ MDVSA-2012:013 ] mozilla security
[SECURITY] [DSA 2384-2] cacti regression Luk Claes [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update Florian Weimer [SECURITY] [DSA 2405-1] apache2 security update Stefan Fritsch Mathopd - Directory Traversal Vulnerability Mateusz Goik
[ MDVSA-2012:014 ] glpi security [SECURITY] [DSA 2403-2] php5 security update Thijs Kinkhorst SimpleGroupware 0.742 Cross-Site-Scripting vulnerability security DEF CON 20 Capture the Flag Announcement The Dark Tangent CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly Colm O hEigeartaigh SQL Injection Vulnerability in Batavi 1.1.2 Netsparker Advisories [security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information security-alert eFronts Community++ v3.6.10 - Cross Site Vulnerability research () vulnerability-lab com
Unauthenticated remote code execution on D-Link ShareCenter products roberto . paleari [security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert Cyberoam Central Console v2.00.2 - File Include Vulnerability research () vulnerability-lab com Multiple vulnerabilities in ZENphoto advisory [security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information security-alert ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability ZDI Disclosures ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability ZDI Disclosures ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability ZDI Disclosures ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution ZDI Disclosures ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities ZDI Disclosures ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2407-1] cvs security update Florian Weimer [ MDVSA-2012:015 ] wireshark security [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability Leonardo Uribe [Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities research () vulnerability-lab com
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities research () vulnerability-lab com OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities research () vulnerability-lab com Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities research () vulnerability-lab com Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities research () vulnerability-lab com CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group [ MDVSA-2012:016 ] glpi security
[slackware-security] vsftpd (SSA:2012-041-05) Slackware Security Team [slackware-security] glibc (SSA:2012-041-03) Slackware Security Team [slackware-security] proftpd (SSA:2012-041-04) Slackware Security Team [slackware-security] httpd (SSA:2012-041-01) Slackware Security Team [slackware-security] php (SSA:2012-041-02) Slackware Security Team OWASP AppSec USA 2011 Video & Slides Posted adam Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability research () vulnerability-lab com [Suspected Spam] eFront Community++ v3.6.10 - SQL Injection Vulnerability research () vulnerability-lab com sqlinjection bug in nova cms rezahmail [ MDVSA-2012:017 ] firefox security [ MDVSA-2012:018 ] mozilla-thunderbird security [Announcement] ClubHack Mag - Call for Articles abhijeet [SECURITY] [DSA 2408-1] php5 security update Moritz Muehlenhoff
[ MDVSA-2012:019 ] apr security
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability Code Audit Labs [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow Code Audit Labs FreePBX Remote Exploit dougw [ MDVSA-2012:020 ] phpldapadmin security Multiple vulnerabilities in 11in1 advisory Multiple vulnerabilities in LEPTON advisory [SECURITY] [DSA 2409-1] devscripts security update Raphael Geissert TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution noreply
Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team [SECURITY] [DSA 2410-1] libpng security update Moritz Muehlenhoff 2012 Honeynet Project Security Workshop Guillaume Arcas [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip Timo Warns Re: sqlinjection bug in nova cms Henri Salo Hackito Ergo sum // HES2012 Final CFP // Call for Hackers Jonathan Brossard
Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session research () vulnerability-lab com [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability research () vulnerability-lab com 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) Kousuke Ebihara Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) Rodrigo Rubira Branco \(BSDaemon\) [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains Fernando Gont PHP 5.2.x Remote Code Execution Vulnerability Worawit Wang Puppet Dashboard insecure by default Schweiss, Chip [ MDVSA-2012:021 ] java-1.6.0-openjdk security
