Mail Index
- Landshop v0.9.2 - Multiple Web Vulnerabilities
- VMSA-2012-0006 VMware ESXi and ESX address several security issues
- From: VMware Security Team
- [SECURITY] [DSA 2445-1] typo3-src security update
- [SECURITY] [DSA 2442-2] openarena regression
- SQL injection in Wordpress plugin Buddypress
- [SECURITY] [DSA 2398-2] curl regression
- IPv6 stable privacy addresses
- Hackito 2012 Crypto Challenge
- [ MDVSA-2012:046 ] libpng
- [ MDVSA-2012:047 ] freeradius
- [ MDVSA-2012:048 ] mutt
- [ MDVSA-2012:049 ] nagios
- [security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection
- [ MDVSA-2012:050 ] phpmyadmin
- [security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS)
- [ MDVSA-2012:051 ] libvorbis
- [ MDVSA-2012:052 ] libvorbis
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
- Arbor Networks Peakflow SP web interface XSS
- APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
- From: Apple Product Security
- Multiple vulnerabilities in osCmax
- 'e-ticketing' SQL Injection (CVE-2012-1673)
- 'phpPaleo' Local File Inclusion (CVE-2012-1671)
- [DCA-2011-0016] - Tufin SecureTrack Cross Site Script
- From: Ewerson Guimarães (Crash) - Dclabs
- 'Hotel Booking Portal' SQL Injection (CVE-2012-1672)
- [security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS)
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:053 ] ocsinventory
- [SE-2012-01] Security vulnerabilities in Java SE
- From: Security Explorations
- Sourcefire Defense Center - multiple vulnerabilities.
- [SECURITY] [DSA 2446-1] libpng security update
- Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities
- ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities
- DirectAdmin v1.403 - Cross Site Scripting Vulnerability
- [SECURITY] [DSA 2447-1] tiff security update
- Re: Arbor Networks Peakflow SP web interface XSS
- Re: Arbor Networks Peakflow SP web interface XSS
- [ MDVSA-2012:054 ] libtiff
- [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7
- Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite
- Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite
- vBulletin 4.1.10 Sql Injection Vulnerabilitiy
- Sony Bravia Remote Denial of Service - CVE-2012-2210
- Wordpress taggator plugin Sql Injection Vulnerabilities
- [waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0
- [waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4
- [security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- PHPNuke Module's Name Download SQL Injection Vulnerabilities
- [CVE-2012-1574] Apache Hadoop user impersonation vulnerability
- [waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1
- [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
- CitrusDB 2.4.1 - LFI/SQLi Vulnerability
- [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities
- idev Game Site CMS v1.0 - Multiple Web Vulnerabilites
- osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
- CsForum v0.8 - Cross Site Scripting Vulnerability
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities
- [Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities
- OWASP ZAP 1.4.0 released
- Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue
- Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities
- CVE-2012-0769, the case of the perfect info leak
- [SECURITY] [DSA 2448-1] inspircd security update
- Matterdaddy Market v1.1 - SQL Injection Vulnerabilities
- GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities
- [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus
- [ MDVSA-2012:055 ] samba
- Android information leak
- Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress
- Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed!
- Backtrack 5 R2 priv escalation 0day found in CTF exercise
- TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command
- [ MDVSA-2012:056 ] rpm
- Netjuke 1.0 RC1 - SQL Injection Vulnerabilities
- [Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities
- [waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
- TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
- From: Trustwave Advisories
- [ MDVSA-2012:057 ] freetype2
- online newspaper university"newsdesc.php" SQL Injection Vulnerabilities
- [SECURITY] [DSA 2449-1] sqlalchemy security update
- Crystal Office Suite v1.43 - Buffer Overflow Vulnerability
- [SE-2012-01] Security weakness in Apple Quicktime Java extensions
- From: Security Explorations
- [SECURITY] [DSA 2450-1] samba security update
- APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
- From: Apple Product Security
- Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise
- From: InterN0T Advisories
- Erronous post concerning Backtrack 5 R2 0day
- VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation
- From: VMware Security Team
- [SECURITY] [DSA 2451-1] puppet security update
- [ MDVSA-2012:058 ] curl
- Re: Erronous post concerning Backtrack 5 R2 0day
- ACC PHP eMail v1.1 - Multiple Web Vulnerabilites
- APPLE-SA-2012-04-13-1 Flashback malware removal tool
- From: Apple Product Security
- [Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability
- Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012
- Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities
- Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
- Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities
- [Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities
- Passwords^12 : Call for Presentations
- [CVE-2012-1621] Apache OFBiz information disclosure vulnerability
- [CVE-2012-1622] Apache OFBiz information disclosure vulnerability
- FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2452-1] apache2 security update
- [SECURITY] [DSA 2453-1] gajim security update
- [ MDVSA-2012:059 ] python-sqlalchemy
- ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting
- From: ACROS Security Lists
- Fwd: PHP Gift Registry 1.5.5 SQL Injection
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
- [security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- [security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS)
- Squid URL Filtering Bypass
- From: Gabriel Menezes Nunes
- McAfee Web Gateway URL Filtering Bypass
- From: Gabriel Menezes Nunes
- Re: Wordpress advanced-text-widget Plugin Vulnerabilities
- Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities
- Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
- DokuWiki Ver.2012/01/25 CSRF Add User Exploit
- ClubHack Magazine's April 2012 Issue is released.
- VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)
- From: VUPEN Security Research
- Acuity CMS 2.6.x <= Cross Site Scripting
- From: YGN Ethical Hacker Group
- [ MDVSA-2012:032-1 ] mozilla
- TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
- Multiple XSS vulnerabilities in XOOPS
- Multiple vulnerabilities in Newscoop
- [security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS)
- Re: Squid URL Filtering Bypass
- Re: Squid URL Filtering Bypass
- From: Gabriel Menezes Nunes
- ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
- The history of a -probably- 13 years old Oracle bug: TNS Poison
- Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9
- [SECURITY] [DSA 2453-2] gajim regression
- Ruxcon 2012 Call For Papers
- VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773)
- From: VUPEN Security Research
- [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)
- Re: Squid URL Filtering Bypass
- [ MDVSA-2012:060 ] openssl
- Vulnerabilities in Samsung TV (remote controller protocol)
- [SECURITY] [DSA 2454-1] openssl security update
- [security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
- DC4420 - London DEFCON - April meet - Tuesday April 24th 2012
- RE: Squid URL Filtering Bypass
- Incomplete protection of Oracle Database locked accounts (CVE-2012-0510)
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
- From: Esteban Martinez Fayo
- Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511)
- Specially crafted Json service request allows full control over a Liferay portal instance
- SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512)
- Liferay 6.1 can be compromised in its default configuration
- SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)
- HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)
- HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527)
- Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511)
- Specially crafted webdav request allows reading of local files on liferay 6.0.x
- IPv6 host scanning in IPv6
- [security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- XSS in Kaseya version 6.2.0.0 web interface
- [SECURITY] [DSA 2455-1] typo3-src security update
- Re: Squid URL Filtering Bypass
- Re: McAfee Web Gateway URL Filtering Bypass
- Re: Squid URL Filtering Bypass
- From: Gabriel Menezes Nunes
- [ MDVSA-2012:061 ] raptor
- [ MDVSA-2012:062 ] openoffice.org
- [ MDVSA-2012:063 ] libreoffice
- phpMyBible 0.5.1 Mutiple XSS
- [Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability
- [Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities
- PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
- [Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability
- XSS and Blind SQL Injection Vulnerabilities in ExponentCMS
- From: Netsparker Advisories
- [HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
- HTC IQRD Android Permission Leakage (CVE-2012-2217)
- .NET Framework EncoderParameter integer overflow vulnerability
- From: Akita Software Security
- ChurchCMS 0.0.1 'admin.php' Multiple SQLi
- AST-2012-004: Asterisk Manager User Unauthorized Shell Access
- From: Asterisk Security Team
- AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver
- From: Asterisk Security Team
- AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver
- From: Asterisk Security Team
- WebCalendar <= 1.2.4 Two Security Vulnerabilities
- FYI: We're now paying up to $20,000 for web vulns in our services
- Re: phpMyBible 0.5.1 Mutiple XSS
- [ MDVSA-2012:064 ] openssl0.9.8
- RuggedCom - Backdoor Accounts in my SCADA network? You don't say...
- [security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)
- New IETF I-D: Security Implications of IPv6 on IPv4 networks
- RE: McAfee Web Gateway URL Filtering Bypass
- PHP Ticket System Beta 1 'p' SQL Injection
- [SECURITY] [DSA 2457-1] iceweasel security update
- [SECURITY] [DSA 2456-1] dropbear security update
- [SECURITY] [DSA 2548-1] iceape security update
- [SECURITY] [DSA 2454-2] openssl incomplete fix
- linux privileged and arbitrary chdir() (fixed at 5.4 cifs release)
- Multiple vulnerabilities in Piwigo
- [SECURITY] [DSA 2460-1] asterisk security update
- RE: We're now paying up to $20,000 for web vulns in our services
- Re: We're now paying up to $20,000 for web vulns in our services
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- ToorCamp 2012: The American Hacker Camp
- [SECURITY] [DSA 2459-1] quagga security update
- Oracle TNS Poison vulnerability is actually a 0day with no patch available
- Re: The history of a -probably- 13 years old Oracle bug: TNS Poison
- PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities
- [security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
- DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal
- DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal
- [ MDVSA-2012:066 ] mozilla
- [security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware
- [SECURITY] [DSA 2461-1] spip security update
- DIY CMS v1.0 Poll - Multiple Web Vulnerabilities
- DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities
- Car Portal CMS v3.0 - Multiple Web Vulnerabilities
- C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
- VMSA-2012-0008 VMware ESX updates to ESX Service Console
- From: VMware Security Team
- [ MDVSA-2012:065 ] php
- [SECURITY] [DSA 2462-1] imagemagick security update
Mail converted by MHonArc