Home page logo
/

393 messages starting Aug 14 12 and ending Aug 29 12
Date index | Thread index | Author index

Abhijeet Patil

[Announcement] ClubHack Magazine's Aug 2012 Issue Released Abhijeet Patil (Aug 14)

Adam Caudill

Re: sandboxed browsing Adam Caudill (Aug 01)
NeoInvoice Blind SQL Injection (CVE-2012-3477) Adam Caudill (Aug 13)

Alexander Pruss

Re: The Android Superuser App Alexander Pruss (Aug 15)
debugfs exploit for a number of Android devices Alexander Pruss (Aug 15)
Re: debugfs exploit for a number of Android devices Alexander Pruss (Aug 15)
vulnerabilities in Samsung Epic 4G Touch with 2.3.6, and probably other Samsungs Alexander Pruss (Aug 16)
Re: vulnerabilities in Samsung Epic 4G Touch with 2.3.6, and probably other Samsungs Alexander Pruss (Aug 20)

Andreas

Re: sandboxed browsing Andreas (Aug 01)

Anestis Bechtsoudis

Re: SNMP Reflected Denial Of Service - PoC Anestis Bechtsoudis (Aug 31)

Asterisk Security Team

AST-2012-012: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team (Aug 30)
AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users Asterisk Security Team (Aug 30)

Benji

Re: Hacker Highschool v2 Benji (Aug 09)
Re: WTB: CIK and Fortezza card Benji (Aug 13)
Re: The Android Superuser App Benji (Aug 13)
Re: ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability Benji (Aug 22)
Re: Printer in the DMZ Benji (Aug 27)

Ben Laurie

Re: DakaRand Ben Laurie (Aug 19)
Re: DakaRand Ben Laurie (Aug 19)
Re: DakaRand Ben Laurie (Aug 20)
Re: DakaRand Ben Laurie (Aug 20)

bk

Re: sandboxed browsing bk (Aug 01)

Bogdan Calin

htaccess files should not be used for security restrictions Bogdan Calin (Aug 08)

Carlo Di Dato

Re: AxMan ActiveX fuzzing <== Memor y Corruption PoC Carlo Di Dato (Aug 01)

Carlos A. Lozano

CFP BugCON 2013 @ Ciudad de M éxico Carlos A. Lozano (Aug 05)

Christian Sciberras

Re: sandboxed browsing Christian Sciberras (Aug 01)
Re: sandboxed browsing Christian Sciberras (Aug 01)
Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Christian Sciberras (Aug 13)
Re: cloudsafe365 for wordpress: file disclosure Christian Sciberras (Aug 28)

Cisco Systems Product Security Incident Response Team

[2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Aug 15)

Clare Elliott

Any contacts at Samsung Wintech? Clare Elliott (Aug 06)

coderman

Re: Android HTC Mail insecure password management coderman (Aug 08)
Re: how i stopped worrying and loved the backdoor coderman (Aug 18)
Re: debugfs exploit for a number of Android devices coderman (Aug 18)

Context IS - Disclosure

Context IS Advisory - SAP Host Control Remote Code Execution Context IS - Disclosure (Aug 17)

CorryL

Ad Manager Pro v. 4 Remote FLI CorryL (Aug 23)

craig deveson

Re: cloudsafe365 for wordpress: file disclosure craig deveson (Aug 29)

Daniel Dadap

nvidia linux binary driver priv escalation exploit Daniel Dadap (Aug 05)

Dan Kaminsky

Re: how i stopped worrying and loved the backdoor Dan Kaminsky (Aug 19)
Re: DakaRand Dan Kaminsky (Aug 19)
Re: DakaRand Dan Kaminsky (Aug 19)
Re: DakaRand Dan Kaminsky (Aug 19)
Re: DakaRand Dan Kaminsky (Aug 20)
Re: DakaRand Dan Kaminsky (Aug 20)
Re: DakaRand Dan Kaminsky (Aug 20)

Dan Rosenberg

Re: debugfs exploit for a number of Android devices Dan Rosenberg (Aug 15)

Dave Airlie

nvidia linux binary driver priv escalation exploit Dave Airlie (Aug 01)
Re: nvidia linux binary driver priv escalation exploit Dave Airlie (Aug 02)

David Black

Re: The Android Superuser App David Black (Aug 17)

Dmitry Evteev

The most realistic hacking contest Dmitry Evteev (Aug 20)

