Mail Thread Index

• Date Index

• [USN-1072-1] Linux vulnerabilities, Kees Cook
• [USN-1073-1] Linux kernel vulnerabilities, Kees Cook
• [USN-1074-1] Linux kernel vulnerabilities, Kees Cook
• [SECURITY] [DSA 2173-1] pam-pgsql security update, Thijs Kinkhorst
• [SECURITY] [DSA 2174-1] avahi security update, Thijs Kinkhorst
• Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability, difficult-511
• CONFidence 2011- CfP only 6 days left, we are still waiting for your submission, Andrzej Targosz
• [security bulletin] HPSBPI02635 SSRT100391 rev.1 - HP Web Jetadmin Running on Windows, Local Unauthorized Access to Managed Resources, security-alert
• Re: prestashop vuln: sql injection submitted to bugtraq@xxxxxxxxxxxxxxxxx, nebojsa
  • <Possible follow-ups>
  • Re: prestashop vuln: sql injection submitted to bugtraq@xxxxxxxxxxxxxxxxx, antonio_s_martino
• FreeBSD crontab information leakage, Dan Rosenberg
• [ MDVSA-2011:038 ] samba, security
• [USN-1075-1] Samba vulnerability, Marc Deslauriers
• [USN-1076-1] ClamAV vulnerability, Marc Deslauriers
• [USN-1077-1] FUSE vulnerabilities, Marc Deslauriers
• [USN-1074-2] Linux kernel vulnerabilities, Kees Cook
• weechat does not properly use gnutls and allow an attacker to bypass certificate verification, john . doe
• [SECURITY] [DSA 2175-1] samba security update, Moritz Muehlenhoff
• ZDI-11-094: (0 day) Hewlett-Packard StorageWorks File Migration Agent Remote Archive Tampering Vulnerability, ZDI Disclosures
• [security bulletin] HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS), security-alert
• vsftpd 2.3.2 remote denial-of-service, cxib
• [USN-1078-1] Logwatch vulnerability, Steve Beattie
• SnapProof (cart.php) Cross Site Scripting, difficult-511
• [USN-1079-1] OpenJDK 6 vulnerabilities, Steve Beattie
• Re: Re: prestashop vuln: sql injection submitted to bugtraq () securityfocus com, Antonio S.M
• HTB22862: Path disclosure in NextGEN Gallery wordpress plugin, advisory
• HTB22861: XSS in Question and Answer Forum wordpress plugin, advisory
• HTB22860: SQL Injection in WP Forum wordpress plugin, advisory
• HTB22859: SQL Injection in WP Forum wordpress plugin, advisory
• HTB22858: SQL Injection in WP Forum wordpress plugin, advisory
• HTB22849: Path disclosure in Mingle Forum wordpress plugin, advisory
• HTB22848: XSS in Mingle Forum wordpress plugin, advisory
• DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ], ddivulnalert
• [SECURITY] [DSA 2163-2] dajaxice regression fix, Thijs Kinkhorst
• [USN-1081-1] Linux kernel vulnerabilities, Kees Cook
• [SECURITY] [DSA 2176-1] cups security update, Moritz Muehlenhoff
• [USN-1080-1] Linux kernel vulnerabilities, Kees Cook
• [ MDVSA-2011:039 ] webkit, security
• [USN-1082-1] Pango vulnerabilities, Marc Deslauriers
• VidiScript (index.php) Cross Site Scripting, Root
• PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting, Root
• CubeCart 2.0.6 SQL injection / Cross Site Scripting, Root
• Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS), Antonio S.M
  • <Possible follow-ups>
  • Re: Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS), mike
• [SECURITY] [DSA 2177-1] pywebdav security update, Florian Weimer
• ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2178-1] pango1.0 security update, Florian Weimer
• [USN-1083-1] Linux kernel vulnerabilities, Kees Cook
• [SECURITY] [DSA 2179-1] dtc security update, Florian Weimer
• iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability, labs-no-reply
• ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability, ZDI Disclosures
• [security bulletin] HPSBUX02638 SSRT100339 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass, security-alert
• ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability, ZDI Disclosures
• [USN-1080-2] Linux kernel vulnerabilities, Kees Cook
• ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability, ZDI Disclosures
• iDefense Security Advisory 03.02.11: Apple CoreGraphics Library Heap Memory Corruption Vulnerability, labs-no-reply
• [USN-1050-1] Thunderbird vulnerabilities, Jamie Strandboge
• HTB22863: XSS vulnerability in xtcModified, advisory
• HTB22857: Path disclosure in Tribiq CMS, advisory
• HTB22866: XSS vulnerability in xtcModified, advisory
• HTB22855: XSRF (CSRF) in Pragyan CMS, advisory
• HTB22856: XSS vulnerability in Pragyan CMS, advisory
