Mail Index

• Thread Index

• [SECURITY] [DSA 2376-2] ipmitool security update
  • From: Thijs Kinkhorst
• [ MDVSA-2011:198 ] phpmyadmin
  • From: security
• [SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update
  • From: Nico Golde
• [ MDVSA-2012:001 ] fcgi
  • From: security
• [ MDVSA-2012:002 ] t1lib
  • From: security
• BigACE CMS - XSS Vulnerabilities
  • From: demonalex
• OpenKM 5.1.7 Privilege Escalation
  • From: Cyrill Brunschwiler
• OpenKM 5.1.7 OS Command Execution (XSRF based)
  • From: Cyrill Brunschwiler
• Tinyguestbook XSS
  • From: tom
• [RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator
  • From: RedTeam Pentesting GmbH
• mavili guestbook - SQL Injection and XSS Vulnerabilities
  • From: demonalex
• [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
  • From: Security Explorations
• Re: PHP Booking Calendar 10e XSS
  • From: Henri Salo
• SQL Injection Vulnerability in OpenEMR 4.1.0
  • From: Netsparker Advisories
• Re: Tinyguestbook XSS
  • From: Henri Salo
• [SECURITY] [DSA 2378-1] ffmpeg security update
  • From: Moritz Muehlenhoff
• InfoSec Southwest 2012 CFP First-round Speaker Selections
  • From: I\)ruid
• Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
  • From: Security Explorations
• Google Chrome HTTPS Address Bar Spoofing
  • From: ACROS Security Lists
• TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System
  • From: Trustwave Advisories
• Re: OpenKM 5.1.7 Privilege Escalation
  • From: pavila
• Open Redirection Vulnerability in Orchard 1.3.9
  • From: Netsparker Advisories
• Multiple vulnerabilities in ImpressCMS
  • From: advisory
• [SECURITY] [DSA 2379-1] krb5 security update
  • From: Florian Weimer
• [SECURITY] [DSA 2380-1] foomatic-filters security update
  • From: Florian Weimer
• [ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities
  • From: Tim Sammut
• Revised IETF I-D: Advice on IPv6 RA-Guard Implementation
  • From: Fernando Gont
• HServer webserver - Directory Traversal Vulnerability
  • From: demonalex
• NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS
  • From: Research@NGSSecure
• NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability
  • From: Research@NGSSecure
• SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2
  • From: SEC Consult Vulnerability Lab
• Ggb Guestbook - XSS Vulnerabilities
  • From: demonalex
• VLC media player v1.1.11 (.amr) Local Crash PoC
  • From: hapsec
• VertrigoServ 2.25 Cross-Site-Scripting vulnerability
  • From: security
• SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities
  • From: security
• ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities
  • From: ZDI Disclosures
• ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [ GLSA 201201-02 ] MySQL: Multiple vulnerabilities
  • From: Tim Sammut
• [SECURITY] [DSA 2381-1] squid3 security update
  • From: Florian Weimer
• IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability
  • From: demonalex
• IpTools - Rcmd Remote Overflow Vulnerability
  • From: demonalex
• ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities
  • From: Tim Sammut
• [SECURITY] [DSA 2382-1] ecryptfs-utils security update
  • From: Jonathan Wiltshire
• [SECURITY] [DSA 2383-1] super security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
  • From: security-alert
• [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files
  • From: security-alert
• [SECURITY] [DSA 2384-1] cacti security update
  • From: <@securityfocus.com Luk Claes
• Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
  • From: Security Explorations
• DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
  • From: ddivulnalert
• Simple Mail Server - SMTP Authentication Bypass Vulnerability
  • From: demonalex
• AppSec DC 2012 CFP EXTENDED!
  • From: AppSec DC
• p0f3 release candidate
  • From: Michal Zalewski
• Is Your Online Bank Vulnerable To Currency Rounding Attacks?