Enrico Cinquini

Liferay JSON service API authentication vulnerability Enrico Cinquini (Aug 03)

Fabien DUCHENE

GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012 Fabien DUCHENE (Aug 05)

Feighen Oosterbroek

Re: sandboxed browsing Feighen Oosterbroek (Aug 01)
Re: OT: OSX-PHP Dev Enviornment Feighen Oosterbroek (Aug 02)

Ferenc Kovacs

Re: OT: OSX-PHP Dev Enviornment Ferenc Kovacs (Aug 01)

Florian Weimer

[SECURITY] [DSA 2528-1] icedove security update Florian Weimer (Aug 14)
[SECURITY] [DSA 2530-1] rssh security update Florian Weimer (Aug 15)
[SECURITY] [DSA 2533-1] pcp security update Florian Weimer (Aug 23)
[SECURITY] [DSA 2534-1] postgresql-8.4 security update Florian Weimer (Aug 25)
[SECURITY] [DSA 2535-1] rtfm security update Florian Weimer (Aug 29)
[SECURITY] [DSA 2536-1] otrs2 security update Florian Weimer (Aug 30)
[SECURITY] [DSA 2537-1] typo3-src security update Florian Weimer (Aug 30)

François

Re: sandboxed browsing François (Aug 01)

fukami

29C3: Call for Participation for 29th Chaos Communication Congress fukami (Aug 03)

Full Disclosure

SNMP Reflected Denial Of Service - PoC Full Disclosure (Aug 31)

full-disclosure

Intercepting TOR full-disclosure (Aug 16)

Gary Baribault

Re: some distros for Raspberry Pi have sshd enabled and default logins. Gary Baribault (Aug 04)

Georgi Guninski

Re: AxMan ActiveX fuzzing <== Memory Corruption PoC Georgi Guninski (Aug 01)

Giles Coochey

Re: AxMan ActiveX fuzzing <== Memory Corruption PoC Giles Coochey (Aug 01)
Re: GIMP Scriptfu Python Remote Command Execution Giles Coochey (Aug 19)
Re: DakaRand Giles Coochey (Aug 20)

Gillis Jones (Gillis57)

Re: sandboxed browsing Gillis Jones (Gillis57) (Aug 01)

Giovanni [dacav] Simoni

Re: sandboxed browsing Giovanni [dacav] Simoni (Aug 02)

Gynvael Coldwind

Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Gynvael Coldwind (Aug 13)

Hafez Kamal

[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions Hafez Kamal (Aug 09)

Hambone Turkey

WTB: CIK and Fortezza card Hambone Turkey (Aug 13)

Harry Hoffman

Re: Nishang: PowerShell for Penetration Testing Harry Hoffman (Aug 15)
Re: Nishang: PowerShell for Penetration Testing Harry Hoffman (Aug 16)

Henri Salo

Re: XSS Vulnerabilities in LabWiki Henri Salo (Aug 23)
Re: XSS and SQL Injection Vulnerabilities in Jara Henri Salo (Aug 24)
Re: cloudsafe365 for wordpress: file disclosure Henri Salo (Aug 28)
Re: cloudsafe365 for wordpress: file disclosure Henri Salo (Aug 28)

Herald Gibson

USB HID attacks on Mac OS X Herald Gibson (Aug 22)

hinge

IOServer "Root Directory" Trailing Backslash Web Server Vuln hinge (Aug 19)

HTTPCS

[HTTPCS] WooPress 'page' Cross Site Scripting Vulnerability HTTPCS (Aug 08)
[HTTPCS] InterPhoto Image Gallery 'thisurl' Cross Site Scripting Vulnerability HTTPCS (Aug 11)
[HTTPCS] w-agora 4.2.1 Multiple Vulnerabilities(SQLI, XSS) HTTPCS (Aug 19)
[HTTPCS] Plogger multiple vulnerabilities HTTPCS (Aug 29)

Igor Igor

Printer in the DMZ Igor Igor (Aug 27)

Inshell Security

[IA23] Aoop CMS v0.3.6 Multiple Vulnerabilities Inshell Security (Aug 24)

Ivan Carlos

Re: cloudsafe365 for wordpress: file disclosure Ivan Carlos (Aug 28)

Ivan .Heca

hacking FB Ads Ivan .Heca (Aug 02)
Tech journalists: Stop hyping unproven security tools Ivan .Heca (Aug 13)