• HTB22853: XSS vulnerability in Pragyan CMS, advisory
• HTB22865: XSS vulnerability in xtcModified, advisory
• HTB22837: Path disclosure in PrestaShop, advisory
• [ MDVSA-2011:040 ] pango, security
• [security bulletin] HPSBPI02640 SSRT100410 rev.1 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass, security-alert
• [DCA-2011-0001] TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS, Ewerson Guimarães (Crash) - Dclabs
• [DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration, Flavio do Carmo Junior aka waKKu
• [DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection, Flavio do Carmo Junior aka waKKu
• Mutare Software EVM - CSRF and XSS Vulnerabilities, Travis Lee
• [SECURITY] [DSA 2182-1] logwatch security update, Florian Weimer
• [DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service, Rodrigo Escobar
• [ MDVSA-2011:041 ] firefox, security
• XSS in CubeCart <= 2.0.7, Michele Spagnuolo
• [SECURITY] [DSA 2183-1] nbd security update, Raphael Geissert
• [SECURITY] [DSA 2184-1] isc-dhcp security update, Florian Weimer
• 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099), Mark Stanislav
• [DCA-2011-0009] Weborf 0.12.4 Denial-of-Service, Rodrigo Escobar
• RECON 2011 CFP, hfortier
• Kodak InSite Login Page Cross-Site Scripting, vulns
• InSite Troubleshooting Cross-Site Scripting, vulns
• [USN-1085-1] tiff vulnerabilities, Marc Deslauriers
• [USN-1084-1] avahi vulnerability, Marc Deslauriers
• [TEHTRI-Security] Security and iPhone iOS 4.3 Personal Hotspot feature, Laurent OUDOT at TEHTRI-Security
• [ MDVSA-2011:042 ] mozilla-thunderbird, security
• Plaintext injection in STARTTLS (multiple implementations), Wietse Venema
• HTB22872: Path disclosure in Cool Video Gallery wordpress plugin, advisory
• HTB22873: XSS in Inline Gallery wordpress plugin, advisory
• HTB22871: File Content Disclosure in GRAND Flash Album Gallery wordpress plugin, advisory
• HTB22870: SQL Injection in GRAND Flash Album Gallery wordpress plugin, advisory
• [ MDVSA-2011:043 ] libtiff, security
• HTB22869: SQL Injection in 1 Flash Gallery wordpress plugin, advisory
• [HITB-Announce] HITB Magazine Call for Articles, Hafez Kamal
• HTB22868: XSS in 1 Flash Gallery wordpress plugin, advisory
• VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm., VMware Security Team
• HTB22867: XSS in PhotoSmash wordpress plugin, advisory
• Cross-Site Scripting vulnerabilities in Icinga, sschurtz
• [security bulletin] HPSBUX02641 SSRT100412 rev.1 - HP OpenView Network Node Manager (OV NNM) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS), security-alert
• AthCon 2011 Announcement, kyprianos
• NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass), NSO Research
• [ MDVSA-2011:044 ] wireshark, security
• [USN-1086-1] Linux kernel (EC2) vulnerabilities, Kees Cook
• [SECURITY] [DSA 2185-1] proftpd-dfsg security update, Moritz Mühlenhoff
• RecordPress Multiple Vulnerabilities, irancrash
• HTB22880: XSS vulnerability in CosmoShop, advisory
• HTB22875: XSS in Lazyest Gallery wordpress plugin, advisory
  • <Possible follow-ups>
  • Re: HTB22875: XSS in Lazyest Gallery wordpress plugin, lazyest
• HTB22878: XSS vulnerability in CosmoShop, advisory
• [DCA-2011-0007] Air Contacts Lite (iPhone / iPod App Denial Of Service), Rodrigo Escobar
• HTB22874: Path disclosure in Lazyest Gallery wordpress plugin, advisory
  • <Possible follow-ups>
  • Re: HTB22874: Path disclosure in Lazyest Gallery wordpress plugin, lazyest
• HTB22879: Multiple XSS vulnerabilities in CosmoShop, advisory
• [SECURITY] [DSA 2186-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2187-1] icedove security update, Moritz Muehlenhoff
• Cross-Site Scripting vulnerability in Nagios, sschurtz
  • <Possible follow-ups>
  • Re: Cross-Site Scripting vulnerability in Nagios, sschurtz
• [SECURITY] [DSA 2188-1] webkit security update, Giuseppe Iuculano
• Call for Papers: Passwords^11, Per Thorsheim
• HTB22881: SQL injection vulnerability in CosmoShop, advisory
• [security bulletin] HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), security-alert
• Medium severity flaw in QNX Neutrino RTOS, Tim Brown
• Swiss Cyber Storm 3 2011 Announcement, Ivan Buetler
• [SECURITY] [DSA 2190-1] wordpress security update, Giuseppe Iuculano
• DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011, Major Malfunction
• VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free, VUPEN Security Research
• VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free, VUPEN Security Research
• VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling Integer Overflow, VUPEN Security Research
• Privacy, Security, Trust (PST 2011) - 2nd Call for Papers (Deadline: March 20), Serguei A. Mokhov on behalf of PST-11
• Checkpoint VPN - Priviledge Escalation, Thierry Zoller
• Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
• bbPress 1.0.2 <= Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• Joomla! 1.6.0 | SQL Injection Vulnerability, YGN Ethical Hacker Group
• BoutikOne Multiples SQL Injection Vulnerability, cdx . security
• ClubHACK Magazine: Call for Articles, abhijeet
• [DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS, Alexandr Polyakov
• [USN-1087-1] libvpx vulnerability, Micah Gersten
• [SECURITY] [DSA 2191-1] proftpd security update, Moritz Muehlenhoff
• [security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code, security-alert
• [DCA-2011-0004] - Trend WebReputation API Bypass, Ewerson Guimarães (Crash) - Dclabs
• [DSECRG-11-010] SAP NetWeaver logon.html - XSS, Alexandr Polyakov
• [USN-1085-2] tiff regression, Kees Cook
• [USN-1079-2] OpenJDK 6 vulnerabilities, Steve Beattie
• [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass, Mark Thomas
• HTB22888: File Content Disclosure in LotusCMS, advisory
• VMSA-2011-0005 VMware vCenter Orchestrator remote code execution vulnerability, VMware Security Team
• HTB22883: XSS vulnerability in LotusCMS, advisory
• HTB22882: Path disclosure in OXID eShop, advisory
• HTB22884: XSS vulnerability in LotusCMS, advisory
  • <Possible follow-ups>
  • Re: HTB22884: XSS vulnerability in LotusCMS, admin
• HTB22877: Path disclosure in xt:Commerce, advisory
• HTB22885: XSS vulnerability in LotusCMS, advisory
• HTB22886: XSRF (CSRF) in LotusCMS, advisory
• HTB22887: XSS vulnerability in LotusCMS, advisory
• ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability, Security_Alert
• ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server, Security_Alert
• ESA-2011-006: EMC Avamar privilege escalation vulnerability, Security_Alert
• [RT-SA-2011-002] SugarCRM list privilege restriction bypass, RedTeam Pentesting GmbH
• [SECURITY] [DSA 2192-1] chromium-browser security update, Giuseppe Iuculano
• [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution, RedTeam Pentesting GmbH
• MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled, Tom Yu
• [USN-1088-1] Kerberos vulnerability, Steve Beattie
• [DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS, Alexandr Polyakov
• [DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS, Alexandr Polyakov
• [DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS, Alexandr Polyakov
• [DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking, Alexandr Polyakov
• [ MDVSA-2011:045 ] postfix, security
• [SECURITY] [DSA 2193-1] libcgroup security update, Thijs Kinkhorst
• HTB22894: XSS in Sodahead Polls wordpress plugin, advisory
• HTB22893: XSS in Sodahead Polls wordpress plugin, advisory
• HTB22892: Path disclosure in Smen Social Button wordpress plugin, advisory
• HTB22891: XSS in Rating-Widget wordpress plugin, advisory
• HTB22890: XSS in Rating-Widget wordpress plugin, advisory
• HTB22889: XSS in Rating-Widget wordpress plugin, advisory
• [Announcement] ClubHACK Magazine Issue 14-March 2011 released, abhijeet
• [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel, Timo Warns
• AST-2011-003:, Asterisk Security Team
• AST-2011-004:, Asterisk Security Team
• Deferral Announcement for the March 2011 Cisco IOS Software Security Advisories, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2011:046 ] pure-ftpd, security
• [TEHTRI-Security] Quick BlackBerry Security Check, Laurent OUDOT at TEHTRI-Security
• [USN-1079-3] OpenJDK 6 vulnerabilities, Steve Beattie
• [SECURITY] [DSA 2194-1] libvirt security update, Thijs Kinkhorst
• [ MDVSA-2011:047 ] proftpd, security
• OWASP AppSec USA 2011 Call for Papers, Adam Baso
• XOOPS 2.5.0 <= Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• [ MDVSA-2011:048 ] krb5, security
• libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5), cxib
• [SECURITY] [DSA 2186-2] vimperator regression fix, Moritz Muehlenhoff
