Home page logo
/

192 messages starting Jan 02 12 and ending Jan 31 12
Date index | Thread index | Author index

Monday, 02 January

[SECURITY] [DSA 2376-2] ipmitool security update Thijs Kinkhorst
[ MDVSA-2011:198 ] phpmyadmin security
[SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update Nico Golde
[ MDVSA-2012:001 ] fcgi security

Tuesday, 03 January

[ MDVSA-2012:002 ] t1lib security
BigACE CMS - XSS Vulnerabilities demonalex
OpenKM 5.1.7 Privilege Escalation Cyrill Brunschwiler
OpenKM 5.1.7 OS Command Execution (XSRF based) Cyrill Brunschwiler
Tinyguestbook XSS tom
mavili guestbook - SQL Injection and XSS Vulnerabilities demonalex
[RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting GmbH
[SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations
SQL Injection Vulnerability in OpenEMR 4.1.0 Netsparker Advisories
Re: PHP Booking Calendar 10e XSS Henri Salo

Wednesday, 04 January

Re: Tinyguestbook XSS Henri Salo
[SECURITY] [DSA 2378-1] ffmpeg security update Moritz Muehlenhoff
InfoSec Southwest 2012 CFP First-round Speaker Selections I\)ruid
TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System Trustwave Advisories
Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations
Google Chrome HTTPS Address Bar Spoofing ACROS Security Lists
Re: OpenKM 5.1.7 Privilege Escalation pavila
Multiple vulnerabilities in ImpressCMS advisory
Open Redirection Vulnerability in Orchard 1.3.9 Netsparker Advisories
[SECURITY] [DSA 2379-1] krb5 security update Florian Weimer
[SECURITY] [DSA 2380-1] foomatic-filters security update Florian Weimer

Thursday, 05 January

[ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities Tim Sammut
Revised IETF I-D: Advice on IPv6 RA-Guard Implementation Fernando Gont
HServer webserver - Directory Traversal Vulnerability demonalex
NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS Research () NGSSecure
NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability Research () NGSSecure
SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 SEC Consult Vulnerability Lab
Ggb Guestbook - XSS Vulnerabilities demonalex
VLC media player v1.1.11 (.amr) Local Crash PoC hapsec
VertrigoServ 2.25 Cross-Site-Scripting vulnerability security
SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities security

Friday, 06 January

ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities ZDI Disclosures
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability ZDI Disclosures
[ GLSA 201201-02 ] MySQL: Multiple vulnerabilities Tim Sammut
[SECURITY] [DSA 2381-1] squid3 security update Florian Weimer
IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability demonalex
IpTools - Rcmd Remote Overflow Vulnerability demonalex

Monday, 09 January

[SECURITY] [DSA 2382-1] ecryptfs-utils security update Jonathan Wiltshire
[ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities Tim Sammut
[SECURITY] [DSA 2383-1] super security update Moritz Muehlenhoff
[security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
[security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert
[SECURITY] [DSA 2384-1] cacti security update luk
Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations
DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785) ddivulnalert
Simple Mail Server - SMTP Authentication Bypass Vulnerability demonalex
AppSec DC 2012 CFP EXTENDED! AppSec DC

Tuesday, 10 January

p0f3 release candidate Michal Zalewski
Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability Peter Conrad
Is Your Online Bank Vulnerable To Currency Rounding Attacks? ACROS Security Lists
[ MDVSA-2012:003 ] apache security
ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2385-1] pdns security update Florian Weimer

Wednesday, 11 January

Multiple Cross-Site-Scripting vulnerabilities in x3cms security
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01) VUPEN Security Research
[PT-2011-01] Cross-Site Scripting in Kayako Support Suite noreply
[PT-2011-02] PHP code Injection in Kayako Support Suite noreply
Multiple XSS in KnowledgeTree Community Edition advisory
[PT-2011-03] Information disclosure in Kayako Support Suite noreply
[PT-2011-03] Information disclosure in Kayako Support Suite noreply
[PT-2011-04] Cross-Site Scripting in Kayako Support Suite noreply
Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities Secunia Research
Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability Secunia Research
[SECURITY] [DSA 2387-1] simplesamlphp security update Thijs Kinkhorst

Thursday, 12 January

[SECURITY] [DSA 2386-1] openttd security update Luk Claes
[security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code security-alert
GreenBrowser iframe content Double Free Vulnerability vuln
Office arbitrary ClickOnce application execution vulnerability Akita Software Security
AthCon 2012 CFP is now OPEN! Christian Papathanasiou
Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation Fernando Gont
SafeSEH+SEHOP all-at-once bypass explotation method principles geinblues
[ MDVSA-2012:004 ] t1lib security
ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution ZDI Disclosures
ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities ZDI Disclosures
ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability ZDI Disclosures

