Mail Thread Index

• Date Index

• Elastix PBX Extensions Enumeration, Bassem Ammar
• [ MDVSA-2011:139 ] firefox, security
• [ MDVSA-2011:140 ] mozilla-thunderbird, security
• [ MDVSA-2011:141 ] firefox, security
• [ MDVSA-2011:142 ] mozilla-thunderbird, security
• SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• Netvolution referer header SQL injection vulnerability, Dimitris Glynos
• Vulnerabilities in Cytel Studio 9, Luigi Auriemma
• Vulnerabilities in GenStat 14.1.0.5943, Luigi Auriemma
• DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval, ddivulnalert
• DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal, ddivulnalert
• Phorum 5.2.18 Cross-site scripting vulnerability, sschurtz
• [SECURITY] [DSA 2314-1] puppet security update, Nico Golde
• vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
• Multiple vulnerabilities in SonicWall, hvazquez
• New open source Security Framework, noreply
• FreeBSD Security Advisory FreeBSD-SA-11:05.unix [REVISED], FreeBSD Security Advisories
• VMSA-2011-0011 VMware hosted products address remote code execution vulnerability, VMware Security Team
• vTiger CRM 5.2.x <= Remote Code Execution Vulnerability, YGN Ethical Hacker Group
  • <Possible follow-ups>
  • Re: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability, Steven Nuhn
• vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability, YGN Ethical Hacker Group
• Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability, Secunia Research
• [SECURITY] [DSA 2315-1] openoffice.org security update, Giuseppe Iuculano
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2316-1] quagga security update, Florian Weimer
• [ MDVSA-2011:143 ] rpm, security
• [SECURITY] [DSA 2317-1] icedove security update, Moritz Muehlenhoff
• Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability, sschurtz
• [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update, Nico Golde
• Secunia Research: Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability, Secunia Research
• Secunia Research: Autonomy Keyview Ichitaro Text Parsing Buffer Overflow, Secunia Research
• Secunia Research: Autonomy Keyview Ichitaro Object Reconstruction Logic Vulnerability, Secunia Research
• VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability, VUPEN Security Research
• VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability, VUPEN Security Research
• Medium severity flaw with Ark, Tim Brown
• Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM, Tim Brown
• ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams), Marco van Berkum
• Contao 2.10.1 Cross-site scripting vulnerability, sschurtz
• SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities, sschurtz
  • Re: SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities, Henri Salo
• [ MDVSA-2011:144 ] apache, security
• [SECURITY] [DSA 2319-1] policykit-1 security update, Thijs Kinkhorst
• [Announcement] ClubHack Mag Issue 21- October 2011 Released, abhijeet
• KaiBB 2.0.1 XSS and SQL Injection vulnerabilities, sschurtz
• [ MDVSA-2011:146 ] cups, security
• NGS00062 Technical Advisory: Apple OSX / iPhone ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow, Research@NGSSecure
• [ GLSA 201110-01 ] OpenSSL: Multiple vulnerabilities, Tobias Heinlein
• [ MDVSA-2011:147 ] cups, security
• [ MDVSA-2011:131-1 ] libxml, security
• [SECURITY] [DSA 2321-1] moin security update, Moritz Muehlenhoff
• openEngine 2.0 'key' Blind SQL Injection vulnerability, sschurtz
• [SECURITY] [DSA 2320-1] dokuwiki regression fix, Thijs Kinkhorst
• [ MDVSA-2011:145 ] libxml2, security
• [SECURITY] [DSA 2322-1] bugzilla security update, Jonathan Wiltshire
• [security bulletin] HPSBMU02710 SSRT100601 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, security-alert
• [ GLSA 201110-03 ], Stefan Behte
• [ GLSA 201110-04 ], Stefan Behte
• [ GLSA 201110-05 ] GnuTLS: Multiple vulnerabilities, Tobias Heinlein
• [ GLSA 201110-07 ] vsftpd: Denial of Service, Tobias Heinlein
• Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities, admin
• ZOHO ManageEngine ADSelfService Plus Administrative Access, roberto . paleari
• [ GLSA 201110-06 ] PHP: Multiple vulnerabilities, Tobias Heinlein
• APPLE-SA-2011-10-11-1 iTunes 10.5, Apple Product Security
• Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364), Adi Sharabani
• [ MDVSA-2011:148 ] samba, security