Jacqui Caren

Re: Associate professor from Pakistan National University - spammer Jacqui Caren (Aug 16)
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jacqui Caren (Aug 30)

James Lay

Re: ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability James Lay (Aug 22)

Jann Horn

The Android Superuser App Jann Horn (Aug 13)
Re: The Android Superuser App Jann Horn (Aug 13)
middle-clicking on links Jann Horn (Aug 16)

Jan van Niekerk

cloudsafe365 for wordpress: file disclosure Jan van Niekerk (Aug 28)

Jason A. Donenfeld

OS X Local Root: Silly SUID Helper in Tunnel Blick Jason A. Donenfeld (Aug 11)
Re: OS X Local Root: Silly SUID Helper in Tunnel Blick Jason A. Donenfeld (Aug 11)
OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 13)
Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 13)
Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 13)

Jason Hellenthal

Re: htaccess files should not be used for security restrictions Jason Hellenthal (Aug 09)

Jeffrey Walton

Re: Any contacts at Samsung Wintech? Jeffrey Walton (Aug 07)
Re: Android HTC Mail insecure password management Jeffrey Walton (Aug 08)
Re: DakaRand Jeffrey Walton (Aug 19)
Re: DakaRand Jeffrey Walton (Aug 19)
Re: The Dangerous of Fakeroot Jeffrey Walton (Aug 27)
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 31)

j f

Fwd: [TSCM-L] {6221} Domain Awareness System j f (Aug 09)

John Cage

Powershell for Penetration Testing - Nishang tool John Cage (Aug 15)

John Cartwright

List Charter John Cartwright (Aug 09)

J. Oquendo

Re: Gauss is out ! J. Oquendo (Aug 09)

Jose Carlos de Arriba

[FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS Jose Carlos de Arriba (Aug 17)

Joshua Thomas

Re: Printer in the DMZ Joshua Thomas (Aug 27)

Julius Kivimäki

Re: GIMP Scriptfu Python Remote Command Execution Julius Kivimäki (Aug 17)
Re: yahoo messenger 11.5.0 (d3d10.dll) DLL Hijacking Exploit Julius Kivimäki (Aug 26)

Justin C. Klein Keane

Drupal Custom Publishing Options Module XSS Justin C. Klein Keane (Aug 15)
Re: [Security-news] SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS) Justin C. Klein Keane (Aug 15)

kaveh ghaemmaghami

Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit kaveh ghaemmaghami (Aug 08)
DivX Plus Player plugin 2.2.0.52 Buffer Overflow PoC kaveh ghaemmaghami (Aug 15)
Windows Internet Explorer(ieframe.dll) null pointer dereference kaveh ghaemmaghami (Aug 20)
Adobe Pixel Bender Toolkit2 (tbbmalloc.dll) DLL Hijacking Exploit kaveh ghaemmaghami (Aug 23)
foxit reader 5.3.1(dwmapi.dll) DLL Hijacking Exploit kaveh ghaemmaghami (Aug 23)
Snagit 11.0.1 (dwmapi.dll) DLL Hijacking Exploit kaveh ghaemmaghami (Aug 23)
Microsoft Indexing Service Server-side null pointer dereference kaveh ghaemmaghami (Aug 24)
Microsoft Indexing Service Server-side (ixsso.dll) null pointer dereference kaveh ghaemmaghami (Aug 24)
yahoo messenger 11.5.0 (d3d10.dll) DLL Hijacking Exploit kaveh ghaemmaghami (Aug 25)
vBulletin and MyBB Vulnerability kaveh ghaemmaghami (Aug 30)
War FTP Daemon Remote Format String Vulnerability kaveh ghaemmaghami (Aug 30)

Kelvin White

Re: OT: OSX-PHP Dev Enviornment Kelvin White (Aug 02)
Re: OT: OSX-PHP Dev Enviornment Kelvin White (Aug 03)

kkhagel

Re: ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability kkhagel (Aug 23)

Kurt Ellzey

Re: OT: OSX-PHP Dev Enviornment Kurt Ellzey (Aug 02)
Re: Tech journalists: Stop hyping unproven security tools Kurt Ellzey (Aug 13)

Kyle Creyts

sandboxed browsing Kyle Creyts (Aug 01)
sandboxed browsing Kyle Creyts (Aug 02)

larry Cashdollar

some distros for Raspberry Pi have sshd enabled and default logins. larry Cashdollar (Aug 04)
Re: some distros for Raspberry Pi have sshd enabled and default logins. larry Cashdollar (Aug 04)