Friday, 13 January

ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389 Henri Salo

Monday, 16 January

[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code security-alert
PHP 5.3.8 Multiple vulnerabilities cxib
BoltWire 3.4.16 Multiple XSS vulnerabilities sschurtz
ATutor 2.0.3 Multiple XSS vulnerabilities sschurtz
[SECURITY] [DSA 2388-1] t1lib security update Yves-Alexis Perez
[SECURITY] [DSA 2390-1] openssl security update Florian Weimer
[SECURITY] [DSA 2389-1] linux-2.6 security update dann frazier
[Announcement] ClubHack Mag Issue 24-Jan 2012 Released abhijeet
First-hop security in IPv6 Fernando Gont
Re: Multiple XSS in KnowledgeTree Community Edition Henri Salo
Family Connections 2.7.2 Multiple XSS tom
phpVideoPro Multiple XSS vulnerabilities sschurtz
Beehive Forum 101 Multiple XSS vulnerabilities sschurtz
(CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean Fernando Gont
[Announcement] ClubHack Mag - Call for Articles abhijeet
Re: Multiple XSS in KnowledgeTree Community Edition advisory
[ MDVSA-2012:005 ] libxml2 security
[ MDVSA-2012:006 ] openssl security
[ MDVSA-2012:007 ] openssl security

Tuesday, 17 January

Re: p0f3 release candidate Michal Zalewski
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure Mark Thomas
[SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service Mark Thomas
pwgen: non-uniform distribution of passwords Solar Designer
ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. Security_Alert

Wednesday, 18 January

Re: pwgen: non-uniform distribution of passwords Solar Designer
Reflection Scan: an Off-Path Attack on TCP Jan Wrobel
XSS in OneOrZero AIMS advisory
[ MDVSA-2012:008 ] perl security
[ MDVSA-2012:009 ] perl security
Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account Cisco Systems Product Security Incident Response Team
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS InterN0T Advisories
Xpra memory disclosure Antoine Martin

Thursday, 19 January

[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information security-alert
Microsoft Anti-XSS Library Bypass (MS12-007) adic
Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Stefan Esser

Friday, 20 January

Re: pwgen: non-uniform distribution of passwords Solar Designer
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability n0b0d13s
Webcalendar 1.2.4 'location' XSS tom
[Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities research () vulnerability-lab com
InfoSec Southwest 2012 Open Registration I\)ruid
DC4420 - London DEFCON - 24 January 2012 Major Malfunction
[ MDVSA-2012:010 ] cacti security
[ GLSA 201201-04 ] Logsurfer: Arbitrary code execution Sean Amoss

Monday, 23 January

ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2391-1] phpmyadmin security update Thijs Kinkhorst
AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload pavel
Re: pwgen: non-uniform distribution of passwords Solar Designer
[Suspected Spam] Bart`s CMS - SQL Injection Vulnerability research () vulnerability-lab com
DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass ddivulnalert
[SECURITY] [DSA 2301-2] rails regression Florian Weimer
[SECURITY] [DSA 2392-1] openssl security update Florian Weimer
SQL injection in Bigware shop software rwenzel
[ GLSA 201201-12 ] Tor: Multiple vulnerabilities Sean Amoss
Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability n0b0d13s
[ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities Sean Amoss

Tuesday, 24 January

[ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities Sean Amoss
NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Research () NGSSecure
Only 7 Days Left: SANS AppSec 2012 CFP SANS AppSec CFP

Wednesday, 25 January

TWSL2012-002: Multiple Vulnerabilities in WordPress Trustwave Advisories
[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert
[security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM Research () NGSSecure
NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation Research () NGSSecure
Multiple vulnerabilities in OSclass advisory
CSRF (Cross-Site Request Forgery) in DClassifieds advisory
D-Link DIR-601 TFTP Directory Traversal Vulnerability robkraus
[SECURITY] [DSA-2393-1] bip security update dann frazier
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability otr
ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability ZDI Disclosures

Thursday, 26 January

Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
ESA-2012-005: EMC NetWorker buffer overflow vulnerability Security_Alert
ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision Security_Alert

Friday, 27 January

[SECURITY] [DSA 2394-1] libxml2 security update Luciano Bello
[ GLSA 201201-15 ] ktsuss: Privilege escalation Sean Amoss
[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon Hafez Kamal
AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS Thomas Quinot

Monday, 30 January

[SECURITY] [DSA 2395-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 2396-1] qemu-kvm security update Moritz Muehlenhoff
[ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Alex Legler
[ GLSA 201201-17 ] Chromium: Multiple vulnerabilities Tim Sammut
eBank IT Online Banking - Multiple Web Vulnerabilities research () vulnerability-lab com
FAA US Academy (AFS) - Auth Bypass Vulnerability research () vulnerability-lab com
[SECURITY] [DSA 2397-1] icu security update Moritz Muehlenhoff
[ MDVSA-2012:011 ] openssl security
Mibew messenger multiple XSS Filippo Cavallarin
Multiple vulnerabilities in postfixadmin Filippo Cavallarin
Multiple vulnerabilities in OSClass Filippo Cavallarin
[ GLSA 201201-18 ] bip: Multiple vulnerabilities Alex Legler
[ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities Alex Legler
Advisory: sudo 1.8 Format String Vulnerability joernchen of Phenoelit

Tuesday, 31 January

ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2398-1] curl security update Moritz Muehlenhoff
[security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access security-alert
[security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert
VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security Team
[SECURITY] [DSA 2399-1] php5 security update Thijs Kinkhorst
[SECURITY] [DSA 2399-2] php5 regression fix Thijs Kinkhorst
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]