Mail Thread Index

• Date Index

• [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities, Thijs Kinkhorst
• CA20101231-01: Security Notice for CA ARCserve D2D, Williams, James K
• Announcing cross_fuzz, a potential 0-day in circulation, and more, Michal Zalewski
• www.eVuln.com : SQL Injection in WikLink, bt
• Geeklog 1.7.1 <= Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration, Andrea Purificato
• Mathematica8 on Linux /tmp/MathLink vulnerability, paul . szabo
• [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss, Ewerson Guimarães (Crash) - Dclabs
• Plunging Through the Palo Alto Networks Firewall, Jeromie
• VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap, VMware Security Team
• www.eVuln.com : "id" SQL Injection in WikLink, bt
• [USN-1035-1] Evince vulnerabilities, Marc Deslauriers
• Getting root, the hard way, Dan Rosenberg
• [ MDVSA-2011:000 ] phpmyadmin, security
• BlogEngine.NET 1.6 Multiple Vulnerabilities, Deniz CEVIK
• Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section, Walikar Riyaz Ahemed Dawalmalik
• Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section, Walikar Riyaz Ahemed Dawalmalik
• Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
  • Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
• [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code, Tim Sammut
• Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference, Kyprianos Vasilopoulos
• [SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow, Stefan Fritsch
• [SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw, Stefan Fritsch
• [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option, Stefan Fritsch
• [SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw, Stefan Fritsch
• Path disclousure in phpMySport, advisory
• SQL Injection in phpMySport, advisory
  • <Possible follow-ups>
  • SQL Injection in phpMySport, advisory
  • SQL Injection in phpMySport, advisory
• Authentication bypass in phpMySport, advisory
• SQL Injection in Phenotype CMS, advisory
• XSRF (CSRF) in PHP MicroCMS, advisory
• XSS vulnerability in WonderCMS, advisory
• XSS vulnerability in PHP MicroCMS, advisory
• [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal, Raphael Geissert
• [USN-1037-1] ifupdown update, Jamie Strandboge
• [USN-1039-1] AppArmor update, Jamie Strandboge
• [USN-1040-1] Django vulnerabilities, Jamie Strandboge
• [USN-1038-1] dpkg vulnerability, Kees Cook
• GNU libc/regcomp(3) Multiple Vulnerabilities, cxib
• McAfee Commandline Updater, Technion
• call for participation, chpardhasaradhisarma
• CUDA drivers/Linux security hole, gran
• Web Hacking & Database Hijack Online Challenge, Ivan Buetler
• [ MDVSA-2011:002 ] wireshark, security
• Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service, Digit Security Research
• [ MDVSA-2011:003 ] MHonArc, security
• www.eVuln.com : "fold" and "site" SQL Injections in WikLink, bt
• NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute, yuguo . cn
• NewvCommon.ocx ActiveX Insecure Method Vulnerability, wsn1983
• NewvCommon.ocx ActiveX Remote Code Execution Vulnerability, wsn1983
• [ MDVSA-2011:004 ] php-phar, security
• SQL injection vulnerability in Energine, advisory
• XSRF (CSRF) in VaM Shop, advisory
• Stored XSS vulnerability in diafan.CMS, advisory
• Path disclosure in Energine, advisory
• XSRF (CSRF) in Energine, advisory
• XSS vulnerability in VaM Shop, advisory
  • <Possible follow-ups>
  • XSS vulnerability in VaM Shop, advisory
  • XSS vulnerability in VaM Shop, advisory
• XSRF (CSRF) in diafan.CMS, advisory
• XSS vulnerability in diafan.CMS, advisory
• XSRF (CSRF) in Cambio, advisory
• XSRF (CSRF) in whCMS, advisory
• [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC, Nelson Brito
• ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products, ACROS Security Lists
• [security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation, Florian Weimer
• 2011 Rocky Mountain Information Security Conference Call for Papers, alex . wood
• [USN-1009-2] GNU C Library vulnerability, Kees Cook
• SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1, Spala Ferenc
• [USN-1042-1] PHP vulnerabilities, Steve Beattie
• [USN-1043-1] Little CMS vulnerability, Steve Beattie
• Call for Papers: DIMVA 2011 - Extended Deadline Jan 21, Konrad Rieck
• [Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart, Onapsis Research Labs
• [Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure, Onapsis Research Labs
• iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability, labs-no-reply
• [security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA-2141-4] New lighttpd packages fix regression, Stefan Fritsch
• CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland, Andrzej Targosz
• [security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code, security-alert
• [USN-1042-2] PHP5 regression, Steve Beattie
• Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11), Dragos Ruiu
• [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue, david . kurz
• [ MDVSA-2011:005 ] evince, security
• [security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities, security-alert
• [SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities, Giuseppe Iuculano
• Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• [ MDVSA-2011:007 ] wireshark, security
• [ MDVSA-2011:006 ] subversion, security
  • <Possible follow-ups>
  • [ MDVSA-2011:006 ] subversion, security
• Remote Code Execution in ICQ 7, Daniel Seither
  • Re: Remote Code Execution in ICQ 7, Daniel Seither
• [ MDVSA-2011:008 ] perl-CGI, security
• [ MDVSA-2011:009 ] gif2png, security
• [ MDVSA-2011:011 ] opensc, security