Lincoln Anderson

Re: Tech journalists: Stop hyping unproven security tools Lincoln Anderson (Aug 13)

Luciano Bello

[SECURITY] [DSA 2531-1] xen security update Luciano Bello (Aug 19)

Marcus Meissner

Re: how i stopped worrying and loved the backdoor Marcus Meissner (Aug 19)

Mateusz Jurczyk

New Adobe Reader fixes some, but not all known bugs Mateusz Jurczyk (Aug 15)

Matt Howard

DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Matt Howard (Aug 13)
Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Matt Howard (Aug 14)

Mattias Bååth

-==SEC-T 2012 Invitation==- Mattias Bååth (Aug 22)

Mattijs van Ommeren

Conceptronic Grab’n’Go Network Storage and Sitecom Home Storage Center - Authenticatio n Bypass Vulnerability in - AA-001 Mattijs van Ommeren (Aug 27)
Conceptronic Grab’n’Go Network Storage - Password disclosure Vulnerability - AA-002 Mattijs van Ommeren (Aug 27)
Re: Conceptronic Grab’n’Go Network Storage - Password disclosure Vulnerability - AA-002 Mattijs van Ommeren (Aug 27)

Menerick, John

Re: sandboxed browsing Menerick, John (Aug 01)

Michael D. Wood

Re: OT: OSX-PHP Dev Enviornment Michael D. Wood (Aug 02)

Moritz Muehlenhoff

[SECURITY] [DSA 2521-1] libxml2 security update Moritz Muehlenhoff (Aug 04)
[SECURITY] [DSA 2523-1] globus-gridftp-server security update Moritz Muehlenhoff (Aug 06)
[SECURITY] [DSA 2524-1] openttd security update Moritz Muehlenhoff (Aug 06)
[SECURITY] [DSA 2525-1] expat security update Moritz Muehlenhoff (Aug 06)
[SECURITY] [DSA 2527-1] php5 security update Moritz Muehlenhoff (Aug 13)

MustLive

Vulnerabilities in JW Player Pro MustLive (Aug 22)
Zend Framework - Local file disclosure via XXE injection MustLive (Aug 27)
XXE Injection in CakePHP and Squiz CMS MustLive (Aug 27)
IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities MustLive (Aug 31)

muuratsalo experimental hack lab

Re: XSS Vulnerabilities in LabWiki muuratsalo experimental hack lab (Aug 24)
Re: XSS and SQL Injection Vulnerabilities in OrderSys muuratsalo experimental hack lab (Aug 25)

n0sec

e-commerce websites and password mana gement... n0sec (Aug 02)

Netsparker Advisories

XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Netsparker Advisories (Aug 22)
XSS and SQL Injection Vulnerabilities in OrderSys Netsparker Advisories (Aug 22)
XSS Vulnerabilities in LabWiki Netsparker Advisories (Aug 22)
XSS and SQL Injection Vulnerabilities in Jara Netsparker Advisories (Aug 22)
Netsparker Community Edition is Back Netsparker Advisories (Aug 29)

Nico Golde

[SECURITY] [DSA 2519-1] isc-dhcp security update Nico Golde (Aug 02)
[SECURITY] [DSA 2519-2] isc-dhcp regression Nico Golde (Aug 05)
[SECURITY] [DSA 2526-1] libotr security update Nico Golde (Aug 13)

Nikhil Mittal

Nishang: PowerShell for Penetration Testing Nikhil Mittal (Aug 15)
Re: Full-Disclosure Digest, Vol 90, Issue 21 Nikhil Mittal (Aug 16)
Re: Nishang: PowerShell for Penetration Testing Nikhil Mittal (Aug 16)

noptrix

New version of dnsspider noptrix (Aug 16)

nullcon

nullcon Goa 2013 Call For Papers/Events nullcon (Aug 13)

Oliver Goebel

[IMF 2013] Call for Papers Oliver Goebel (Aug 28)

OST FD

OpenSecurityTraining Exploits 2 class OST FD (Aug 27)

Pablo Ximenes

Re: sandboxed browsing Pablo Ximenes (Aug 01)
Re: [Full-disclosure] Security Problem with Google ’s 2-Step Authentication Pablo Ximenes (Aug 01)