• LedgerSMB 1.3.0 released, includes anti-XSRF framework, Chris Travers
• Multiple vulnerabilities in BugFree, advisory
• Multiple vulnerabilities in Pretty Link WordPress Plugin, advisory
• CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption, CORE Security Technologies Advisories
• AppSec DC 2012 CFP is OPEN!, AppSec DC
• APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4, Apple Product Security
• APPLE-SA-2011-10-12-1 iOS 5 Software Update, Apple Product Security
• APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006, Apple Product Security
• APPLE-SA-2011-10-12-5 Pages for iOS v1.5, Apple Product Security
• APPLE-SA-2011-10-12-6 Numbers for iOS v1.5, Apple Product Security
• iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability, labs-no-reply
• APPLE-SA-2011-10-12-4 Safari 5.1.1, Apple Product Security
• Two Remote Code Execution Vulnerabilities in Internet Explorer, Ivan Fratric
• VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console, VMware Security Team
• SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969), SEC Consult Vulnerability Lab
• Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass, Drew Calcott
• Multiple G-WAN vulnerabilities, Fredrik Widlund
• iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability, labs-no-reply
• iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability, labs-no-reply
• [ GLSA 201110-08 ] feh: Multiple vulnerabilities, Stefan Behte
• [ GLSA 201110-09 ] Conky: Privilege escalation, Stefan Behte
• [ GLSA 201110-10 ] Wget: User-assisted file creation or overwrite, Tim Sammut
• [ GLSA 201110-11 ] Adobe Flash Player: Multiple vulnerabilities, Tim Sammut
• DC4420 - London DEFCON - October meet - Tuesday October 18th 2011, Major Malfunction
• [PTResearch] SAP DIAG Decompress plugin for Wireshark, noreply
• [ MDVSA-2011:149 ] cyrus-imapd, security
• [slackware-security] httpd (SSA:2011-284-01), Slackware Security Team
• [ GLSA 201110-12 ] Unbound: Denial of Service, Tobias Heinlein
• ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2011:150 ] squid, security
• [ MDVSA-2011:151 ] libpng, security
• foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass, percx
• Re: [Full-disclosure] Breaking the links: Exploiting the linker, Tim Brown
• DAEMON Tools IOCTL local denial-of-service vulnerability, tanda
• WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012, Lists
• [Announcement] ClubHack Magazine - Call for Articles, abhijeet
• [ MDVSA-2011:152 ] ncompress, security
• [ MDVSA-2011:153 ] libxfont, security
• [ MDVSA-2011:154 ] systemtap, security
• ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability, ZDI Disclosures
• ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability, ZDI Disclosures
• AST-2011-012: Remote crash vulnerability in SIP channel driver, Asterisk Security Team
• [ MDVSA-2011:155 ] systemtap, security
• [PT-2011-14] SQL injection vulnerability in BoonEx Dolphin, noreply
• Site@School 2.4.10 SQL Injection & XSS vulnerabilities, sschurtz
• Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection, n0b0d13s
• [ MDVSA-2011:156 ] tomcat5, security
• MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529], Tom Yu
• [ GLSA 201110-13 ] Tor: Multiple vulnerabilities, Tim Sammut
• ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities, sschurtz
• [security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure, security-alert
• DNS Poisoning via Port Exhaustion, Roee Hay
• Multiple vulnerabilities in Tine 2.0, advisory
• [security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code, security-alert
• Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability, nospam
• OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024), Nicolas DEROUET
• GotRoot Security Challenge, Ivan Buetler
• [SECURITY] [DSA 2324-1] wireshark security update, Moritz Muehlenhoff
• Metasploit 4.1.0 Web UI stored XSS vulnerability, sschurtz
• [ MDVSA-2011:157 ] freetype2, security
• inCommand Technologies, Inc. Cross-site Scripting Vulnerability, md . r00t . defacer
• [ MDVSA-2011:158 ] phpmyadmin, security
• VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability, VUPEN Security Research
• TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function), Shatter
• TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites, Shatter
• TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes, Shatter
