Mail Thread Index
- Multiple XSS in Dotclear,
advisory
- [ MDVSA-2012:026 ] postgresql,
security
- [ MDVSA-2012:027 ] postgresql8.3,
security
- Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2421-1] moodle security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2422-1] file security update,
Florian Weimer
- [ MDVSA-2012:028 ] libxslt,
security
- [Suspected Spam] FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability,
research@xxxxxxxxxxxxxxxxxxxxx
- [Suspected Spam] Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities,
research@xxxxxxxxxxxxxxxxxxxxx
- [SECURITY] [DSA 2423-1] movabletype-opensource security update,
Florian Weimer
- Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D),
Fernando Gont
- Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability,
demonalex
- [SECURITY] [DSA 2424-1] libxml-atom-perl security update,
Florian Weimer
- %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process),
Stefan Kanthak
- [SECURITY] [DSA 2425-1] plib security update,
Florian Weimer
- Symfony2 Local File Disclosure - Security Advisory - SOS-12-002,
Lists
- Timesheet Next Gen 1.5.2 Multiple SQLi,
Thomas Richards
- Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability,
YGN Ethical Hacker Group
- Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities,
YGN Ethical Hacker Group
- 11in1 CMS v1.2.1 - SQL Injection Vulnerabilities,
admin@v-lab
- [TSI-ADV-1201] Path Traversal on Polycom Web Management Interface,
Joao Paulo Caldas Campello
- [TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection,
Joao Paulo Caldas Campello
- ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability,
Security_Alert
- [SECURITY] [DSA 2426-1] gimp security update,
Florian Weimer
- [SECURITY] [DSA 2427-1] imagemagick security update,
Florian Weimer
- [security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass,
security-alert
- XCon 2012 XFocus Information Security Conference Call for Paper,
xcon
- Multiple XSS in Fork CMS,
advisory
- Multiple SQL injections in rivettracker <=1.03,
ali . raheem
- OSClass directory traversal (leads to arbitrary file upload),
Filippo Cavallarin
- [security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information,
security-alert
- [SECURITY] [DSA 2429-1] mysql-5.1 security update,
Florian Weimer
- APPLE-SA-2012-03-07-1 iTunes 10.6,
Apple Product Security
- APPLE-SA-2012-03-07-2 iOS 5.1 Software Update,
Apple Product Security
- APPLE-SA-2012-03-07-3 Apple TV 5.0,
Apple Product Security
- [Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability,
research@xxxxxxxxxxxxxxxxxxxxx
- [Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities,
research@xxxxxxxxxxxxxxxxxxxxx
- Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities,
research@xxxxxxxxxxxxxxxxxxxxx
- Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities,
research@xxxxxxxxxxxxxxxxxxxxx
- Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability,
research@xxxxxxxxxxxxxxxxxxxxx
- SAP Business Objects XI R2 Infoview Multiple XSS,
vulns
- Iciniti Store SQL Injection - Security Advisory - SOS-12-003,
Lists
- gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk,
Mark Krenz
- Eleytt Research ER-03-2012,
Michal Bucko
- [SECURITY] [DSA 2428-1] freetype security update,
Moritz Muehlenhoff
- VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service,
VMware Security Team
- VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE,
VMware Security Team
- Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS,
Henri Salo
- LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption,
Markus Vervier
- Synology Photo Station 5 - Reflected Cross-Site Scripting,
simon . ganiere
- Wikidforum 2.10 Multiple security vulnerabilities,
sschurtz
- Re: Ariadne 2.7.6 Multiple XSS vulnerabilities,
Henri Salo
- [SECURITY] [DSA 2430-1] python-pam security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 2431-1] libdbd-pg-perl security update,
Moritz Muehlenhoff
- OSI Security: CheckPoint Firewall VPN - Information Disclosure,
Patrick Webster
- Android wireless accepts fake response (No interaction requires) (Vulnerability ?),
Security Mailing List
- Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004,
Lists
- APPLE-SA-2012-03-12-1 Safari 5.1.4,
Apple Product Security
- [SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update,
Moritz Muehlenhoff
- [security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417],
Narendra Shinde
- ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities,
Security_Alert
- Announcing Hackademic CFP,
B Potter
- PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability,
moshez
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Struts2 Security Challenge,
Ivan Buetler
- Oracle Exadata Infiniband Switch default logins and world readable shadow file,
larry0
- nginx fix for malformed HTTP responses from upstream servers,
security-bulletin
- WikyBlog 1.7.3RC2 XSS vulnerability,
sschurtz
- [SECURITY] [DSA 2433-1] iceweasel security update,
Moritz Muehlenhoff
- AST-2012-002: Remote Crash Vulnerability in Milliwatt Application,
Asterisk Security Team
- AST-2012-003: Stack Buffer Overflow in HTTP Manager,
Asterisk Security Team
- VMSA-2012-0004 VMware View privilege escalation and cross-site scripting,
VMware Security Team
- [ MDVSA-2012:029 ] pidgin,
security
- [ MDVSA-2012:030 ] systemd,
security
- [Announcement] ClubHack Mag - Call for Articles,
abhijeet
- VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues,
VMware Security Team
