Home page logo
/

159 messages starting Mar 13 13 and ending Mar 18 13
Date index | Thread index | Author index

Adam Laurie

Announcing ChronIC - a wearable Sub-GHz RF hacking tool Adam Laurie (Mar 13)

advisory

OS Command Injection in CosCms advisory (Mar 06)
Multiple XSS vulnerabilities in Events Manager WordPress plugin advisory (Mar 06)
Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6 advisory (Mar 07)
Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6 advisory (Mar 07)
Path Traversal in AWS XMS advisory (Mar 27)
McAfee Virtual Technician ActiveX Control Insecure Method advisory (Mar 27)

alej andr0

WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS) alej andr0 (Mar 05)

Amos Jeffries

Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Amos Jeffries (Mar 11)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Amos Jeffries (Mar 11)

Apple Product Security

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Apple Product Security (Mar 05)
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 Apple Product Security (Mar 15)
APPLE-SA-2013-03-14-2 Safari 6.0.3 Apple Product Security (Mar 15)
APPLE-SA-2013-03-19-1 iOS 6.1.3 Apple Product Security (Mar 20)
APPLE-SA-2013-03-19-2 Apple TV 5.2.1 Apple Product Security (Mar 20)

asemailing

Workshop Proposal/Paper Submission Deadlines asemailing (Mar 28)

Asterisk Security Team

AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header Asterisk Security Team (Mar 28)
AST-2013-002: Denial of Service in HTTP server Asterisk Security Team (Mar 28)
AST-2013-003: Username disclosure in SIP channel driver Asterisk Security Team (Mar 28)

bhadresh . k . patel

SynConnect PMS SQL Injection Vulnerability bhadresh . k . patel (Mar 26)

b . saleh

Cisco Video Surveillance Operations Manager Multiple vulnerabilities b . saleh (Mar 13)

BugsNotHugs

Proofpoint Protection Server Session Persistence BugsNotHugs (Mar 04)

cfp2013 () recon cx

Recon 2013 Call For Papers - June 21-23, 2013 - Montreal, Quebec cfp2013 () recon cx (Mar 09)

Chris John Riley

Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 Chris John Riley (Mar 11)

chris . joughin

Re: SQLi found in Kodak Insite chris . joughin (Mar 14)

Cisco Systems Product Security Incident Response Team

Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue Cisco Systems Product Security Incident Response Team (Mar 18)
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Protocol Translation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)

come2waraxe

[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 come2waraxe (Mar 20)
[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 come2waraxe (Mar 22)

contact

Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 contact (Mar 12)

ddivulnalert

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion ddivulnalert (Mar 07)
DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal ddivulnalert (Mar 15)

Fernando Gont

Host tracking in IPv6 (SI6 Networks' IPv6 toolkit v1.3.3) Fernando Gont (Mar 11)

Florian Weimer

[SECURITY] [DSA 2653-1] icinga security update Florian Weimer (Mar 27)

Frédéric Basse

[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability Frédéric Basse (Mar 04)
Re: [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability Frédéric BASSE (Mar 13)

hip

WordPress podPress Plugin XSS in SWF hip (Mar 28)

info

AthCon 2013 Rev. Challenge 2013 info (Mar 11)
NOPcon 2013 - Call for paper - Istanbul , Turkey info (Mar 18)

Inshell Security

[IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting Inshell Security (Mar 05)
[IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation Inshell Security (Mar 20)

ISecAuditors Security Advisories

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics ISecAuditors Security Advisories (Mar 11)

Jeffrey Walton

Re: Report OWASP WAF Naxsi bypass Vulnerability Jeffrey Walton (Mar 27)

Just Bugs

Verax NMS Authenication Bypass (CVE-2013-1350) Just Bugs (Mar 06)
Verax NMS Password Replay Attack (CVE-2013-1351) Just Bugs (Mar 06)
Verax NMS Hardcoded Private Key (CVE-2013-1352) Just Bugs (Mar 06)
Verax NMS Password Disclosure (CVE-2013-1631) Just Bugs (Mar 06)

king cope

Re: Kingcopes AthCon 2012 Slides & Notes --> Video online king cope (Mar 06)

Kotas, Kevin J

CA20130319-01: Security Notice for SiteMinder products using SAML Kotas, Kevin J (Mar 20)

