Mail Thread Index

• Date Index

• [ MDVSA-2011:079 ] firefox, security
• [USN-1112-1] Firefox and Xulrunner vulnerabilities, Micah Gersten
• [USN-1121-1] firefox vulnerabilities, Micah Gersten
• [SECURITY] [DSA 2227-1] iceape security update, Moritz Muehlenhoff
• OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability, Patrick Webster
• [ MDVSA-2011:081 ] kdenetwork4, security
• [ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g, ISecAuditors Security Advisories
• [SECURITY] [DSA 2229-1] spip security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2230-1] qemu-kvm security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2228-1] iceweasel security update, Moritz Muehlenhoff
• Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion, cxib
• [USN-1123-1] xulrunner-1.9.1 vulnerabilities, Micah Gersten
• [ MDVSA-2011:080 ] mozilla-thunderbird, security
• XSS in GOT.MY CLASSMATES, bolok . boloke80
• SQL injection in 4images, bolok . boloke80
• [security bulletin] HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure, security-alert
• [USN-1127-1] usb-creator vulnerability, Marc Deslauriers
• XSS in DEAL INFORMER, bolok . boloke80
• HTB22967: Multiple SQL Injection in Shutter, advisory
• HTB22966: XSS in (e)2 interactive Photo Gallery, advisory
• Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv, Damien Miller
• TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html, Shatter
• HTB22964: XSS in SelectaPix Image Gallery, advisory
• HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery, advisory
• [ MDVSA-2011:082 ] python-feedparser, security
• HTB22962: Multiple XSS in YaPiG, advisory
• [USN-1129-1] Perl vulnerabilities, Marc Deslauriers
• Path disclousure in MEGA PORTAL, bolok . boloke80
• XSS in CLASSIFIED ADS, bolok . boloke80
• TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU, Shatter
• NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia., iccc
• Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005, Lists
• [USN-1128-1] Vino vulnerabilities, Marc Deslauriers
• TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component, Shatter
• CSRF (Cross-Site Request Forgery) in FREELANCER, bolok . boloke80
• [RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances, RedTeam Pentesting GmbH
• Cisco IOS UDP Denial of Service Vulnerability, vuln
  • <Possible follow-ups>
  • Re: Cisco IOS UDP Denial of Service Vulnerability, psirt
• [security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection, security-alert
• [RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface, RedTeam Pentesting GmbH
• Cisco IOS SNMP Message Processing Denial Of Service Vulnerability, vuln
  • <Possible follow-ups>
  • Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability, psirt
• Announcement - DeepSec 2011 - Call for Papers, DeepSec Conference
• [USN-1126-2] PHP Regressions, Steve Beattie
• Fwd: [USN-1122-1] Thunderbird vulnerabilities, Micah Gersten
• t2'11: Call for Papers 2011 (Helsinki / Finland), Tomi Tuominen
• Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• HTB22968: XSS in PHP Directory Listing Script, advisory
• HTB22970: Multiple XSS vulnerabilities in PHPDug, advisory
• HTB22973: XSS in AJAX Calendar, advisory
• HTB22971: XSRF (CSRF) in PHPDug, advisory
• HTB22972: Multiple SQL injection vulnerabilities in PHPDug, advisory
• HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar, advisory
  • Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones, Barry Greene
• [USN-1122-2] Thunderbird vulnerabilities, Micah Gersten
• PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management, research
• [USN-1111-1] Linux kernel vulnerabilities, Kees Cook
• Silently Pwning Protected-Mode IE9 and Innocent Windows Applications, Mitja Kolsek
• VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities, VMware Security Team
• [SECURITY] [DSA 2231-1] otrs2 security update, Florian Weimer
• [SECURITY] [DSA 2232-1] exim4 security update, Florian Weimer
• Swiss Cyber Storm 3, Ivan Buetler
• TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write, Advisories Toucan-System
• TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection, Advisories Toucan-System
• Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720), Wietse Venema
• [security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification, security-alert
• [security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
• [security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
• PR10-17 Various XSS and information disclosure flaws within KeyFax response management system, research
• ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability, ZDI Disclosures
• OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability, Patrick Webster
• Re: SQL Injection in Pixie, security curmudgeon
• HTB22974: Multiple XSS in Calendarix, advisory
• HTB22975: SQL injection in Calendarix, advisory
• HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo, advisory
• HTB22977: XSRF (CSRF) in poMMo, advisory
• ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2235-1] icedove security update, Moritz Muehlenhoff
• Apache Struts 2 Multiple Reflected XSS in XWork error pages, marian . ventuneac
• [security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code, security-alert
• ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2234-1] zodb security update, Luciano Bello
• [USN-1131-1] Postfix vulnerability, Marc Deslauriers
• ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2233-1] postfix security update, Florian Weimer
• [security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access, security-alert
• ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability, ZDI Disclosures
• [Announcement] ClubHACK Magazine Issue 16-May 2011 released, abhijeet
• ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability, ZDI Disclosures
• CA20110510-01: Security Notice for CA eHealth, Kotas, Kevin J
• [PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel, Timo Warns
• ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files, security-alert
• ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability, ZDI Disclosures
