Home page logo
/

157 messages starting Feb 28 13 and ending Feb 27 13
Date index | Thread index | Author index

AA

PHEARCON Call For Papers AA (Feb 28)

Adam Laurie

Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack Adam Laurie (Feb 11)
Re: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack Adam Laurie (Feb 12)
Sniffing HDCP crypto keys with a $30 Bus Pirate and a broken HDMI cable Adam Laurie (Feb 18)

advisory

SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin advisory (Feb 06)
Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin advisory (Feb 06)
Multiple Cross-Site Scripting (XSS) in glFusion advisory (Feb 20)
Multiple Vulnerabilities in Piwigo advisory (Feb 28)
Cross-Site Scripting (XSS) in Geeklog advisory (Feb 28)

aeon . s . flux

I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution aeon . s . flux (Feb 11)

Andrzej Targosz

CONFidence 2013 - Call for Papers - 28-29.05.2013 Krakow, Poland Andrzej Targosz (Feb 26)

Apple Product Security

APPLE-SA-2013-02-01-1 Java for Mac OS X v10.6 Update 12 Apple Product Security (Feb 04)
APPLE-SA-2013-02-04-1 OS X Server v2.2.1 Apple Product Security (Feb 05)
APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 Apple Product Security (Feb 20)

Ariel Berkman

Paper - Hiding Data in Hard-drive Service Areas Ariel Berkman (Feb 21)

brad . wyro

Re: Alt-N MDaemon Email Body HTML/JS Injection Vulnerability brad . wyro (Feb 21)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability Cisco Systems Product Security Incident Response Team (Feb 06)
Cisco Security Advisory: Cisco Unified Presence Server Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Feb 28)
Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability Cisco Systems Product Security Incident Response Team (Feb 28)
Cisco Security Advisory: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (Feb 28)

Collin Mulliner

DIMVA 2013 - Extended deadline for paper submission: February 17, 2013! Collin Mulliner (Feb 08)

come2waraxe

[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 come2waraxe (Feb 28)

CORE Security Technologies Advisories

CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities CORE Security Technologies Advisories (Feb 18)

dann frazier

[SECURITY] [DSA 2632-1] linux-2.6 security update dann frazier (Feb 26)

DefenseCode

DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up DefenseCode (Feb 06)

demetris papapetrou

Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability demetris papapetrou (Feb 20)
Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability demetris papapetrou (Feb 20)
Alt-N MDaemon's WorldClient Username Enumeration Vulnerability demetris papapetrou (Feb 20)
Alt-N MDaemon Email Body HTML/JS Injection Vulnerability demetris papapetrou (Feb 20)
Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability demetris papapetrou (Feb 20)
Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability demetris papapetrou (Feb 20)

devnull

Multiple Vulnerabilities in D'Link DIR-600 and DIR-300 (rev B) devnull (Feb 04)
Multiple Vulnerabilities in Linksys E1500/E2500 devnull (Feb 05)
Multiple Vulnerabilities in Linksys WRT160Nv2 devnull (Feb 11)
Multiple Vulnerabilities in Linksys WAG200G devnull (Feb 11)
Multiple Vulnerabilities in OpenPLI devnull (Feb 13)
Multiple Vulnerabilities in TP-Link TL-WA701N / TL-WA701ND devnull (Feb 14)
Multiple Vulnerabilities in Edimax EW-7206-APg and EW-7209APg devnull (Feb 14)
Multiple Vulnerabilities in Netgear DGN2200B devnull (Feb 18)

Diening, Holm

Simple password obfuscation in Enterprise Architect Diening, Holm (Feb 13)

doylej . ia

CVE-2012-6451 Authentication Bypass in LOREX IP Cameras doylej . ia (Feb 05)

Egidio Romano

[KIS-2013-02] CubeCart <= 5.2.0 (cu becart.class.php) PHP Object Injection Vulnerabil ity Egidio Romano (Feb 06)
[KIS-2013-03] Joomla! <= 3.0.2 (hig hlight.php) PHP Object Injection Vulnerability Egidio Romano (Feb 28)

Fernando Gont

SI6 Networks IPv6 Toolkit v1.3 released! Fernando Gont (Feb 18)
Scanning the IPv6 Internet with the scan6 tool (SI6 IPv6 toolkit) Fernando Gont (Feb 18)

Florian Weimer

[SECURITY] [DSA 2620-1] rails security update Florian Weimer (Feb 13)
[SECURITY] [DSA 2623-1] openconnect security update Florian Weimer (Feb 14)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-13:01.bind FreeBSD Security Advisories (Feb 19)
FreeBSD Security Advisory FreeBSD-SA-13:02.libc FreeBSD Security Advisories (Feb 19)

George Clark

Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro. George Clark (Feb 19)

