Mail Thread Index

• Date Index

• Multiple vulnerabilities in Winamp 5.61, Luigi Auriemma
• Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method, advisory
• Breaking the links: Exploiting the linker, Tim Brown
• ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [slackware-security] pidgin (SSA:2011-178-01), Slackware Security Team
• AST-2011-011: Possible enumeration of SIP users due to differing authentication responses, Asterisk Security Team
• Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011/May/460, NNT Support
• Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities, YGN Ethical Hacker Group
• CORE-2011-0514: Multiple vulnerabilities in HP Data Protector, CORE Security Technologies Advisories
• CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability, CORE Security Technologies Advisories
• Multiple Cross-Site Scripting vulnerabilities in WebCalendar, sschurtz
  • Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar, Henri Salo
  • <Possible follow-ups>
  • Re: Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar, sschurtz
• Arbitrary files deletion in HP OpenView Performance Agent, Luigi Auriemma
• [security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2271-1] curl security update, Giuseppe Iuculano
• bcksrvr format string in Sybase Adaptive Server 15.5, Luigi Auriemma
  • <Possible follow-ups>
  • bcksrvr format string in Sybase Adaptive Server 15.5, Luigi Auriemma
• Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460, dennis . brunnen
  • <Possible follow-ups>
  • Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460, support
• in_midi multiple vulnerabilities in Winamp 5.61, Luigi Auriemma
  • Re: in_midi multiple vulnerabilities in Winamp 5.61, Henri Salo
• [SECURITY] [DSA 2266-1] php5 security update, Moritz Muehlenhoff
• ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA-2210-2] tiff security update, Luciano Bello
• ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability, ZDI Disclosures
• SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress, SEC Consult Vulnerability Lab
  • Re: SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress, Henri Salo
• [security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code, security-alert
• Re: Perfect PDF products distributed with vulnerable MSVC++ libraries, Jeffrey Walton
• Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used, pierre . ernst
• Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD, Darren Tucker
• NetBSD 5.1 libc/net multiple functions stack buffer overflow, cxib
• Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD), HI-TECH .
  • Message not available
    • Re: [Full-disclosure] Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD), HI-TECH .
• [SECURITY] [DSA 2267-1] perl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2268-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2262-2] php5 update, Moritz Muehlenhoff
• [SECURITY] [DSA 2269-1] iceape security update, Moritz Muehlenhoff
• Vega beta release: a new open-source web-application security assessment platform, David Mirza
• [SECURITY] [DSA 2270-1] qemu-kvm security update, Moritz Muehlenhoff
• APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10, Apple Product Security
• NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow, Research@NGSSecure
• NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation, Research@NGSSecure
• NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows, Research@NGSSecure
• Multiple vulnerabilities in Open-Realty, advisory
• NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow, Research@NGSSecure
• XSS in FlatPress, advisory
• IDrive Online Backup ActiveX control Insecure Method, advisory
• aTube Catcher ActiveX Control Insecure Method, advisory
• [SECURITY] [DSA 2272-1] bind9 security update, Florian Weimer
• Fwd: RFC 6274 on Security Assessment of the Internet Protocol Version 4, Fernando Gont
• Integer overflow in foobar2000 1.1.7, Luigi Auriemma
• Ubuntu: reseed(8), random.org, and HTTP request, Jeffrey Walton
  • Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, coderman
  • Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, Jamie Strandboge
  • Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, Michal Zalewski
    • Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request, Michal Zalewski
• Arbitrary files deletion in HP OpenView Communication Broker, Luigi Auriemma
• MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526], Tom Yu
• Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• NGS00060 Technical Advisory: Blue Coat BCAAA Remote Code Execution Vulnerability, Research@NGSSecure
• [security bulletin] HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS), security-alert
• Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers, Barry Greene
• Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations, Barry Greene
• Aruba Advisory AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces, RGill
• [security bulletin] HPSBMA02674 SSRT100487 rev.2 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject, security-alert
• Security Advisory: CVE-2011-2516, Cantor, Scott E.