  • From: ACROS Security Lists
• Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability
  • From: Peter Conrad
• [ MDVSA-2012:003 ] apache
  • From: security
• ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [SECURITY] [DSA 2385-1] pdns security update
  • From: Florian Weimer
• Multiple Cross-Site-Scripting vulnerabilities in x3cms
  • From: security
• VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01)
  • From: VUPEN Security Research
• [PT-2011-01] Cross-Site Scripting in Kayako Support Suite
  • From: noreply
• [PT-2011-02] PHP code Injection in Kayako Support Suite
  • From: noreply
• Multiple XSS in KnowledgeTree Community Edition
  • From: advisory
• [PT-2011-03] Information disclosure in Kayako Support Suite
  • From: noreply
• [PT-2011-03] Information disclosure in Kayako Support Suite
  • From: noreply
• Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities
  • From: Secunia Research
• Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability
  • From: Secunia Research
• [PT-2011-04] Cross-Site Scripting in Kayako Support Suite
  • From: noreply
• [SECURITY] [DSA 2387-1] simplesamlphp security update
  • From: Thijs Kinkhorst
• [security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code
  • From: security-alert
• GreenBrowser iframe content Double Free Vulnerability
  • From: vuln
• [SECURITY] [DSA 2386-1] openttd security update
  • From: Luk Claes
• Office arbitrary ClickOnce application execution vulnerability
  • From: Akita Software Security
• AthCon 2012 CFP is now OPEN!
  • From: Christian Papathanasiou
• Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation
  • From: Fernando Gont
• SafeSEH+SEHOP all-at-once bypass explotation method principles
  • From: geinblues
• [ MDVSA-2012:004 ] t1lib
  • From: security
• ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
  • From: ZDI Disclosures
• ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
  • From: ZDI Disclosures
• ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389
  • From: Henri Salo
• [security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
  • From: security-alert
• PHP 5.3.8 Multiple vulnerabilities
  • From: cxib
• BoltWire 3.4.16 Multiple XSS vulnerabilities
  • From: sschurtz
• ATutor 2.0.3 Multiple XSS vulnerabilities
  • From: sschurtz
• [SECURITY] [DSA 2388-1] t1lib security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 2390-1] openssl security update
  • From: Florian Weimer
• [SECURITY] [DSA 2389-1] linux-2.6 security update
  • From: dann frazier
• [Announcement] ClubHack Mag Issue 24-Jan 2012 Released
  • From: abhijeet
• First-hop security in IPv6
  • From: Fernando Gont
• Re: Multiple XSS in KnowledgeTree Community Edition
  • From: Henri Salo
• Family Connections 2.7.2 Multiple XSS
  • From: tom
• phpVideoPro Multiple XSS vulnerabilities
  • From: sschurtz
• Beehive Forum 101 Multiple XSS vulnerabilities
  • From: sschurtz
• (CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean
  • From: Fernando Gont
• [Announcement] ClubHack Mag - Call for Articles
  • From: abhijeet
• Re: Multiple XSS in KnowledgeTree Community Edition
  • From: advisory
• [ MDVSA-2012:005 ] libxml2
  • From: security
• [ MDVSA-2012:006 ] openssl
  • From: security
• [ MDVSA-2012:007 ] openssl
  • From: security
• Re: p0f3 release candidate
  • From: Michal Zalewski
• pwgen: non-uniform distribution of passwords
  • From: Solar Designer
• [SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure
  • From: Mark Thomas
• [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service
  • From: Mark Thomas
• ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability.
