Mail Thread Index

• Date Index

• Landshop v0.9.2 - Multiple Web Vulnerabilities, Research
• VMSA-2012-0006 VMware ESXi and ESX address several security issues, VMware Security Team
• [SECURITY] [DSA 2445-1] typo3-src security update, Florian Weimer
• [SECURITY] [DSA 2442-2] openarena regression, Florian Weimer
• SQL injection in Wordpress plugin Buddypress, ivan_terkin
• [SECURITY] [DSA 2398-2] curl regression, Florian Weimer
• IPv6 stable privacy addresses, Fernando Gont
• Hackito 2012 Crypto Challenge, Jonathan Brossard
• [ MDVSA-2012:046 ] libpng, security
• [ MDVSA-2012:047 ] freeradius, security
• [ MDVSA-2012:048 ] mutt, security
• [ MDVSA-2012:049 ] nagios, security
• [security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection, security-alert
• [ MDVSA-2012:050 ] phpmyadmin, security
• [security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS), security-alert
• [ MDVSA-2012:051 ] libvorbis, security
• [ MDVSA-2012:052 ] libvorbis, security
• [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities, Research
  • <Possible follow-ups>
  • [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities, Research
• Arbor Networks Peakflow SP web interface XSS, b . saleh
  • Re: Arbor Networks Peakflow SP web interface XSS, Jose Nazario
  • Re: Arbor Networks Peakflow SP web interface XSS, Jose Nazario
• APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7, Apple Product Security
• Multiple vulnerabilities in osCmax, advisory
• 'e-ticketing' SQL Injection (CVE-2012-1673), Mark Stanislav
• 'phpPaleo' Local File Inclusion (CVE-2012-1671), Mark Stanislav
• [DCA-2011-0016] - Tufin SecureTrack Cross Site Script, Ewerson Guimarães (Crash) - Dclabs
• 'Hotel Booking Portal' SQL Injection (CVE-2012-1672), Mark Stanislav
• [security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS), security-alert
• Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2012:053 ] ocsinventory, security
• [SE-2012-01] Security vulnerabilities in Java SE, Security Explorations
• Sourcefire Defense Center - multiple vulnerabilities., Filip Palian
• [SECURITY] [DSA 2446-1] libpng security update, Moritz Muehlenhoff
• Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities, Research
• ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities, Research
• DirectAdmin v1.403 - Cross Site Scripting Vulnerability, Research
• [SECURITY] [DSA 2447-1] tiff security update, Moritz Muehlenhoff
• [ MDVSA-2012:054 ] libtiff, security
• [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7, Florent Daigniere
• Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite, nospam
• Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite, nospam
• vBulletin 4.1.10 Sql Injection Vulnerabilitiy, Amir
• Sony Bravia Remote Denial of Service - CVE-2012-2210, gab . mnunes
• Wordpress taggator plugin Sql Injection Vulnerabilities, Amir
• [waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0, come2waraxe
• [waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4, come2waraxe
• [security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• PHPNuke Module's Name Download SQL Injection Vulnerabilities, CrAzY_CrAcKeR
• [CVE-2012-1574] Apache Hadoop user impersonation vulnerability, Aaron T. Myers
• [waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1, come2waraxe
• [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin, come2waraxe
• CitrusDB 2.4.1 - LFI/SQLi Vulnerability, blaszczakm
• [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities, Research
• idev Game Site CMS v1.0 - Multiple Web Vulnerabilites, Research
• osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities, Research
• CsForum v0.8 - Cross Site Scripting Vulnerability, Research
• [Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities, Research
• OWASP ZAP 1.4.0 released, psiinon
• Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue, Secunia Research
• Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities, Secunia Research
• CVE-2012-0769, the case of the perfect info leak, Fermín J. Serna
• [SECURITY] [DSA 2448-1] inspircd security update, Jonathan Wiltshire
• Matterdaddy Market v1.1 - SQL Injection Vulnerabilities, Research
• GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities, Research
• [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus, security-alert
• [ MDVSA-2012:055 ] samba, security
• Android information leak, sumanj
• Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress, advisory
• Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed!, info
• Backtrack 5 R2 priv escalation 0day found in CTF exercise, Adam Behnke
  • Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise, InterN0T Advisories
• TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command, Shatter
• [ MDVSA-2012:056 ] rpm, security
• Netjuke 1.0 RC1 - SQL Injection Vulnerabilities, Research
• [Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities, Research
• [waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0, come2waraxe
• TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, Trustwave Advisories
• [ MDVSA-2012:057 ] freetype2, security
• online newspaper university"newsdesc.php" SQL Injection Vulnerabilities, CrAzY_CrAcKeR
• [SECURITY] [DSA 2449-1] sqlalchemy security update, Nico Golde
• Crystal Office Suite v1.43 - Buffer Overflow Vulnerability, Research
• [SE-2012-01] Security weakness in Apple Quicktime Java extensions, Security Explorations
• [SECURITY] [DSA 2450-1] samba security update, Thijs Kinkhorst
• APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8, Apple Product Security
• Erronous post concerning Backtrack 5 R2 0day, Adam Behnke
  • Re: Erronous post concerning Backtrack 5 R2 0day, Jamie Riden
• VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation, VMware Security Team
• [SECURITY] [DSA 2451-1] puppet security update, Nico Golde