• [USN-1130-1] Exim vulnerability, Kees Cook
• [security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS), security-alert
• CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass, CORE Security Technologies Advisories
• [Bkis] sNews 1.7.1 XSS vulnerability, Bkis
• HTB22980: XSRF (CSRF) in Open Classifieds, advisory
• [security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure, security-alert
• HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social, advisory
• HTB22978: XSRF (CSRF) in Argyle Social, advisory
• CORE-2011-0204: Adobe Audition vulnerability processing malformed session file, CORE Security Technologies Advisories
• [ MDVSA-2011:083 ] wireshark, security
• [security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS), security-alert
• [Annoucement] ClubHack Magazine - Call for Articles, abhijeet
• [ MDVSA-2011:084 ] apr, security
• Multiple Vendors libc/fnmatch(3) DoS (incl apache poc), cxib
• [SECURITY] [DSA 2236-1] exim4 security update, Florian Weimer
• ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability, Security_Alert
• [ MDVSA-2011:085 ] libmodplug, security
• [SECURITY] [DSA 2237-1] apr security update, Stefan Fritsch
• [ MDVSA-2011:086 ] polkit, security
• NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon, Henri Lindberg
• DC4420 - London DEFCON - May meet - Tuesday 24th May 2011, Major Malfunction
• Linux Kernel 2.6.38 Remote NULL Pointer Dereference, roberto . paleari
• [ MDVSA-2011:087 ] vino, security
• WebTech Conference 2011 Call for Papers, Carsten Eilers
• MalBox Release! A Program Behavior Analysis System!, Xiaobo
• [ MDVSA-2011:088 ] mplayer, security
• PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing), research
• [ MDVSA-2011:089 ] mplayer, security
• Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer, Stefan Kanthak
• [USN-1132-1] apturl vulnerability, Marc Deslauriers
• ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability, ZDI Disclosures
• [ MDVSA-2011:090 ] postfix, security
• [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass, Mark Thomas
• HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic, advisory
• Ruxcon 2011 Call For Papers, cfp
• CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability, Daniel Clemens
• [ MDVSA-2011:092 ] perl-IO-Socket-SSL, security
• XSS vulnerability in TWiki < 5.0.2, Netsparker Advisories
• DOMinator - The DOMXss Analyzer Tool - is finally public, Stefano Di Paola
• [ MDVSA-2011:093 ] gnome-screensaver, security
• Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006, Lists
• Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure, marian . ventuneac
• [ MDVSA-2011:094 ] pure-ftpd, security
• RE: CA20110420-02: Security Notice for CA Output Management Web Viewer, Williams, James K
• Ubuntu Security Notice publication update, Jamie Strandboge
• [SECURITY] [DSA 2238-1] vino security update, Moritz Muehlenhoff
• [ MDVSA-2011:095 ] apr, security
• PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007, Lists
• Session hacking via authentication cookie on Oracle CRM on Demand, jeffto
• PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager), research
• NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption, Research@NGSSecure
• [ MDVSA-2011:096 ] python, security
• Bypassing Cisco's ICMPv6 Router Advertisement Guard feature, Marc Heuse
• HTB22995: XSS in Ajax Chat, advisory
• [ MDVSA-2011:098 ] ruby, security
• [ MDVSA-2011:099 ] libzip, security
• [SECURITY] [DSA 2237-2] apr security update, Stefan Fritsch
• NNT Change Tracker - Hard-Coded Encryption Key, Dennis Brunnen
• [ MDVSA-2011:100 ] cyrus-imapd, security
• HTB22987: Multiple XSS in phpScheduleIt, advisory
• [ MDVSA-2011:097 ] ruby, security
• Gadu-Gadu 0-Day Remote Code Execution, Kacper Szczesniak
• HTB22986: SQL injection in ExtCalendar 2, advisory
• [ MDVSA-2011:095-1 ] apr, security
• [SECURITY] [DSA 2239-1] libmojolicious-perl security update, Moritz Muehlenhoff
• E-mail address spoofing with RLO, Wouter Coekaerts
• VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption, VUPEN Security Research
• CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow, CORE Security Technologies Advisories
• Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others, supernothing
• The Anatomy of COM Server-Based Binary Planting Exploits, ACROS Security Lists
• [SECURITY] [DSA 2240-1] linux-2.6 security update, dann frazier
• [SECURITY] [DSA 2241-1] qemu-kvm security update, Moritz Muehlenhoff
• Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability, Cisco Systems Product Security Incident Response Team
• iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow, labs-no-reply
• iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow, labs-no-reply
• Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow, labs-no-reply
• iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow, labs-no-reply
• Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure, Veronica
• [ MDVSA-2011:101 ] dovecot, security
• [SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update, Moritz Muehlenhoff
• [CVE-REQUEST] Plone XSS and permission errors, matthew
• [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability, Deng Ching
• [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability, Deng Ching
• Viewpoint: Security implications of IPv6, Fernando Gont
• [SECURITY] [DSA 2243-1] unbound security update, Florian Weimer
• [ MDVSA-2011:102 ] rdesktop, security
• [ MDVSA-2011:103 ] gimp, security
• CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina], eko security conference
• FreeBSD Security Advisory FreeBSD-SA-11:02.bind, FreeBSD Security Advisories
• [SECURITY] [DSA 2244-1] bind9 security update, Florian Weimer
• [SECURITY] [DSA 2246-1] mahara security update, Giuseppe Iuculano
• [SECURITY] [DSA 2245-1] chromium-browser security update, Giuseppe Iuculano
• [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities, Walikar Riyaz Ahemed Dawalmalik
• Paranoia 2011: Call for papers, paranoia
• Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag", sschurtz
• [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities, Walikar Riyaz Ahemed Dawalmalik