Mail Index

• Thread Index

• [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities
  • From: Thijs Kinkhorst
• CA20101231-01: Security Notice for CA ARCserve D2D
  • From: Williams, James K
• Announcing cross_fuzz, a potential 0-day in circulation, and more
  • From: Michal Zalewski
• www.eVuln.com : SQL Injection in WikLink
  • From: bt
• Geeklog 1.7.1 <= Cross Site Scripting Vulnerability
  • From: YGN Ethical Hacker Group
• [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration
  • From: Andrea Purificato
• Mathematica8 on Linux /tmp/MathLink vulnerability
  • From: paul . szabo
• [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss
  • From: Ewerson Guimarães (Crash) - Dclabs
• Plunging Through the Palo Alto Networks Firewall
  • From: Jeromie
• VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
  • From: VMware Security Team
• www.eVuln.com : "id" SQL Injection in WikLink
  • From: bt
• [USN-1035-1] Evince vulnerabilities
  • From: Marc Deslauriers
• Getting root, the hard way
  • From: Dan Rosenberg
• [ MDVSA-2011:000 ] phpmyadmin
  • From: security
• BlogEngine.NET 1.6 Multiple Vulnerabilities
  • From: Deniz CEVIK
• Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section
  • From: Walikar Riyaz Ahemed Dawalmalik
• Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section
  • From: Walikar Riyaz Ahemed Dawalmalik
• Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
  • From: YGN Ethical Hacker Group
• [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code
  • From: Tim Sammut
• Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference
  • From: Kyprianos Vasilopoulos
• [SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
  • From: Stefan Fritsch
• [SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
  • From: Stefan Fritsch
• [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
  • From: Stefan Fritsch
• [SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
  • From: Stefan Fritsch
• Path disclousure in phpMySport
  • From: advisory
• SQL Injection in phpMySport
  • From: advisory
• Authentication bypass in phpMySport
  • From: advisory
• SQL Injection in Phenotype CMS
  • From: advisory
• XSRF (CSRF) in PHP MicroCMS
  • From: advisory
• XSS vulnerability in WonderCMS
  • From: advisory
• SQL Injection in phpMySport
  • From: advisory
• SQL Injection in phpMySport
  • From: advisory
• XSS vulnerability in PHP MicroCMS
  • From: advisory
• [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal
  • From: Raphael Geissert
• [USN-1037-1] ifupdown update
  • From: Jamie Strandboge
• [USN-1039-1] AppArmor update
  • From: Jamie Strandboge
• [USN-1040-1] Django vulnerabilities
  • From: Jamie Strandboge
• [USN-1038-1] dpkg vulnerability
  • From: Kees Cook
• GNU libc/regcomp(3) Multiple Vulnerabilities
  • From: cxib
• Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
  • From: YGN Ethical Hacker Group
• McAfee Commandline Updater
  • From: Technion
• call for participation
  • From: chpardhasaradhisarma
• CUDA drivers/Linux security hole
  • From: gran
• Web Hacking & Database Hijack Online Challenge
  • From: Ivan Buetler
• [ MDVSA-2011:002 ] wireshark
  • From: security
• Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service
  • From: Digit Security Research
• [ MDVSA-2011:003 ] MHonArc
  • From: security
• www.eVuln.com : "fold" and "site" SQL Injections in WikLink
  • From: bt
• NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute
  • From: yuguo . cn
• NewvCommon.ocx ActiveX Insecure Method Vulnerability
  • From: wsn1983
• NewvCommon.ocx ActiveX Remote Code Execution Vulnerability
  • From: wsn1983
• [ MDVSA-2011:004 ] php-phar
  • From: security
• SQL injection vulnerability in Energine
  • From: advisory
• XSRF (CSRF) in VaM Shop
  • From: advisory
• Stored XSS vulnerability in diafan.CMS
  • From: advisory
• Path disclosure in Energine
  • From: advisory
• XSRF (CSRF) in Energine
  • From: advisory
• XSS vulnerability in VaM Shop
  • From: advisory
• XSS vulnerability in VaM Shop
  • From: advisory
• XSS vulnerability in VaM Shop
  • From: advisory
• XSRF (CSRF) in diafan.CMS
  • From: advisory
• XSS vulnerability in diafan.CMS
  • From: advisory
• XSRF (CSRF) in Cambio
  • From: advisory
• XSRF (CSRF) in whCMS
