Mail Thread Index

• Date Index

• CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011, Dragos Ruiu
• Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2, Daniel Roethlisberger
• Multiple vulnerabilities in OrangeHRM, advisory
• Sql injection in SugarCRM, advisory
• New issue of PenTest Magazine is out - 21 pages of free content., maciej . kozuszek
• WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities, n0b0d13s
  • <Possible follow-ups>
  • Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities, brian
  • Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities, n0b0d13s
• Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities, Amir
• Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities, Amir
  • Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities, Henri Salo
  • Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities, Henri Salo
• PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability, security
• [SECURITY] [DSA 2354-1] cups security update, Yves-Alexis Perez
• Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities, Henri Salo
  • <Possible follow-ups>
  • Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities, Henri Salo
• [SECURITY] [DSA 2355-1] clearsilver security update, Moritz Muehlenhoff
• [security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
• Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003, Henri Salo
• Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue, Henri Salo
• Re: Contao 2.10.1 Cross-site scripting vulnerability, Henri Salo
• Ariadne 2.7.6 Multiple XSS vulnerabilities, sschurtz
• Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability, Henri Salo
• Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability, Henri Salo
• [SECURITY] [DSA 2356-1] openjdk-6 security update, Florian Weimer
• [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service, security-alert
• FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit, HI-TECH .
• SANS AppSec 2012 CFP reminder, SANS AppSec CFP
• [PT-2011-43] Database information disclosure in Kayako Fusion, noreply
• Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store, advisory
• InfoSec Southwest 2012 CFP, I\)ruid
• XSSer v1.6 -beta- aka "Grey Swarm!" released., psy
• [security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• fast and somewhat reliable cache timing, Michal Zalewski
• Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012), Matthieu Suiche
• Vulnerabilities in Serv-U 11.1.0.3, Luigi Auriemma
• [DCA-2011-0014] - Elxis CMS Cross Site Script, Ewerson Guimarães (Crash) - Dclabs
• [SECURITY] [DSA 2358-1] openjdk-6 security update, Florian Weimer
• Meditate Web Content Editor 'username_input' SQL-Injection vulnerability, sschurtz
• Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities, irist . ir
  • Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities, Henri Salo
  • Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities, Henri Salo
• [security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access, security-alert
• MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530], Tom Yu
• [SECURITY] [DSA 2359-1] mojarra security update, Florian Weimer
• [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable, Moritz Muehlenhoff
• [security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [ MDVSA-2011:181 ] proftpd, security
• DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection, ddivulnalert
• [SECURITY] [DSA 2361-1] chasen security update, Florian Weimer
• ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability, ZDI Disclosures
• seamless bait-and-switch, Michal Zalewski
  • Message not available
    • Message not available
      • Re: seamless bait-and-switch, Michal Zalewski
        • Message not available
          • Re: seamless bait-and-switch, Michal Zalewski
            • Re: seamless bait-and-switch, Jann Horn
            • Re: seamless bait-and-switch, Charles Morris
• 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11, 0a29 40
• [DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure, Ewerson Guimarães (Crash) - Dclabs
• [ MDVSA-2011:182 ] dhcp, security
• Call for Papers - 2012 Rocky Mountain Information Security Conference, president
• DC4420 - London DEFCON - 13 December 2011, Major Malfunction
• AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings, Asterisk Security Team
• AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled, Asterisk Security Team
• CA20111208-01: Security Notice for CA SiteMinder, Williams, James K
• [SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption, signaladvisory
• *CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers, AppSec DC
• the week of silly PoCs continues: data://www.mybank.com/, Michal Zalewski
  • <Possible follow-ups>
  • Re: the week of silly PoCs continues: data://www.mybank.com/, nothanks
• [SECURITY] [DSA 2362-1] acpid security update, Moritz Muehlenhoff
• Call for Papers -YSTS 6 - Security Conference, Brazil, Luiz Eduardo
• Introduction to R-sequence public key cryptography attack, Michal Bucko
  • <Possible follow-ups>
  • Re:Re: Introduction to R-sequence public key cryptography attack, Michal Bucko
• OSI Security: Squiz Matrix - User Account Enumeration, Troy Rose
• [ MDVSA-2011:183 ] pidgin, security
• WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability, Amir
  • Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability, Henri Salo
• Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities, Secunia Research
• zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal, security
• [ MDVSA-2011:184 ] krb5, security
• Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected, Michal Zalewski
• [ MDVSA-2011:185 ] libcap, security
• Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability, Secunia Research
• Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities, Amir
• [ MDVSA-2011:186 ] nfs-utils, security
• ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise), Security_Alert
• ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability, ZDI Disclosures
• Citrix Receiver, XenDesktop "Pass-the-hash" Attack, vtek63
• Multiple vulnerabilities in Browser CRM, advisory
• Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities, support
• [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202, Tavaris Desamito
• 0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9, 0a29 40
