Home page logo
/

173 messages starting Mar 16 12 and ending Mar 05 12
Date index | Thread index | Author index

abhijeet

[Announcement] ClubHack Mag - Call for Articles abhijeet (Mar 16)

admin () v-lab

11in1 CMS v1.2.1 - SQL Injection Vulnerabilities admin () v-lab (Mar 06)

advisory

Multiple XSS in Fork CMS advisory (Mar 07)
Multiple vulnerabilities in Open Journal Systems (OJS) advisory (Mar 21)

ali . raheem

Multiple SQL injections in rivettracker <=1.03 ali . raheem (Mar 07)

Apple Product Security

APPLE-SA-2012-03-07-1 iTunes 10.6 Apple Product Security (Mar 08)
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update Apple Product Security (Mar 08)
APPLE-SA-2012-03-07-3 Apple TV 5.0 Apple Product Security (Mar 08)
APPLE-SA-2012-03-12-1 Safari 5.1.4 Apple Product Security (Mar 12)

Asterisk Security Team

AST-2012-002: Remote Crash Vulnerability in Milliwatt Application Asterisk Security Team (Mar 16)
AST-2012-003: Stack Buffer Overflow in HTTP Manager Asterisk Security Team (Mar 16)

B Potter

Announcing Hackademic CFP B Potter (Mar 13)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco Systems Product Security Incident Response Team (Mar 14)
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 14)
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Mar 14)
Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)

come2waraxe

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0 come2waraxe (Mar 27)
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 come2waraxe (Mar 29)

cxib

PHP 5.4/5.3 deprecated eregi() memory_limit bypass cxib (Mar 30)

CXySuYg5DuKktzX

Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug" CXySuYg5DuKktzX (Mar 19)

dann frazier

[SECURITY] [DSA 2443-1] linux-2.6 security update dann frazier (Mar 27)

david . kurz

[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability david . kurz (Mar 20)

demonalex

Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability demonalex (Mar 05)
at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability demonalex (Mar 19)
Matthew1471s ASP BlogX - XSS Vulnerabilities demonalex (Mar 27)

Dmitry Yu. Bolkhovityanov

Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Dmitry Yu. Bolkhovityanov (Mar 09)

ds . adv . pub

Intuit Help System Protocol URL Heap Corruption and Memory Leak ds . adv . pub (Mar 30)
Intuit Help System Protocol File Retrieval ds . adv . pub (Mar 30)
VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation ds . adv . pub (Mar 30)

Fernando Gont

Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D) Fernando Gont (Mar 05)

Filippo Cavallarin

OSClass directory traversal (leads to arbitrary file upload) Filippo Cavallarin (Mar 07)

Florian Weimer

[SECURITY] [DSA 2423-1] movabletype-opensource security update Florian Weimer (Mar 05)
[SECURITY] [DSA 2424-1] libxml-atom-perl security update Florian Weimer (Mar 05)
[SECURITY] [DSA 2425-1] plib security update Florian Weimer (Mar 05)
[SECURITY] [DSA 2426-1] gimp security update Florian Weimer (Mar 07)
[SECURITY] [DSA 2427-1] imagemagick security update Florian Weimer (Mar 07)
[SECURITY] [DSA 2429-1] mysql-5.1 security update Florian Weimer (Mar 08)
[SECURITY] [DSA 2440-1] libtasn1-3 security update Florian Weimer (Mar 27)
[SECURITY] [DSA 2441-1] gnutls26 security update Florian Weimer (Mar 27)
[SECURITY] [DSA 2442-1] openarena security update Florian Weimer (Mar 27)
[SECURITY] [DSA 2444-1] tryton-server security update Florian Weimer (Mar 29)

gabor . berczi

Prado TJavaScript::encode() script injection vulnerability gabor . berczi (Mar 23)

Gabriele Giacone

[SECURITY] [DSA 2435-1] gnash security update Gabriele Giacone (Mar 20)

Henri Salo

Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS Henri Salo (Mar 09)
Re: Ariadne 2.7.6 Multiple XSS vulnerabilities Henri Salo (Mar 12)
Re: WikyBlog 1.7.3RC2 XSS vulnerability Henri Salo (Mar 19)