  • From: advisory
• [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC
  • From: Nelson Brito
• ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products
  • From: ACROS Security Lists
• [security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
  • From: Florian Weimer
• 2011 Rocky Mountain Information Security Conference Call for Papers
  • From: alex . wood
• [USN-1009-2] GNU C Library vulnerability
  • From: Kees Cook
• SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1
  • From: Spala Ferenc
• [USN-1042-1] PHP vulnerabilities
  • From: Steve Beattie
• [USN-1043-1] Little CMS vulnerability
  • From: Steve Beattie
• Call for Papers: DIMVA 2011 - Extended Deadline Jan 21
  • From: Konrad Rieck
• [Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure
  • From: Onapsis Research Labs
• iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability
  • From: labs-no-reply
• [security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA-2141-4] New lighttpd packages fix regression
  • From: Stefan Fritsch
• CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland
  • From: Andrzej Targosz
• [security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code
  • From: security-alert
• [USN-1042-2] PHP5 regression
  • From: Steve Beattie
• Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
  • From: Dragos Ruiu
• [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
  • From: david . kurz
• [ MDVSA-2011:005 ] evince
  • From: security
• [security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
  • From: YGN Ethical Hacker Group
• [ MDVSA-2011:007 ] wireshark
  • From: security
• [ MDVSA-2011:006 ] subversion
  • From: security
• [ MDVSA-2011:006 ] subversion
  • From: security
• Remote Code Execution in ICQ 7
  • From: Daniel Seither
• [ MDVSA-2011:008 ] perl-CGI
  • From: security
• [ MDVSA-2011:009 ] gif2png
  • From: security
• [ MDVSA-2011:011 ] opensc
  • From: security
• [ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error
  • From: Stefan Behte
• [SECURITY] [DSA 2146-1] Security update for mydms
  • From: Moritz Muehlenhoff
• [ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow
  • From: Tim Sammut
• [ GLSA 201101-04 ] aria2: Directory traversal
  • From: Tobias Heinlein
• [SECURITY] [DSA 2147-1] Security update for pimd
  • From: Steve Kemp
• [ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code
  • From: Tim Sammut
• [SECURITY] [DSA 2145-1] Security update for libsmi
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2144-1] Security update for wireshark
  • From: Moritz Muehlenhoff
• [ GLSA 201101-07 ] Prewikka: password disclosure
  • From: Stefan Behte
• [ GLSA 201101-05 ] OpenAFS: Arbitrary code execution
  • From: Stefan Behte
• [ MDVSA-2011:010 ] xfig
  • From: security
• Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code)
  • From: th_decoder
• 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
  • From: Mark Stanislav
• [ MDVSA-2011:012 ] mysql
  • From: security
• [SECURITY] [DSA 2148-1] Security update for tor
  • From: Moritz Muehlenhoff
• AST-2011-001: Stack buffer overflow in SIP channel driver
  • From: Asterisk Security Team
• [USN-1044-1] D-Bus vulnerability
  • From: Jamie Strandboge
• Simploo CMS Community Edition - Remote PHP Code Execution Issue
  • From: david . kurz
• [USN-1045-2] util-linux update
  • From: Marc Deslauriers
• [ MDVSA-2011:013 ] hplip
  • From: security
• [USN-1045-1] FUSE vulnerability
  • From: Marc Deslauriers
• [security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA 2149-1] Security update for dbus
  • From: Nico Golde
• [USN-1046-1] Sudo vulnerability
  • From: Jamie Strandboge
• DotNetNuke Remote Code Execution vulnerability
  • From: Daniel Niggebrugge
• SQL Injection in Pixie
  • From: advisory
• SQL Injection in Pixie
  • From: advisory
• [security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification
  • From: security-alert
• [security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS)
  • From: security-alert
• [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry
  • From: Laurent OUDOT at TEHTRI-Security
• [ MDVSA-2011:014 ] ccid
  • From: security
• London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL
  • From: Major Malfunction
