Mail Thread Index

• Date Index

• 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546), Mark Stanislav
• RE: Solaris 10 Port Stealing Vulnerability, Chris O'Regan
  • Re: Solaris 10 Port Stealing Vulnerability, Casper . Dik
• Re: Re: HTB22905: Path disclosure in Wordpress, mike
• [USN-1099-1] GDM vulnerability, Steve Beattie
• [SECURITY] [DSA 2208-2] bind9 security update, Florian Weimer
• HTB22907: Directory Traversal in Collabtive, advisory
• HTB22906: XSS vulnerabilities in Collabtive, advisory
• HTB22910: XSRF (CSRF) in Feng Office, advisory
• HTB22909: Path disclosure in Tine 2.0, advisory
• HTB22908: XSRF (CSRF) in Collabtive, advisory
• HTB22931: XSS vulnerability in InTerra Blog Machine, advisory
  • <Possible follow-ups>
  • HTB22931: XSS vulnerability in InTerra Blog Machine, advisory
• [USN-1100-1] OpenLDAP vulnerabilities, Jamie Strandboge
• BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload, Tavis Ormandy
• [security bulletin] HPSBMA02650 SSRT100429 rev.1 - HP Operations for UNIX, Remote Cross Site Scripting (XSS), Unauthorized Access, security-alert
• [ MDVSA-2011:058 ] quagga, security
• [ MDVSA-2011:057 ] apache, security
• iDefense Security Advisory 03.31.10: RealNetworks Helix DNA Server RTSP Stack Buffer Overflow, labs-no-reply
• Microsoft VISTA TCP/IP heap buffer underflow, J. Oquendo
  • RE: [Full-disclosure] Microsoft VISTA TCP/IP heap buffer underflow, Thor (Hammer of God)
• 6-year FreeBSD-SA-05:02.sendfile exploit, Solar Designer
• [ MDVSA-2011:059 ] ffmpeg, security
• [security bulletin] HPSBUX02645 SSRT100387 rev.1 - HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02646 SSRT100396 rev.1 - HP-UX, Local Denial of Service (DoS), security-alert
• Movie Player v4.82 0Day Buffer overflow/DOS Exploit, ^Xecuti0N3r
• [security bulletin] HPSBUX02639 SSRT100293 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS), security-alert
• AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability, SecPod Research
• Flag this message Windows Media player 11.0.5721.5145 Buffer overflow/DOS Exploit, ^Xecuti0N3r
• [ MDVSA-2011:060 ] ffmpeg, security
• [ MDVSA-2011:061 ] ffmpeg, security
• XCon 2011 XFocus Information Security Conference Call for Paper, xcon
• Re: RFI in JAF CMS, security curmudgeon
• [SECURITY] [DSA 2210-1] tiff security update, Thijs Kinkhorst
• Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang), mike
• [ MDVSA-2011:062 ] ffmpeg, security
• [ MDVSA-2011:063 ] xmlsec1, security
• [SECURITY] [DSA 2209-1] tgt security update, Moritz Muehlenhoff
• ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability, ZDI Disclosures
• THOMSON Router XSS, edgard . chammas
  • <Possible follow-ups>
  • RE: THOMSON Router XSS, Auffret Patrice
• Xymon monitor cross-site scripting vulnerabilities, Henrik Størner
  • Re: Xymon monitor cross-site scripting vulnerabilities, Henri Salo
• DC4420 - London DEFCON - April meet - Wednesday 22nd April 2011, Major Malfunction
  • Re: DC4420 - London DEFCON - April meet - Wednesday 20th April 2011, Adam Laurie
  • Re: DC4420 - London DEFCON - April meet - Wednesday 20th April 2011, Major Malfunction
• RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities, nospam
• RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution and Code Execution Vulnerabilities, nospam
• [ MDVSA-2011:064 ] libtiff, security
• ZDI-11-041: (0day) Multiple Browser Node Processing Stack Overflow Vulnerability, ZDI Disclosures
• ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [USN-1103-1] tex-common vulnerability, Marc Deslauriers
• [USN-1102-1] tiff vulnerability, Marc Deslauriers
• [USN-1104-1] FFmpeg vulnerabilities, Marc Deslauriers
• HTB22914: Local File Inclusion in UseBB, advisory
• HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB, advisory
• HTB22912: Multiple SQL Injections in Eleanor CMS, advisory
• HTB22911: XSS in Eleanor CMS, advisory
• [security bulletin] HPSBMA02652 SSRT100432 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure, security-alert
• StartSite.ir Cross-site Scripting Vulnerability, md . r00t . defacer
• [ MDVSA-2011:065 ] logrotate, security
• Re: XSS in CompactCMS, security curmudgeon
• XSS Vulnerability in Redmine 1.0.1 to 1.1.1, Netsparker Advisories
• Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL, security curmudgeon
• Re: Multiple vulnerabilities in chCounter <= 3.1.3, security curmudgeon
• [USN-1105-1] Linux kernel vulnerabilities, Kees Cook
• Re: AWCM v2.2 Auth Bypass Vulnerabilities, security curmudgeon
• [ MDVSA-2011:066 ] rsync, security
• ICMPv6 Router Announcement flooding denial of service affecting multiple systems, Marc Heuse
• Sonexis ConferenceManager SQL Injection, robkraus
• [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure, Mark Thomas
• [USN-1106-1] NSS vulnerabilities, Micah Gersten
• [SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass, Mark Thomas
• [USN-1107-1] x11-xserver-utils vulnerability, Marc Deslauriers
• Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities, robkraus