Irene Abezgauz

Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter) Irene Abezgauz (Mar 21)

Ivan Buetler

Struts2 Security Challenge Ivan Buetler (Mar 14)

Jan Schejbal

Android wipe unreliable Jan Schejbal (Mar 19)

Jim Harrison

RE: Regarding MS12-020 Jim Harrison (Mar 21)

Joao Paulo Caldas Campello

[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface Joao Paulo Caldas Campello (Mar 06)
[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection Joao Paulo Caldas Campello (Mar 06)

Joe Arnold

RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Joe Arnold (Mar 19)

Kotas, Kevin J

CA20120320-01: Security Notice for CA ARCserve Backup Kotas, Kevin J (Mar 22)

Kurt Seifried

Re: [oss-security] Case YVS Image Gallery Kurt Seifried (Mar 19)

larry0

Oracle Exadata Infiniband Switch default logins and world readable shadow file larry0 (Mar 14)

Leif Hedstrom

[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 Leif Hedstrom (Mar 23)

Lists

Symfony2 Local File Disclosure - Security Advisory - SOS-12-002 Lists (Mar 05)
Iciniti Store SQL Injection - Security Advisory - SOS-12-003 Lists (Mar 08)
Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004 Lists (Mar 12)

Luciano Bello

[SECURITY] [DSA 2434-1] nginx security update Luciano Bello (Mar 20)

Mark Krenz

gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Mark Krenz (Mar 08)

Mark Stanislav

'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) Mark Stanislav (Mar 23)
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) Mark Stanislav (Mar 23)

Markus Vervier

LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption Markus Vervier (Mar 09)

Martin Grigorov

[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter Martin Grigorov (Mar 23)
[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability Martin Grigorov (Mar 23)

Michal Bucko

Eleytt Research ER-03-2012 Michal Bucko (Mar 08)

Moritz Muehlenhoff

[SECURITY] [DSA 2428-1] freetype security update Moritz Muehlenhoff (Mar 08)
[SECURITY] [DSA 2430-1] python-pam security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2431-1] libdbd-pg-perl security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2433-1] iceweasel security update Moritz Muehlenhoff (Mar 16)
[SECURITY] [DSA 2437-1] icedove security update Moritz Muehlenhoff (Mar 21)
[SECURITY] [DSA 2438-1] raptor security update Moritz Muehlenhoff (Mar 23)
[SECURITY] [DSA 2439-1] libpng security update Moritz Muehlenhoff (Mar 23)

moshez

PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability moshez (Mar 13)

Narendra Shinde

Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417] Narendra Shinde (Mar 13)

Netsparker Advisories

Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Netsparker Advisories (Mar 29)

nospam

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability nospam (Mar 19)
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability nospam (Mar 19)
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability nospam (Mar 22)
TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow nospam (Mar 28)
Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution nospam (Mar 28)
D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability nospam (Mar 28)
Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability nospam (Mar 28)

otr

PcwRunAs Password Obfuscation Design Flaw otr (Mar 27)

OWASP AppSec EU

OWASP AppSec Research EU CFP/CFT OWASP AppSec EU (Mar 29)

Patrick Webster

OSI Security: CheckPoint Firewall VPN - Information Disclosure Patrick Webster (Mar 12)

Research

Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Research (Mar 30)

Research () NGSSecure

NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens Research () NGSSecure (Mar 29)
NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts Research () NGSSecure (Mar 29)
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators Research () NGSSecure (Mar 29)
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI Research () NGSSecure (Mar 29)
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked Research () NGSSecure (Mar 29)
NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user Research () NGSSecure (Mar 29)

research () vulnerability-lab com

[Suspected Spam] FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability research () vulnerability-lab com (Mar 02)
[Suspected Spam] Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities research () vulnerability-lab com (Mar 02)
[Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability research () vulnerability-lab com (Mar 08)
[Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities research () vulnerability-lab com (Mar 08)
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities research () vulnerability-lab com (Mar 08)
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities research () vulnerability-lab com (Mar 08)
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability research () vulnerability-lab com (Mar 08)

RGill

Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass RGill (Mar 19)

