Home page logo
/

393 messages starting Aug 01 12 and ending Aug 31 12
Date index | Thread index | Author index

Wednesday, 01 August

Re: AxMan ActiveX fuzzing <== Memor y Corruption PoC Carlo Di Dato
Re: AxMan ActiveX fuzzing <== Memory Corruption PoC Giles Coochey
[SECURITY] [DSA 2518-1] krb5 security update Yves-Alexis Perez
sandboxed browsing Kyle Creyts
nvidia linux binary driver priv escalation exploit Dave Airlie
GunBound - Denial of Service Vulnerability Vulnerability Lab
Barracuda Appliances - Validation Filter Bypass Vulnerability Vulnerability Lab
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Vulnerability Lab
ME Application Manager 10 - Multiple Web Vulnerabilities Vulnerability Lab
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Vulnerability Lab
ME Mobile Application Manager v10 - SQL Vulnerabilities Vulnerability Lab
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow Secunia Research
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow Secunia Research
Re: sandboxed browsing Christian Sciberras
Re: sandboxed browsing Pablo Ximenes
Re: sandboxed browsing Adam Caudill
Re: sandboxed browsing Andreas
Re: [Full-disclosure] Security Problem with Google ’s 2-Step Authentication Pablo Ximenes
Re: sandboxed browsing Christian Sciberras
Re: sandboxed browsing yersinia
Re: AxMan ActiveX fuzzing <== Memory Corruption PoC Georgi Guninski
[Security-news] SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass (unsupported) security-news
[ MDVSA-2012:111 ] krb5 security
Re: AxMan ActiveX fuzzing <== Memory Corruption PoC Thor
Re: sandboxed browsing Feighen Oosterbroek
Re: sandboxed browsing François
Re: sandboxed browsing bk
OT: OSX-PHP Dev Enviornment Thor
Re: OT: OSX-PHP Dev Enviornment Thor
Re: OT: OSX-PHP Dev Enviornment Ferenc Kovacs
Re: OT: OSX-PHP Dev Enviornment Thor
Re: OT: OSX-PHP Dev Enviornment Thor
[ MDVSA-2012:121 ] libjpeg-turbo security
Re: sandboxed browsing Gillis Jones (Gillis57)
Re: sandboxed browsing Menerick, John

Thursday, 02 August

hacking FB Ads Ivan .Heca
[SECURITY] [DSA 2519-1] isc-dhcp security update Nico Golde
Re: OT: OSX-PHP Dev Enviornment Kelvin White
Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability Vulnerability Lab
Re: OT: OSX-PHP Dev Enviornment Michael D. Wood
Re: sandboxed browsing Giovanni [dacav] Simoni
Re: OT: OSX-PHP Dev Enviornment Feighen Oosterbroek
e-commerce websites and password mana gement... n0sec
Re: hacking FB Ads You Got Pwned
sandboxed browsing Kyle Creyts
Re: OT: OSX-PHP Dev Enviornment Ulisses Montenegro
Re: OT: OSX-PHP Dev Enviornment Kurt Ellzey
Re: nvidia linux binary driver priv escalation exploit Dave Airlie
[ MDVSA-2012:122 ] icedtea-web security
Re: [ MDVSA-2012:122 ] icedtea-web Robert Kim App and Facebook Marketing
sandboxed browsing Robert Kim App and Facebook Marketing
[SECURITY] [DSA 2520-1] openoffice.org security update Yves-Alexis Perez

Friday, 03 August

Liferay JSON service API authentication vulnerability Enrico Cinquini
Re: OT: OSX-PHP Dev Enviornment Kelvin White
[CVE-2012-3446] Apache Libcloud - possible SSL MITM due to invalid regular expression used to validate the target server hostname Tomaž Muraus
29C3: Call for Participation for 29th Chaos Communication Congress fukami
ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) ZDI Disclosures
ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities ZDI Disclosures
ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability ZDI Disclosures

Saturday, 04 August

some distros for Raspberry Pi have sshd enabled and default logins. larry Cashdollar
[ MDVSA-2012:123 ] libreoffice security
[ MDVSA-2012:124 ] openoffice.org security
Re: some distros for Raspberry Pi have sshd enabled and default logins. rancor
Re: some distros for Raspberry Pi have sshd enabled and default logins. larry Cashdollar
Re: some distros for Raspberry Pi have sshd enabled and default logins. Gary Baribault
Re: some distros for Raspberry Pi have sshd enabled and default logins. rancor
[SECURITY] [DSA 2521-1] libxml2 security update Moritz Muehlenhoff