• [SECURITY] [DSA 2273-1] icedove security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2275-1] openoffice.org security update, Nico Golde
• ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability, ZDI Disclosures
• phpMyAdmin 3.x preg_replace RCE POC, Mango
• Re: [Full-disclosure] Binary Planting Goes "Any File Type", Dan Kaminsky
  • Re: [Full-disclosure] Binary Planting Goes "Any File Type", Mitja Kolsek
    • Re: [Full-disclosure] Binary Planting Goes "Any File Type", Dan Kaminsky
• [slackware-security] mozilla-thunderbird (SSA:2011-189-02), Slackware Security Team
• [security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
• [slackware-security] bind (SSA:2011-189-01), Slackware Security Team
• [SECURITY] [DSA 2274-1] wireshark security update, Moritz Muehlenhoff
• phpMyAdmin 3.x Multiple Remote Code Executions, Mango
• Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities, admin
• [SECURITY] [DSA 2277-1] xml-security-c security update, Nico Golde
• POC2011 Call for Paper, pocadm
• [HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th, Hafez Kamal
• [SECURITY] [DSA 2276-1] asterisk security update, Luciano Bello
• [security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS), security-alert
• ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability, ZDI Disclosures
• Wireshark 1.4.0 Malformed IKE Packet Denial of Service, vuln
  • <Possible follow-ups>
  • Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service, gerald
• [SECURITY] [DSA 2276-2] asterisk regression update, Luciano Bello
• Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss), randy
• [Announcement] ClubHack Magazine Issue 18-July2011 Released, abhijeet
• ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability, ZDI Disclosures
• Static Analysis Tool Exposition (SATE) - Call for Participation, Delaitre, Aurelien
• Alice (Telefonica Germany) Modem 1111 DoS + XSS, Moritz Naumann
• CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite, Aditya K Sood
• [Annoucement] ClubHack Magazine - Call for Articles, abhijeet
• Paltalk Messenger ActiveX Control Multiple Insecure Methods, advisory
• Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability, nospam
• Torque Server Buffer Overflow Vulnerability, pi3
• DC4420 - London DEFCON - July meet - Tuesday 19th July 2011, Major Malfunction
  • Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011, Major Malfunction
• [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities, Mark Thomas
• [oCERT-2011-001] Chyrp input sanitization errors, Andrea Barisani
• iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability, labs-no-reply
• [slackware-security] mozilla-firefox (SSA:2011-195-02), Slackware Security Team
• [slackware-security] seamonkey (SSA:2011-195-01), Slackware Security Team
• ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability, Security_Alert
• APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone, Apple Product Security
• APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update, Apple Product Security
• [SECURITY] [DSA 2254-2] oprofile security update, Luciano Bello
• [SECURITY] [DSA 2278-1] horde3 security update, Steffen Joeris
• Reminder - DeepSec 2011 Call For Papers, DeepSec Conference
• Call for Papers: ICITST-2011, Call for papers
• ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2011:112 ] blender, security
• [ MDVSA-2011:114 ] blender, security
• [SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update, Steffen Joeris
• [SECURITY] [DSA 2280-1] libvirt security update, Steffen Joeris
• H2HC Brazil (Hackers 2 Hackers Conference) 8th Edition - Call for Papers, Rodrigo Rubira Branco \(BSDaemon\)
• Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009, Lists
• HTC / Android OBEX FTP Service Directory Traversal Vulnerability, alberto . morenot
• OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability, Patrick Webster
• XSS in Tiki Wiki CMS Groupware, advisory
• [ MDVSA-2011:115 ] bind, security
• APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6, Apple Product Security
• Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities, Cisco Systems Product Security Incident Response Team
• CA20110720-01: Security Notice for CA Gateway Security and Total Defense, Kotas, Kevin J
• Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation, Digit Security Research
• [SECURITY] [DSA 2281-1] opie security update, Steffen Joeris
• iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability, labs-no-reply
• iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability, labs-no-reply
• iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability, labs-no-reply
• iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability, labs-no-reply
• iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability, labs-no-reply
• Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability, fb1h2s Hack 2 Secure
• Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure, adic
• ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability, ZDI Disclosures
• Foxit Reader Insecure Library Loading, robkraus
• Permutation Oriented Programming, Nelson Brito
• Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities, YGN Ethical Hacker Group
• [ MDVSA-2011:116 ] curl, security
• [ MDVSA-2011:117 ] krb5-appl, security
• Hiding Backdoors in plain sight, again, CoreTex Team
• Re: [Full-disclosure] [Bkis] sNews 1.7.1 XSS vulnerability, Henri Salo