Saurabh Harit

Cyberoam Unified Threat Management: Insecure Password Handling Saurabh Harit (Mar 21)
Cyberoam Unified Threat Management: OS Command Execution Saurabh Harit (Mar 21)

SEC Consult Vulnerability Lab

SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom SEC Consult Vulnerability Lab (Mar 19)

security

[ MDVSA-2012:028 ] libxslt security (Mar 01)
[ MDVSA-2012:029 ] pidgin security (Mar 16)
[ MDVSA-2012:030 ] systemd security (Mar 16)
[ MDVSA-2012:031 ] firefox security (Mar 19)
[ MDVSA-2012:032 ] mozilla security (Mar 20)
Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 Security (Mar 21)
[ MDVSA-2012:033 ] libpng security (Mar 21)
[ MDVSA-2012:034 ] libzip security (Mar 23)
[ MDVSA-2012:035 ] file security (Mar 23)
[ MDVSA-2012:036 ] libsoup security (Mar 23)
[ MDVSA-2012:037 ] cyrus-imapd security (Mar 23)
[ MDVSA-2012:038 ] openssl security (Mar 27)
[ MDVSA-2012:039 ] libtasn1 security (Mar 27)
[ MDVSA-2012:040 ] gnutls security (Mar 27)
[ MDVSA-2012:041 ] expat security (Mar 27)
[ MDVSA-2012:042 ] wireshark security (Mar 28)
[ MDVSA-2012:043 ] nginx security (Mar 29)
[ MDVSA-2012:044 ] cvs security (Mar 29)
[ MDVSA-2012:045 ] gnutls security (Mar 30)

Security_Alert

ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability Security_Alert (Mar 06)
ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities Security_Alert (Mar 13)
ESA-2012-014: RSA enVision Multiple Vulnerabilities Security_Alert (Mar 19)

security-alert

[security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert (Mar 07)
[security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Mar 07)
[security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code security-alert (Mar 13)
[security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Mar 19)
[security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Mar 20)
[security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS) security-alert (Mar 28)
[security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) security-alert (Mar 28)
[security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Mar 28)
[security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data security-alert (Mar 28)
[security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Mar 28)

security-bulletin

nginx fix for malformed HTTP responses from upstream servers security-bulletin (Mar 15)

Security Mailing List

Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List (Mar 12)
Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List (Mar 15)

simon . ganiere

Synology Photo Station 5 - Reflected Cross-Site Scripting simon . ganiere (Mar 12)

Simon McVittie

Traffic amplification via Quake 3-based servers Simon McVittie (Mar 27)

Solar Designer

Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 27)

sschurtz

Wikidforum 2.10 Multiple security vulnerabilities sschurtz (Mar 12)
WikyBlog 1.7.3RC2 XSS vulnerability sschurtz (Mar 15)
CMSimple_XH 1.5.2 Cross-site Scripting vulnerability sschurtz (Mar 21)

Stefan Kanthak

%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process) Stefan Kanthak (Mar 05)

Steffen Dettmer

SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer (Mar 27)

sumanj

Evasion attacks expoliting file-parsing vulnerabilities in antivirus products sumanj (Mar 19)

Thijs Kinkhorst

[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update Thijs Kinkhorst (Mar 19)

Thomas Richards

Timesheet Next Gen 1.5.2 Multiple SQLi Thomas Richards (Mar 05)

Thor \(Hammer of God\)

Regarding MS12-020 Thor \(Hammer of God\) (Mar 20)
RE: Regarding MS12-020 Thor \(Hammer of God\) (Mar 21)

Timo Warns

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 27)

vince

Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) vince (Mar 19)

VMware Security Team

VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Team (Mar 09)
VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE VMware Security Team (Mar 09)
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting VMware Security Team (Mar 16)
VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues VMware Security Team (Mar 19)

voidloafer

struts2 xsltResult Local code execution vulnerability voidloafer (Mar 23)

VSR Advisories

CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories (Mar 27)

vulns

SAP Business Objects XI R2 Infoview Multiple XSS vulns (Mar 08)

VUPEN Security Research

VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768) VUPEN Security Research (Mar 19)

xcon

XCon 2012 XFocus Information Security Conference Call for Paper xcon (Mar 07)

YGN Ethical Hacker Group

Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group (Mar 05)
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Mar 05)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]