Sunday, 05 August

Re: [SECURITY] [DSA 2521-1] libxml2 security update Robert Kim App and Facebook Marketing
Portspoof - service signature obfuscator (more pain for port scanners) Piotr Duszynski
[SECURITY] [DSA 2519-2] isc-dhcp regression Nico Golde
nvidia linux binary driver priv escalation exploit Daniel Dadap
GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012 Fabien DUCHENE
CFP BugCON 2013 @ Ciudad de M éxico Carlos A. Lozano

Monday, 06 August

BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability Vulnerability Lab
Joomla com_package - SQL Injection Vulnerability Vulnerability Lab
Joomla com_photo - SQL Injection Vulnerability Vulnerability Lab
Inout Mobile Webmail APP - Multiple Web Vulnerabilities Vulnerability Lab
iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Vulnerability Lab
VMware Vendor Service - Multiple Web Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 2522-1] fckeditor security update Yves-Alexis Perez
Android HTC Mail insecure password management vtalk
[ MDVSA-2012:125 ] wireshark security
Subject: ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability, [from] Full-Disclosure Digest, Vol 90, Issue 7 SMiller
[SECURITY] [DSA 2523-1] globus-gridftp-server security update Moritz Muehlenhoff
[SECURITY] [DSA 2524-1] openttd security update Moritz Muehlenhoff
Any contacts at Samsung Wintech? Clare Elliott
[SECURITY] [DSA 2525-1] expat security update Moritz Muehlenhoff

Tuesday, 07 August

Re: Any contacts at Samsung Wintech? Jeffrey Walton

Wednesday, 08 August

Re: Android HTC Mail insecure password management Jeffrey Walton
[ MDVSA-2012:126 ] libxml2 security
[ MDVSA-2012:127 ] libtiff security
htaccess files should not be used for security restrictions Bogdan Calin
[HTTPCS] WooPress 'page' Cross Site Scripting Vulnerability HTTPCS
Easewe FTP(EaseWeFtp.ocx) Insecure Method Exploit kaveh ghaemmaghami
Re: Android HTC Mail insecure password management coderman
[Security-news] SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-124 - Mime Mail - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion and Cross Site Scripting (XSS) security-news

Thursday, 09 August

[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions Hafez Kamal
Re: htaccess files should not be used for security restrictions Jason Hellenthal
Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Vulnerability Lab
Arasism (IR) CMS - File Upload Vulnerability Vulnerability Lab
Gauss is out ! Peter Dawson
[ MDVSA-2012:128 ] bash security
Fwd: [TSCM-L] {6221} Domain Awareness System j f
How well does Microsoft support (and follow) their mantra "keep your PC updated"? Stefan Kanthak
Hacker Highschool v2 Pete Herzog
List Charter John Cartwright
Re: Hacker Highschool v2 Benji
Re: Hacker Highschool v2 Peter Dawson
Re: Gauss is out ! J. Oquendo

Friday, 10 August

[PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice Timo Warns
[ MDVSA-2012:129 ] busybox security
[ MDVSA-2012:129-1 ] busybox security

Saturday, 11 August

OS X Local Root: Silly SUID Helper in Tunnel Blick Jason A. Donenfeld
Re: OS X Local Root: Silly SUID Helper in Tunnel Blick Jason A. Donenfeld
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Vulnerability Lab
[HTTPCS] InterPhoto Image Gallery 'thisurl' Cross Site Scripting Vulnerability HTTPCS
[ MDVSA-2012:130 ] openldap security

Monday, 13 August

Tech journalists: Stop hyping unproven security tools Ivan .Heca
OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld
Re: Tech journalists: Stop hyping unproven security tools Thor (Hammer of God)
iKAT 2012 Release - Interactive Kiosk Attack Tool Paul Craig
[SECURITY] [DSA 2526-1] libotr security update Nico Golde
7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities Vulnerability Lab
WTB: CIK and Fortezza card Hambone Turkey
DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Matt Howard
NeoInvoice Blind SQL Injection (CVE-2012-3477) Adam Caudill
The Android Superuser App Jann Horn
Re: WTB: CIK and Fortezza card Benji
nullcon Goa 2013 Call For Papers/Events nullcon
Re: The Android Superuser App Jann Horn
Re: The Android Superuser App Benji
Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld
Re: Tech journalists: Stop hyping unproven security tools Lincoln Anderson
Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld
Re: Tech journalists: Stop hyping unproven security tools Thor
Re: Tech journalists: Stop hyping unproven security tools Thor
Re: Tech journalists: Stop hyping unproven security tools Kurt Ellzey
[ MDVSA-2012:131 ] libotr security
Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Gynvael Coldwind
Re: Tech journalists: Stop hyping unproven security tools Thor (Hammer of God)
[SECURITY] [DSA 2527-1] php5 security update Moritz Muehlenhoff
Re: WTB: CIK and Fortezza card valdis . kletnieks
Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Christian Sciberras