• [ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities, Stefan Behte
• [ GLSA 201110-15 ] GnuPG: User-assisted execution of arbitrary code, Tim Sammut
• [ MDVSA-2011:159 ] krb5, security
• [ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabilities, Tim Sammut
• [ MDVSA-2011:160 ] krb5, security
• [ GLSA 201110-18 ] rgmanager: Privilege escalation, Tobias Heinlein
• [ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities, Tim Sammut
• [ GLSA 201110-17 ] Avahi: Denial of Service, Tobias Heinlein
• [SECURITY] [DSA 2325-1] kfreebsd-8 security update, Aurelien Jarno
• [SECURITY] [DSA 2326-1] pam security update, Moritz Muehlenhoff
• [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues., 0x9950
  • RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues., Paul Oxman \(poxman\)
• jara 1.6 sql injection vulnerability, muuratsalo experimental hack lab
  • Re: jara 1.6 sql injection vulnerability, Henri Salo
  • Re: jara 1.6 sql injection vulnerability, Henri Salo
• phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit, n0b0d13s
• TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite, Tobias Glemser
• [ MDVSA-2011:161 ] postgresql, security
• [SECURITY] [DSA 2327-1] libfcgi-perl security-update, Nico Golde
• [SECURITY] [DSA 2328-1] freetype security update, Moritz Muehlenhoff
• [ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities, Tim Sammut
• zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability, YGN Ethical Hacker Group
• [security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• [ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities, Alex Legler
• [ GLSA 201110-19 ] X.Org X Server: Multiple vulnerabilities, Alex Legler
• [ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection, Alex Legler
• Path disclosure in SPIP, advisory
• [security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information, security-alert
• Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability, Cisco Systems Product Security Incident Response Team
• ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability, Cisco Systems Product Security Incident Response Team
• ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player, Cisco Systems Product Security Incident Response Team
• ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras, Cisco Systems Product Security Incident Response Team
• ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2329-1] torque security update, Nico Golde
• SANS AppSec 2012 CFP is Open, SANS AppSec CFP
• ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability, ZDI Disclosures
• APPLE-SA-2011-10-26-1 QuickTime 7.7.1, Apple Product Security
• foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage, percx
• [ GLSA 201110-26 ] libxml2: Multiple vulnerabilities, Tim Sammut
• [SECURITY] [DSA 2330-1] simplesamlphp security update, Thijs Kinkhorst
• ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability, ZDI Disclosures
• DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315], ddivulnalert
• ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability, ZDI Disclosures
• [ GLSA 201110-24 ] Squid: Multiple vulnerabilities, Tim Sammut
• ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability, ZDI Disclosures
• [ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities, Tim Sammut
• ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges, security-alert
• VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX, VMware Security Response Team
• [PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS, noreply
• [PT-2011-21] SQL injection vulnerability in OneOrZero AIMS, noreply
• [PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300, noreply
• [PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router, noreply
• [SECURITY] [DSA 2323-1] radvd security update, Yves-Alexis Perez
• [SECURITY] [DSA 2331-1] tor security update, Moritz Muehlenhoff
• eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities, n0b0d13s
• [security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 2332-1] python-django security update, Thijs Kinkhorst
• [SECURITY] [DSA 2333-1] phpldapadmin security update, Jonathan Wiltshire
• Apple's Mail.app mail of death, Paul
• PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow, demonalex
• Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce), nospam
• YaTFTPSvr TFTP Server Directory Traversal Vulnerability, demonalex