• Code execution in Microsoft Fax Cover Page Editor
  • From: Luigi Auriemma
• [ MDVSA-2011:015 ] pcsc-lite
  • From: security
• IETF RFC on Port Randomization
  • From: Fernando Gont
• NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability
  • From: NSO Research
• [ MDVSA-2011:016 ] t1lib
  • From: security
• [ MDVSA-2011:017 ] tetex
  • From: security
• [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities
  • From: Tim Sammut
• [ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities
  • From: Tim Sammut
• [ MDVSA-2011:018 ] sudo
  • From: security
• [SECURITY] [DSA 2150-1] request-tracker3.6 security update
  • From: Thijs Kinkhorst
• [USN-1047-1] AWStats vulnerability
  • From: Marc Deslauriers
• [USN-1048-1] Tomcat vulnerability
  • From: Marc Deslauriers
• ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability
  • From: Security_Alert
• phpcms V9 BLind SQL Injection Vulnerability
  • From: eidelweiss
• [CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean
  • From: Fernando Gont
• HTB22794: Path disclousure in Pixelpost
  • From: advisory
• [DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method
  • From: Alexandr Polyakov
• HTB22791: File Content Disclosure in Pixelpost
  • From: advisory
• [DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods
  • From: Alexandr Polyakov
• HTB22788: XSS in Pivotx
  • From: advisory
• [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method
  • From: Alexandr Polyakov
• [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow
  • From: Alexandr Polyakov
• HTB22792: XSS in Pixelpost
  • From: advisory
• [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files
  • From: Alexandr Polyakov
• HTB22790: XSS in Pivotx
  • From: advisory
• [DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED)
  • From: Alexandr Polyakov
• HTB22789: Path disclousure in Pivotx
  • From: advisory
• HTB22787: Path disclousure in Pligg CMS
  • From: advisory
• [security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code
  • From: security-alert
• syslog-ng wrong file permission vulnerability
  • From: SZALAY Attila
• [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection
  • From: Tim Brown
• [DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss
  • From: Alexandr Polyakov
• [DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal
  • From: Alexandr Polyakov
• [security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS)
  • From: security-alert
• [USN-1051-1] HPLIP vulnerability
  • From: Marc Deslauriers
• ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.
  • From: Security_Alert
• HTB22795: Path disclosure in Hycus CMS
  • From: advisory
• Microsoft IIS 6 parsing directory “x.asp” Vulnerability
  • From: info
• PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm
  • From: Joshua Gimer
• Re: Remote Code Execution in ICQ 7
  • From: Daniel Seither
• VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)
  • From: VUPEN Security Research
• [ MDVSA-2011:019 ] libuser
  • From: security
• IETF RFC on "the implementation of the TCP urgent mechanism"
  • From: Fernando Gont
• Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability
  • From: YGN Ethical Hacker Group
• Huawei HG default WEP/WPA generator
  • From: Pedro Joaquín
• Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities
  • From: Martin Schulze
• Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212)
  • From: StenoPlasma @ www.ExploitDevelopment.com
• OpenOffice.org Multiple Memory Corruption Vulnerabilities
  • From: VSR Advisories
• HTB22797: Path disclousure in BLOG:CMS
  • From: advisory
• HTB22796: Path disclousure in DBHcms
  • From: advisory
• [USN-1052-1] OpenJDK vulnerability
  • From: Steve Beattie
• HTB22793: XSRF (CSRF) in KaiBB
  • From: advisory
• CA20101231-01: Security Notice for CA ARCserve D2D (updated)
  • From: Williams, James K
• [SECURITY] [DSA 2152-1] hplip security update
  • From: Moritz Muehlenhoff
• FreeBSD local denial of service - forced reboot
  • From: HI-TECH .
• TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
  • From: noreply
• TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service
  • From: noreply
• TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
  • From: noreply