Hafez Kamal

[HITB-Announce] #HITB2013AMS FINAL CALL for Paper Submissions Hafez Kamal (Feb 04)

hip

[CVE-2013-1463]Wordpress wp-table-reloaded&#8207; plugin XSS in SWF hip (Feb 06)
[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF&#8207;&#8207; hip (Feb 07)
[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF&#8207; hip (Feb 20)

Inshell Security

[IA46] Photodex ProShow Producer v5.0.3297 ColorPickerProc() Memory Corruption Inshell Security (Feb 14)
[IA47] Photodex ProShow Producer v5.0.3297 PXT File title Value Handling Buffer Overflow Inshell Security (Feb 18)
[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability Inshell Security (Feb 26)

Jarle Aase

Denial of Service vulnerability in War FTP Daemon 1.82 Jarle Aase (Feb 26)

Jonathan Brossard

NoSuchCon CFP 2.0 / 15-17 May 2013 / Paris, France Jonathan Brossard (Feb 25)

Jonathan Wiltshire

[SECURITY] [DSA 2616-1] nagios3 security update Jonathan Wiltshire (Feb 04)

Kotas, Kevin J

CA20130213-01: Security Notice for CA ControlMinder Kotas, Kevin J (Feb 14)

Krzysztof Katowicz-Kowalewski

PHP-Fusion 7.02.05 SQL Injection Krzysztof Katowicz-Kowalewski (Feb 18)

Kurt Seifried

CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement Kurt Seifried (Feb 22)

larry0

Oracle Automated Service Manager 1.3 & Auto Service Request 4.3 local root during install larry0 (Feb 04)
Fileutils ruby gem possible remote command execution and insecure file handling in /tmp larry0 (Feb 28)

Luciano Bello

[SECURITY] [DSA 2617-1] samba security update Luciano Bello (Feb 04)
[SECURITY] [DSA 2618-1] ircd-hybrid security update Luciano Bello (Feb 08)

Major Malfunction

DC4420 - London DEFCON Tuesday 26th Feb 2013 Major Malfunction (Feb 25)

Marc Heuse

Re: Scanning the IPv6 Internet with the scan6 tool (SI6 IPv6 toolkit) Marc Heuse (Feb 18)

max

FreeBSD 9.1 ftpd Remote Denial of Service max (Feb 04)

Michael Gilbert

[SECURITY] [DSA 2629-1] openjpeg security update Michael Gilbert (Feb 25)

Michał Błaszczak

Directory Traversal - EasyITSP <= 2.0.7 Michał Błaszczak (Feb 04)

Moritz Muehlenhoff

[SECURITY] [DSA 2619-1] xen-qemu-dm-4.0 security update Moritz Muehlenhoff (Feb 11)
[SECURITY] [DSA 2612-2] ircd-ratbox update Moritz Muehlenhoff (Feb 11)
[SECURITY] [DSA 2624-1] ffmpeg security update Moritz Muehlenhoff (Feb 18)
[SECURITY] [DSA 2625-1] wireshark security update Moritz Muehlenhoff (Feb 18)
[SECURITY] [DSA 2628-1] nss-pam-ldapd security update Moritz Muehlenhoff (Feb 18)
[SECURITY] [DSA 2630-1] postgresql-8.4 security update Moritz Muehlenhoff (Feb 20)

nauty . me04

Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability nauty . me04 (Feb 18)
Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability nauty . me04 (Feb 18)

NCC Group Research

NGS00336 Patch Notification: Symantec Network Access Control Privilege Escalation NCC Group Research (Feb 04)
NGS00315 Patch Notification: Symantec Enterprise Security Management Agent Privilege Escalation NCC Group Research (Feb 04)

Nico Golde

[SECURITY] [DSA 2634-1] python-django security update Nico Golde (Feb 27)

noreply

[PT-2012-53] Privilege Gaining in DataLife Engine noreply (Feb 05)
Re: Aastra IP Telephone encrypted .tuz configuration file leakage noreply (Feb 14)

Oliver Goebel

[IMF 2013] Call for Participation Oliver Goebel (Feb 04)

Olivier Lamy

Fwd: [SECURITY] CVE-2013-0253 Apache Maven 3.0.4 Olivier Lamy (Feb 26)

Onapsis Research Labs

[Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2013-002] SAP SDM Denial of Service Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2013-006] SAP SMD Agent Code Injection Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection Onapsis Research Labs (Feb 25)

otr

Empirum Password Obfuscation Design Flaw otr (Feb 15)

paul . szabo

Mathematica9.0.1 on Linux /tmp/MathLink vulnerability paul . szabo (Feb 08)

research

[MajorSecurity-SA-2013-014] Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing research (Feb 05)

robert

SQLi found in Kodak Insite robert (Feb 19)

roberto

Unauthenticated remote access to D-Link DIR-645 devices roberto (Feb 28)

Rudolph Pereira

OSEC-2013-01: nagios metacharacter filtering omission Rudolph Pereira (Feb 22)

