236 messages starting Nov 01 12 and ending Nov 30 12 Date index | Thread index | Author index
XSS, LFI and SQL Injection Vulnerabilities in Achievo Netsparker Advisories [SECURITY] [DSA 2570-1] openoffice.org security update Yves-Alexis Perez Whonix ALPHA 0.4.5 - Anonymous Operating System released adrelanos Re: [OT] How much a million facebook passwords would cost? Julius Kivimäki Re: [OT] How much a million facebook passwords would cost? Gonzalo Brusella Re: Is it OK to hold credit card numbers in cookies? Santander? Jann Horn Re: [OT] How much a million facebook passwords would cost? ramo EasyPHP 12.1 - Remote code execution of any php/js on local PC auto59190641 Security risks of doing business with China? Dan Ballance [ MDVSA-2012:169 ] java-1.6.0-openjdk security Re: [OT] How much a million facebook passwords would cost? Grandma Eubanks Re: :Re: [OT] How much a million facebook Mikhail A. Utin Re: Security risks of doing business with China? bk Elgg unsecure installation vulnerability Enrico Cinquini
Re: Security risks of doing business with China? Thor (Hammer of God) Re: XSS, LFI and SQL Injection Vulnerabilities in Achievo Henri Salo Re: Security risks of doing business with China? Seth Arnold PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls research Checkpoint/SofaWare Firewall Vulnerability Research research n.runs-SA-2012.003 - SPLUNK DoS HashDOS security Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client Stefan Kanthak n.runs-SA-2012.003 - SPLUNK DoS HashDOS security [ MDVSA-2012:170 ] firefox security Open Letter to the International Information Security Community - Help Brazilian Security Researchers Pablo Ximenes
pfSense Captive Portal Voucher Jeffrey Walton
[SECURITY] [DSA 2571-1] libproxy security update Raphael Geissert [waraxe-2012-SA#096] - Multiple Vulnerabilities in Zenphoto 1.4.3.3 Janek Vind [SECURITY] [DSA 2572-1] iceape security update Thijs Kinkhorst AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities Vulnerability Lab HTP Zine 4 h [HITB-Announce] #HITB2013AMS Call For Papers Now Open Hafez Kamal multiple critical vulnerabilities in sophos products Tavis Ormandy Re: multiple critical vulnerabilities in sophos products Michele Orru Re: multiple critical vulnerabilities in sophos products Michele Orru [SECURITY] CVE-2012-2733 Apache Tomcat Denial of Service Mark Thomas [SECURITY] CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Mark Thomas
Convite para o CONISLI 2012 — palestra "SSL/TLS para Todos" (Guarulhos / SP, Brasil ) contato Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0 Stefan Kanthak
Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team [Security-news] SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass security-news [Security-news] SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS) security-news When those who say to represent computing/IT students have serious security vulnerabilities? (XSS and data disclosure on http://ritsi.org ) klondike
[IA42] Zoner Photo Studio v15 Build 3 (Zps.exe) Registry Value Parsing Local Buffer Overflow Inshell Security
Cisco Security Advisory: Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities Cisco Systems Product Security Incident Response Team [ MDVSA-2012:171 ] icedtea-web security A damn aweful facebook DOS Chris C. Russo Re: A damn aweful facebook DOS Bill Weiss Re: A damn aweful facebook DOS Chris C. Russo Re: A damn aweful facebook DOS Chris C. Russo Re: A damn aweful facebook DOS Bacon Zombie XSS vulnerability in swfupload in WordPress MustLive
TTY handling when executing code in lower-privileged context (su, virt containers) halfdog Re: TTY handling when executing code in lower-privileged context (su, virt containers) Michal Zalewski Re: TTY handling when executing code in lower-privileged context (su, virt containers) Benji Re: TTY handling when executing code in lower-privileged context (su, virt containers) Michal Zalewski Re: TTY handling when executing code in lower-privileged context (su, virt containers) Benji Re: TTY handling when executing code in lower-privileged context (su, virt containers) Benji
Re: XSS vulnerability in swfupload in WordPress Robert Kim SuperHydroPhobic! Re: TTY handling when executing code in lower-privileged context (su, virt containers) Michal Zalewski
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Georgi Guninski Re: EasyPHP 12.1 - Remote code execution of any php/js on local PC auto59190641 Gajim fails to handle invalid certificates y33t [SECURITY] [DSA 2573-1] radsecproxy security update Luciano Bello Re: TTY handling when executing code in lower-privileged context (su, virt containers) Jerry Bell BananaDance Wiki b2.2 - Multiple Web Vulnerabilities Vulnerability Lab List Charter John Cartwright Re: Full-Disclosure Digest, Vol 93, Issue 11 Scott Miller Re: Full-Disclosure Digest, Vol 93, Issue 11 Nick FitzGerald
Eventy CMS v1.8 Plus - Multiple Web Vulnerablities Vulnerability Lab Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Vulnerability Lab [DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugin Multiple Security Vulnerabilities DefenseCode GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Thierry Zoller XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin MustLive Re: GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Jeffrey Walton