Paul Craig

iKAT 2012 Release - Interactive Kiosk Attack Tool Paul Craig (Aug 13)

Paul Schmehl

Re: DakaRand Paul Schmehl (Aug 20)
Re: DakaRand Paul Schmehl (Aug 20)
Re: DakaRand Paul Schmehl (Aug 20)

Pete Herzog

Hacker Highschool v2 Pete Herzog (Aug 09)

Peter Dawson

Gauss is out ! Peter Dawson (Aug 09)
Re: Hacker Highschool v2 Peter Dawson (Aug 09)
Re: Nishang: PowerShell for Penetration Testing Peter Dawson (Aug 15)

Piotr Duszynski

Portspoof - service signature obfuscator (more pain for port scanners) Piotr Duszynski (Aug 05)

pm whatever

string length field overwrite in IE9? pm whatever (Aug 22)

rancor

Re: some distros for Raspberry Pi have sshd enabled and default logins. rancor (Aug 04)
Re: some distros for Raspberry Pi have sshd enabled and default logins. rancor (Aug 04)

research

TCExam Edit SQL Injection research (Aug 14)
Group-Office Cleartext Credentials Stored in Cookies research (Aug 14)
TCExam Edit Cross-Site Scripting research (Aug 14)
Total Shop UK eCommerce Generic Cross-Site Scripting research (Aug 14)
GIMP Scriptfu Python Remote Command Execution research (Aug 17)
Re: GIMP Scriptfu Python Remote Command Execution research (Aug 20)

Richard Miles

How to use ARP Spoof to bypass firewall ACL? Richard Miles (Aug 21)

Robert Kim App and Facebook Marketing

Re: [ MDVSA-2012:122 ] icedtea-web Robert Kim App and Facebook Marketing (Aug 02)
sandboxed browsing Robert Kim App and Facebook Marketing (Aug 02)
Re: [SECURITY] [DSA 2521-1] libxml2 security update Robert Kim App and Facebook Marketing (Aug 05)
Re: how i stopped worrying and loved the backdoor Robert Kim App and Facebook Marketing (Aug 19)

Rob Weir

CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0 Rob Weir (Aug 29)

SEC Consult Vulnerability Lab

SEC Consult 20120829-0 :: Symantec Messaging Gateway - Support Backdoor SEC Consult Vulnerability Lab (Aug 30)

Secunia Research

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow Secunia Research (Aug 01)
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow Secunia Research (Aug 01)

security

[ MDVSA-2012:111 ] krb5 security (Aug 01)
[ MDVSA-2012:121 ] libjpeg-turbo security (Aug 01)
[ MDVSA-2012:122 ] icedtea-web security (Aug 02)
[ MDVSA-2012:123 ] libreoffice security (Aug 04)
[ MDVSA-2012:124 ] openoffice.org security (Aug 04)
[ MDVSA-2012:125 ] wireshark security (Aug 06)
[ MDVSA-2012:126 ] libxml2 security (Aug 08)
[ MDVSA-2012:127 ] libtiff security (Aug 08)
[ MDVSA-2012:128 ] bash security (Aug 09)
[ MDVSA-2012:129 ] busybox security (Aug 10)
[ MDVSA-2012:129-1 ] busybox security (Aug 10)
[ MDVSA-2012:130 ] openldap security (Aug 11)
[ MDVSA-2012:131 ] libotr security (Aug 13)
[ MDVSA-2012:132 ] glpi security (Aug 15)
[ MDVSA-2012:133 ] usbmuxd security (Aug 16)
[ MDVSA-2012:134 ] wireshark security (Aug 16)
[ MDVSA-2012:135 ] wireshark security (Aug 16)
[ MDVSA-2012:136 ] phpmyadmin security (Aug 17)
[ MDVSA-2012:138 ] acpid security (Aug 17)
[ MDVSA-2012:137 ] acpid security (Aug 17)
[ MDVSA-2012:139 ] postgresql security (Aug 19)
[ MDVSA-2012:140 ] mono security (Aug 20)
[ MDVSA-2012:141 ] openslp security (Aug 21)
[ MDVSA-2012:142 ] gimp security (Aug 21)
[ MDVSA-2012:143 ] python-django security (Aug 23)
[ MDVSA-2012:144 ] tetex security (Aug 28)
[ MDVSA-2012:145 ] firefox security (Aug 29)
[ MDVSA-2012:146 ] firefox security (Aug 29)
[ MDVSA-2012:147 ] mozilla-thunderbird security (Aug 29)
[ MDVSA-2012:074-1 ] ffmpeg security (Aug 30)
[ MDVSA-2012:148 ] ffmpeg security (Aug 30)

