Home page logo
/

236 messages starting Nov 01 12 and ending Nov 30 12
Date index | Thread index | Author index

Thursday, 01 November

XSS, LFI and SQL Injection Vulnerabilities in Achievo Netsparker Advisories
[SECURITY] [DSA 2570-1] openoffice.org security update Yves-Alexis Perez
Whonix ALPHA 0.4.5 - Anonymous Operating System released adrelanos
Re: [OT] How much a million facebook passwords would cost? Julius Kivimäki
Re: [OT] How much a million facebook passwords would cost? Gonzalo Brusella
Re: Is it OK to hold credit card numbers in cookies? Santander? Jann Horn
Re: [OT] How much a million facebook passwords would cost? ramo
EasyPHP 12.1 - Remote code execution of any php/js on local PC auto59190641
Security risks of doing business with China? Dan Ballance
[ MDVSA-2012:169 ] java-1.6.0-openjdk security
Re: [OT] How much a million facebook passwords would cost? Grandma Eubanks
Re: :Re: [OT] How much a million facebook Mikhail A. Utin
Re: Security risks of doing business with China? bk
Elgg unsecure installation vulnerability Enrico Cinquini

Friday, 02 November

Re: Security risks of doing business with China? Thor (Hammer of God)
Re: XSS, LFI and SQL Injection Vulnerabilities in Achievo Henri Salo
Re: Security risks of doing business with China? Seth Arnold
PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls research
Checkpoint/SofaWare Firewall Vulnerability Research research
n.runs-SA-2012.003 - SPLUNK DoS HashDOS security
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client Stefan Kanthak
n.runs-SA-2012.003 - SPLUNK DoS HashDOS security
[ MDVSA-2012:170 ] firefox security
Open Letter to the International Information Security Community - Help Brazilian Security Researchers Pablo Ximenes

Saturday, 03 November

pfSense Captive Portal Voucher Jeffrey Walton

Monday, 05 November

[SECURITY] [DSA 2571-1] libproxy security update Raphael Geissert
[waraxe-2012-SA#096] - Multiple Vulnerabilities in Zenphoto 1.4.3.3 Janek Vind
[SECURITY] [DSA 2572-1] iceape security update Thijs Kinkhorst
AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities Vulnerability Lab
HTP Zine 4 h
[HITB-Announce] #HITB2013AMS Call For Papers Now Open Hafez Kamal
multiple critical vulnerabilities in sophos products Tavis Ormandy
Re: multiple critical vulnerabilities in sophos products Michele Orru
Re: multiple critical vulnerabilities in sophos products Michele Orru
[SECURITY] CVE-2012-2733 Apache Tomcat Denial of Service Mark Thomas
[SECURITY] CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Mark Thomas

Tuesday, 06 November

Convite para o CONISLI 2012 — palestra "SSL/TLS para Todos" (Guarulhos / SP, Brasil ) contato
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0 Stefan Kanthak

Wednesday, 07 November

Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team
[Security-news] SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS) security-news
When those who say to represent computing/IT students have serious security vulnerabilities? (XSS and data disclosure on http://ritsi.org ) klondike

Thursday, 08 November

[IA42] Zoner Photo Studio v15 Build 3 (Zps.exe) Registry Value Parsing Local Buffer Overflow Inshell Security

Friday, 09 November

Cisco Security Advisory: Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:171 ] icedtea-web security
A damn aweful facebook DOS Chris C. Russo
Re: A damn aweful facebook DOS Bill Weiss
Re: A damn aweful facebook DOS Chris C. Russo
Re: A damn aweful facebook DOS Chris C. Russo
Re: A damn aweful facebook DOS Bacon Zombie
XSS vulnerability in swfupload in WordPress MustLive

Saturday, 10 November

TTY handling when executing code in lower-privileged context (su, virt containers) halfdog
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Michal Zalewski
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Benji
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Michal Zalewski
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Benji
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Benji

Sunday, 11 November

Re: XSS vulnerability in swfupload in WordPress Robert Kim SuperHydroPhobic!
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Michal Zalewski

Monday, 12 November

Re: TTY handling when executing code in lower-privileged context (su, virt containers) Georgi Guninski
Re: EasyPHP 12.1 - Remote code execution of any php/js on local PC auto59190641
Gajim fails to handle invalid certificates y33t
[SECURITY] [DSA 2573-1] radsecproxy security update Luciano Bello
Re: TTY handling when executing code in lower-privileged context (su, virt containers) Jerry Bell
BananaDance Wiki b2.2 - Multiple Web Vulnerabilities Vulnerability Lab
List Charter John Cartwright
Re: Full-Disclosure Digest, Vol 93, Issue 11 Scott Miller
Re: Full-Disclosure Digest, Vol 93, Issue 11 Nick FitzGerald

Tuesday, 13 November

Eventy CMS v1.8 Plus - Multiple Web Vulnerablities Vulnerability Lab
Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Vulnerability Lab
[DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugin Multiple Security Vulnerabilities DefenseCode
GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Thierry Zoller
XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin MustLive
Re: GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Jeffrey Walton