Downloads Folder: A Binary Planting Minefield ACROS Security Lists WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability sschurtz CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated] YGN Ethical Hacker Group [SECURITY] [DSA 2411-1] mumble security update Florian Weimer [SECURITY] [DSA 2412-1] libvorbis security update Moritz Muehlenhoff SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5 SEC Consult Vulnerability Lab SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional SEC Consult Vulnerability Lab SQL Injection Vulnerabilities in TestLink jnatal DC4420 - London DEFCON - February meet - Tuesday February 21st 2012 Major Malfunction OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
[SECURITY] [DSA 2413-1] libarchive security update Luk Claes Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab F*EX <= 20100208 Cross Site Scripting Vulnerabilities muuratsalo experimental hack lab F*EX 20111129-2 Cross Site Scripting Vulnerability muuratsalo experimental hack lab Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements Fernando Gont Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability demonalex
[SECURITY] [DSA 2414-1] fex security update Nico Golde [SECURITY] [DSA 2415-1] libmodplug security update Nico Golde Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines Simon McVittie [ MDVSA-2012:022 ] libpng security Multiple XSS in Chyrp advisory [ MDVSA-2012:023 ] libxml2 security
Mobile Mp3 Search Engine HTTP Response Splitting CorryL ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution ZDI Disclosures TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability ZDI Disclosures [SECURITY] [DSA 2417-1] libxml2 security update Nico Golde NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution Research () NGSSecure YVS Image Gallery Sql injection CorryL Security advisory for Bugzilla 4.2 and 4.0.5 LpSolit Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities Cisco Systems Product Security Incident Response Team CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability demonalex [SECURITY] [DSA 2416-1] notmuch security update Thijs Kinkhorst [ MDVSA-2012:022 ] mozilla security [security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert [security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code security-alert [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write Onapsis Research Labs [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure Onapsis Research Labs [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read Onapsis Research Labs [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure Onapsis Research Labs [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure Onapsis Research Labs [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service Onapsis Research Labs [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification Onapsis Research Labs [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure Onapsis Research Labs PHP Gift Registry 1.5.5 SQL Injection Thomas Richards Dropbear SSH server use-after-free vulnerability Danny Fullerton
TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform Trustwave Advisories Kongreg8 1.7.3 Mutiple XSS Thomas Richards Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps Felipe M. Aragon NGS00237 Patch Notification: Samba Andx request Remote Code Execution Research () NGSSecure [SECURITY] [DSA 2414-2] fex regression Nico Golde pidgin OTR information leakage Dimitris Glynos DeepSec "Sector v6" - Call for Papers DeepSec Conference FrameJammer DOM based XSS mkey Case YVS Image Gallery Henri Salo [ MDVSA-2012:023 ] libvpx security Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability research () vulnerability-lab com OSQA CMS v3b - Multiple Persistent Vulnerabilities research () vulnerability-lab com Wolf CMS v0.7.5 - Multiple Web Vulnerabilities research () vulnerability-lab com Re: pidgin OTR information leakage Jann Horn [SECURITY] [DSA 2418-1] postgresql-8.4 security update Moritz Muehlenhoff Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities regis Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec cfp2012 Re: [Full-disclosure] pidgin OTR information leakage Michele Orru [SECURITY] [DSA 2419-1] puppet security update Florian Weimer Re: [Full-disclosure] pidgin OTR information leakage Rich Pieri
Re: [Full-disclosure] pidgin OTR information leakage Jeffrey Walton Re: [oss-security] Case YVS Image Gallery Henri Salo Re: [Full-disclosure] pidgin OTR information leakage Dimitris Glynos Re: [Full-disclosure] pidgin OTR information leakage Dimitris Glynos [ MDVSA-2012:022-1 ] mozilla security [ MDVSA-2012:023-1 ] libvpx security Reliable Windows 7 Exploitation: A Case Study Ivan Fratric ImgPals Photo Host Version 1.0 Admin Account Disactivation CorryL [ MDVSA-2012:025 ] samba security [SECURITY] [DSA 2420-1] openjdk-6 security update Florian Weimer
Multiple XSS in Dotclear advisory [ MDVSA-2012:026 ] postgresql security [ MDVSA-2012:027 ] postgresql8.3 security Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team [SECURITY] [DSA 2421-1] moodle security update Moritz Muehlenhoff [SECURITY] [DSA 2422-1] file security update Florian Weimer
RSS Feed
About List
All Lists
Previous period