Security Explorations

[SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 29)
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
[SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations (Aug 31)

security-news

[Security-news] SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS) security-news (Aug 01)
[Security-news] SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass (unsupported) security-news (Aug 01)
[Security-news] SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS) security-news (Aug 08)
[Security-news] SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS) security-news (Aug 08)
[Security-news] SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass security-news (Aug 08)
[Security-news] SA-CONTRIB-2012-124 - Mime Mail - Access Bypass security-news (Aug 08)
[Security-news] SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion and Cross Site Scripting (XSS) security-news (Aug 08)
[Security-news] SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS) security-news (Aug 15)
[Security-news] SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS) security-news (Aug 15)
[Security-news] SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability security-news (Aug 15)
[Security-news] SA-CONTRIB-2012-132 - Announcements - Access Bypass security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-131 - Email Field - Access Bypass security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-130 - Jstool - Multiple Vulnerabilities security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-129 - Activism - Access Bypass security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-134 - Views - Privilege Escalation security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention security-news (Aug 29)
[Security-news] SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS) security-news (Aug 29)

Seeker Research Center

.Net Cross Site Scripting - Request Validation Bypassing Seeker Research Center (Aug 31)

Shahriyar Jalayeri

Windows Kernel Intel x64 SYSRET Vulnerability + Code Signing Bypass Bonus Shahriyar Jalayeri (Aug 26)

SMiller

Subject: ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability, [from] Full-Disclosure Digest, Vol 90, Issue 7 SMiller (Aug 06)

Stefan Edwards

Re: Tech journalists: Stop hyping unproven security tools Stefan Edwards (Aug 14)
Re: Tech journalists: Stop hyping unproven security tools Stefan Edwards (Aug 14)

Stefan Kanthak

How well does Microsoft support (and follow) their mantra "keep your PC updated"? Stefan Kanthak (Aug 09)

taha

Re: How to use ARP Spoof to bypass firewall ACL? taha (Aug 24)

Teguh

The Dangerous of Fakeroot Teguh (Aug 27)
Re: The Dangerous of Fakeroot Teguh (Aug 29)
Re: The Dangerous of Fakeroot Teguh (Aug 29)

Thijs Kinkhorst

[SECURITY] [DSA 2529-1] python-django security update Thijs Kinkhorst (Aug 15)
[SECURITY] [DSA 2532-1] libapache2-mod-rpaf security update Thijs Kinkhorst (Aug 22)

Thor

Re: AxMan ActiveX fuzzing <== Memory Corruption PoC Thor (Aug 01)
OT: OSX-PHP Dev Enviornment Thor (Aug 01)
Re: OT: OSX-PHP Dev Enviornment Thor (Aug 01)
Re: OT: OSX-PHP Dev Enviornment Thor (Aug 01)
Re: OT: OSX-PHP Dev Enviornment Thor (Aug 01)
Re: Tech journalists: Stop hyping unproven security tools Thor (Aug 13)
Re: Tech journalists: Stop hyping unproven security tools Thor (Aug 13)

Thor (Hammer of God)

Re: Tech journalists: Stop hyping unproven security tools Thor (Hammer of God) (Aug 13)
Re: Tech journalists: Stop hyping unproven security tools Thor (Hammer of God) (Aug 13)
Re: how i stopped worrying and loved the backdoor Thor (Hammer of God) (Aug 19)
Re: The Dangerous of Fakeroot Thor (Hammer of God) (Aug 27)

Tim

Re: [SE-2012-01] information regarding recently discovered Java 7 attack Tim (Aug 29)

Timo Warns

[PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice Timo Warns (Aug 10)

Tomaž Muraus

[CVE-2012-3446] Apache Libcloud - possible SSL MITM due to invalid regular expression used to validate the target server hostname Tomaž Muraus (Aug 03)

Tomi Tuominen

t2′12: Challenge to be rele ased 2012-09-01 10:00 EEST Tomi Tuominen (Aug 29)

Tonu Samuel

Associate professor from Pakistan National University - spammer Tonu Samuel (Aug 15)
Re: Associate professor from Pakistan National University - spammer Tonu Samuel (Aug 16)
Re: Associate professor from Pakistan National University - spammer Tonu Samuel (Aug 17)

