Mail Thread Index

• Date Index

• [slackware-security] dhcpcd (SSA:2011-210-02), Slackware Security Team
• [slackware-security] samba (SSA:2011-210-03), Slackware Security Team
• [slackware-security] libpng (SSA:2011-210-01), Slackware Security Team
• cgcraft llc (collections.php?id) Cross Site Scripting Vulnerabilities, ehsan_hp200
• Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
• CFP open for ClubHack2011, Abhijeet Patil
• NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write, Research@NGSSecure
• Android Browser Cross-Application Scripting (CVE-2011-2357), Roee Hay
• Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5, haroon
• XSS in WP e-Commerce, advisory
• Multiple XSS in HESK, advisory
• ThreeDify Designer ActiveX control Insecure Method, advisory
• ThreeDify Designer ActiveX control multiple buffer overflow vulnerabilities, advisory
• APPLE-SA-2011-08-03-1 QuickTime 7.7, Apple Product Security
• Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation, Henri Salo
• Community Server - Reflected Cross-Site Scripting -, Advisories PontoSec
• Community Server - Stored Cross-Site Scripting in User's Signature, Advisories PontoSec
• Useless OpenSSH resources exhausion bug via GSSAPI, pi3
• Sophos Antivirus Review, Tavis Ormandy
• [SECURITY] [DSA 2289-1] typo3-src security update, Florian Weimer
• [SECURITY] [DSA 2290-1] samba security update, Florian Weimer
• [SECURITY] [DSA 2291-1] squirrelmail security update, Thijs Kinkhorst
• [security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code, security-alert
• TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability, ZDI Disclosures
• TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability, ZDI Disclosures
• Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability, ehsan_hp200
• Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Liberating IT (picture.php?gid) Remote SQL injection Vulnerability, ehsan_hp200
• Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials, Williams, James K
• Amigot Corp (story.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• 6House Design (product_details.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Webdesigns-studio (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities, ehsan_hp200
• THE STUDIO (prod.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• TWSL2011-008: Focus Stealing Vulnerability in Android, Trustwave Advisories
• SEO New York (prod.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• IPv6 Hackers mailing-list, Fernando Gont
• EasyContent CMS (participant.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• XWeavers (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities, ehsan_hp200
• Kimia Remote SQL injection Vulnerability, ehsan_hp200
• Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• XWeavers (page.asp?id) Remote SQL injection Vulnerability, ehsan_hp200
• [security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, security-alert
• Fwd: {Lostmon´s Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability, Lostmon lords
• ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability, ZDI Disclosures
• ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• CfP for 4th OWASP Day Germany 2011 now open, Tobias Glemser
• [security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure, security-alert
• Multiple XSS in eShop for Wordpress, advisory
• [security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code, security-alert
• SQL injection in Social Slider, advisory
• [security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code, security-alert
• [oCERT-2011-002] libavcodec insufficient boundary check, Daniele Bianco
• CA20110809-01: Security Notice for CA ARCserve D2D, ken
• iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability, labs-no-reply
• iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow, labs-no-reply
• SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 2292-1] ISC DHCP security update, Florian Weimer
• CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass, s2-security
• VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19), VUPEN Security Research
• VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21), VUPEN Security Research
• [ MDVSA-2011:122 ] clamav, security
• [ MDVSA-2011:123 ] squirrelmail, security
• [ MDVSA-2011:124 ] phpmyadmin, security
• [ MDVSA-2011:125 ] foomatic-filters, security
• [SECURITY] [DSA 2294-1] freetype security update, Moritz Muehlenhoff
• Calisto light, light plus and full, Sql Injection And user or Admin bypass, Lostmon lords
• [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat), Mark Thomas
• [SECURITY] CVE-2011-2481: Apache Tomcat information disclosure vulnerability, Mark Thomas
• Neox (categoria.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• [SECURITY] [DSA 2293-1] libxfont security update, Thijs Kinkhorst
• QOLQA (categoria.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• cdeVision (index.php?page) Remote File Inclusion Vulnerability, ehsan_hp200
• CdeVision Cross Site Scripting Vulnerabilities, ehsan_hp200
• PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability, ehsan_hp200
• INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit, runlvl
• ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
• [slackware-security] bind (SSA:2011-224-01), Slackware Security Team
• WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
• WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability, YGN Ethical Hacker Group
• CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability, ehsan_hp200
• DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• BACKEND (categoria.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• awiki 20100125 multiple local file inclusion vulnerabilities, muuratsalo experimental hack lab
• Ruxcon 2011 Final Call For Papers, cfp
• [security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS), security-alert
• The LAD Melbourne Cms Sql Injection Vulnerability, cyber netron
• NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability, robkraus
• NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability, robkraus
• Call for Papers: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)!, Call for papers