• [ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error, Stefan Behte
• [SECURITY] [DSA 2146-1] Security update for mydms, Moritz Muehlenhoff
• [ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow, Tim Sammut
• [ GLSA 201101-04 ] aria2: Directory traversal, Tobias Heinlein
• [SECURITY] [DSA 2147-1] Security update for pimd, Steve Kemp
• [ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code, Tim Sammut
• [SECURITY] [DSA 2145-1] Security update for libsmi, Moritz Muehlenhoff
• [SECURITY] [DSA 2144-1] Security update for wireshark, Moritz Muehlenhoff
• [ GLSA 201101-07 ] Prewikka: password disclosure, Stefan Behte
• [ GLSA 201101-05 ] OpenAFS: Arbitrary code execution, Stefan Behte
• [ MDVSA-2011:010 ] xfig, security
• Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code), th_decoder
• 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331), Mark Stanislav
• [ MDVSA-2011:012 ] mysql, security
• [SECURITY] [DSA 2148-1] Security update for tor, Moritz Muehlenhoff
• AST-2011-001: Stack buffer overflow in SIP channel driver, Asterisk Security Team
• [USN-1044-1] D-Bus vulnerability, Jamie Strandboge
• Simploo CMS Community Edition - Remote PHP Code Execution Issue, david . kurz
• [USN-1045-2] util-linux update, Marc Deslauriers
• [ MDVSA-2011:013 ] hplip, security
• [USN-1045-1] FUSE vulnerability, Marc Deslauriers
• [security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2149-1] Security update for dbus, Nico Golde
• [USN-1046-1] Sudo vulnerability, Jamie Strandboge
• DotNetNuke Remote Code Execution vulnerability, Daniel Niggebrugge
• SQL Injection in Pixie, advisory
  • <Possible follow-ups>
  • SQL Injection in Pixie, advisory
• [security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification, security-alert
• [security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS), security-alert
• [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry, Laurent OUDOT at TEHTRI-Security
• [ MDVSA-2011:014 ] ccid, security
• London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL, Major Malfunction
• Code execution in Microsoft Fax Cover Page Editor, Luigi Auriemma
• [ MDVSA-2011:015 ] pcsc-lite, security
• IETF RFC on Port Randomization, Fernando Gont
• NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability, NSO Research
• [ MDVSA-2011:016 ] t1lib, security
• [ MDVSA-2011:017 ] tetex, security
• [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities, Tim Sammut
• [ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities, Tim Sammut
• [ MDVSA-2011:018 ] sudo, security
• [SECURITY] [DSA 2150-1] request-tracker3.6 security update, Thijs Kinkhorst
• [USN-1047-1] AWStats vulnerability, Marc Deslauriers
• [USN-1048-1] Tomcat vulnerability, Marc Deslauriers
• ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability, Security_Alert
  • ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability., Security_Alert
• phpcms V9 BLind SQL Injection Vulnerability, eidelweiss
• [CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean, Fernando Gont
• HTB22794: Path disclousure in Pixelpost, advisory
• [DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method, Alexandr Polyakov
• HTB22791: File Content Disclosure in Pixelpost, advisory
• [DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods, Alexandr Polyakov
• HTB22788: XSS in Pivotx, advisory
• [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method, Alexandr Polyakov
• [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow, Alexandr Polyakov
• HTB22792: XSS in Pixelpost, advisory
• [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files, Alexandr Polyakov
• HTB22790: XSS in Pivotx, advisory
• [DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED), Alexandr Polyakov
• HTB22789: Path disclousure in Pivotx, advisory
• HTB22787: Path disclousure in Pligg CMS, advisory
• [security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code, security-alert
• syslog-ng wrong file permission vulnerability, SZALAY Attila
• [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection, Tim Brown
• [DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss, Alexandr Polyakov
• [DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal, Alexandr Polyakov
• [security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS), security-alert
• [USN-1051-1] HPLIP vulnerability, Marc Deslauriers
• HTB22795: Path disclosure in Hycus CMS, advisory
• Microsoft IIS 6 parsing directory “x.asp” Vulnerability, info
• PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm, Joshua Gimer
• VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004), VUPEN Security Research
• [ MDVSA-2011:019 ] libuser, security
• IETF RFC on "the implementation of the TCP urgent mechanism", Fernando Gont
• Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• Huawei HG default WEP/WPA generator, Pedro Joaquín
• Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
• Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212), StenoPlasma @ www.ExploitDevelopment.com
• OpenOffice.org Multiple Memory Corruption Vulnerabilities, VSR Advisories
• HTB22797: Path disclousure in BLOG:CMS, advisory
• HTB22796: Path disclousure in DBHcms, advisory
• [USN-1052-1] OpenJDK vulnerability, Steve Beattie
• HTB22793: XSRF (CSRF) in KaiBB, advisory
• CA20101231-01: Security Notice for CA ARCserve D2D (updated), Williams, James K
• [SECURITY] [DSA 2152-1] hplip security update, Moritz Muehlenhoff
• FreeBSD local denial of service - forced reboot, HI-TECH .
• TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution, noreply
• TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service, noreply
• TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow, noreply