• [SECURITY] [DSA 2211-1] vlc security update, Moritz Muehlenhoff
• SEC Consult SA-20110407-0 :: Libmodplug ReadS3M Stack Overflow, SEC Consult Vulnerability Lab
• HTB22921: SQL Injection in Viscacha, advisory
• HTB22919: Multiple XSS in Viscacha, advisory
• HTB22915: Path disclosure in Joomla, advisory
• HTB22920: Path disclosure in Viscacha, advisory
• HTB22918: Path disclosure in phpCollab, advisory
• HTB22917: XSS vulnerabilities in phpCollab, advisory
• HTB22916: XSRF (CSRF) in phpCollab, advisory
• O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF), Hanno Böck
• phplist: cross site request forgery (CSRF), CVE-2011-0748, Hanno Böck
• [SECURITY] [DSA 2212-1] tmux security update, Nico Golde
• XSS Vulnerabilities in 1024cms Admin Control Panel v1.1.0 Beta, by_argos
• LFI Vulnerability in 024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package), by_argos
• Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package), by_argos
• XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package), by_argos
• LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package), by_argos
• [ MDVSA-2011:069 ] php, security
• [ MDVSA-2011:070 ] gdm, security
• [ MDVSA-2011:071 ] kdelibs4, security
• [ MDVSA-2011:072 ] gwenhywfar, security
• joomlacontenteditor (com_jce) BLIND sql injection vulnerability, eidelweiss
  • Re: joomlacontenteditor (com_jce) BLIND sql injection vulnerability, Stephen Brandon
• [SECURITY] [DSA 2213-1] x11-xserver-utils security update, Nico Golde
• [SECURITY] [DSA 2214-1] ikiwiki security update, Nico Golde
• Re: XSRF (CSRF) in Wolf CMS, security curmudgeon
• Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1, by_argos
• ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability, ZDI Disclosures
  • <Possible follow-ups>
  • Re: ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability, nospam
• [SECURITY] [DSA 2215-1] gitolite security update, Nico Golde
• WOOT '11 Call for Papers (reminder), Michal Zalewski
• [Tool] sqlmap 0.9 released, Miroslav Stampar
• [SECURITY] [DSA 2216-1] isc-dhcp security update, Nico Golde
• [ MDVSA-2011:073 ] dhcp, security
• Linksys WRT54G - read router password from file placed on FTP, rafdw
• [SECURITY] [DSA 2217-1] dhcp3 security update, Nico Golde
• Vulnerabilities in Microsoft Reader and HIS, Luigi Auriemma
• ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability, ZDI Disclosures
• rPSA-2011-0013-1 openssl openssl-scripts, rPath Update Announcements
• Passwords^11 - Call for Papers ending April 17!, Per Thorsheim
• rPSA-2011-0014-1 httpd mod_ssl, rPath Update Announcements
• [USN-1108-1] DHCP vulnerability, Marc Deslauriers
• Medium severity flaw in Konqueror, Tim Brown
  • Re: [Full-disclosure] Medium severity flaw in Konqueror, Vincent Danen
    • Re: [Full-disclosure] Medium severity flaw in Konqueror, Tim Brown
• HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe, advisory
• HTB22930: Multiple XSS in WebCalendar, advisory
• CFP for BugCON 2011 @ Mexico City, Carlos A. Lozano
• HTB22925: Path disclosure in Plogger, advisory
• HTB22926: XSS vulnerability in Plogger, advisory
• [SECURITY] [DSA 2218-1] vlc security update, Nico Golde
• Stack overflow in Microsoft HTML Help 6.1 (CHM files), Luigi Auriemma
• HTB22929: Multiple Path disclosure in WebsiteBaker, advisory
• HTB22928: Multiple SQL Injections in WebsiteBaker, advisory
• [security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS), security-alert
• [IMF 2011] Call for Participation, Oliver Goebel
• ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Announcing TakeDownCon Dallas - May 14-19 - Dallas, TX, EC-Council USA
• ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability, ZDI Disclosures
• nSense-2011-001: VeryPDF pdf2tif, Henri Lindberg
• VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability, VUPEN Security Research
• ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBUX02655 SSRT100353 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS), security-alert
• VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability, VUPEN Security Research
• iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability, labs-no-reply
• [security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS), security-alert
• iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability, labs-no-reply
• [USN-1109-1] GIMP vulnerabilities, Marc Deslauriers
• [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel, Timo Warns
• ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2011:074 ] qt4, security
• [DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption, Flavio do Carmo Junior aka waKKu
• Microsoft Patches Binary Planting Issues In Various Vendors' Products, ACROS Security Lists
• MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285], Tom Yu
• ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability, ZDI Disclosures
• ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability, ZDI Disclosures
• ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability, ZDI Disclosures
• ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability, ZDI Disclosures
• CA20110413-01: Security Notice for CA Total Defense, Kotas, Kevin J
• ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability, ZDI Disclosures
• ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability, ZDI Disclosures
• ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability, ZDI Disclosures
• The BodgeIt Store - another vulnerable web app, psiinon
• ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability, ZDI Disclosures
• HTB22924: Arbitrary Command Execution in phpAlbum.net, advisory
• HTB22923: XSRF (CSRF) in phpAlbum.net, advisory
• HTB22922: XSS vulnerabilities in phpAlbum.net, advisory
• [security bulletin] HPSBMA02652 SSRT100432 rev.3 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure, security-alert
• Recon 2011 - Accepted Talks , Training, Call For Papers Reminder - July 8 to 10, 2011 - Montreal, Quebec, hfortier
• [USN-1110-1] KDE-Libs vulnerabilities, Jamie Strandboge
• ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability, ZDI Disclosures
• VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094), VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345), VUPEN Security Research
• VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344), VUPEN Security Research
• VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034), VUPEN Security Research
• ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability, ZDI Disclosures
• VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105), VUPEN Security Research
• Does anyone know how to contact OpenSSH non-public?, Jann Horn
  • Re: Does anyone know how to contact OpenSSH non-public?, Rico Secada
• Announcement: ClubHACK Magazine Issue 15-April 2011 released, abhijeet
• [USN-1113-1] Postfix vulnerabilities, Marc Deslauriers
• ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability, Security_Alert
• ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch, Security_Alert
• cPassMan v1.82 Arbitrary File Download - SOS-11-004, Lists
• [DCA-2011-0011] - Ocomon Multiple SQL Injection, Ewerson Guimarães (Crash) - Dclabs
• HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin, advisory
• HTB22932: Multiple XSS in webSPELL, advisory
• HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin, advisory
• HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin, advisory
• HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum, advisory
• [Annoucement] CHMag Call for Articles, abhijeet
• HTB22940: XSS in SocialGrid wordpress plugin, advisory
• ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability, ZDI Disclosures
• HTB22933: Multiple Path disclosure in webSPELL, advisory
• Windows Synchronization Object Vulnerabilites in Antivirus Suites, Lists
• [SECURITY] [DSA 2219-1] xmlsec1 security update, Thijs Kinkhorst
• [USN-1114-1] KDENetwork vulnerability, Jamie Strandboge
• [security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
• HTB22942: Path disclousure in Dalbum, advisory
• HTB22943: XSS in Dalbum, advisory
• HTB22937: Path disclosure in Universal Post Manager wordpress plugin, advisory
• Re: SQL Injection in LightNEasy, security curmudgeon
  • <Possible follow-ups>
  • Re: SQL Injection in LightNEasy, security curmudgeon
• HTB22938: Multiple XSS in Universal Post Manager wordpress plugin, advisory
• ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS), security-alert
• [security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure, security-alert
• [USN-1118-1] OpenSLP vulnerability, Marc Deslauriers
• [SECURITY] [DSA 2221-1] Mojolicious security update, Moritz Muehlenhoff
• [security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [USN-1108-2] DHCP vulnerability, Marc Deslauriers
• ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability, ZDI Disclosures
• [USN-1115-1] language-selector vulnerability, Kees Cook
• [security bulletin] HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information, security-alert
• [USN-1116-1] Kerberos vulnerability, Kees Cook
• Directory Traversal Vulnerability in Viola DVR VIO-4/1000, by_argos
• [SECURITY] [DSA 2220-1] Request Tracker security update, Florian Weimer
• [USN-1117-1] PolicyKit vulnerability, Kees Cook
• [ MDVSA-2011:075 ] kdelibs4, security
• [SECURITY] [DSA 2222-1] tinyproxy security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2223-1] doctrine security update, Florian Weimer
• [SECURITY] [DSA 2224-1] openjdk-6 security update, Florian Weimer
• [security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF), security-alert
• [security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation, security-alert
• CA20110420-02: Security Notice for CA Output Management Web Viewer, Williams, James K
• FreeBSD Security Advisory FreeBSD-SA-11:01.mountd, FreeBSD Security Advisories
• [USN-1119-1] Linux kernel (OMAP4) vulnerabilities, Kees Cook
• CA20110420-01: Security Notice for CA SiteMinder, Williams, James K