Wednesday, 14 November

Readdle: User traking (device UUID) over plaintext HTTP in query parameter Jeffrey Walton
Re: GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Georgi Guninski
Re: GOOD for Enterprise (GMA) below 2.0.2 vulnerable to MITM Jeffrey Walton
Skype account + IM history hijack vulnerability Kirils Solovjovs
Re: Skype account + IM history hijack vulnerability Benji
Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Chris C. Russo
Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Christian Sciberras
Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability Georgi Guninski
Re: 0-day vulnerabilities in Call of Duty MW3 and CryEngine 3 Christian Sciberras
Re: 0-day vulnerabilities in Call of Duty MW3 and CryEngine 3 Benji
Re: Skype account + IM history hijack vulnerability klondike
Re: Skype account + IM history hijack vulnerability Benji
Re: Skype account + IM history hijack vulnerability klondike
0-day vulnerabilities in Call of Duty MW3 and CryEngine 3 ReVuln
Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown
Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown
iDev Rentals v1.0 - Multiple Web Vulnerabilities Vulnerability Lab
Hakin9 Reflected XSS - Irony? pieter
linux rootkit in combination with nginx stack trace
Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Michal Ambroz
[Security-news] SA-CONTRIB-2012-163 - User Read-Only - Permission escalation security-news
[Security-news] SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF) security-news
[Security-news] SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS) security-news
[Security-news] SA-CONTRIB-2012-166 - Table of Contents - Access Bypass security-news

Thursday, 15 November

Re: Skype account + IM history hijack vulnerability Nick FitzGerald
Re: Skype account + IM history hijack vulnerability Benji
Re: Skype account + IM history hijack vulnerability Benji
Re: Hakin9 Reflected XSS - Irony? Swair Mehta
(no subject) mohit tyagi
Re: (no subject) Peter Osterberg
Re: (no subject) Gary Baribault
Re: (no subject) Sanguinarious Rose
ZDI-12-183 : RealNetworks RealPlayer RV40 Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-184 : Microsoft Excel Feature11/Feature12 Record Trusted Counter Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-185 : Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability ZDI Disclosures
ZDI-12-186 : Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability ZDI Disclosures
Re: ZDI-12-185 : Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability Jeffrey Walton
SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability SEC Consult Vulnerability Lab
Re: (no subject) James Condron
Re: (no subject) Julius Kivimäki
[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities DefenseCode
Re: Skype account + IM history hijack vulnerability klondike
Re: Skype account + IM history hijack vulnerability Benji
Re: Skype account + IM history hijack vulnerability Benji
XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony MustLive
[SECURITY] [DSA 2574-1] typo3-src security update Florian Weimer

Friday, 16 November

DC4420 - London DEFCON - November meet - Tuesday 20th November alien DC4420

Monday, 19 November

Re: Skype account + IM history hijack vulnerability Jeffrey Walton
[SE-2012-01] Security vulnerabilities in Java SE (details released) Security Explorations
Skype Account Service - Session Token Bypass Vulnerability Vulnerability Lab
Skype Account Service - Reset (Session) Password/Username Vulnerability Vulnerability Lab
Akeni LAN v1.2.118 - Filter Bypass Vulnerability (Local) Vulnerability Lab
[SECURITY] [DSA 2575-1] tiff security update Nico Golde
bash path normalization bug Andris Berzins
Open-Realty CMS 2.5.8 (2.x.x) <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
Re: XSS, LFI and SQL Injection Vulnerabilities in Achievo Vulnerability Lab
[ MDVSA-2012:172 ] libproxy security
ZDI-12-187 : RealNetworks RealPlayer RV20 Frame Size Array Remote Code Execution Vulnerability ZDI Disclosures
n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS security
n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS security
phpmyadmin compromised? Lucio Crusca
Re: phpmyadmin compromised? Benji
Re: phpmyadmin compromised? Benji
Re: phpmyadmin compromised? Christian Sciberras
Re: bash path normalization bug Seth Arnold

Tuesday, 20 November

BF and FPD vulnerabilities in MODx MustLive

Wednesday, 21 November

SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Vulnerability Lab
LAN.FS Messenger Software v2.4 - Command Execution Vulnerability Vulnerability Lab
Wordpress Facebook Survey v1.0 - SQL Injection Vulnerability Vulnerability Lab
Re: [SE-2012-01] Security vulnerabilities in Java SE (details released) Security Explorations
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Vulnerability Lab
Re: phpmyadmin compromised? H. Kurth Bemis
NutriSystem.com stores passwords in database using plaintext warning
FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |= Matan Azugi
webubs.com and prioritymeter.com; multiple security issues warning
Re: phpmyadmin compromised? nauty . me04
[ MDVSA-2012:173 ] firefox security
XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony MustLive
Re: XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony bk

Thursday, 22 November

Simple DOS POC lighttpd 1.4.31 Milan Berger
You Are Committing a Crime Right Now illwill
Remote Command Execution on Cisco WAG120N Manu
[ MDVSA-2012:174 ] libtiff security

