Mail Index
- Elastix PBX Extensions Enumeration
- [ MDVSA-2011:139 ] firefox
- [ MDVSA-2011:140 ] mozilla-thunderbird
- [ MDVSA-2011:141 ] firefox
- [ MDVSA-2011:142 ] mozilla-thunderbird
- SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Netvolution referer header SQL injection vulnerability
- Vulnerabilities in Cytel Studio 9
- Vulnerabilities in GenStat 14.1.0.5943
- DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval
- DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal
- Phorum 5.2.18 Cross-site scripting vulnerability
- [SECURITY] [DSA 2314-1] puppet security update
- vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- Multiple vulnerabilities in SonicWall
- New open source Security Framework
- FreeBSD Security Advisory FreeBSD-SA-11:05.unix [REVISED]
- From: FreeBSD Security Advisories
- VMSA-2011-0011 VMware hosted products address remote code execution vulnerability
- From: VMware Security Team
- vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
- From: YGN Ethical Hacker Group
- vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability
- From: YGN Ethical Hacker Group
- Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability
- [SECURITY] [DSA 2315-1] openoffice.org security update
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager
- From: Cisco Systems Product Security Incident Response Team
- Re: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
- [SECURITY] [DSA 2316-1] quagga security update
- [ MDVSA-2011:143 ] rpm
- [SECURITY] [DSA 2317-1] icedove security update
- Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability
- [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update
- Secunia Research: Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability
- Secunia Research: Autonomy Keyview Ichitaro Text Parsing Buffer Overflow
- Secunia Research: Autonomy Keyview Ichitaro Object Reconstruction Logic Vulnerability
- VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability
- From: VUPEN Security Research
- VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability
- From: VUPEN Security Research
- Medium severity flaw with Ark
- Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM
- ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
- Contao 2.10.1 Cross-site scripting vulnerability
- SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities
- [ MDVSA-2011:144 ] apache
- [SECURITY] [DSA 2319-1] policykit-1 security update
- [Announcement] ClubHack Mag Issue 21- October 2011 Released
- KaiBB 2.0.1 XSS and SQL Injection vulnerabilities
- [ MDVSA-2011:146 ] cups
- NGS00062 Technical Advisory: Apple OSX / iPhone ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
- [ GLSA 201110-01 ] OpenSSL: Multiple vulnerabilities
- [ MDVSA-2011:147 ] cups
- [ MDVSA-2011:131-1 ] libxml
- [SECURITY] [DSA 2321-1] moin security update
- openEngine 2.0 'key' Blind SQL Injection vulnerability
- [SECURITY] [DSA 2320-1] dokuwiki regression fix
- [ MDVSA-2011:145 ] libxml2
- [SECURITY] [DSA 2322-1] bugzilla security update
- [security bulletin] HPSBMU02710 SSRT100601 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access
- [ GLSA 201110-03 ]
- [ GLSA 201110-04 ]
- [ GLSA 201110-05 ] GnuTLS: Multiple vulnerabilities
- [ GLSA 201110-07 ] vsftpd: Denial of Service
- Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities
- ZOHO ManageEngine ADSelfService Plus Administrative Access
- [ GLSA 201110-06 ] PHP: Multiple vulnerabilities
- APPLE-SA-2011-10-11-1 iTunes 10.5
- From: Apple Product Security
- Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364)
- [ MDVSA-2011:148 ] samba
- LedgerSMB 1.3.0 released, includes anti-XSRF framework
- Multiple vulnerabilities in BugFree
- Multiple vulnerabilities in Pretty Link WordPress Plugin
- Re: SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities
- CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption
- From: CORE Security Technologies Advisories
- AppSec DC 2012 CFP is OPEN!
- APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4
- From: Apple Product Security
- APPLE-SA-2011-10-12-1 iOS 5 Software Update
- From: Apple Product Security
- APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
- From: Apple Product Security
- APPLE-SA-2011-10-12-5 Pages for iOS v1.5
- From: Apple Product Security
- APPLE-SA-2011-10-12-6 Numbers for iOS v1.5
- From: Apple Product Security
- iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability
- APPLE-SA-2011-10-12-4 Safari 5.1.1
- From: Apple Product Security
- Two Remote Code Execution Vulnerabilities in Internet Explorer
- VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
- From: VMware Security Team
- SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969)
- From: SEC Consult Vulnerability Lab
- Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass
- Multiple G-WAN vulnerabilities
- iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability
- iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability
- [ GLSA 201110-08 ] feh: Multiple vulnerabilities
- [ GLSA 201110-09 ] Conky: Privilege escalation
- [ GLSA 201110-10 ] Wget: User-assisted file creation or overwrite
- [ GLSA 201110-11 ] Adobe Flash Player: Multiple vulnerabilities
- DC4420 - London DEFCON - October meet - Tuesday October 18th 2011
- [PTResearch] SAP DIAG Decompress plugin for Wireshark
- [ MDVSA-2011:149 ] cyrus-imapd
- [slackware-security] httpd (SSA:2011-284-01)
- From: Slackware Security Team
- [ GLSA 201110-12 ] Unbound: Denial of Service
- ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability
- [ MDVSA-2011:150 ] squid
- [ MDVSA-2011:151 ] libpng
- foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass
- Re: [Full-disclosure] Breaking the links: Exploiting the linker
- DAEMON Tools IOCTL local denial-of-service vulnerability
- WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012
- [Announcement] ClubHack Magazine - Call for Articles
- [ MDVSA-2011:152 ] ncompress
- [ MDVSA-2011:153 ] libxfont
- [ MDVSA-2011:154 ] systemtap
- ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability
- ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability
- ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability
- AST-2011-012: Remote crash vulnerability in SIP channel driver
- From: Asterisk Security Team
- [ MDVSA-2011:155 ] systemtap
- [PT-2011-14] SQL injection vulnerability in BoonEx Dolphin
- Site@School 2.4.10 SQL Injection & XSS vulnerabilities
- Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection
- [ MDVSA-2011:156 ] tomcat5
- MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
- [ GLSA 201110-13 ] Tor: Multiple vulnerabilities
- ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability
- Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities
- [security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure
- DNS Poisoning via Port Exhaustion
- Multiple vulnerabilities in Tine 2.0
- [security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code
- Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
- OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)
- GotRoot Security Challenge
- [SECURITY] [DSA 2324-1] wireshark security update
- Metasploit 4.1.0 Web UI stored XSS vulnerability
- [ MDVSA-2011:157 ] freetype2
- inCommand Technologies, Inc. Cross-site Scripting Vulnerability
- From: md . r00t . defacer
- [ MDVSA-2011:158 ] phpmyadmin
- VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability
- From: VUPEN Security Research
- TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function)
- TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
- TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes
- [ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities
- [ GLSA 201110-15 ] GnuPG: User-assisted execution of arbitrary code
- [ MDVSA-2011:159 ] krb5
- [ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabilities
- [ MDVSA-2011:160 ] krb5
- [ GLSA 201110-18 ] rgmanager: Privilege escalation
- [ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities
- [ GLSA 201110-17 ] Avahi: Denial of Service
- [SECURITY] [DSA 2325-1] kfreebsd-8 security update
- [SECURITY] [DSA 2326-1] pam security update
- [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.
- jara 1.6 sql injection vulnerability
- From: muuratsalo experimental hack lab
- phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit
- TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite
- [ MDVSA-2011:161 ] postgresql
- [SECURITY] [DSA 2327-1] libfcgi-perl security-update
- [SECURITY] [DSA 2328-1] freetype security update
- [ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities
- zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
- From: YGN Ethical Hacker Group
- [security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code
- [ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities
- [ GLSA 201110-19 ] X.Org X Server: Multiple vulnerabilities
- Re: jara 1.6 sql injection vulnerability
- [ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection
- Path disclosure in SPIP
- [security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
- Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability
- Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
- From: Cisco Systems Product Security Incident Response Team
- ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability
- Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
- From: Cisco Systems Product Security Incident Response Team
- ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability
- ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability
- ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability
- ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability
- [SECURITY] [DSA 2329-1] torque security update
- SANS AppSec 2012 CFP is Open
- ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
- ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability
- ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
- ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
- ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
- ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability
- ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability
- ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability
- APPLE-SA-2011-10-26-1 QuickTime 7.7.1
- From: Apple Product Security
- foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage
- [ GLSA 201110-26 ] libxml2: Multiple vulnerabilities
- [SECURITY] [DSA 2330-1] simplesamlphp security update
- ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
- DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]
- ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability
- [ GLSA 201110-24 ] Squid: Multiple vulnerabilities
- ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability
- [ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities
- ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability
- ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability
- ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
- [security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
- VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- From: VMware Security Response Team
- Re: jara 1.6 sql injection vulnerability
- [PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS
- [PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
- [PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300
- [PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router
- [SECURITY] [DSA 2323-1] radvd security update
- [SECURITY] [DSA 2331-1] tor security update
- eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
- RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.
- From: Paul Oxman \(poxman\)
- [security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
- [SECURITY] [DSA 2332-1] python-django security update
- [SECURITY] [DSA 2333-1] phpldapadmin security update
- Apple's Mail.app mail of death
- PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow
- Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
- YaTFTPSvr TFTP Server Directory Traversal Vulnerability
Mail converted by MHonArc