Readdle: User traking (device UUID) over plaintext HTTP in query parameter Jeffrey Walton Re: GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Georgi Guninski Re: GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Jeffrey Walton Skype account + IM history hijack vulnerability Kirils Solovjovs Re: Skype account + IM history hijack vulnerability Benji Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Chris C. Russo Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Christian Sciberras Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Georgi Guninski Re: 0-day vulnerabilities in Call of Duty MW3 and CryEngine 3 Christian Sciberras Re: 0-day vulnerabilities in Call of Duty MW3 and CryEngine 3 Benji Re: Skype account + IM history hijack vulnerability klondike Re: Skype account + IM history hijack vulnerability Benji Re: Skype account + IM history hijack vulnerability klondike 0-day vulnerabilities in Call of Duty MW3 and CryEngine 3 ReVuln Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown iDev Rentals v1.0 - Multiple Web Vulnerabilities Vulnerability Lab Hakin9 Reflected XSS - Irony? pieter linux rootkit in combination with nginx stack trace Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Michal Ambroz [Security-news] SA-CONTRIB-2012-163 - User Read-Only - Permission escalation security-news [Security-news] SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF) security-news [Security-news] SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS) security-news [Security-news] SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS) security-news [Security-news] SA-CONTRIB-2012-166 - Table of Contents - Access Bypass security-news
Re: Skype account + IM history hijack vulnerability Nick FitzGerald Re: Skype account + IM history hijack vulnerability Benji Re: Skype account + IM history hijack vulnerability Benji Re: Hakin9 Reflected XSS - Irony? Swair Mehta (no subject) mohit tyagi Re: (no subject) Peter Osterberg Re: (no subject) Gary Baribault Re: (no subject) Sanguinarious Rose ZDI-12-183 : RealNetworks RealPlayer RV40 Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-184 : Microsoft Excel Feature11/Feature12 Record Trusted Counter Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-185 : Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability ZDI Disclosures ZDI-12-186 : Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability ZDI Disclosures Re: ZDI-12-185 : Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability Jeffrey Walton SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability SEC Consult Vulnerability Lab Re: (no subject) James Condron Re: (no subject) Julius Kivimäki [DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities DefenseCode Re: Skype account + IM history hijack vulnerability klondike Re: Skype account + IM history hijack vulnerability Benji Re: Skype account + IM history hijack vulnerability Benji XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony MustLive [SECURITY] [DSA 2574-1] typo3-src security update Florian Weimer
DC4420 - London DEFCON - November meet - Tuesday 20th November alien DC4420
Re: Skype account + IM history hijack vulnerability Jeffrey Walton [SE-2012-01] Security vulnerabilities in Java SE (details released) Security Explorations Skype Account Service - Session Token Bypass Vulnerability Vulnerability Lab Skype Account Service - Reset (Session) Password/Username Vulnerability Vulnerability Lab Akeni LAN v1.2.118 - Filter Bypass Vulnerability (Local) Vulnerability Lab [SECURITY] [DSA 2575-1] tiff security update Nico Golde bash path normalization bug Andris Berzins Open-Realty CMS 2.5.8 (2.x.x) <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group Re: XSS, LFI and SQL Injection Vulnerabilities in Achievo Vulnerability Lab [ MDVSA-2012:172 ] libproxy security ZDI-12-187 : RealNetworks RealPlayer RV20 Frame Size Array Remote Code Execution Vulnerability ZDI Disclosures n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS security n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS security phpmyadmin compromised? Lucio Crusca Re: phpmyadmin compromised? Benji Re: phpmyadmin compromised? Benji Re: phpmyadmin compromised? Christian Sciberras Re: bash path normalization bug Seth Arnold
BF and FPD vulnerabilities in MODx MustLive
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Vulnerability Lab LAN.FS Messenger Software v2.4 - Command Execution Vulnerability Vulnerability Lab Wordpress Facebook Survey v1.0 - SQL Injection Vulnerability Vulnerability Lab Re: [SE-2012-01] Security vulnerabilities in Java SE (details released) Security Explorations ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Vulnerability Lab Re: phpmyadmin compromised? H. Kurth Bemis NutriSystem.com stores passwords in database using plaintext warning FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |= Matan Azugi webubs.com and prioritymeter.com; multiple security issues warning Re: phpmyadmin compromised? nauty . me04 [ MDVSA-2012:173 ] firefox security XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony MustLive Re: XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony bk