- [ MDVSA-2012:031 ] firefox,
security
- Android wipe unreliable,
Jan Schejbal
- [security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default,
security-alert
- at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability,
demonalex
- ESA-2012-014: RSA enVision Multiple Vulnerabilities,
Security_Alert
- Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability,
nospam
- SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom,
SEC Consult Vulnerability Lab
- Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug",
CXySuYg5DuKktzX
- ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability,
nospam
- VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768),
VUPEN Security Research
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products,
sumanj
- Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass,
RGill
- [SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update,
Thijs Kinkhorst
- Re: [oss-security] Case YVS Image Gallery,
Kurt Seifried
- [SECURITY] [DSA 2434-1] nginx security update,
Luciano Bello
- [SECURITY] [DSA 2435-1] gnash security update,
Gabriele Giacone
- [MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability,
david . kurz
- [security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- Regarding MS12-020,
Thor \(Hammer of God\)
- [ MDVSA-2012:032 ] mozilla,
security
- Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1,
Security
- Cyberoam Unified Threat Management: Insecure Password Handling,
Saurabh Harit
- Cyberoam Unified Threat Management: OS Command Execution,
Saurabh Harit
- Multiple vulnerabilities in Open Journal Systems (OJS),
advisory
- CMSimple_XH 1.5.2 Cross-site Scripting vulnerability,
sschurtz
- [ MDVSA-2012:033 ] libpng,
security
- Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter),
Irene Abezgauz
- [SECURITY] [DSA 2437-1] icedove security update,
Moritz Muehlenhoff
- CA20120320-01: Security Notice for CA ARCserve Backup,
Kotas, Kevin J
- Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability,
nospam
- struts2 xsltResult Local code execution vulnerability,
voidloafer
- [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter,
Martin Grigorov
- [CVE-2012-1089] Apache Wicket serving of hidden files vulnerability,
Martin Grigorov
- Prado TJavaScript::encode() script injection vulnerability,
gabor . berczi
- 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670),
Mark Stanislav
- 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669),
Mark Stanislav
- [SECURITY] [DSA 2438-1] raptor security update,
Moritz Muehlenhoff
- [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256,
Leif Hedstrom
- [SECURITY] [DSA 2439-1] libpng security update,
Moritz Muehlenhoff
- [ MDVSA-2012:034 ] libzip,
security
- [ MDVSA-2012:035 ] file,
security
- [ MDVSA-2012:036 ] libsoup,
security
- [ MDVSA-2012:037 ] cyrus-imapd,
security
- CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected),
VSR Advisories
- [SECURITY] [DSA 2440-1] libtasn1-3 security update,
Florian Weimer
- SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver,
Steffen Dettmer
- [SECURITY] [DSA 2441-1] gnutls26 security update,
Florian Weimer
- Traffic amplification via Quake 3-based servers,
Simon McVittie
- [ MDVSA-2012:038 ] openssl,
security
- Matthew1471s ASP BlogX - XSS Vulnerabilities,
demonalex
- [SECURITY] [DSA 2442-1] openarena security update,
Florian Weimer
- [SECURITY] [DSA 2443-1] linux-2.6 security update,
dann frazier
- [PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip,
Timo Warns
- [ MDVSA-2012:039 ] libtasn1,
security
- [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0,
come2waraxe
- PcwRunAs Password Obfuscation Design Flaw,
otr
- [ MDVSA-2012:040 ] gnutls,
security
- [ MDVSA-2012:041 ] expat,
security
- [ MDVSA-2012:042 ] wireshark,
security
- [security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information,
security-alert
- [security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data,
security-alert
- [security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow,
nospam
- Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution,
nospam
- D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability,
nospam
- Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability,
nospam
- OWASP AppSec Research EU CFP/CFT,
OWASP AppSec EU
- [SECURITY] [DSA 2444-1] tryton-server security update,
Florian Weimer
- NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens,
Research@NGSSecure
- NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts,
Research@NGSSecure
- NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators,
Research@NGSSecure
- NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI,
Research@NGSSecure
- NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked,
Research@NGSSecure
- NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user,
Research@NGSSecure
- [ MDVSA-2012:043 ] nginx,
security
- [ MDVSA-2012:044 ] cvs,
security
- Cross-site scripting vulnerability in Invision Power Board version 3.2.3,
Netsparker Advisories
- [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18,
come2waraxe
- Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability,
Research
- PHP 5.4/5.3 deprecated eregi() memory_limit bypass,
cxib
- [ MDVSA-2012:045 ] gnutls,
security
- Intuit Help System Protocol URL Heap Corruption and Memory Leak,
ds . adv . pub
- Intuit Help System Protocol File Retrieval,
ds . adv . pub
- VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation,
ds . adv . pub
Mail converted by MHonArc