Mail Index

• Thread Index

• Multiple XSS in Dotclear
  • From: advisory
• [ MDVSA-2012:026 ] postgresql
  • From: security
• [ MDVSA-2012:027 ] postgresql8.3
  • From: security
• Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2421-1] moodle security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2422-1] file security update
  • From: Florian Weimer
• [ MDVSA-2012:028 ] libxslt
  • From: security
• [Suspected Spam] FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• [Suspected Spam] Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• [SECURITY] [DSA 2423-1] movabletype-opensource security update
  • From: Florian Weimer
• Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D)
  • From: Fernando Gont
• Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability
  • From: demonalex
• [SECURITY] [DSA 2424-1] libxml-atom-perl security update
  • From: Florian Weimer
• %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
  • From: Stefan Kanthak
• [SECURITY] [DSA 2425-1] plib security update
  • From: Florian Weimer
• Symfony2 Local File Disclosure - Security Advisory - SOS-12-002
  • From: Lists
• Timesheet Next Gen 1.5.2 Multiple SQLi
  • From: Thomas Richards
• Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability
  • From: YGN Ethical Hacker Group
• Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities
  • From: YGN Ethical Hacker Group
• 11in1 CMS v1.2.1 - SQL Injection Vulnerabilities
  • From: admin@v-lab
• [TSI-ADV-1201] Path Traversal on Polycom Web Management Interface
  • From: Joao Paulo Caldas Campello
• [TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection
  • From: Joao Paulo Caldas Campello
• ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability
  • From: Security_Alert
• [SECURITY] [DSA 2426-1] gimp security update
  • From: Florian Weimer
• [SECURITY] [DSA 2427-1] imagemagick security update
  • From: Florian Weimer
• [security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
  • From: security-alert
• XCon 2012 XFocus Information Security Conference Call for Paper
  • From: xcon
• Multiple XSS in Fork CMS
  • From: advisory
• Multiple SQL injections in rivettracker <=1.03
  • From: ali . raheem
• OSClass directory traversal (leads to arbitrary file upload)
  • From: Filippo Cavallarin
• [security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 2429-1] mysql-5.1 security update
  • From: Florian Weimer
• APPLE-SA-2012-03-07-1 iTunes 10.6
  • From: Apple Product Security
• APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
  • From: Apple Product Security
• APPLE-SA-2012-03-07-3 Apple TV 5.0
  • From: Apple Product Security
• [Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• [Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability
  • From: research@xxxxxxxxxxxxxxxxxxxxx
• SAP Business Objects XI R2 Infoview Multiple XSS
  • From: vulns
• Iciniti Store SQL Injection - Security Advisory - SOS-12-003
  • From: Lists
• gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
  • From: Mark Krenz
• Eleytt Research ER-03-2012
  • From: Michal Bucko
• [SECURITY] [DSA 2428-1] freetype security update
  • From: Moritz Muehlenhoff
• Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
  • From: Dmitry Yu. Bolkhovityanov
• VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service
  • From: VMware Security Team
• VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE
  • From: VMware Security Team
• Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
  • From: Henri Salo
• LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption
  • From: Markus Vervier
• Synology Photo Station 5 - Reflected Cross-Site Scripting
  • From: simon . ganiere
• Wikidforum 2.10 Multiple security vulnerabilities
  • From: sschurtz
• Re: Ariadne 2.7.6 Multiple XSS vulnerabilities
  • From: Henri Salo
• [SECURITY] [DSA 2430-1] python-pam security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2431-1] libdbd-pg-perl security update
  • From: Moritz Muehlenhoff
• OSI Security: CheckPoint Firewall VPN - Information Disclosure
  • From: Patrick Webster
• Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
  • From: Security Mailing List
• Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004
  • From: Lists
• APPLE-SA-2012-03-12-1 Safari 5.1.4
  • From: Apple Product Security
• [SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code
  • From: security-alert
• Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417]
  • From: Narendra Shinde
• ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities
  • From: Security_Alert
• Announcing Hackademic CFP
  • From: B Potter
• PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability
  • From: moshez
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Struts2 Security Challenge
  • From: Ivan Buetler
• Oracle Exadata Infiniband Switch default logins and world readable shadow file
  • From: larry0
• Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
  • From: Security Mailing List
• nginx fix for malformed HTTP responses from upstream servers
  • From: security-bulletin
• WikyBlog 1.7.3RC2 XSS vulnerability
  • From: sschurtz
• [SECURITY] [DSA 2433-1] iceweasel security update
  • From: Moritz Muehlenhoff
• AST-2012-002: Remote Crash Vulnerability in Milliwatt Application
  • From: Asterisk Security Team
• AST-2012-003: Stack Buffer Overflow in HTTP Manager
  • From: Asterisk Security Team
• VMSA-2012-0004 VMware View privilege escalation and cross-site scripting
  • From: VMware Security Team
• [ MDVSA-2012:029 ] pidgin
  • From: security
• [ MDVSA-2012:030 ] systemd
  • From: security
• [Announcement] ClubHack Mag - Call for Articles
  • From: abhijeet
• VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
  • From: VMware Security Team
• [ MDVSA-2012:031 ] firefox
  • From: security
• Re: WikyBlog 1.7.3RC2 XSS vulnerability
  • From: Henri Salo
• Android wipe unreliable
  • From: Jan Schejbal
• [security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
  • From: security-alert
• at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability
  • From: demonalex
• ESA-2012-014: RSA enVision Multiple Vulnerabilities
  • From: Security_Alert
• Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability
  • From: nospam
• SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom
  • From: SEC Consult Vulnerability Lab
• Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
  • From: vince
• RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?)