• HTB22947: XSS in Ajax Category Dropdown wordpress plugin, advisory
• HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin, advisory
• HTB22945: Multiple XSS in ZENphoto, advisory
  • Re: HTB22945: Multiple XSS in ZENphoto, Christian Kujau
• HTB22950: SQL injection in 4images, advisory
• HTB22949: Multiple Path disclousure in 4images, advisory
• HTB22944: Path disclousure in ZENphoto, advisory
• hack.lu 2011 CFP, hack.lu 2011 information team
• [USN-1120-1] tiff vulnerability, Marc Deslauriers
• [ MDVSA-2011:076 ] xrdb, security
• [ MDVSA-2011:077 ] krb5, security
• [security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection, security-alert
• [security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure, security-alert
• AST-2011-005: File Descriptor Resource Exhaustion, Asterisk Security Team
• [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay, Alexandr Polyakov
  • Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay, Vladimir '3APA3A' Dubrovin
• [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011), ACM CCS 2011
• [ MDVSA-2011:078 ] libtiff, security
• XSS in Webmin 1.540 + exploit for privilege escalation, Javier Bassi
• AT-TFTP Server Remote Denial of Service Vulnerability, SecPod Research
• AST-2011-006: Asterisk Manager User Shell Access, Asterisk Security Team
• [TOOL RELEASE] T50 - an Experimental Mixed Packet Injector ( v5.3), Nelson Brito
• HTB22953: XSS in Max's PHP Photo Album, advisory
• HTB22957: XSRF (CSRF) in phpList, advisory
• HTB22956: XSS vulnerabilities in phpList, advisory
• HTB22954: Path disclousure in yappa-ng Photo Gallery, advisory
• HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin, advisory
• HTB22948: Path disclosure in Cotonti, advisory
• HTB22952: XSS vulnerabilities in Noah's Classifieds, advisory
• Re: SQL Injection in phpMySport, security curmudgeon
• HTB22955: Path disclosure in BuddyPress WordPress plugin, advisory
• [security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2225-1] asterisk security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2226-1] libmodplug security update, Moritz Muehlenhoff
• CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server, Kotas, Kevin J
• [security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection, security-alert
• Re: Stored XSS vulnerability in diafan.CMS, security curmudgeon
• B-Sides Vienna | NinjaCon 11 Call For Participation, astera
• NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write, Research@NGSSecure
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager, Cisco Systems Product Security Incident Response Team
• [USN-1124-1] rsync vulnerability, Marc Deslauriers
• Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [USN-1125-1] PCSC-Lite vulnerability, Marc Deslauriers
• CFP: Hacktivity 2011, September 17-18, Budapest, Hungary, jozsef . tiborcz
• HTB22958: XSS in phpGraphy, advisory
• hashdays 2011 - Call for Papers (#days CFP), Hashdays CFP
• HTB22961: XSS in WP Photo Album wordpress plugin, advisory
• HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy, advisory
• HTB22965: Multiple XSS vulnerabilities in BackupPC, advisory
• HTB22960: XSS in Daily Maui Photo Widget wordpress plugin, advisory
• [Onapsis Security Advisory 2011-010] Oracle JD Edwards JDENET Remote Logging Deactivation, Onapsis Research Labs
• [Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure, Onapsis Research Labs
• [Onapsis Security Advisory 2011-008] Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution, Onapsis Research Labs
• [Onapsis Security Advisory 2011-011] Oracle JD Edwards JDENET Buffer Overflow, Onapsis Research Labs
• [Onapsis Security Advisory 2011-012] Oracle JD Edwards JDENET Firewall Bypass, Onapsis Research Labs
• ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability, ZDI Disclosures
• [Onapsis Security Advisory 2011-013] Oracle JD Edwards JDENET USRBROADCAST Denial of Service, Onapsis Research Labs
• VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console, VMware Security Team
• [Onapsis Security Advisory 2011-006] Oracle JD Edwards JDENET Kernel Denial of Service, Onapsis Research Labs
• [Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure, Onapsis Research Labs
• [Onapsis Security Advisory 2011-007] Oracle JD Edwards JDENET Kernel Shutdown, Onapsis Research Labs
• [Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities, Onapsis Research Labs
• [Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities, Onapsis Research Labs
• [security bulletin] HPSBMA02668 SSRT100474 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
• Re: HTB22827: File Content Disclosure in Wikipad, security curmudgeon
• ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention, Security_Alert
• ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-145: HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability, ZDI Disclosures
• ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [USN-1126-1] PHP vulnerabilities, Steve Beattie