Mail Thread Index

• Date Index

• [SECURITY] [DSA 2398-1] curl security update, Moritz Muehlenhoff
• [security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
• [security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege, security-alert
• VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console, VMware Security Team
• ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2399-1] php5 security update, Thijs Kinkhorst
• [SECURITY] [DSA 2399-2] php5 regression fix, Thijs Kinkhorst
• [Announce] Apache HTTP Server 2.2.22 Released, William A. Rowe Jr.
• 802.1X password exploit on many HTC Android devices, Bret Jordan
• Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14, LpSolit
• Multiple vulnerabilities in OpenEMR, advisory
• ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability, Security_Alert
• XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge), andsarmiento
• [ MDVSA-2012:012 ] apache, security
• APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001, Apple Product Security
• Call For Paper, asemailing
• Fwd: RA-Guard: Advice on the implementation (feedback requested), Fernando Gont
• [CAL-2012-0004] opera array integer overflow, Code Audit Labs
• [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code, security-alert
• GLSA (Gentoo Linux Security Advisory) publication changes, Alex Legler
• [security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2401-1] tomcat6 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2400-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2402-1] iceape security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2403-1] php5 security update, Thijs Kinkhorst
• RFC 6528 on Defending against Sequence Number Attacks, Fernando Gont
• ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability, Security_Alert
• [ MDVSA-2012:013 ] mozilla, security
• [SECURITY] [DSA 2384-2] cacti regression, Luk Claes
• [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update, Florian Weimer
• [SECURITY] [DSA 2405-1] apache2 security update, Stefan Fritsch
• Mathopd - Directory Traversal Vulnerability, Mateusz Goik
• [ MDVSA-2012:014 ] glpi, security
• [SECURITY] [DSA 2403-2] php5 security update, Thijs Kinkhorst
• SimpleGroupware 0.742 Cross-Site-Scripting vulnerability, security
• DEF CON 20 Capture the Flag Announcement, The Dark Tangent
• CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly, Colm O hEigeartaigh
• SQL Injection Vulnerability in Batavi 1.1.2, Netsparker Advisories
• [security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information, security-alert
• eFronts Community++ v3.6.10 - Cross Site Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• Unauthenticated remote code execution on D-Link ShareCenter products, roberto . paleari
• [security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, security-alert
• Cyberoam Central Console v2.00.2 - File Include Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• Multiple vulnerabilities in ZENphoto, advisory
• [security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information, security-alert
• ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability, ZDI Disclosures
• ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability, ZDI Disclosures
• ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability, ZDI Disclosures
• ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution, ZDI Disclosures
• ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities, ZDI Disclosures
• ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2407-1] cvs security update, Florian Weimer
• [ MDVSA-2012:015 ] wireshark, security
• [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability, Leonardo Uribe
• [Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
  • <Possible follow-ups>
  • Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities, regis
• OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability, YGN Ethical Hacker Group
• [ MDVSA-2012:016 ] glpi, security
• [slackware-security] vsftpd (SSA:2012-041-05), Slackware Security Team
• [slackware-security] glibc (SSA:2012-041-03), Slackware Security Team
• [slackware-security] proftpd (SSA:2012-041-04), Slackware Security Team
• [slackware-security] httpd (SSA:2012-041-01), Slackware Security Team
• [slackware-security] php (SSA:2012-041-02), Slackware Security Team
• OWASP AppSec USA 2011 Video & Slides Posted, adam
• Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• [Suspected Spam] eFront Community++ v3.6.10 - SQL Injection Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• [Announcement] ClubHack Mag - Call for Articles, abhijeet
• [ MDVSA-2012:018 ] mozilla-thunderbird, security
• sqlinjection bug in nova cms, rezahmail
  • Re: sqlinjection bug in nova cms, Henri Salo
• [ MDVSA-2012:017 ] firefox, security
• [SECURITY] [DSA 2408-1] php5 security update, Moritz Muehlenhoff
• [ MDVSA-2012:019 ] apr, security
• [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability, Code Audit Labs
• [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow, Code Audit Labs
• FreePBX Remote Exploit, dougw
• [ MDVSA-2012:020 ] phpldapadmin, security
• Multiple vulnerabilities in 11in1, advisory
• Multiple vulnerabilities in LEPTON, advisory
• [SECURITY] [DSA 2409-1] devscripts security update, Raphael Geissert
• TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution, noreply
• Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2410-1] libpng security update, Moritz Muehlenhoff
• 2012 Honeynet Project Security Workshop, Guillaume Arcas
• [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip, Timo Warns
• Hackito Ergo sum // HES2012 Final CFP // Call for Hackers, Jonathan Brossard
• Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session, research@xxxxxxxxxxxxxxxxxxxxx