Simple DOS POC lighttpd 1.4.31 Milan Berger You Are Committing a Crime Right Now illwill Remote Command Execution on Cisco WAG120N Manu [ MDVSA-2012:174 ] libtiff security
XSS injection in netadmin's challenge in Dreamhack klondike OT Google raises sploit bounties Georgi Guninski XSS vulnerability in swfupload in TYPO3 CMS, TinyMCE, Liferay Portal, Drupal, Codeigniter, SentinelleOnAir MustLive
One packet OS fingerprinting feature in SinFP3 GomoR Re: XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony MustLive
Re: OT Google raises sploit bounties Chris Evans Re: OT Google raises sploit bounties adam Re: OT Google raises sploit bounties Michal Zalewski OpenBSD implementation of the libc's RPC (portmap) remote DoS. auto236751 [SECURITY] [DSA 2576-1] trousers security update Yves-Alexis Perez Re: Remote Command Execution on Cisco WAG120N Gary Driggs Websense Proxy Filter Bypass Nahuel Grisolia Re: linux rootkit in combination with nginx dxp Re: Remote Command Execution on Cisco WAG120N Manu Re: Remote Command Execution on Cisco WAG120N Julius Kivimäki Re: Remote Command Execution on Cisco WAG120N Gary Driggs Re: OT Google raises sploit bounties Guifre Re: Remote Command Execution on Cisco WAG120N Benji Re: OT Google raises sploit bounties Robert Święcki Forescout NAC multiple vulnerabilities Joseph Sheridan Skype Community - Mail Encoding Web Vulnerability #1 Vulnerability Lab Skype Community - Mail Encoding Web Vulnerability #2 Vulnerability Lab Re: OT Google raises sploit bounties Nick Boyce
Re: OT Google raises sploit bounties Thor (Hammer of God) Possible infection of Piwik 1.9.2 download archive Maximilian Grobecker Re: Remote Command Execution on Cisco WAG120N gremlin Spotify Playlists - Persistent Cross Site Scripting pieter [SE-2011-01] Additional materials released for SAT TV research Security Explorations Re: Possible infection of Piwik 1.9.2 download archive Christian Sciberras Re: Possible infection of Piwik 1.9.2 download archive Felipe Montecino Re: Possible infection of Piwik 1.9.2 download archive Max Grobecker Re: linux rootkit in combination with nginx Gregor S. Re: Possible infection of Piwik 1.9.2 download archive Ferenc Kovacs Re: Remote Command Execution on Cisco WAG120N andfarm Re: linux rootkit in combination with nginx Benji Re: linux rootkit in combination with nginx Jeffrey Walton Samsung +Dell printer firmware built-in backdoor account Kirils Solovjovs
Re: OT Google raises sploit bounties Georgi Guninski Re: OT Google raises sploit bounties Dan Kaminsky The email that hacks you Bogdan Calin Re: The email that hacks you Bogdan Calin Re: The email that hacks you Christian Sciberras [SECURITY] [DSA 2578-1] rssh security update Yves-Alexis Perez Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Vulnerability Lab Paypal Bug Bounty #11 - Redirection Web Vulnerability Vulnerability Lab Paypal Bug Bounty #27 - Community Web Vulnerability Vulnerability Lab Paypal Bug Bounty #21 - Persistent Encoding Vulnerability Vulnerability Lab Re: Remote Command Execution on Cisco WAG120N Gary Re: The email that hacks you Guifre Re: The email that hacks you aditya Hacking Competition PHDAYS CTF Quals 2012 Starts PHD Re: The email that hacks you aditya Re: The email that hacks you Bogdan Calin Re: Remote Command Execution on Cisco WAG120N Ulisses Montenegro Re: OT Google raises sploit bounties Georgi Guninski Re: OT Google raises sploit bounties Dan Kaminsky Re: OT Google raises sploit bounties Michal Zalewski Re: Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Thor (Hammer of God) [Security-news] SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS) security-news [Security-news] SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass security-news [Security-news] SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported) security-news [Security-news] SA-CONTRIB-2012-170 - MultiLink - Access Bypass security-news [Security-news] SA-CONTRIB-2012-168 - Services - Information Disclosure security-news Server Side Request Forgery attacks on web-applications Vladimir Vorontsov [Security-news] SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS) security-news
[ MDVSA-2012:175 ] libssh security Lesson 1: Being a Hacker Pete Herzog Safend Data Protector Multiple Vulnerabilities Joseph Sheridan CSRF, AoF, DoS and IAA vulnerabilities in MODx MustLive
Oracle Exadata leaf switch logins larry Cashdollar SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011 Lists Paypal BugBounty #2 - Persistent Listing Web Vulnerability Vulnerability Lab Directory traversal vulnerabilities in jsupload.cgi.pl version 0.6.4 and before Sean de Regge [SECURITY] [DSA 2579-1] apache2 security update Stefan Fritsch Buffalo Technology LinkStation Information Disclosure And Privilege Escalation Hurgel Bumpf New Ajax SQL Injection Exploit? eltra1n
RSS Feed
About List
All Lists
Previous period