Saturday, 24 November

XSS injection in netadmin's challenge in Dreamhack klondike
OT Google raises sploit bounties Georgi Guninski
XSS vulnerability in swfupload in TYPO3 CMS, TinyMCE, Liferay Portal, Drupal, Codeigniter, SentinelleOnAir MustLive

Sunday, 25 November

One packet OS fingerprinting feature in SinFP3 GomoR
Re: XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony MustLive

Monday, 26 November

Re: OT Google raises sploit bounties Chris Evans
Re: OT Google raises sploit bounties adam
Re: OT Google raises sploit bounties Michal Zalewski
OpenBSD implementation of the libc's RPC (portmap) remote DoS. auto236751
[SECURITY] [DSA 2576-1] trousers security update Yves-Alexis Perez
Re: Remote Command Execution on Cisco WAG120N Gary Driggs
Websense Proxy Filter Bypass Nahuel Grisolia
Re: linux rootkit in combination with nginx dxp
Re: Remote Command Execution on Cisco WAG120N Manu
Re: Remote Command Execution on Cisco WAG120N Julius Kivimäki
Re: Remote Command Execution on Cisco WAG120N Gary Driggs
Re: OT Google raises sploit bounties Guifre
Re: Remote Command Execution on Cisco WAG120N Benji
Re: OT Google raises sploit bounties Robert Święcki
Forescout NAC multiple vulnerabilities Joseph Sheridan
Skype Community - Mail Encoding Web Vulnerability #1 Vulnerability Lab
Skype Community - Mail Encoding Web Vulnerability #2 Vulnerability Lab
Re: OT Google raises sploit bounties Nick Boyce

Tuesday, 27 November

Re: OT Google raises sploit bounties Thor (Hammer of God)
Possible infection of Piwik 1.9.2 download archive Maximilian Grobecker
Re: Remote Command Execution on Cisco WAG120N gremlin
Spotify Playlists - Persistent Cross Site Scripting pieter
[SE-2011-01] Additional materials released for SAT TV research Security Explorations
Re: Possible infection of Piwik 1.9.2 download archive Christian Sciberras
Re: Possible infection of Piwik 1.9.2 download archive Felipe Montecino
Re: Possible infection of Piwik 1.9.2 download archive Max Grobecker
Re: linux rootkit in combination with nginx Gregor S.
Re: Possible infection of Piwik 1.9.2 download archive Ferenc Kovacs
Re: Remote Command Execution on Cisco WAG120N andfarm
Re: linux rootkit in combination with nginx Benji
Re: linux rootkit in combination with nginx Jeffrey Walton
Samsung +Dell printer firmware built-in backdoor account Kirils Solovjovs

Wednesday, 28 November

Re: OT Google raises sploit bounties Georgi Guninski
Re: OT Google raises sploit bounties Dan Kaminsky
The email that hacks you Bogdan Calin
Re: The email that hacks you Bogdan Calin
Re: The email that hacks you Christian Sciberras
[SECURITY] [DSA 2578-1] rssh security update Yves-Alexis Perez
Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Vulnerability Lab
Paypal Bug Bounty #11 - Redirection Web Vulnerability Vulnerability Lab
Paypal Bug Bounty #27 - Community Web Vulnerability Vulnerability Lab
Paypal Bug Bounty #21 - Persistent Encoding Vulnerability Vulnerability Lab
Re: Remote Command Execution on Cisco WAG120N Gary
Re: The email that hacks you Guifre
Re: The email that hacks you aditya
Hacking Competition PHDAYS CTF Quals 2012 Starts PHD
Re: The email that hacks you aditya
Re: The email that hacks you Bogdan Calin
Re: Remote Command Execution on Cisco WAG120N Ulisses Montenegro
Re: OT Google raises sploit bounties Georgi Guninski
Re: OT Google raises sploit bounties Dan Kaminsky
Re: OT Google raises sploit bounties Michal Zalewski
Re: Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Thor (Hammer of God)
[Security-news] SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS) security-news
[Security-news] SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass security-news
[Security-news] SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported) security-news
[Security-news] SA-CONTRIB-2012-170 - MultiLink - Access Bypass security-news
[Security-news] SA-CONTRIB-2012-168 - Services - Information Disclosure security-news
Server Side Request Forgery attacks on web-applications Vladimir Vorontsov
[Security-news] SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS) security-news

Thursday, 29 November

[ MDVSA-2012:175 ] libssh security
Lesson 1: Being a Hacker Pete Herzog
Safend Data Protector Multiple Vulnerabilities Joseph Sheridan
CSRF, AoF, DoS and IAA vulnerabilities in MODx MustLive

Friday, 30 November

Oracle Exadata leaf switch logins larry Cashdollar
SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011 Lists
Paypal BugBounty #2 - Persistent Listing Web Vulnerability Vulnerability Lab
Directory traversal vulnerabilities in jsupload.cgi.pl version 0.6.4 and before Sean de Regge
[SECURITY] [DSA 2579-1] apache2 security update Stefan Fritsch
Buffalo Technology LinkStation Information Disclosure And Privilege Escalation Hurgel Bumpf
New Ajax SQL Injection Exploit? eltra1n
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]