Mail Thread Index

• Date Index

• DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359], ddivulnalert
• CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY, tan
• IBSng all version Cross-Site Scripting Vulnerability, apa-iutcert
• [ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities, Alex Legler
• GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability, demonalex
• [security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, security-alert
• XSS Vulnerabilities in eFront, Netsparker Advisories
• XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3, Netsparker Advisories
• Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability, nospam
• [ MDVSA-2011:162 ] kdelibs4, security
• Multiple vulnerabilities in Efront, advisory
• [ MDVSA-2011:163 ] phpldapadmin, security
• NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295), Research@NGSSecure
• [ MDVSA-2011:164 ] wireshark, security
• Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
• Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability, sschurtz
• ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability., Security_Alert
• CmyDocument Content Management Application - XSS Vulnerabilities, demonalex
• [security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS), security-alert
• ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1, Security_Alert
• Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting, sschurtz
• [ MDVSA-2011:165 ] php, security
• [ MDVSA-2011:166 ] php, security
• Multiple BSD libc/regcomp(3) Multiple Vulnerabilities, cxib
• [security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access, security-alert
• [ MDVSA-2011:167 ] gimp, security
• [SECURITY] [DSA 2334-1] mahara security update, Moritz Muehlenhoff
• Malware detection evasion in antivirus software, reset557
• [ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities, Alex Legler
• [SECURITY] [DSA 2335-1] man2html security update, Nico Golde
• [SECURITY] [DSA 2337-1] xen security update, Thijs Kinkhorst
• foofus.net security advisory - Lexmark Multifunction Printer Information Leakage, percx
  • Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage, Sergio Gelato
  • <Possible follow-ups>
  • Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage, percx
• [SECURITY] [DSA 2338-1] moodle security update, Moritz Muehlenhoff
• TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon, Trustwave Advisories
• [SECURITY] [DSA 2339-1] nss security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2336-1] ffmpeg security update, Yves-Alexis Perez
• [SECURITY] [DSA 2340-1] postgresql security update, Thijs Kinkhorst
• Cisco CUCM - Multiple Vulnerabilities, entomology
• IPv6 security (slides and training), Fernando Gont
• New online security challenge - GotWurzel, Ivan Buetler
• [security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification, security-alert
• osCSS2 "_ID" parameter Local file inclusion, sschurtz
• [SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app, Mark Thomas
• OrderSys <= 1.6.4 Sql Injection Vulnerabilities, muuratsalo experimental hack lab
• LabStoRe <= 1.5.4 Sql Injection Vulnerabilities, muuratsalo experimental hack lab
• APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6, Apple Product Security
• [CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities, Code Audit Labs
• [CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability, Code Audit Labs
• Local file inclusion in VtigerCRM, advisory
  • <Possible follow-ups>
  • Re: Local file inclusion in VtigerCRM, n0b0d13s
• LabWiki <= 1.1 Multiple Vulnerabilities, muuratsalo experimental hack lab
  • Re: LabWiki <= 1.1 Multiple Vulnerabilities, muuratsalo experimental hack lab
• Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0, security
  • Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0, Henri Salo
• Multiple security vulnerabilities in AShop, security
• DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November, Major Malfunction
• [ MDVSA-2011:168 ] apache, security
  • <Possible follow-ups>
  • [ MDVSA-2011:168 ] apache, security
• Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2341-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2343-1] openssl security update, Raphael Geissert
• [SECURITY] [DSA 2342-1] iceape security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS), security-alert
• [security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
• XSS vulnerability in Joomla 1.6.3, Netsparker Advisories
• [security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information, security-alert
• APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update, Apple Product Security
• CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass, CORE Security Technologies Advisories
• APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6, Apple Product Security
• iGuard Biometric Access Control - Multiple Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• [ MDVSA-2011:170 ] java-1.6.0-openjdk, security
• [security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2344-1] python-django-piston security update, Florian Weimer
• [security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access, security-alert
• [ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities, Tim Sammut
• [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities, Jose Carlos de Arriba
• [ GLSA 201111-04 ] phpDocumentor: Function call injection, Tim Sammut
• [Announcement] ClubHack Mag Issue 22- Nov 2011 Released, abhijeet
• [ MDVSA-2011:172 ] libreoffice, security
• Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability, n0b0d13s
• [Announcement] ClubHack 2011 Hacking and Security Conference, abhijeet
• [ MDVSA-2011:173 ] openssl0.9.8, security
• [ MDVSA-2011:171 ] networkmanager, security
