Mail Index
- Multiple vulnerabilities in Winamp 5.61
- Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method
- Breaking the links: Exploiting the linker
- ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability
- ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability
- [slackware-security] pidgin (SSA:2011-178-01)
- From: Slackware Security Team
- AST-2011-011: Possible enumeration of SIP users due to differing authentication responses
- From: Asterisk Security Team
- Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
- From: YGN Ethical Hacker Group
- CORE-2011-0514: Multiple vulnerabilities in HP Data Protector
- From: CORE Security Technologies Advisories
- CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability
- From: CORE Security Technologies Advisories
- Multiple Cross-Site Scripting vulnerabilities in WebCalendar
- Arbitrary files deletion in HP OpenView Performance Agent
- [security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
- [SECURITY] [DSA 2271-1] curl security update
- bcksrvr format string in Sybase Adaptive Server 15.5
- Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- in_midi multiple vulnerabilities in Winamp 5.61
- [SECURITY] [DSA 2266-1] php5 security update
- ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability
- [SECURITY] [DSA-2210-2] tiff security update
- ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
- ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability
- SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code
- Re: Perfect PDF products distributed with vulnerable MSVC++ libraries
- Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used
- Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD
- NetBSD 5.1 libc/net multiple functions stack buffer overflow
- Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD)
- [SECURITY] [DSA 2267-1] perl security update
- [SECURITY] [DSA 2268-1] iceweasel security update
- [SECURITY] [DSA 2262-2] php5 update
- [SECURITY] [DSA 2269-1] iceape security update
- Vega beta release: a new open-source web-application security assessment platform
- [SECURITY] [DSA 2270-1] qemu-kvm security update
- APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10
- From: Apple Product Security
- NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow
- NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation
- NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows
- Multiple vulnerabilities in Open-Realty
- NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow
- XSS in FlatPress
- Re: [Full-disclosure] Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD)
- Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- IDrive Online Backup ActiveX control Insecure Method
- aTube Catcher ActiveX Control Insecure Method
- [SECURITY] [DSA 2272-1] bind9 security update
- Fwd: RFC 6274 on Security Assessment of the Internet Protocol Version 4
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- Re: in_midi multiple vulnerabilities in Winamp 5.61
- Integer overflow in foobar2000 1.1.7
- Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
- Ubuntu: reseed(8), random.org, and HTTP request
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- Re: SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress
- Arbitrary files deletion in HP OpenView Communication Broker
- MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]
- Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- NGS00060 Technical Advisory: Blue Coat BCAAA Remote Code Execution Vulnerability
- [security bulletin] HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS)
- Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers
- Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations
- Aruba Advisory AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request
- [security bulletin] HPSBMA02674 SSRT100487 rev.2 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject
- Security Advisory: CVE-2011-2516
- Re: Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
- [SECURITY] [DSA 2273-1] icedove security update
- [SECURITY] [DSA 2275-1] openoffice.org security update
- ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability
- phpMyAdmin 3.x preg_replace RCE POC
- Re: [Full-disclosure] Binary Planting Goes "Any File Type"
- [slackware-security] mozilla-thunderbird (SSA:2011-189-02)
- From: Slackware Security Team
- [security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- bcksrvr format string in Sybase Adaptive Server 15.5
- [slackware-security] bind (SSA:2011-189-01)
- From: Slackware Security Team
- Re: [Full-disclosure] Binary Planting Goes "Any File Type"
- Re: [Full-disclosure] Binary Planting Goes "Any File Type"
- [SECURITY] [DSA 2274-1] wireshark security update
- phpMyAdmin 3.x Multiple Remote Code Executions
- Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities
- [SECURITY] [DSA 2277-1] xml-security-c security update
- POC2011 Call for Paper
- [HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th
- [SECURITY] [DSA 2276-1] asterisk security update
- [security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS)
- ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability
- Wireshark 1.4.0 Malformed IKE Packet Denial of Service
- [SECURITY] [DSA 2276-2] asterisk regression update
- Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss)
- [Announcement] ClubHack Magazine Issue 18-July2011 Released
- ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability
- Static Analysis Tool Exposition (SATE) - Call for Participation
- Alice (Telefonica Germany) Modem 1111 DoS + XSS
- CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite
- [Annoucement] ClubHack Magazine - Call for Articles
- Paltalk Messenger ActiveX Control Multiple Insecure Methods
- Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability
- Torque Server Buffer Overflow Vulnerability
- Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service
- DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
- Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
- [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities
- [oCERT-2011-001] Chyrp input sanitization errors
- iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability
- [slackware-security] mozilla-firefox (SSA:2011-195-02)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2011-195-01)
- From: Slackware Security Team
- ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability
- APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone
- From: Apple Product Security
- APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update
- From: Apple Product Security
- [SECURITY] [DSA 2254-2] oprofile security update
- [SECURITY] [DSA 2278-1] horde3 security update
- Reminder - DeepSec 2011 Call For Papers
- Call for Papers: ICITST-2011
- ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability
- [ MDVSA-2011:112 ] blender
- [ MDVSA-2011:114 ] blender
- [SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
- [SECURITY] [DSA 2280-1] libvirt security update