Salvatore Bonaccorso

[SECURITY] [DSA 2631-1] squid3 security update Salvatore Bonaccorso (Feb 25)

scott . behrens

Stored Cross-site Scripting ('XSS') in Airvana HubBub C1-600-RT Femtocell scott . behrens (Feb 28)

security

[ MDVSA-2013:006 ] freetype2 security (Feb 04)
[ MDVSA-2013:007 ] mysql security (Feb 05)
[ MDVSA-2013:008 ] mysql security (Feb 06)
[ MDVSA-2013:009 ] libssh security (Feb 11)
[ MDVSA-2013:010 ] java-1.6.0-openjdk security (Feb 11)
[ MDVSA-2013:011 ] samba security (Feb 13)
[ MDVSA-2013:012 ] postgresql security (Feb 15)
[ MDVSA-2013:013 ] squid security (Feb 20)
[ MDVSA-2013:014 ] java-1.6.0-openjdk security (Feb 25)
[ MDVSA-2013:015 ] apache security (Feb 26)
[ MDVSA-2013:016 ] php security (Feb 28)

Security Alert

ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities Security Alert (Feb 04)

security-alert

[security bulletin] HPSBMU02842 SSRT100909 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert (Feb 04)
[security bulletin] HPSBST02846 SSRT100798 rev.1 - HP LeftHand Virtual SAN Appliance hydra, Remote Execution of Arbitrary Code security-alert (Feb 05)
[security bulletin] HPSBMU02815 SSRT100715 rev.5 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution security-alert (Feb 14)
[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS) security-alert (Feb 21)

Security Explorations

[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU Security Explorations (Feb 04)
Re: [SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU Security Explorations (Feb 05)
[SE-2012-01] New security issues affecting Oracle's Java SE 7u15 Security Explorations (Feb 25)

Shatter

TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751) Shatter (Feb 21)
TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137) Shatter (Feb 21)
TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352) Shatter (Feb 22)
TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220) Shatter (Feb 22)
TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354) Shatter (Feb 22)
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372) Shatter (Feb 22)
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374) Shatter (Feb 22)
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-2013-0353) Shatter (Feb 22)
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373) Shatter (Feb 22)
TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219) Shatter (Feb 22)
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358) Shatter (Feb 22)
TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355) Shatter (Feb 22)

Slackware Security Team

[slackware-security] curl (SSA:2013-038-01) Slackware Security Team (Feb 08)
[slackware-security] openssl (SSA:2013-042-01) Slackware Security Team (Feb 12)
[slackware-security] pidgin (SSA:2013-044-01) Slackware Security Team (Feb 14)
[slackware-security] mozilla-firefox (SSA:2013-050-01) Slackware Security Team (Feb 20)
[slackware-security] mozilla-thunderbird (SSA:2013-050-02) Slackware Security Team (Feb 20)
[slackware-security] seamonkey (SSA:2013-056-01) Slackware Security Team (Feb 26)

Thijs Kinkhorst

[SECURITY] [DSA 2622-1] polarssl security update Thijs Kinkhorst (Feb 13)
[SECURITY] [DSA 2621-1] openssl security update Thijs Kinkhorst (Feb 13)
[SECURITY] [DSA 2626-1] lighttpd security update Thijs Kinkhorst (Feb 18)
[SECURITY] [DSA 2627-1] nginx security update Thijs Kinkhorst (Feb 18)

Timo Juhani Lindfors

Re: Aastra IP Telephone encrypted .tuz configuration file leakage Timo Juhani Lindfors (Feb 18)

Tod Beardsley

Re: CFP: InfoSec Southwest 2013 Tod Beardsley (Feb 15)

ukpentestinfo

Samsung Galaxy S3 partial screen-lock bypass ukpentestinfo (Feb 22)

ullner

DC++ 0.802 and below incorrectly registers URI schemes in Windows ullner (Feb 04)

Vulnerability Lab

Free Monthly Websites v2.0 - Multiple Web Vulnerabilities Vulnerability Lab (Feb 04)
0day full - Free Monthly Websites v2.0 - Multiple Web Vulnerabilities Vulnerability Lab (Feb 05)
Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities Vulnerability Lab (Feb 14)
Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Vulnerability Lab (Feb 14)
Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Vulnerability Lab (Feb 21)
MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities Vulnerability Lab (Feb 21)
Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Vulnerability Lab (Feb 25)

VUPEN Security Research

VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability VUPEN Security Research (Feb 25)

Yves-Alexis Perez

[SECURITY] [DSA 2614-1] libupnp security update Yves-Alexis Perez (Feb 04)
[SECURITY] [DSA 2615-1] libupnp4 security update Yves-Alexis Perez (Feb 04)
[SECURITY] [DSA 2633-1] fusionforge security update Yves-Alexis Perez (Feb 27)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault