Mail Index
- [SECURITY] [DSA 2398-1] curl security update
- [security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access
- [security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege
- VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console
- From: VMware Security Team
- ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability
- [SECURITY] [DSA 2399-1] php5 security update
- [SECURITY] [DSA 2399-2] php5 regression fix
- [Announce] Apache HTTP Server 2.2.22 Released
- From: William A. Rowe Jr.
- 802.1X password exploit on many HTC Android devices
- Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
- Multiple vulnerabilities in OpenEMR
- ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability
- XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge)
- [ MDVSA-2012:012 ] apache
- APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
- From: Apple Product Security
- Call For Paper
- Fwd: RA-Guard: Advice on the implementation (feedback requested)
- [CAL-2012-0004] opera array integer overflow
- [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
- GLSA (Gentoo Linux Security Advisory) publication changes
- [security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code
- [SECURITY] [DSA 2401-1] tomcat6 security update
- [SECURITY] [DSA 2400-1] iceweasel security update
- [SECURITY] [DSA 2402-1] iceape security update
- [SECURITY] [DSA 2403-1] php5 security update
- RFC 6528 on Defending against Sequence Number Attacks
- ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability
- [ MDVSA-2012:013 ] mozilla
- [SECURITY] [DSA 2384-2] cacti regression
- [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update
- [SECURITY] [DSA 2405-1] apache2 security update
- Mathopd - Directory Traversal Vulnerability
- [ MDVSA-2012:014 ] glpi
- [SECURITY] [DSA 2403-2] php5 security update
- SimpleGroupware 0.742 Cross-Site-Scripting vulnerability
- DEF CON 20 Capture the Flag Announcement
- CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly
- From: Colm O hEigeartaigh
- SQL Injection Vulnerability in Batavi 1.1.2
- From: Netsparker Advisories
- [security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
- eFronts Community++ v3.6.10 - Cross Site Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Unauthenticated remote code execution on D-Link ShareCenter products
- [security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
- Cyberoam Central Console v2.00.2 - File Include Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Multiple vulnerabilities in ZENphoto
- [security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information
- ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
- ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability
- ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
- ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
- ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution
- ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability
- ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability
- ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities
- ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability
- ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability
- ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability
- [SECURITY] [DSA 2407-1] cvs security update
- [ MDVSA-2012:015 ] wireshark
- [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
- [Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability
- From: YGN Ethical Hacker Group
- [ MDVSA-2012:016 ] glpi
- [slackware-security] vsftpd (SSA:2012-041-05)
- From: Slackware Security Team
- [slackware-security] glibc (SSA:2012-041-03)
- From: Slackware Security Team
- [slackware-security] proftpd (SSA:2012-041-04)
- From: Slackware Security Team
- [slackware-security] httpd (SSA:2012-041-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2012-041-02)
- From: Slackware Security Team
- OWASP AppSec USA 2011 Video & Slides Posted
- Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [Suspected Spam] eFront Community++ v3.6.10 - SQL Injection Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [Announcement] ClubHack Mag - Call for Articles
- [ MDVSA-2012:018 ] mozilla-thunderbird
- sqlinjection bug in nova cms
- [ MDVSA-2012:017 ] firefox
- [SECURITY] [DSA 2408-1] php5 security update
- [ MDVSA-2012:019 ] apr
- [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
- [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow
- FreePBX Remote Exploit
- [ MDVSA-2012:020 ] phpldapadmin
- Multiple vulnerabilities in 11in1
- Multiple vulnerabilities in LEPTON
- [SECURITY] [DSA 2409-1] devscripts security update
- TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
- Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2410-1] libpng security update
- 2012 Honeynet Project Security Workshop
- [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip
- Re: sqlinjection bug in nova cms
- Hackito Ergo sum // HES2012 Final CFP // Call for Hackers
- Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session
- From: research@xxxxxxxxxxxxxxxxxxxxx
- [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)
- Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)
- From: Rodrigo Rubira Branco \(BSDaemon\)
- [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains
- PHP 5.2.x Remote Code Execution Vulnerability
- Puppet Dashboard insecure by default
- [ MDVSA-2012:021 ] java-1.6.0-openjdk
- Downloads Folder: A Binary Planting Minefield
- From: ACROS Security Lists
- WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
- CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated]
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2411-1] mumble security update
- [SECURITY] [DSA 2412-1] libvorbis security update
- SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional
- From: SEC Consult Vulnerability Lab
- SQL Injection Vulnerabilities in TestLink
- DC4420 - London DEFCON - February meet - Tuesday February 21st 2012
- OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2413-1] libarchive security update
- Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.
- From: muuratsalo experimental hack lab
- F*EX <= 20100208 Cross Site Scripting Vulnerabilities
- From: muuratsalo experimental hack lab
- F*EX 20111129-2 Cross Site Scripting Vulnerability
- From: muuratsalo experimental hack lab
- Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.
- From: muuratsalo experimental hack lab
- Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
- Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
- IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements
- Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability
- [SECURITY] [DSA 2414-1] fex security update
- [SECURITY] [DSA 2415-1] libmodplug security update
- Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines
- [ MDVSA-2012:022 ] libpng
- Multiple XSS in Chyrp
- [ MDVSA-2012:023 ] libxml2
- Mobile Mp3 Search Engine HTTP Response Splitting
- ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability
- ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability
- ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability
- ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
- ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability
- ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability
- ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability
- ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution
- TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
- [SECURITY] [DSA 2417-1] libxml2 security update
- NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution
- YVS Image Gallery Sql injection
- Security advisory for Bugzilla 4.2 and 4.0.5
- Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability
- [SECURITY] [DSA 2416-1] notmuch security update
- [ MDVSA-2012:022 ] mozilla
- [security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code
- [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure
- From: Onapsis Research Labs
- PHP Gift Registry 1.5.5 SQL Injection
- Dropbear SSH server use-after-free vulnerability
- TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform
- From: Trustwave Advisories
- Kongreg8 1.7.3 Mutiple XSS
- Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps
- NGS00237 Patch Notification: Samba Andx request Remote Code Execution
- [SECURITY] [DSA 2414-2] fex regression
- pidgin OTR information leakage
- DeepSec "Sector v6" - Call for Papers
- FrameJammer DOM based XSS
- Case YVS Image Gallery
- [ MDVSA-2012:023 ] libvpx
- Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability
- From: research@xxxxxxxxxxxxxxxxxxxxx
- OSQA CMS v3b - Multiple Persistent Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Wolf CMS v0.7.5 - Multiple Web Vulnerabilities
- From: research@xxxxxxxxxxxxxxxxxxxxx
- Re: pidgin OTR information leakage
- [SECURITY] [DSA 2418-1] postgresql-8.4 security update
- Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
- Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec
- Re: [Full-disclosure] pidgin OTR information leakage
- [SECURITY] [DSA 2419-1] puppet security update
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [oss-security] Case YVS Image Gallery
- Re: [Full-disclosure] pidgin OTR information leakage
- Re: [Full-disclosure] pidgin OTR information leakage
- [ MDVSA-2012:022-1 ] mozilla
- [ MDVSA-2012:023-1 ] libvpx
- ImgPals Photo Host Version 1.0 Admin Account Disactivation
- [ MDVSA-2012:025 ] samba
- [SECURITY] [DSA 2420-1] openjdk-6 security update
Mail converted by MHonArc