- H2HC Brazil (Hackers 2 Hackers Conference) 8th Edition - Call for Papers
- From: Rodrigo Rubira Branco \(BSDaemon\)
- Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009
- HTC / Android OBEX FTP Service Directory Traversal Vulnerability
- OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability
- XSS in Tiki Wiki CMS Groupware
- [ MDVSA-2011:115 ] bind
- APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
- From: Apple Product Security
- Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability
- Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- CA20110720-01: Security Notice for CA Gateway Security and Total Defense
- Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation
- From: Digit Security Research
- [SECURITY] [DSA 2281-1] opie security update
- iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability
- iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability
- iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability
- iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability
- iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability
- Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability
- From: fb1h2s Hack 2 Secure
- Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure
- ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability
- Foxit Reader Insecure Library Loading
- Permutation Oriented Programming
- Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
- From: YGN Ethical Hacker Group
- [ MDVSA-2011:116 ] curl
- [ MDVSA-2011:117 ] krb5-appl
- Hiding Backdoors in plain sight, again
- Re: [Full-disclosure] [Bkis] sNews 1.7.1 XSS vulnerability
- [ MDVSA-2011:118 ] wireshark
- CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability
- phpMyAdmin 3.x Conditional Session Manipulation
- NGS00042 Patch Notification: Solaris USB configuration descriptor kernel stack overflow
- [SECURITY] [DSA 2282-1] qemu-kvm security update
- [SECURITY] [DSA 2283-1] krb5-appl security update
- phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability
- [SECURITY] [DSA 2284-1] opensaml2 security update
- [ MDVSA-2011:119 ] libsndfile
- [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11
- OWASP AppSec USA 2011 Pre-conference Challenge #3 - July
- APPLE-SA-2011-07-20-2 iWork 9.1 Update
- From: Apple Product Security
- APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update
- From: Apple Product Security
- APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone
- From: Apple Product Security
- TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
- From: Trustwave Advisories
- [SECURITY] [DSA 2285-1] mapserver security update
- PHP-Barcode 0.3pl1 Remote Code Execution
- CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution
- Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability
- Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability
- Funnel Web (directory.php?cid) Remote SQL injection Vulnerability
- Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability
- Funnel Web (pages.php?page) Remote SQL injection Vulnerability
- Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability
- DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability
- Precision (products.php?cat_id) Remote SQL injection Vulnerability
- Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability
- [PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1
- [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker
- [PT-2011-05] Cross-Site Scripting in Koha Library Software
- Hacking IPv6 Networks (slides)
- Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials
- [Tool] DoS for OpenSLP (and others)
- [SECURITY] [DSA 2286-1] phpmyadmin security update
- ESA-2011-024: EMC Captiva eInput multiple vulnerabilities
- ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability
- Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability
- SA500 vulnerabilities - details
- [ MDVSA-2011:120 ] freetype2
- G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability
- iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability
- Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability
- Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability
- Multiple XSS in GBook PHP guestbook
- Redirection vulnerability in MBoard
- [ MDVSA-2011:121 ] samba
- ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability
- ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability
- ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability
- ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability
- ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability
- Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability
- FootBall Cms (view_table_lig.php?group) XSS Vulnerability
- TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (notifRuleInfo$mode page)
- TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page)
- TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (metricDetail$type page)
- Coherendz (products.php?cat_id) Remote SQL injection Vulnerability
- WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability
- Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability
- Zones Web Solution (StoneDetails.php?stone) XSS Vulnerability
- Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities
- Web Fusion Nepal (tour.php?category) XSS Vulnerability
- Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability
- Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability
- Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability
- A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability
- indiacon (selloffers.php?cid) Remote SQL injection Vulnerability
- CobraScripts (selloffers.php?cid) Remote SQL injection Vulnerability
- Wireshark 1.6.1 Malformed IKE Packet Denial of Service
- Re: [Full-disclosure] [BMSA-2009-07] Backdoor in PyForum
- Two security issues fixed in ioQuake3 engine
- [security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack
- [SECURITY] [DSA 2287-1] libpng security update
- [security bulletin] HPSBMU02693 SSRT100583 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS)
- [security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02689 SSRT100494 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion
- Gopal Systems (products.php?cat_id) Remote SQL injection Vulnerability
- n.runs-SA-2011.001 - Citrix XenApp / XenDesktop Stack-Based Buffer Overflow
- n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption
- ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability
- Sitecore CMS 6.4 Open URL Redirect Vulnerability
- [SECURITY] [DSA 2288-1] libsndfile security update
- PacSec CFP note, deadline Aug 3; conf Nov 9/10 Tokyo
- Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Vegetav (news_item.php?id) Remote SQL injection Vulnerability
- cgcraft llc (info.php?id) (news_item.php?id) Remote SQL injection Vulnerability
- AppSec USA 2011 Open Source Showcase Call for Demos
- ZDI-11-245: Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability
- ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability
Mail converted by MHonArc