• [ MDVSA-2011:174 ] graphite2, security
• APPLE-SA-2011-11-14-1 iTunes 10.5.1, Apple Product Security
• [ MDVSA-2011:175 ] poppler, security
• [SECURITY] [DSA 2346-1] proftpd-dfsg security update, Florian Weimer
• FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability, n0b0d13s
• wordpress Flexible Custom Post Type plugin Xss Vulnerabilities, Amir
  • <Possible follow-ups>
  • wordpress Flexible Custom Post Type plugin Xss Vulnerabilities, Amir
• [security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS), security-alert
• ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2346-2] proftpd-dfsg regression fix, Florian Weimer
• ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2347-1] bind9 security update, Florian Weimer
• CA20111116-01: Security Notice for CA Directory, Kotas, Kevin J
• [ MDVSA-2011:176 ] bind, security
• Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability, Secunia Research
• Tiki Wiki CMS Groupware Multiple XSS vulnerabilities, security
• [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS, Alexandr Polyakov
• [DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay, Alexandr Polyakov
• [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose, Alexandr Polyakov
• [DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose, Alexandr Polyakov
• [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS, Alexandr Polyakov
• [DSECRG-11-037] SAP BW Doc - Multiple XSS, Alexandr Polyakov
• [DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability, Alexandr Polyakov
• [DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW), Alexandr Polyakov
• [DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation, Alexandr Polyakov
• [DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering), Alexandr Polyakov
• [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability, Alexandr Polyakov
• Multiple vulnerabilities in webERP, advisory
• Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus, James Webb
• VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability, VMware Security Team
• [ MDVSA-2011:176-1 ] bind, security
• [ MDVSA-2011:176-2 ] bind, security
• Blogs manager <= 1.101 SQL Injection Vulnerability, muuratsalo experimental hack lab
• Valid tiny-erp <= 1.6 SQL Injection Vulnerability, muuratsalo experimental hack lab
• Freelancer calendar <= 1.01 SQL Injection Vulnerability, muuratsalo experimental hack lab
• wordpress Lanoba Social Plugin Xss Vulnerabilities, Amir
  • Re: wordpress Lanoba Social Plugin Xss Vulnerabilities, Henri Salo
• [SECURITY] [DSA 2349-1] spip security update, Moritz Muehlenhoff
• Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability, n0b0d13s
• [ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities, Tim Sammut
• [ GLSA 201111-06 ] MaraDNS: Arbitrary code execution, Alex Legler
• [ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities, Alex Legler
• [ GLSA 201111-08 ] radvd: Multiple vulnerabilities, Alex Legler
• [ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection, Alex Legler
• [ GLSA 201111-10 ] Evince: Multiple vulnerabilities, Alex Legler
• [ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code, Alex Legler
• [SECURITY] [DSA 2350-1] freetype security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2348-1] systemtap security update, Moritz Muehlenhoff
• Implications of IPv6 on network firewalls, Fernando Gont
• Wordpress advanced-text-widget Plugin Vulnerabilities, Amir
• Wordpress adminimize Plugin Vulnerabilities, Amir
• [SECURITY] [DSA 2351-1] wireshark security update, Moritz Muehlenhoff
• Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities, Amir
• OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab, Ivan Buetler
• Re: XSS in Tiki Wiki CMS Groupware, Henri Salo
• Re: jara 1.6 sql injection vulnerability, Henri Salo
• [security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access, security-alert
• [SECURITY] [DSA 2352-1] puppet security update, Moritz Muehlenhoff
• Multiple vulnerabilities in Dolibarr, advisory
• NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution, Research@NGSSecure
• NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution, Research@NGSSecure
• NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution, Research@NGSSecure
• Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities, Amir
• Wordpress enable-latex plugin Remote File Include Vulnerabilities, Amir
• Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities, Amir
• Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities, Amir
• PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability, n0b0d13s
• Debut issue of Web App Pentesting Magazine - Free Download!, maciej . kozuszek
• TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181, Tobias Glemser
• [ MDVSA-2011:177 ] freetype2, security
• [security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege, security-alert
• [security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS), security-alert
• [SECURITY] [DSA 2353-1] ldns security update, Moritz Muehlenhoff
• 0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10, 0a29 40
• [ MDVSA-2011:178 ] glibc, security
• [ MDVSA-2011:179 ] glibc, security
• Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities, Amir
• Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2, Luigi Auriemma
• Vulnerabilities in Siemens Automation License Manager, Luigi Auriemma
• [ MDVSA-2011:180 ] php-suhosin, security
• ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter, marian . ventuneac
• Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits, Nick Freeman
• Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability, demonalex
• Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities, Alex Davis
• Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2, Luigi Auriemma