Mail Index
- [slackware-security] dhcpcd (SSA:2011-210-02)
- From: Slackware Security Team
- [slackware-security] samba (SSA:2011-210-03)
- From: Slackware Security Team
- [slackware-security] libpng (SSA:2011-210-01)
- From: Slackware Security Team
- cgcraft llc (collections.php?id) Cross Site Scripting Vulnerabilities
- Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- CFP open for ClubHack2011
- NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write
- Android Browser Cross-Application Scripting (CVE-2011-2357)
- Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5
- XSS in WP e-Commerce
- Multiple XSS in HESK
- ThreeDify Designer ActiveX control Insecure Method
- ThreeDify Designer ActiveX control multiple buffer overflow vulnerabilities
- APPLE-SA-2011-08-03-1 QuickTime 7.7
- From: Apple Product Security
- Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation
- Community Server - Reflected Cross-Site Scripting -
- From: Advisories PontoSec
- Community Server - Stored Cross-Site Scripting in User's Signature
- From: Advisories PontoSec
- Useless OpenSSH resources exhausion bug via GSSAPI
- Sophos Antivirus Review
- [SECURITY] [DSA 2289-1] typo3-src security update
- [SECURITY] [DSA 2290-1] samba security update
- [SECURITY] [DSA 2291-1] squirrelmail security update
- [security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code
- TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability
- TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
- Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability
- Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability
- Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability
- Liberating IT (picture.php?gid) Remote SQL injection Vulnerability
- Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials
- Amigot Corp (story.php?id) Remote SQL injection Vulnerability
- 6House Design (product_details.php?id) Remote SQL injection Vulnerability
- Webdesigns-studio (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities
- THE STUDIO (prod.php?id) Remote SQL injection Vulnerability
- TWSL2011-008: Focus Stealing Vulnerability in Android
- From: Trustwave Advisories
- SEO New York (prod.php?id) Remote SQL injection Vulnerability
- IPv6 Hackers mailing-list
- EasyContent CMS (participant.php?id) Remote SQL injection Vulnerability
- Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability
- XWeavers (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities
- Kimia Remote SQL injection Vulnerability
- Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability
- XWeavers (page.asp?id) Remote SQL injection Vulnerability
- [security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access
- Fwd: {Lostmon´s Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
- ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
- ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
- ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability
- ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability
- ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability
- CfP for 4th OWASP Day Germany 2011 now open
- [security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure
- Multiple XSS in eShop for Wordpress
- [security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code
- SQL injection in Social Slider
- [security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code
- [oCERT-2011-002] libavcodec insufficient boundary check
- CA20110809-01: Security Notice for CA ARCserve D2D
- iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability
- iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow
- SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2292-1] ISC DHCP security update
- CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass
- VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19)
- From: VUPEN Security Research
- VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21)
- From: VUPEN Security Research
- [ MDVSA-2011:122 ] clamav
- [ MDVSA-2011:123 ] squirrelmail
- [ MDVSA-2011:124 ] phpmyadmin
- [ MDVSA-2011:125 ] foomatic-filters
- [SECURITY] [DSA 2294-1] freetype security update
- Calisto light, light plus and full, Sql Injection And user or Admin bypass
- [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
- [SECURITY] CVE-2011-2481: Apache Tomcat information disclosure vulnerability
- Neox (categoria.php?id) Remote SQL injection Vulnerability
- [SECURITY] [DSA 2293-1] libxfont security update
- QOLQA (categoria.php?id) Remote SQL injection Vulnerability
- cdeVision (index.php?page) Remote File Inclusion Vulnerability
- CdeVision Cross Site Scripting Vulnerabilities
- PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability
- INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit
- ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
- ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability
- [slackware-security] bind (SSA:2011-224-01)
- From: Slackware Security Team
- WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability
- From: YGN Ethical Hacker Group
- WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability
- From: YGN Ethical Hacker Group
- CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability
- DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability
- BACKEND (categoria.php?id) Remote SQL injection Vulnerability
- SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability
- awiki 20100125 multiple local file inclusion vulnerabilities
- From: muuratsalo experimental hack lab
- Ruxcon 2011 Final Call For Papers
- [security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS)
- The LAD Melbourne Cms Sql Injection Vulnerability
- NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability
- NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability
- Call for Papers: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)!