Kurt Seifried

Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried (Mar 07)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried (Mar 13)

larry0

Remote command execution for Ruby Gem ftpd-0.2.1 larry0 (Mar 04)
Re: rpi-update tmpfile vulnerability larry0 (Mar 06)
Re: Oracle Auto Service Request /tmp file clobbering vulnerability larry0 (Mar 07)
OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability larry0 (Mar 11)
Curl Ruby Gem Remote command execution Larry0 (Mar 15)
MiniMagic ruby gem remote code execution Larry0 (Mar 15)
Remote command execution in fastreader ruby gem larry0 (Mar 18)
Remote command execution in Ruby Gem Command Wrap Larry0 (Mar 19)

Major Malfunction

DC4420 - London DEFCON - March meet - Tuesday 26th March 2013 Major Malfunction (Mar 22)

Marc Heuse

Remote system freeze thanks to Kaspersky Internet Security 2013 Marc Heuse (Mar 04)

Mark Thomas

[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples Mark Thomas (Mar 06)

Martin Braun

Open-Xchange Security Advisory 2013-03-13 Martin Braun (Mar 13)

Matt Franklin

[CVE-2013-1814] Apache Rave exposes User over API Matt Franklin (Mar 13)

Michael Gilbert

[SECURITY] [DSA 2642-1] sudo security update Michael Gilbert (Mar 09)
[SECURITY] [DSA 2652-1] libxml2 security update Michael Gilbert (Mar 26)

Moritz Muehlenhoff

[SECURITY] [DSA 2636-1] xen security update Moritz Muehlenhoff (Mar 04)
[SECURITY] [DSA 2636-2] xen regression update Moritz Muehlenhoff (Mar 04)
[SECURITY] [DSA 2638-1] openafs security update Moritz Muehlenhoff (Mar 05)
[SECURITY] [DSA 2644-1] wireshark security update Moritz Muehlenhoff (Mar 14)
[SECURITY] [DSA 2647-1] firebird2.1 security update Moritz Muehlenhoff (Mar 15)
[SECURITY] [DSA 2648-1] firebird2.5 security update Moritz Muehlenhoff (Mar 15)
[SECURITY] [DSA 2655-1] rails security update Moritz Muehlenhoff (Mar 28)

nauty . me04

Stored XSS in Terillion Reviews Wordpress Plugin nauty . me04 (Mar 09)

NCC Group Research

NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow NCC Group Research (Mar 18)

Nicolas Grégoire

Results of a XSLT fuzzing effort Nicolas Grégoire (Mar 11)

noreply

[PT-2013-17] Arbitrary Files Reading in mnoGoSearch noreply (Mar 05)

Oliver-Tobias Ripka

Skype Click to Call Update Service local privilege escalation Oliver-Tobias Ripka (Mar 15)

safe3q

Report OWASP WAF Naxsi bypass Vulnerability safe3q (Mar 26)

Salvatore Bonaccorso

[SECURITY] [DSA 2635-1] cfingerd security update Salvatore Bonaccorso (Mar 01)
[SECURITY] [DSA 2641-1] perl security update Salvatore Bonaccorso (Mar 09)
[SECURITY] [DSA 2640-1] zoneminder security update Salvatore Bonaccorso (Mar 14)
[SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1 Salvatore Bonaccorso (Mar 21)
[SECURITY] [DSA 2651-1] smokeping security update Salvatore Bonaccorso (Mar 21)

SEC Consult Vulnerability Lab

SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1) SEC Consult Vulnerability Lab (Mar 08)
SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2) SEC Consult Vulnerability Lab (Mar 08)
SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum SEC Consult Vulnerability Lab (Mar 11)
SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow SEC Consult Vulnerability Lab (Mar 13)

security

[ MDVSA-2013:017 ] libxml2 security (Mar 06)
[ MDVSA-2013:018 ] openssl security (Mar 06)
[ MDVSA-2013:019 ] gnutls security (Mar 07)
[ MDVSA-2013:020 ] wireshark security (Mar 08)
[ MDVSA-2013:021 ] java-1.6.0-openjdk security (Mar 08)
[ MDVSA-2013:022 ] openssh security (Mar 13)
[ MDVSA-2013:023 ] coreutils security (Mar 13)
[ MDVSA-2013:024 ] firefox security (Mar 13)
[ MDVSA-2013:025 ] pidgin security (Mar 14)
n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection security (Mar 15)
n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection security (Mar 15)
n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability security (Mar 15)
n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access security (Mar 15)
[ MDVSA-2013:026 ] sudo security (Mar 18)
[ MDVSA-2013:027 ] clamav security (Mar 18)
[ MDVSA-2013:028 ] nagios security (Mar 18)