  • From: Security_Alert
• Re: pwgen: non-uniform distribution of passwords
  • From: Solar Designer
• Reflection Scan: an Off-Path Attack on TCP
  • From: Jan Wrobel
• XSS in OneOrZero AIMS
  • From: advisory
• [ MDVSA-2012:008 ] perl
  • From: security
• [ MDVSA-2012:009 ] perl
  • From: security
• Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account
  • From: Cisco Systems Product Security Incident Response Team
• Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
  • From: InterN0T Advisories
• Xpra memory disclosure
  • From: Antoine Martin
• [security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
  • From: security-alert
• Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
  • From: Stefan Esser
• Re: pwgen: non-uniform distribution of passwords
  • From: Solar Designer
• appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability
  • From: n0b0d13s
• Webcalendar 1.2.4 'location' XSS
  • From: tom
• [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• InfoSec Southwest 2012 Open Registration
  • From: I\)ruid
• DC4420 - London DEFCON - 24 January 2012
  • From: Major Malfunction
• [ MDVSA-2012:010 ] cacti
  • From: security
• [ GLSA 201201-04 ] Logsurfer: Arbitrary code execution
  • From: Sean Amoss
• [SECURITY] [DSA 2391-1] phpmyadmin security update
  • From: Thijs Kinkhorst
• DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass
  • From: ddivulnalert
• AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload
  • From: pavel
• [Suspected Spam] Bart`s CMS - SQL Injection Vulnerability
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• Re: pwgen: non-uniform distribution of passwords
  • From: Solar Designer
• ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [SECURITY] [DSA 2301-2] rails regression
  • From: Florian Weimer
• [SECURITY] [DSA 2392-1] openssl security update
  • From: Florian Weimer
• SQL injection in Bigware shop software
  • From: rwenzel
• [ GLSA 201201-12 ] Tor: Multiple vulnerabilities
  • From: Sean Amoss
• Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability
  • From: n0b0d13s
• [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities
  • From: Sean Amoss
• [ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities
  • From: Sean Amoss
• NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
  • From: Research@NGSSecure
• Only 7 Days Left: SANS AppSec 2012 CFP
  • From: SANS AppSec CFP
• [security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
  • From: security-alert
• NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM
  • From: Research@NGSSecure
• [security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS)
  • From: security-alert
• NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation
  • From: Research@NGSSecure
• TWSL2012-002: Multiple Vulnerabilities in WordPress
  • From: Trustwave Advisories
• Multiple vulnerabilities in OSclass
  • From: advisory
• CSRF (Cross-Site Request Forgery) in DClassifieds
  • From: advisory
• [security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• D-Link DIR-601 TFTP Directory Traversal Vulnerability
  • From: robkraus
• [SECURITY] [DSA-2393-1] bip security update
  • From: dann frazier
• NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
  • From: otr
• ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• ESA-2012-005: EMC NetWorker buffer overflow vulnerability
  • From: Security_Alert
• ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision
  • From: Security_Alert
• [SECURITY] [DSA 2394-1] libxml2 security update
  • From: Luciano Bello
• [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
  • From: Hafez Kamal
• [ GLSA 201201-15 ] ktsuss: Privilege escalation
  • From: Sean Amoss
• AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
  • From: Thomas Quinot
• [SECURITY] [DSA 2395-1] wireshark security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2396-1] qemu-kvm security update
  • From: Moritz Muehlenhoff
• [ GLSA 201201-17 ] Chromium: Multiple vulnerabilities
  • From: Tim Sammut
• [ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass
  • From: Alex Legler
• eBank IT Online Banking - Multiple Web Vulnerabilities
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• FAA US Academy (AFS) - Auth Bypass Vulnerability
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• [SECURITY] [DSA 2397-1] icu security update
  • From: Moritz Muehlenhoff
• Mibew messenger multiple XSS
  • From: Filippo Cavallarin
• Multiple vulnerabilities in postfixadmin
  • From: Filippo Cavallarin
• [ MDVSA-2012:011 ] openssl
  • From: security
• Multiple vulnerabilities in OSClass
  • From: Filippo Cavallarin
• [ GLSA 201201-18 ] bip: Multiple vulnerabilities
  • From: Alex Legler
• [ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities
  • From: Alex Legler
• Advisory: sudo 1.8 Format String Vulnerability
  • From: joernchen of Phenoelit