Ty Miller

Teaching Hackers to Hack: "The Shellcode Lab" training at "Hack In The Box" Ty Miller (Aug 29)

Ulisses Montenegro

Re: OT: OSX-PHP Dev Enviornment Ulisses Montenegro (Aug 02)

valdis . kletnieks

Re: WTB: CIK and Fortezza card valdis . kletnieks (Aug 13)
Re: Associate professor from Pakistan National University - spammer valdis . kletnieks (Aug 16)
Re: Intercepting TOR valdis . kletnieks (Aug 16)
Re: Associate professor from Pakistan National University - spammer valdis . kletnieks (Aug 17)
Re: Printer in the DMZ valdis . kletnieks (Aug 28)

VMware Security Team

VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries VMware Security Team (Aug 31)

vtalk

Android HTC Mail insecure password management vtalk (Aug 06)

Vulnerability Lab

GunBound - Denial of Service Vulnerability Vulnerability Lab (Aug 01)
Barracuda Appliances - Validation Filter Bypass Vulnerability Vulnerability Lab (Aug 01)
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Vulnerability Lab (Aug 01)
ME Application Manager 10 - Multiple Web Vulnerabilities Vulnerability Lab (Aug 01)
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Vulnerability Lab (Aug 01)
ME Mobile Application Manager v10 - SQL Vulnerabilities Vulnerability Lab (Aug 01)
Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability Vulnerability Lab (Aug 02)
BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability Vulnerability Lab (Aug 06)
Joomla com_package - SQL Injection Vulnerability Vulnerability Lab (Aug 06)
Joomla com_photo - SQL Injection Vulnerability Vulnerability Lab (Aug 06)
Inout Mobile Webmail APP - Multiple Web Vulnerabilities Vulnerability Lab (Aug 06)
iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Vulnerability Lab (Aug 06)
VMware Vendor Service - Multiple Web Vulnerabilities Vulnerability Lab (Aug 06)
Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Vulnerability Lab (Aug 09)
Arasism (IR) CMS - File Upload Vulnerability Vulnerability Lab (Aug 09)
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Vulnerability Lab (Aug 11)
7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Aug 13)
Social Engine v4.2.5 - Multiple Web Vulnerabilities Vulnerability Lab (Aug 17)
ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Vulnerability Lab (Aug 17)
ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Vulnerability Lab (Aug 17)
Nike+ Panel & Mobile App - Multiple Web Vulnerabilities Vulnerability Lab (Aug 17)
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Vulnerability Lab (Aug 17)
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities [UPDATED!] Vulnerability Lab (Aug 19)

Wiliam Steck

Re: The Dangerous of Fakeroot Wiliam Steck (Aug 27)
Re: The Dangerous of Fakeroot Wiliam Steck (Aug 28)
Re: The Dangerous of Fakeroot Wiliam Steck (Aug 28)

Williams, James K

CA20111208-01: Security Notice for CA SiteMinder [updated] Williams, James K (Aug 27)

yersinia

Re: sandboxed browsing yersinia (Aug 01)

YGN Ethical Hacker Group

ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Aug 20)
ocPoral CMS 8.x | Session Hijacking Vulnerability YGN Ethical Hacker Group (Aug 20)

You Got Pwned

Re: hacking FB Ads You Got Pwned (Aug 02)

Yves-Alexis Perez

[SECURITY] [DSA 2518-1] krb5 security update Yves-Alexis Perez (Aug 01)
[SECURITY] [DSA 2520-1] openoffice.org security update Yves-Alexis Perez (Aug 02)
[SECURITY] [DSA 2522-1] fckeditor security update Yves-Alexis Perez (Aug 06)

ZDI Disclosures

ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability ZDI Disclosures (Aug 03)
ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) ZDI Disclosures (Aug 03)
ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability ZDI Disclosures (Aug 03)
ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability ZDI Disclosures (Aug 03)
ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability ZDI Disclosures (Aug 03)
ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities ZDI Disclosures (Aug 03)
ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability ZDI Disclosures (Aug 03)
ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability ZDI Disclosures (Aug 03)
ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty ZDI Disclosures (Aug 17)
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 17)
ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. ZDI Disclosures (Aug 22)
ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability ZDI Disclosures (Aug 22)
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures (Aug 29)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]