  • From: Joe Arnold
• Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"
  • From: CXySuYg5DuKktzX
• ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability
  • From: nospam
• VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768)
  • From: VUPEN Security Research
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products
  • From: sumanj
• Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass
  • From: RGill
• [SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update
  • From: Thijs Kinkhorst
• Re: [oss-security] Case YVS Image Gallery
  • From: Kurt Seifried
• [SECURITY] [DSA 2434-1] nginx security update
  • From: Luciano Bello
• [SECURITY] [DSA 2435-1] gnash security update
  • From: Gabriele Giacone
• [MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability
  • From: david . kurz
• [security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS)
  • From: security-alert
• Regarding MS12-020
  • From: Thor \(Hammer of God\)
• [ MDVSA-2012:032 ] mozilla
  • From: security
• Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
  • From: Security
• Cyberoam Unified Threat Management: Insecure Password Handling
  • From: Saurabh Harit
• Cyberoam Unified Threat Management: OS Command Execution
  • From: Saurabh Harit
• Multiple vulnerabilities in Open Journal Systems (OJS)
  • From: advisory
• CMSimple_XH 1.5.2 Cross-site Scripting vulnerability
  • From: sschurtz
• [ MDVSA-2012:033 ] libpng
  • From: security
• Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)
  • From: Irene Abezgauz
• [SECURITY] [DSA 2437-1] icedove security update
  • From: Moritz Muehlenhoff
• RE: Regarding MS12-020
  • From: Jim Harrison
• RE: Regarding MS12-020
  • From: Thor \(Hammer of God\)
• CA20120320-01: Security Notice for CA ARCserve Backup
  • From: Kotas, Kevin J
• Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability
  • From: nospam
• struts2 xsltResult Local code execution vulnerability
  • From: voidloafer
• [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter
  • From: Martin Grigorov
• [CVE-2012-1089] Apache Wicket serving of hidden files vulnerability
  • From: Martin Grigorov
• Prado TJavaScript::encode() script injection vulnerability
  • From: gabor . berczi
• 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
  • From: Mark Stanislav
• 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
  • From: Mark Stanislav
• [SECURITY] [DSA 2438-1] raptor security update
  • From: Moritz Muehlenhoff
• [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256
  • From: Leif Hedstrom
• [SECURITY] [DSA 2439-1] libpng security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2012:034 ] libzip
  • From: security
• [ MDVSA-2012:035 ] file
  • From: security
• [ MDVSA-2012:036 ] libsoup
  • From: security
• [ MDVSA-2012:037 ] cyrus-imapd
  • From: security
• CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
  • From: VSR Advisories
• [SECURITY] [DSA 2440-1] libtasn1-3 security update
  • From: Florian Weimer
• SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver
  • From: Steffen Dettmer
• [SECURITY] [DSA 2441-1] gnutls26 security update
  • From: Florian Weimer
• Traffic amplification via Quake 3-based servers
  • From: Simon McVittie
• [ MDVSA-2012:038 ] openssl
  • From: security
• Matthew1471s ASP BlogX - XSS Vulnerabilities
  • From: demonalex
• [SECURITY] [DSA 2442-1] openarena security update
  • From: Florian Weimer
• [SECURITY] [DSA 2443-1] linux-2.6 security update
  • From: dann frazier
• [PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip
  • From: Timo Warns
• [ MDVSA-2012:039 ] libtasn1
  • From: security
• [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0
  • From: come2waraxe
• PcwRunAs Password Obfuscation Design Flaw
  • From: otr
• [ MDVSA-2012:040 ] gnutls
  • From: security
• Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
  • From: Solar Designer
• [ MDVSA-2012:041 ] expat
  • From: security
• [ MDVSA-2012:042 ] wireshark
  • From: security
• [security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data
  • From: security-alert
• [security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
  • From: security-alert
• Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow
  • From: nospam
• Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
  • From: nospam
• D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability
  • From: nospam
• Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability
  • From: nospam
• OWASP AppSec Research EU CFP/CFT
  • From: OWASP AppSec EU
• [SECURITY] [DSA 2444-1] tryton-server security update
  • From: Florian Weimer
• NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens
  • From: Research@NGSSecure
• NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts
  • From: Research@NGSSecure
• NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators
  • From: Research@NGSSecure
• NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI
  • From: Research@NGSSecure
• NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
  • From: Research@NGSSecure
• NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user
  • From: Research@NGSSecure
• [ MDVSA-2012:043 ] nginx
  • From: security
• [ MDVSA-2012:044 ] cvs
  • From: security
• Cross-site scripting vulnerability in Invision Power Board version 3.2.3
  • From: Netsparker Advisories
• [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
  • From: come2waraxe
• Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
  • From: Research
• PHP 5.4/5.3 deprecated eregi() memory_limit bypass
  • From: cxib
• [ MDVSA-2012:045 ] gnutls
  • From: security
• Intuit Help System Protocol URL Heap Corruption and Memory Leak
  • From: ds . adv . pub
• Intuit Help System Protocol File Retrieval
  • From: ds . adv . pub
• VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation
  • From: ds . adv . pub