• [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977), Kousuke Ebihara
  • <Possible follow-ups>
  • Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977), Rodrigo Rubira Branco \(BSDaemon\)
• [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
• IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains, Fernando Gont
• PHP 5.2.x Remote Code Execution Vulnerability, Worawit Wang
• Puppet Dashboard insecure by default, Schweiss, Chip
• [ MDVSA-2012:021 ] java-1.6.0-openjdk, security
• Downloads Folder: A Binary Planting Minefield, ACROS Security Lists
• WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability, sschurtz
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated], YGN Ethical Hacker Group
• [SECURITY] [DSA 2411-1] mumble security update, Florian Weimer
• [SECURITY] [DSA 2412-1] libvorbis security update, Moritz Muehlenhoff
• SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5, SEC Consult Vulnerability Lab
• SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional, SEC Consult Vulnerability Lab
• SQL Injection Vulnerabilities in TestLink, jnatal
• DC4420 - London DEFCON - February meet - Tuesday February 21st 2012, Major Malfunction
• OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
  • Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities, Kurt Seifried
• Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
  • Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities, Kurt Seifried
• [SECURITY] [DSA 2413-1] libarchive security update, Luk Claes
• Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2., muuratsalo experimental hack lab
  • Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2., muuratsalo experimental hack lab
• F*EX <= 20100208 Cross Site Scripting Vulnerabilities, muuratsalo experimental hack lab
• F*EX 20111129-2 Cross Site Scripting Vulnerability, muuratsalo experimental hack lab
• IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements, Fernando Gont
• Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability, demonalex
• [SECURITY] [DSA 2414-1] fex security update, Nico Golde
• [SECURITY] [DSA 2415-1] libmodplug security update, Nico Golde
• Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines, Simon McVittie
• [ MDVSA-2012:022 ] libpng, security
• Multiple XSS in Chyrp, advisory
• [ MDVSA-2012:023 ] libxml2, security
• Mobile Mp3 Search Engine HTTP Response Splitting, CorryL
• ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution, ZDI Disclosures
• TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2417-1] libxml2 security update, Nico Golde
• NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution, Research@NGSSecure
• YVS Image Gallery Sql injection, CorryL
  • Case YVS Image Gallery, Henri Salo
    • Message not available
      • Re: [oss-security] Case YVS Image Gallery, Henri Salo
• Security advisory for Bugzilla 4.2 and 4.0.5, LpSolit
• Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities, Cisco Systems Product Security Incident Response Team
• CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability, demonalex
• [SECURITY] [DSA 2416-1] notmuch security update, Thijs Kinkhorst
• [ MDVSA-2012:022 ] mozilla, security
• [security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code, security-alert
• [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write, Onapsis Research Labs
• [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure, Onapsis Research Labs
• [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read, Onapsis Research Labs
• [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure, Onapsis Research Labs
• [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure, Onapsis Research Labs
• [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service, Onapsis Research Labs
• [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification, Onapsis Research Labs
• [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure, Onapsis Research Labs
• PHP Gift Registry 1.5.5 SQL Injection, Thomas Richards
• Dropbear SSH server use-after-free vulnerability, Danny Fullerton
• TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform, Trustwave Advisories
• Kongreg8 1.7.3 Mutiple XSS, Thomas Richards
• Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps, Felipe M. Aragon
• NGS00237 Patch Notification: Samba Andx request Remote Code Execution, Research@NGSSecure
• [SECURITY] [DSA 2414-2] fex regression, Nico Golde
• pidgin OTR information leakage, Dimitris Glynos
  • Re: pidgin OTR information leakage, Jann Horn
    • Re: [Full-disclosure] pidgin OTR information leakage, Michele Orru
      • Re: [Full-disclosure] pidgin OTR information leakage, Rich Pieri
        • Re: [Full-disclosure] pidgin OTR information leakage, Jeffrey Walton
        • Message not available
          • Re: [Full-disclosure] pidgin OTR information leakage, Dimitris Glynos
            • Re: [Full-disclosure] pidgin OTR information leakage, Dimitris Glynos
• DeepSec "Sector v6" - Call for Papers, DeepSec Conference
• FrameJammer DOM based XSS, mkey
• [ MDVSA-2012:023 ] libvpx, security
• Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• OSQA CMS v3b - Multiple Persistent Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• Wolf CMS v0.7.5 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• [SECURITY] [DSA 2418-1] postgresql-8.4 security update, Moritz Muehlenhoff
• Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec, cfp2012
• [SECURITY] [DSA 2419-1] puppet security update, Florian Weimer
• [ MDVSA-2012:022-1 ] mozilla, security
• [ MDVSA-2012:023-1 ] libvpx, security
• ImgPals Photo Host Version 1.0 Admin Account Disactivation, CorryL
• [ MDVSA-2012:025 ] samba, security
• [SECURITY] [DSA 2420-1] openjdk-6 security update, Florian Weimer