Tuesday, 14 August

Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Matt Howard
TCExam Edit SQL Injection research
Group-Office Cleartext Credentials Stored in Cookies research
TCExam Edit Cross-Site Scripting research
Total Shop UK eCommerce Generic Cross-Site Scripting research
Re: Tech journalists: Stop hyping unproven security tools Stefan Edwards
Re: Tech journalists: Stop hyping unproven security tools Stefan Edwards
[Announcement] ClubHack Magazine's Aug 2012 Issue Released Abhijeet Patil
[SECURITY] [DSA 2528-1] icedove security update Florian Weimer

Wednesday, 15 August

Nishang: PowerShell for Penetration Testing Nikhil Mittal
Re: The Android Superuser App Alexander Pruss
debugfs exploit for a number of Android devices Alexander Pruss
[SECURITY] [DSA 2529-1] python-django security update Thijs Kinkhorst
DivX Plus Player plugin 2.2.0.52 Buffer Overflow PoC kaveh ghaemmaghami
Powershell for Penetration Testing - Nishang tool John Cage
Associate professor from Pakistan National University - spammer Tonu Samuel
New Adobe Reader fixes some, but not all known bugs Mateusz Jurczyk
[2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Re: debugfs exploit for a number of Android devices Dan Rosenberg
Re: debugfs exploit for a number of Android devices Alexander Pruss
[ MDVSA-2012:132 ] glpi security
[Security-news] SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS) security-news
Drupal Custom Publishing Options Module XSS Justin C. Klein Keane
Re: [Security-news] SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS) Justin C. Klein Keane
Re: Nishang: PowerShell for Penetration Testing Harry Hoffman
[Security-news] SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS) security-news
[SECURITY] [DSA 2530-1] rssh security update Florian Weimer
[Security-news] SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability security-news
Re: Nishang: PowerShell for Penetration Testing Peter Dawson

Thursday, 16 August

Re: Associate professor from Pakistan National University - spammer valdis . kletnieks
Re: Full-Disclosure Digest, Vol 90, Issue 21 Nikhil Mittal
Re: Nishang: PowerShell for Penetration Testing Nikhil Mittal
Re: Associate professor from Pakistan National University - spammer Tonu Samuel
vulnerabilities in Samsung Epic 4G Touch with 2.3.6, and probably other Samsungs Alexander Pruss
Intercepting TOR full-disclosure
middle-clicking on links Jann Horn
Re: Intercepting TOR valdis . kletnieks
[ MDVSA-2012:133 ] usbmuxd security
Re: Associate professor from Pakistan National University - spammer Jacqui Caren
Re: Nishang: PowerShell for Penetration Testing Harry Hoffman
New version of dnsspider noptrix
[ MDVSA-2012:134 ] wireshark security
[ MDVSA-2012:135 ] wireshark security

Friday, 17 August

[ MDVSA-2012:136 ] phpmyadmin security
[ MDVSA-2012:138 ] acpid security
[ MDVSA-2012:137 ] acpid security
Re: The Android Superuser App David Black
[FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS Jose Carlos de Arriba
GIMP Scriptfu Python Remote Command Execution research
Social Engine v4.2.5 - Multiple Web Vulnerabilities Vulnerability Lab
ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Vulnerability Lab
ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Vulnerability Lab
Nike+ Panel & Mobile App - Multiple Web Vulnerabilities Vulnerability Lab
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Vulnerability Lab
Re: Associate professor from Pakistan National University - spammer Tonu Samuel
Re: GIMP Scriptfu Python Remote Command Execution Julius Kivimäki
Context IS Advisory - SAP Host Control Remote Code Execution Context IS - Disclosure
ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty ZDI Disclosures
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability ZDI Disclosures
Re: Associate professor from Pakistan National University - spammer valdis . kletnieks

Saturday, 18 August

Re: how i stopped worrying and loved the backdoor coderman
Re: debugfs exploit for a number of Android devices coderman