- [ MDVSA-2011:126 ] java-1.6.0-openjdk
- [Annoucement] ClubHack Magazine - Call for Articles
- {Lostmon´s Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection
- phpList Improper Access Control and Information Leakage vulnerabilities
- CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products
- Malformed DHCPv6 packets cause RPC to become unresponsive
- phpWebSite (userpage) Cross Site Scripting Vulnerabilities
- dedacom (dettaglio.php?id) Remote SQL injection Vulnerability
- dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability
- ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability
- Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability
- netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability
- InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability
- ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability
- ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability
- ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability
- ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability
- ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability
- ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability
- ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability
- ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
- ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability
- ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability
- ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability
- ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability
- ZDI-11-266: RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability
- ZDI-11-267: RealNetworks Realplayer MP3 ID3 tags Remote Code Execution Vulnerability
- ZDI-11-268: RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability
- ZDI-11-269: RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
- lab382 (dettaglio.php?id) Remote SQL injection Vulnerability
- ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)
- XSS in Fast Secure Contact Form wordpress plugin
- Multiple XSS in WP-Stats-Dashboard
- StudioLine Photo Basic 3 ActiveX control Insecure Method
- ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability
- WebRising (dettaglio.asp?id) Remote SQL injection Vulnerability
- ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability
- [ MDVSA-2011:127 ] mozilla
- Xplace Company (dettaglio.asp?id) (alloggi-dett.asp?id) (eventi.asp?id) Remote SQL injection Vulnerability
- [SECURITY] [DSA 2295-1] iceape security update
- ZDI-11-272: (0day) FlexNet License Server Manager Remote Code Execution Vulnerability
- [SECURITY] [DSA 2296-1] iceweasel security update
- [ MDVSA-2011:128 ] dhcp
- ToorCon 13 Call For Papers
- Elgg 1.7.10 <= | Multiple Vulnerabilities
- From: YGN Ethical Hacker Group
- ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird
- From: ACROS Security Lists
- ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox
- From: ACROS Security Lists
- ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart
- ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability
- Grupo Argentina Web Remote SQL injection Vulnerability
- Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server
- From: Cisco Systems Product Security Incident Response Team
- Concrete CMS 5.4.1.1 <= Cross Site Scripting
- From: YGN Ethical Hacker Group
- ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision
- [SECURITY] [DSA 2297-1] icedove security update
- Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution
- Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower
- ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability
- Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- PHP 5.3.6 multiple null pointer dereference
- [CVE-2011-2712] Apache Wicket XSS vulnerability
- ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability
- [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
- PHP 5.3.6 ZipArchive invalid use glob(3)
- [slackware-security] php (SSA:2011-237-01)
- From: Slackware Security Team
- ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability
- CreatiWeb Remote SQL injection Vulnerability
- Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability
- Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability
- Simply Media Web (archivio.asp?categoria_id) Remote SQL injection Vulnerability
- Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability
- NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure
- Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
- SQL-Ledger patch update for SQL injection
- ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability
- JagoanStore CMS Arbitary file upload vulnerability
- [PT-2011-23] Database information disclosure in GLPI
- Nafis Group (review.php?ID) Remote SQL injection Vulnerability
- Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability
- Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability
- LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability
- ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
- Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine
- From: Cisco Systems Product Security Incident Response Team
- NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption
- B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability
- BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability
- Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability
- Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability
- Spherica Remote SQL injection Vulnerability
- Marinet Remote SQL injection Vulnerability
- Marinet Remote SQL injection Vulnerability
- TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability
- Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability
- OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability
- Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
- Jcow CMS 4.2 <= | Cross Site Scripting
- From: YGN Ethical Hacker Group
- Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution
- From: YGN Ethical Hacker Group
- phpWebSite (publisher) Remote SQL injection Vulnerability
- [Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting
- From: Jose Carlos de Arriba
- JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities
- Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability
- Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability
- Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability
- Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability
- LifeSize Room Vulnerabilities
- DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal
- [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
- [SECURITY] [DSA 2298-1] apache2 security update
- XSS in IBM Open Admin Tool
- bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability
- Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability
- Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability
Mail converted by MHonArc