Security Alert

ESA-2013-012: RSA® Authentication Agent 7.1.1 for Micros oft Windows® Access Control Vulnerability Security Alert (Mar 01)
ESA-2013-016: EMC Smarts Network Configuration Manager Security Alert (Mar 26)
ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability Security Alert (Mar 27)

security-alert

[security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS) security-alert (Mar 07)
[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data security-alert (Mar 07)
[security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of Information security-alert (Mar 07)
[security bulletin] HPSBUX02856 SSRT101104 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure security-alert (Mar 22)
[security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF) security-alert (Mar 26)
[security bulletin] HPSBOV02852 SSRT101108 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert (Mar 26)
[security bulletin] HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Mar 27)
[security bulletin] HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information security-alert (Mar 27)

Security Explorations

[SE-2012-01] One more attack affecting Oracle's Java SE 7u15 Security Explorations (Mar 04)
[SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54) Security Explorations (Mar 18)
[SE-2011-01] PoC code for digital SAT TV research released Security Explorations (Mar 22)

Slackware Security Team

[slackware-security] httpd (SSA:2013-062-01) Slackware Security Team (Mar 04)
[slackware-security] sudo (SSA:2013-065-01) Slackware Security Team (Mar 07)
[slackware-security] mozilla-thunderbird (SSA:2013-068-02) Slackware Security Team (Mar 09)
[slackware-security] mozilla-firefox (SSA:2013-068-01) Slackware Security Team (Mar 09)
[slackware-security] perl (SSA:2013-072-01) Slackware Security Team (Mar 14)
[slackware-security] seamonkey (SSA:2013-072-02) Slackware Security Team (Mar 14)
[slackware-security] ruby (SSA:2013-075-01) Slackware Security Team (Mar 18)
[slackware-security] php (SSA:2013-081-01) Slackware Security Team (Mar 25)
[slackware-security] dhcp (SSA:2013-086-02) Slackware Security Team (Mar 27)
[slackware-security] bind (SSA:2013-086-01) Slackware Security Team (Mar 27)

Stefan Fritsch

[SECURITY] [DSA 2637-1] apache2 security update Stefan Fritsch (Mar 05)

stephan . rickauer

CVE-2013-1413 stephan . rickauer (Mar 04)

Technion

rpi-update tmpfile vulnerability Technion (Mar 04)

Thijs Kinkhorst

[SECURITY] [DSA 2639-1] php5 security update Thijs Kinkhorst (Mar 06)

Thomas D.

Re: VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) Thomas D. (Mar 20)

tytusromekiatomek

Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header tytusromekiatomek (Mar 06)
Samsung TV DoS (possible overflow) via SOAPACTION tytusromekiatomek (Mar 06)
Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header tytusromekiatomek (Mar 06)
Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc tytusromekiatomek (Mar 06)
SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2 tytusromekiatomek (Mar 06)
Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header tytusromekiatomek (Mar 06)
Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption. tytusromekiatomek (Mar 06)
Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header tytusromekiatomek (Mar 06)
Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND tytusromekiatomek (Mar 06)

Vulnerability Lab

TagScanner v5.1 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Mar 13)

Vulnerability Mailbox

RE: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053) Vulnerability Mailbox (Mar 05)

VUPEN Security Research

VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) VUPEN Security Research (Mar 19)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) VUPEN Security Research (Mar 19)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) VUPEN Security Research (Mar 19)

Yves-Alexis Perez

[SECURITY] [DSA 2643-1] puppet security update Yves-Alexis Perez (Mar 13)
[SECURITY] [DSA 2645-1] inetutils security update Yves-Alexis Perez (Mar 15)
[SECURITY] [DSA 2646-1] typo3-src security update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2649-1] lighttpd security update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2650-1] libvirt-bin security update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2650-2] libvirt regression update Yves-Alexis Perez (Mar 18)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]