• [USN-1090-1] Linux kernel vulnerabilities, Kees Cook
• Tugux CMS (nid) BLIND sql injection vulnerability, eidelweiss
• Buffer overflow in libtiff in Imagemagick, zgmzgm
  • Re: Buffer overflow in libtiff in Imagemagick, Vladimir '3APA3A' Dubrovin
• XSS vulnerability in Web Poll Pro, Hector . x90
• [SECURITY] [DSA 2195-1] php5 security update, Raphael Geissert
• Privacy, Security, Trust (PST 2011) - Call for Papers (EXTENDED Deadline: April 3, 2011), Serguei A. Mokhov on behalf of PST-11
• Vulnerabilities in some SCADA server softwares, Luigi Auriemma
  • Re: Vulnerabilities in some SCADA server softwares, J. Oquendo
    • Re: Vulnerabilities in some SCADA server softwares, Luigi Auriemma
    • Re: Vulnerabilities in some SCADA server softwares, Michal Zalewski
      • RE: Vulnerabilities in some SCADA server softwares, Jim Harrison
        • Re: Vulnerabilities in some SCADA server softwares, Luigi Auriemma
          • RE: Vulnerabilities in some SCADA server softwares, Jim Harrison
            • Re: Vulnerabilities in some SCADA server softwares, Theo de Raadt
              • Re: Vulnerabilities in some SCADA server softwares, J. Oquendo
                • Re: Vulnerabilities in some SCADA server softwares, Simple Nomad
                  • Message not available
                    • Re: Vulnerabilities in some SCADA server softwares, Simple Nomad
                      • Re: Vulnerabilities in some SCADA server softwares, Kent Borg
                • Re: Vulnerabilities in some SCADA server softwares, Theo de Raadt
                • Re: Vulnerabilities in some SCADA server softwares, Jamie Riden
                • Re: Vulnerabilities in some SCADA server softwares, Willy Tarreau
              • Re: Vulnerabilities in some SCADA server softwares, bugtraq
              • Re: Vulnerabilities in some SCADA server softwares, CJC
                • Re: Vulnerabilities in some SCADA server softwares, Michal Zalewski
          • Re: Vulnerabilities in some SCADA server softwares, J. Oquendo
            • Re: Vulnerabilities in some SCADA server softwares, Mike Hoskins
      • Re: Vulnerabilities in some SCADA server softwares, R Michael Williams
        • Re: Vulnerabilities in some SCADA server softwares, Michal Zalewski
    • Re: Vulnerabilities in some SCADA server softwares, Kent Borg
      • Re: Vulnerabilities in some SCADA server softwares, J. Oquendo
    • Re: Vulnerabilities in some SCADA server softwares, Pavel Kankovsky
• ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability, ZDI Disclosures
• Heap overflow in RealPlayer 14.0.1.633, Luigi Auriemma
• ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2011:051 ] kernel, security
• Douran Portal File Download/Source Code Disclosure Vulnerability, support
• [USN-1089-1] Linux kernel vulnerabilities, Kees Cook
• [SECURITY] [DSA 2196-1] maradns security update, Raphael Geissert
• [ MDVSA-2011:049 ] vsftpd, security
• [ MDVSA-2011:050 ] pidgin, security
• [SECURITY] [DSA 2197-1] quagga security update, Florian Weimer
• NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow, Research@NGSSecure
• ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability, ZDI Disclosures
• iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability, labs-no-reply
• NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration, Research@NGSSecure
• CMS Balitbang 3.3 Arbitary File Upload Vulnerability, eidelweiss
• NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow, Research@NGSSecure
• NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows, Research@NGSSecure
• NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability, NSO Research
• ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Apple HFS+ Information Disclosure Vulnerability, VSR Advisories
• [security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration, security-alert
• SCADA Trojans: Attacking the Grid + Advantech vulnerabilities, Reversemode
• [SECURITY] [DSA 2198-1] tex-common security update, Nico Golde
• ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability, ZDI Disclosures
• XSS in Oracle default fcgi-bin/echo, paul . szabo
• Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability, YGN Ethical Hacker Group
• PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability, YGN Ethical Hacker Group
• ZDI-11-112: (0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability, ZDI Disclosures