• 0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9, 0a29 40
• PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability, sschurtz
• ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r), Security_Alert
  • <Possible follow-ups>
  • Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r), security_alert
• HTML 5 Security Report, Ivan Buetler
• NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI, Research@NGSSecure
• [ MDVSA-2011:187 ] php-pear, security
• NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI, Research@NGSSecure
• NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM, Research@NGSSecure
• NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI, Research@NGSSecure
• [RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass, RedTeam Pentesting GmbH
• [RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes, RedTeam Pentesting GmbH
• New IETF I-D on "Stable Privacy Addresses", Fernando Gont
• New IETF I-Ds on Fragmentation-related security issues, Fernando Gont
• Seotoaster SQL-Injection Admin Login Bypass, security
• [ MDVSA-2011:188 ] libxml2, security
• <BASE> tag used for hijacking external resources (XSS), Bouke van Laethem
  • Re: <BASE> tag used for hijacking external resources (XSS), Jann Horn
    • Re: <BASE> tag used for hijacking external resources (XSS), Mario Vilas
    • Message not available
      • Re: <BASE> tag used for hijacking external resources (XSS), Bouke van Laethem
        • Re: <BASE> tag used for hijacking external resources (XSS), Mario Vilas
          • Re: <BASE> tag used for hijacking external resources (XSS), Bouke van Laethem
            • Re: <BASE> tag used for hijacking external resources (XSS), Mario Vilas
• [security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [ MDVSA-2011:189 ] jasper, security
• silly PoCs continue: X-Frame-Options give you less than expected, Michal Zalewski
• VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090), VUPEN Security Research
• VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092), VUPEN Security Research
• VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459), VUPEN Security Research
• VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090), VUPEN Security Research
• [SECURITY] [DSA 2363-1] tor security update, Moritz Muehlenhoff
• Re: RFI in JAF CMS, Henri Salo
  • <Possible follow-ups>
  • RE: RFI in JAF CMS, Frédéric BOURLA
• [SECURITY] [DSA 2364-1] xorg security update, Moritz Muehlenhoff
• [Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• appRain CMF v0.1.5 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• [SECURITY] [DSA 2365-1] dtc security update, Moritz Muehlenhoff
• [ MDVSA-2011:190 ] libarchive, security
• PHP Booking Calendar 10e XSS, tom
• IFIP NTMS'2012 - Deadline Extended to 12 January 2012, publicity
• [ MDVSA-2011:191 ] libarchive, security
• SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet, SEC Consult Vulnerability Lab
• SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp, SEC Consult Vulnerability Lab
• SASHA v0.2.0 Mutiple XSS, tom
  • Re: SASHA v0.2.0 Mutiple XSS, Henri Salo
• Novell Sentinel Log Manager <=1.2.0.1 Path Traversal, Andrea Fabrizi
• Syhunt: Time-Based Blind NoSQL Injection, Felipe M. Aragon
• [SECURITY] [DSA 2366-1] mediawiki security update, Jonathan Wiltshire
• Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011, Fernando Gont
• [SECURITY] [DSA 2367-1] asterisk security update, Moritz Muehlenhoff
• [security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• Multiple vulnerabilities in PHPShop CMS Free, advisory
• ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability, ZDI Disclosures
• Tiki Wiki CMS Groupware Stored Cross-Site-Scripting, security
• TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface, Trustwave Advisories
• post-XSS landscape, Michal Zalewski
• [SECURITY] [DSA 2368-1] lighttpd security update, Nico Golde
• [SECURITY] [DSA 2381-] lighttpd security update, Nico Golde
• Multiple vulnerabilities in epesi BIM, advisory
• Multiple vulnerabilities in OBM, advisory
• [SECURITY] [DSA 2369-1] libsoup2.4 security update, Nico Golde
• [SECURITY] [DSA 2370-1] unbound security update, Florian Weimer
• Exploit for Asterisk Security Advisory AST-2011-013, Ben Williams
• [MATTA-2011-001] pfSense x509 Insecure Certificate Creation, Florent Daigniere
• ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities, ZDI Disclosures
• ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities, ZDI Disclosures
• TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin, Trustwave Advisories
• Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection, n0b0d13s
• Xmas 2011 Security Puzzle, Ivan Buetler
• FreeBSD Security Advisory FreeBSD-SA-11:06.bind, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:07.chroot, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh, FreeBSD Security Advisories
• Merry Christmas from the FreeBSD Security Team, FreeBSD Security Officer
• FreeBSD Security Advisory FreeBSD-SA-11:10.pam, FreeBSD Security Advisories
• [ MDVSA-2011:192 ] mozilla, security
• [SECURITY] [DSA 2372-1] heimdal security update, Florian Weimer
• Lighttpd Proof of Concept code for CVE-2011-4362, pi3
• [SECURITY] [DSA 2373-1] inetutils security update, Florian Weimer
• [SECURITY] [DSA 2375-1] krb5. krb5-appl security update, Florian Weimer
• [ MDVSA-2011:194 ] icu, security
• [SECURITY] [DSA 2374-1] openswan security update, Moritz Muehlenhoff
• [ MDVSA-2011:193 ] squid, security
• MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862], Tom Yu
• [security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities, security-alert
• [security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
• [security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code, security-alert
• [ MDVSA-2011:195 ] krb5-appl, security
• [ MDVSA-2011:196 ] ipmitool, security
• n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table, security
• [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision, Andrea Barisani
• Winn Guestbook v2.4.8c Stored XSS, tom
• Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13, LpSolit
• [SECURITY] [DSA 2376-1] ipmitool security update, Thijs Kinkhorst
• [SECURITY] [DSA 2263-2] movabletype-opensource security update, Thijs Kinkhorst
• [ MDVSA-2011:197 ] php, security
• SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416, SEC Consult Vulnerability Lab