• [ MDVSA-2011:126 ] java-1.6.0-openjdk, security
• [Annoucement] ClubHack Magazine - Call for Articles, abhijeet
• {Lostmon´s Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection, Lostmon lords
• phpList Improper Access Control and Information Leakage vulnerabilities, Davide Canali
• CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products, Matthew Flanagan
• Malformed DHCPv6 packets cause RPC to become unresponsive, tunterleitner
• phpWebSite (userpage) Cross Site Scripting Vulnerabilities, ehsan_hp200
• dedacom (dettaglio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability, ehsan_hp200
• InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-266: RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-267: RealNetworks Realplayer MP3 ID3 tags Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-268: RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-269: RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability, ZDI Disclosures
• lab382 (dettaglio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise), Security_Alert
• XSS in Fast Secure Contact Form wordpress plugin, advisory
• Multiple XSS in WP-Stats-Dashboard, advisory
• StudioLine Photo Basic 3 ActiveX control Insecure Method, advisory
• ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability, ZDI Disclosures
• WebRising (dettaglio.asp?id) Remote SQL injection Vulnerability, ehsan_hp200
• ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2011:127 ] mozilla, security
• Xplace Company (dettaglio.asp?id) (alloggi-dett.asp?id) (eventi.asp?id) Remote SQL injection Vulnerability, ehsan_hp200
• [SECURITY] [DSA 2295-1] iceape security update, Moritz Muehlenhoff
• ZDI-11-272: (0day) FlexNet License Server Manager Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2296-1] iceweasel security update, Moritz Muehlenhoff
• [ MDVSA-2011:128 ] dhcp, security
• ToorCon 13 Call For Papers, h1kari
• Elgg 1.7.10 <= | Multiple Vulnerabilities, YGN Ethical Hacker Group
• ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird, ACROS Security Lists
• ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox, ACROS Security Lists
• ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart, Security_Alert
• ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability, ehsan_hp200
• Grupo Argentina Web Remote SQL injection Vulnerability, ehsan_hp200
• Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server, Cisco Systems Product Security Incident Response Team
• Concrete CMS 5.4.1.1 <= Cross Site Scripting, YGN Ethical Hacker Group
• ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision, Security_Alert
• [SECURITY] [DSA 2297-1] icedove security update, Moritz Muehlenhoff
• Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution, Brett Moore
• Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower, Chris Travers
• ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• PHP 5.3.6 multiple null pointer dereference, cxib
• [CVE-2011-2712] Apache Wicket XSS vulnerability, Martin Grigorov
• ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS, Timo Warns
• PHP 5.3.6 ZipArchive invalid use glob(3), cxib
• [slackware-security] php (SSA:2011-237-01), Slackware Security Team
• ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability, ehsan_hp200
• CreatiWeb Remote SQL injection Vulnerability, ehsan_hp200
• Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability, ehsan_hp200
• Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability, ehsan_hp200
• Simply Media Web (archivio.asp?categoria_id) Remote SQL injection Vulnerability, ehsan_hp200
• Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability, ehsan_hp200
• NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure, robkraus
• Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls, info
• SQL-Ledger patch update for SQL injection, Chris Travers
• ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability, ZDI Disclosures
• JagoanStore CMS Arbitary file upload vulnerability, eidelweiss
• [PT-2011-23] Database information disclosure in GLPI, noreply
• Nafis Group (review.php?ID) Remote SQL injection Vulnerability, ehsan_hp200
• Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability, ehsan_hp200
• Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability, ehsan_hp200
• LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability, ehsan_hp200
• ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine, Cisco Systems Product Security Incident Response Team
• NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption, Research@NGSSecure
• B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability, ehsan_hp200
• BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability, ehsan_hp200
• Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability, ehsan_hp200
• Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability, ehsan_hp200
• Spherica Remote SQL injection Vulnerability, ehsan_hp200
• Marinet Remote SQL injection Vulnerability, ehsan_hp200
  • <Possible follow-ups>
  • Marinet Remote SQL injection Vulnerability, ehsan_hp200
• TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability, ehsan_hp200
• Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability, ehsan_hp200
• OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability, ehsan_hp200
• Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability, ehsan_hp200
• Jcow CMS 4.2 <= | Cross Site Scripting, YGN Ethical Hacker Group
• Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution, YGN Ethical Hacker Group
• phpWebSite (publisher) Remote SQL injection Vulnerability, ehsan_hp200
• [Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting, Jose Carlos de Arriba
• JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities, admin
• Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability, ehsan_hp200
• Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• LifeSize Room Vulnerabilities, smcintyre
• DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal, ddivulnalert
• [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure, Mark Thomas
• [SECURITY] [DSA 2298-1] apache2 security update, Stefan Fritsch
• XSS in IBM Open Admin Tool, sk
• bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200