Mail Index
- CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011
- Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2
- From: Daniel Roethlisberger
- Multiple vulnerabilities in OrangeHRM
- Sql injection in SugarCRM
- New issue of PenTest Magazine is out - 21 pages of free content.
- WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
- Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
- Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
- PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
- [SECURITY] [DSA 2354-1] cups security update
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
- [SECURITY] [DSA 2355-1] clearsilver security update
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
- Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
- Re: Contao 2.10.1 Cross-site scripting vulnerability
- Ariadne 2.7.6 Multiple XSS vulnerabilities
- Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability
- Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
- [SECURITY] [DSA 2356-1] openjdk-6 security update
- [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service
- FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit
- SANS AppSec 2012 CFP reminder
- [PT-2011-43] Database information disclosure in Kayako Fusion
- Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store
- InfoSec Southwest 2012 CFP
- XSSer v1.6 -beta- aka "Grey Swarm!" released.
- [security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- fast and somewhat reliable cache timing
- Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012)
- Vulnerabilities in Serv-U 11.1.0.3
- [DCA-2011-0014] - Elxis CMS Cross Site Script
- From: Ewerson Guimarães (Crash) - Dclabs
- [SECURITY] [DSA 2358-1] openjdk-6 security update
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
- Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
- Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access
- MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]
- [SECURITY] [DSA 2359-1] mojarra security update
- [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable
- [security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [ MDVSA-2011:181 ] proftpd
- DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection
- [SECURITY] [DSA 2361-1] chasen security update
- ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability
- ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability
- ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability
- ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability
- ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability
- ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability
- seamless bait-and-switch
- Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
- Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
- 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11
- [DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure
- From: Ewerson Guimarães (Crash) - Dclabs
- [ MDVSA-2011:182 ] dhcp
- Re: seamless bait-and-switch
- Call for Papers - 2012 Rocky Mountain Information Security Conference
- Re: seamless bait-and-switch
- DC4420 - London DEFCON - 13 December 2011
- AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
- From: Asterisk Security Team
- AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled
- From: Asterisk Security Team
- CA20111208-01: Security Notice for CA SiteMinder
- [SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption
- *CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers
- the week of silly PoCs continues: data://www.mybank.com/
- Re: seamless bait-and-switch
- [SECURITY] [DSA 2362-1] acpid security update
- Call for Papers -YSTS 6 - Security Conference, Brazil
- Introduction to R-sequence public key cryptography attack
- OSI Security: Squiz Matrix - User Account Enumeration
- [ MDVSA-2011:183 ] pidgin
- WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability
- Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities
- zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
- [ MDVSA-2011:184 ] krb5
- Re: seamless bait-and-switch
- Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected
- Re: the week of silly PoCs continues: data://www.mybank.com/
- [ MDVSA-2011:185 ] libcap
- Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability
- Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities
- [ MDVSA-2011:186 ] nfs-utils
- ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)
- ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
- ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability
- ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability
- Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
- Citrix Receiver, XenDesktop "Pass-the-hash" Attack
- Multiple vulnerabilities in Browser CRM
- Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
- Re:Re: Introduction to R-sequence public key cryptography attack
- [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202
- Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
- 0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9
- 0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9
- PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability
- ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)
- HTML 5 Security Report
- NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI
- [ MDVSA-2011:187 ] php-pear
- NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI
- NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM
- NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI
- [RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass
- From: RedTeam Pentesting GmbH
- [RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes
- From: RedTeam Pentesting GmbH
- New IETF I-D on "Stable Privacy Addresses"
- New IETF I-Ds on Fragmentation-related security issues
- Seotoaster SQL-Injection Admin Login Bypass
- [ MDVSA-2011:188 ] libxml2
- <BASE> tag used for hijacking external resources (XSS)
- [security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [ MDVSA-2011:189 ] jasper
- Re: <BASE> tag used for hijacking external resources (XSS)
- silly PoCs continue: X-Frame-Options give you less than expected
- VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092)
- From: VUPEN Security Research
- VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459)
- From: VUPEN Security Research
- VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090)
- From: VUPEN Security Research
- [SECURITY] [DSA 2363-1] tor security update
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: <BASE> tag used for hijacking external resources (XSS)
- Re: RFI in JAF CMS
- Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability
- [SECURITY] [DSA 2364-1] xorg security update
- [Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- appRain CMF v0.1.5 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] [DSA 2365-1] dtc security update
- [ MDVSA-2011:190 ] libarchive
- PHP Booking Calendar 10e XSS
- IFIP NTMS'2012 - Deadline Extended to 12 January 2012
- [ MDVSA-2011:191 ] libarchive
- SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp
- From: SEC Consult Vulnerability Lab
- SASHA v0.2.0 Mutiple XSS
- Novell Sentinel Log Manager <=1.2.0.1 Path Traversal
- Syhunt: Time-Based Blind NoSQL Injection
- [SECURITY] [DSA 2366-1] mediawiki security update
- Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011
- [SECURITY] [DSA 2367-1] asterisk security update
- [security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- Re: SASHA v0.2.0 Mutiple XSS
- Multiple vulnerabilities in PHPShop CMS Free
- ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability
- Tiki Wiki CMS Groupware Stored Cross-Site-Scripting
- Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)
- TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
- From: Trustwave Advisories
- post-XSS landscape
- [SECURITY] [DSA 2368-1] lighttpd security update
- RE: RFI in JAF CMS
- [SECURITY] [DSA 2381-] lighttpd security update
- Multiple vulnerabilities in epesi BIM
- Multiple vulnerabilities in OBM
- [SECURITY] [DSA 2369-1] libsoup2.4 security update
- [SECURITY] [DSA 2370-1] unbound security update
- Exploit for Asterisk Security Advisory AST-2011-013
- [MATTA-2011-001] pfSense x509 Insecure Certificate Creation
- ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability
- ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities
- ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability
- ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities
- TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin
- From: Trustwave Advisories
- Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
- Xmas 2011 Security Puzzle
- FreeBSD Security Advisory FreeBSD-SA-11:06.bind
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:07.chroot
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh
- From: FreeBSD Security Advisories
- Merry Christmas from the FreeBSD Security Team
- From: FreeBSD Security Officer
- FreeBSD Security Advisory FreeBSD-SA-11:10.pam
- From: FreeBSD Security Advisories
- [ MDVSA-2011:192 ] mozilla
- [SECURITY] [DSA 2372-1] heimdal security update
- Lighttpd Proof of Concept code for CVE-2011-4362
- [SECURITY] [DSA 2373-1] inetutils security update
- [SECURITY] [DSA 2375-1] krb5. krb5-appl security update
- [ MDVSA-2011:194 ] icu
- [SECURITY] [DSA 2374-1] openswan security update
- [ MDVSA-2011:193 ] squid
- MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]
- [security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities
- [security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- [security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code
- [ MDVSA-2011:195 ] krb5-appl
- [ MDVSA-2011:196 ] ipmitool
- n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
- [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
- Winn Guestbook v2.4.8c Stored XSS
- Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
- [SECURITY] [DSA 2376-1] ipmitool security update
- [SECURITY] [DSA 2263-2] movabletype-opensource security update
- [ MDVSA-2011:197 ] php
- SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416
- From: SEC Consult Vulnerability Lab
Mail converted by MHonArc