Sunday, 19 August

Re: how i stopped worrying and loved the backdoor Dan Kaminsky
IOServer "Root Directory" Trailing Backslash Web Server Vuln hinge
[HTTPCS] w-agora 4.2.1 Multiple Vulnerabilities(SQLI, XSS) HTTPCS
Re: GIMP Scriptfu Python Remote Command Execution Giles Coochey
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities [UPDATED!] Vulnerability Lab
[SECURITY] [DSA 2531-1] xen security update Luciano Bello
Re: how i stopped worrying and loved the backdoor Marcus Meissner
Re: how i stopped worrying and loved the backdoor Robert Kim App and Facebook Marketing
[ MDVSA-2012:139 ] postgresql security
Re: how i stopped worrying and loved the backdoor Thor (Hammer of God)
Re: DakaRand Dan Kaminsky
Re: DakaRand Ben Laurie
Re: DakaRand Jeffrey Walton
Re: DakaRand Dan Kaminsky
Re: DakaRand Ben Laurie
Re: DakaRand Dan Kaminsky
Re: DakaRand Jeffrey Walton

Monday, 20 August

Re: DakaRand Ben Laurie
Re: DakaRand Dan Kaminsky
Re: DakaRand Ben Laurie
[ MDVSA-2012:140 ] mono security
Windows Internet Explorer(ieframe.dll) null pointer dereference kaveh ghaemmaghami
ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
ocPoral CMS 8.x | Session Hijacking Vulnerability YGN Ethical Hacker Group
Re: vulnerabilities in Samsung Epic 4G Touch with 2.3.6, and probably other Samsungs Alexander Pruss
Re: GIMP Scriptfu Python Remote Command Execution research
The most realistic hacking contest Dmitry Evteev
Re: DakaRand Dan Kaminsky
Re: DakaRand Paul Schmehl
Re: DakaRand Giles Coochey
Re: DakaRand Paul Schmehl
Re: DakaRand Dan Kaminsky
Re: DakaRand Paul Schmehl

Tuesday, 21 August

How to use ARP Spoof to bypass firewall ACL? Richard Miles
[ MDVSA-2012:141 ] openslp security
[ MDVSA-2012:142 ] gimp security

Wednesday, 22 August

string length field overwrite in IE9? pm whatever
USB HID attacks on Mac OS X Herald Gibson
XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Netsparker Advisories
XSS and SQL Injection Vulnerabilities in OrderSys Netsparker Advisories
XSS Vulnerabilities in LabWiki Netsparker Advisories
XSS and SQL Injection Vulnerabilities in Jara Netsparker Advisories
[SECURITY] [DSA 2532-1] libapache2-mod-rpaf security update Thijs Kinkhorst
ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability ZDI Disclosures
Re: ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability James Lay
ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability ZDI Disclosures
Re: ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability Benji
ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability ZDI Disclosures
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. ZDI Disclosures
ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability ZDI Disclosures
-==SEC-T 2012 Invitation==- Mattias Bååth
Vulnerabilities in JW Player Pro MustLive

Thursday, 23 August

Re: ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability kkhagel
Adobe Pixel Bender Toolkit2 (tbbmalloc.dll) DLL Hijacking Exploit kaveh ghaemmaghami
foxit reader 5.3.1(dwmapi.dll) DLL Hijacking Exploit kaveh ghaemmaghami
Snagit 11.0.1 (dwmapi.dll) DLL Hijacking Exploit kaveh ghaemmaghami
Ad Manager Pro v. 4 Remote FLI CorryL
[ MDVSA-2012:143 ] python-django security
[SECURITY] [DSA 2533-1] pcp security update Florian Weimer
Re: XSS Vulnerabilities in LabWiki Henri Salo

Friday, 24 August

Re: XSS and SQL Injection Vulnerabilities in Jara Henri Salo
Microsoft Indexing Service Server-side null pointer dereference kaveh ghaemmaghami
Microsoft Indexing Service Server-side (ixsso.dll) null pointer dereference kaveh ghaemmaghami
Re: How to use ARP Spoof to bypass firewall ACL? taha
Re: XSS Vulnerabilities in LabWiki muuratsalo experimental hack lab
[IA23] Aoop CMS v0.3.6 Multiple Vulnerabilities Inshell Security

Saturday, 25 August

Re: XSS and SQL Injection Vulnerabilities in OrderSys muuratsalo experimental hack lab
yahoo messenger 11.5.0 (d3d10.dll) DLL Hijacking Exploit kaveh ghaemmaghami
[SECURITY] [DSA 2534-1] postgresql-8.4 security update Florian Weimer