• [ MDVSA-2011:118 ] wireshark, security
• CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• phpMyAdmin 3.x Conditional Session Manipulation, Mango
• NGS00042 Patch Notification: Solaris USB configuration descriptor kernel stack overflow, Research@NGSSecure
• [SECURITY] [DSA 2282-1] qemu-kvm security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2283-1] krb5-appl security update, Moritz Muehlenhoff
• phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability, spamgoeshere
• [SECURITY] [DSA 2284-1] opensaml2 security update, Moritz Muehlenhoff
• [ MDVSA-2011:119 ] libsndfile, security
• [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11, advisory
• OWASP AppSec USA 2011 Pre-conference Challenge #3 - July, adam . baso
• APPLE-SA-2011-07-20-2 iWork 9.1 Update, Apple Product Security
• APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update, Apple Product Security
• APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone, Apple Product Security
• TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain, Trustwave Advisories
• [SECURITY] [DSA 2285-1] mapserver security update, Nico Golde
• PHP-Barcode 0.3pl1 Remote Code Execution, beford
• CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution, nospam
• Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability, ehsan_hp200
• Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• Funnel Web (directory.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability, ehsan_hp200
• Funnel Web (pages.php?page) Remote SQL injection Vulnerability, ehsan_hp200
• Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability, ehsan_hp200
• DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• Precision (products.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability, ehsan_hp200
• [PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1, noreply
• [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker, noreply
• [PT-2011-05] Cross-Site Scripting in Koha Library Software, noreply
• Hacking IPv6 Networks (slides), Fernando Gont
• Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials, Williams, James K
• [Tool] DoS for OpenSLP (and others), Nicolas Grégoire
• [SECURITY] [DSA 2286-1] phpmyadmin security update, Thijs Kinkhorst
• ESA-2011-024: EMC Captiva eInput multiple vulnerabilities, Security_Alert
• ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability, Security_Alert
• Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability, ehsan_hp200
• SA500 vulnerabilities - details, michal . sajdak
• [ MDVSA-2011:120 ] freetype2, security
• G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability, ehsan_hp200
• iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Multiple XSS in GBook PHP guestbook, advisory
• Redirection vulnerability in MBoard, advisory
• [ MDVSA-2011:121 ] samba, security
• ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability, ZDI Disclosures
• Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• FootBall Cms (view_table_lig.php?group) XSS Vulnerability, ehsan_hp200
• TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (notifRuleInfo$mode page), Shatter
• TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page), Shatter
• TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (metricDetail$type page), Shatter
• Coherendz (products.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability, ehsan_hp200
• Zones Web Solution (StoneDetails.php?stone) XSS Vulnerability, ehsan_hp200
• Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities, ehsan_hp200
• Web Fusion Nepal (tour.php?category) XSS Vulnerability, ehsan_hp200
• Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• indiacon (selloffers.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• CobraScripts (selloffers.php?cid) Remote SQL injection Vulnerability, ehsan_hp200
• Wireshark 1.6.1 Malformed IKE Packet Denial of Service, vuln
• Re: [Full-disclosure] [BMSA-2009-07] Backdoor in PyForum, Henri Salo
• Two security issues fixed in ioQuake3 engine, Thilo Schulz
• [security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack, security-alert
• [SECURITY] [DSA 2287-1] libpng security update, Luciano Bello
• [security bulletin] HPSBMU02693 SSRT100583 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), security-alert
• [security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02689 SSRT100494 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion, security-alert
• Gopal Systems (products.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• n.runs-SA-2011.001 - Citrix XenApp / XenDesktop Stack-Based Buffer Overflow, security
• n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption, security
• ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability, ZDI Disclosures
• Sitecore CMS 6.4 Open URL Redirect Vulnerability, Tom Neaves
• [SECURITY] [DSA 2288-1] libsndfile security update, Moritz Muehlenhoff
• PacSec CFP note, deadline Aug 3; conf Nov 9/10 Tokyo, Dragos Ruiu
• Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability, Cisco Systems Product Security Incident Response Team
• Vegetav (news_item.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• cgcraft llc (info.php?id) (news_item.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• AppSec USA 2011 Open Source Showcase Call for Demos, adam . baso
• ZDI-11-245: Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability, ZDI Disclosures