• PHP-Nuke 8.x <= Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• [ MDVSA-2011:052 ] php, security
• [ MDVSA-2011:053 ] php, security
• PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability, YGN Ethical Hacker Group
• ZDI-11-111: (0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability, ZDI Disclosures
• CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files, CORE Security Technologies Advisories
• [SECURITY] [DSA 2199-1] iceape security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2200-1] iceweasel security update, Moritz Muehlenhoff
• HTB22900: Multiple XSS vulnerabilities in SyndeoCMS, advisory
• [SECURITY] [DSA 2201-1] wireshark security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2202-1] apache2 security update, Stefan Fritsch
• HTB22895: XSS vulnerability in Ripe website manager, advisory
• HTB22902: XSS in SyndeoCMS, advisory
• HTB22898: XSRF (CSRF) in Ripe website manager, advisory
• HTB22897: SQL injection vulnerability in Ripe website manager, advisory
• HTB22899: Path disclosure in SyndeoCMS, advisory
• HTB22896: SQL injection vulnerability in Ripe website manager, advisory
• HTB22901: SQL injection in SyndeoCMS, advisory
• ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability, Security_Alert
• NGS00051 Patch Notification: Cisco VPN Client Privilege Escalation, Research@NGSSecure
• Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability, YGN Ethical Hacker Group
• [USN-1091-1] Firefox and Xulrunner vulnerabilities, Micah Gersten
• [USN-1093-1] Linux Kernel vulnerabilities (Marvell Dove), Jamie Strandboge
• [SECURITY] [DSA 2203-1] nss security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2204-1] imp4 security update, Steffen Joeris
• [security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS), security-alert
• SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability, root
• TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution, Advisories Toucan-System
• [USN-1092-1] Linux Kernel vulnerabilities, Jamie Strandboge
• Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003, Lists
• SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting, root
• [AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities, Michele Orru
• [ MDVSA-2011:054 ] java-1.6.0-openjdk, security
• Unidesk ReportingService Forceful Browsing Vulnerability, np
• ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability, ZDI Disclosures
• "Simple PHP Newsletter" Remote Admin Password Change With install path, cseye_ut
  • <Possible follow-ups>
  • "Simple PHP Newsletter" Remote Admin Password Change With install path, cseye_ut
    • Re: "Simple PHP Newsletter" Remote Admin Password Change With install path, Patrick Kelley
• HTB22905: Path disclosure in Wordpress, advisory
  • Re: HTB22905: Path disclosure in Wordpress, Christian Sciberras
    • Re: HTB22905: Path disclosure in Wordpress, Patrick Kelley
      • Message not available
        • Re: HTB22905: Path disclosure in Wordpress, Patrick Kelley
• [SECURITY] [DSA 2205-1] gdm3 security update, Florian Weimer
• "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path, cseye_ut
  • <Possible follow-ups>
  • "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path, cseye_ut
• HTB22904: Path disclosure in bbPress, advisory
• XSS Vulnerability in Tracks 1.7.2, Netsparker Advisories
• Solaris 10 Port Stealing Vulnerability, Chris O'Regan
• HTB22903: XSS in Spitfire CMS, advisory
• [SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities, Martin Schulze
• VMSA-2011-0006 VMware vmrun utility local privilege escalation, VMware Security Team
• [USN-1098-1] vsftpd vulnerability, Marc Deslauriers
• DataDynamics Report Library CoreHandler XSS, david . daly
• [USN-1097-1] Tomcat vulnerabilities, Marc Deslauriers
• [ MDVSA-2011:055 ] openldap, security
• [USN-1096-1] Subversion vulnerability, Marc Deslauriers
• [USN-1094-1] Libvirt vulnerability, Jamie Strandboge
• [SECURITY] [DSA 2207-1] tomcat5.5 security update, Moritz Muehlenhoff
• [USN-1095-1] Quagga vulnerabilities, Marc Deslauriers
• ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications, Security_Alert
• Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2011:056 ] openldap, security
• [SECURITY] [DSA 2208-1] bind9 security update, Florian Weimer