Sunday, 26 August

Re: yahoo messenger 11.5.0 (d3d10.dll) DLL Hijacking Exploit Julius Kivimäki
Windows Kernel Intel x64 SYSRET Vulnerability + Code Signing Bypass Bonus Shahriyar Jalayeri

Monday, 27 August

Conceptronic Grab’n’Go Network Storage and Sitecom Home Storage Center - Authenticatio n Bypass Vulnerability in - AA-001 Mattijs van Ommeren
Conceptronic Grab’n’Go Network Storage - Password disclosure Vulnerability - AA-002 Mattijs van Ommeren
OpenSecurityTraining Exploits 2 class OST FD
CA20111208-01: Security Notice for CA SiteMinder [updated] Williams, James K
Re: Printer in the DMZ Benji
Re: Conceptronic Grab’n’Go Network Storage - Password disclosure Vulnerability - AA-002 Mattijs van Ommeren
Zend Framework - Local file disclosure via XXE injection MustLive
XXE Injection in CakePHP and Squiz CMS MustLive
The Dangerous of Fakeroot Teguh
Printer in the DMZ Igor Igor
Re: Printer in the DMZ Joshua Thomas
Re: The Dangerous of Fakeroot Jeffrey Walton
Re: The Dangerous of Fakeroot Wiliam Steck
Re: The Dangerous of Fakeroot Thor (Hammer of God)

Tuesday, 28 August

Re: The Dangerous of Fakeroot Wiliam Steck
Re: The Dangerous of Fakeroot Wiliam Steck
Re: Printer in the DMZ valdis . kletnieks
cloudsafe365 for wordpress: file disclosure Jan van Niekerk
Re: cloudsafe365 for wordpress: file disclosure Henri Salo
Re: cloudsafe365 for wordpress: file disclosure Christian Sciberras
Re: cloudsafe365 for wordpress: file disclosure Henri Salo
[ MDVSA-2012:144 ] tetex security
[IMF 2013] Call for Papers Oliver Goebel
Re: cloudsafe365 for wordpress: file disclosure Ivan Carlos

Wednesday, 29 August

CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0 Rob Weir
[HTTPCS] Plogger multiple vulnerabilities HTTPCS
[SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations
Re: The Dangerous of Fakeroot Teguh
Re: The Dangerous of Fakeroot Teguh
Teaching Hackers to Hack: "The Shellcode Lab" training at "Hack In The Box" Ty Miller
Re: cloudsafe365 for wordpress: file disclosure craig deveson
[ MDVSA-2012:145 ] firefox security
t2′12: Challenge to be rele ased 2012-09-01 10:00 EEST Tomi Tuominen
[ MDVSA-2012:146 ] firefox security
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2012:147 ] mozilla-thunderbird security
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton
[Security-news] SA-CONTRIB-2012-132 - Announcements - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-131 - Email Field - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution security-news
[Security-news] SA-CONTRIB-2012-130 - Jstool - Multiple Vulnerabilities security-news
[Security-news] SA-CONTRIB-2012-129 - Activism - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-134 - Views - Privilege Escalation security-news
[Security-news] SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention security-news
[SECURITY] [DSA 2535-1] rtfm security update Florian Weimer
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Tim
[Security-news] SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS) security-news
Netsparker Community Edition is Back Netsparker Advisories

Thursday, 30 August

Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jacqui Caren
vBulletin and MyBB Vulnerability kaveh ghaemmaghami
SEC Consult 20120829-0 :: Symantec Messaging Gateway - Support Backdoor SEC Consult Vulnerability Lab
[ MDVSA-2012:074-1 ] ffmpeg security
[ MDVSA-2012:148 ] ffmpeg security
[SECURITY] [DSA 2536-1] otrs2 security update Florian Weimer
[SECURITY] [DSA 2537-1] typo3-src security update Florian Weimer
AST-2012-012: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team
AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users Asterisk Security Team
War FTP Daemon Remote Format String Vulnerability kaveh ghaemmaghami

Friday, 31 August

VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries VMware Security Team
.Net Cross Site Scripting - Request Validation Bypassing Seeker Research Center
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations
[SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations
SNMP Reflected Denial Of Service - PoC Full Disclosure
Re: SNMP Reflected Denial Of Service - PoC Anestis Bechtsoudis
Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton
IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities MustLive
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]