• [ MDVSA-2012:058 ] curl, security
• ACC PHP eMail v1.1 - Multiple Web Vulnerabilites, Research
• APPLE-SA-2012-04-13-1 Flashback malware removal tool, Apple Product Security
• [Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability, Research
• Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012, Fernando Gont
• Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities, CrAzY_CrAcKeR
• Mathematica8.0.4 on Linux /tmp/MathLink vulnerability, paul . szabo
  • Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability, Vikram Dhillon
    • Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability, paul . szabo
• Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities, Research
• [Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities, Research
• Passwords^12 : Call for Presentations, Per Thorsheim
• [CVE-2012-1621] Apache OFBiz information disclosure vulnerability, Jacopo Cappellato
• [CVE-2012-1622] Apache OFBiz information disclosure vulnerability, Jacopo Cappellato
• FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
• Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
• [SECURITY] [DSA 2452-1] apache2 security update, Stefan Fritsch
• [SECURITY] [DSA 2453-1] gajim security update, Nico Golde
• [ MDVSA-2012:059 ] python-sqlalchemy, security
• ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting, ACROS Security Lists
• Fwd: PHP Gift Registry 1.5.5 SQL Injection, Thomas Richards
• [security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities, security-alert
• [security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
• [security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
• [security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS), security-alert
• Squid URL Filtering Bypass, Gabriel Menezes Nunes
  • Re: Squid URL Filtering Bypass, Richard Barrett
    • Re: Squid URL Filtering Bypass, Gabriel Menezes Nunes
    • Re: Squid URL Filtering Bypass, Mario Vilas
      • RE: Squid URL Filtering Bypass, Jim Harrison
  • Re: Squid URL Filtering Bypass, Amos Jeffries
    • Re: Squid URL Filtering Bypass, Gabriel Menezes Nunes
• McAfee Web Gateway URL Filtering Bypass, Gabriel Menezes Nunes
  • Re: McAfee Web Gateway URL Filtering Bypass, Vikram Dhillon
    • RE: McAfee Web Gateway URL Filtering Bypass, Jim Harrison
• Re: Wordpress advanced-text-widget Plugin Vulnerabilities, Henri Salo
• Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities, Henri Salo
• Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities, Henri Salo
• DokuWiki Ver.2012/01/25 CSRF Add User Exploit, irancrash
• ClubHack Magazine's April 2012 Issue is released., v . hirve
• VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172), VUPEN Security Research
• Acuity CMS 2.6.x <= Cross Site Scripting, YGN Ethical Hacker Group
• [ MDVSA-2012:032-1 ] mozilla, security
• TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0, Tobias Glemser
• Multiple XSS vulnerabilities in XOOPS, advisory
• Multiple vulnerabilities in Newscoop, advisory
• [security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS), security-alert
• ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities, Security_Alert
• The history of a -probably- 13 years old Oracle bug: TNS Poison, Joxean Koret
  • <Possible follow-ups>
  • Re: The history of a -probably- 13 years old Oracle bug: TNS Poison, laurenz . albe
• Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9, LpSolit
• [SECURITY] [DSA 2453-2] gajim regression, Nico Golde
• Ruxcon 2012 Call For Papers, cfp
• VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773), VUPEN Security Research
• [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64), Ange Albertini
• [ MDVSA-2012:060 ] openssl, security
• Vulnerabilities in Samsung TV (remote controller protocol), Luigi Auriemma
• [SECURITY] [DSA 2454-1] openssl security update, Raphael Geissert
• [security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege, security-alert
• DC4420 - London DEFCON - April meet - Tuesday April 24th 2012, Major Malfunction
• Incomplete protection of Oracle Database locked accounts (CVE-2012-0510), Shatter
• OCIPasswordChange API leaks information of password hash (CVE-2012-0511), Esteban Martinez Fayo
  • <Possible follow-ups>
  • OCIPasswordChange API leaks information of password hash (CVE-2012-0511), Shatter
• Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511), Shatter
• Specially crafted Json service request allows full control over a Liferay portal instance, Jelmer Kuperus
• SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512), Shatter
• Liferay 6.1 can be compromised in its default configuration, Jelmer Kuperus
• SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525), Shatter
• HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526), Shatter
• HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527), Shatter
• Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528), Shatter
• Specially crafted webdav request allows reading of local files on liferay 6.0.x, Jelmer Kuperus
• IPv6 host scanning in IPv6, Fernando Gont
• [security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities, security-alert
• XSS in Kaseya version 6.2.0.0 web interface, bede
• [SECURITY] [DSA 2455-1] typo3-src security update, Nico Golde
• [ MDVSA-2012:061 ] raptor, security
• [ MDVSA-2012:062 ] openoffice.org, security
• [ MDVSA-2012:063 ] libreoffice, security
• phpMyBible 0.5.1 Mutiple XSS, Thomas Richards
  • <Possible follow-ups>
  • Re: phpMyBible 0.5.1 Mutiple XSS, Lostmon
• [Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability, Research
• [Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities, Research
• PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability, Research
• [Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability, Research
• XSS and Blind SQL Injection Vulnerabilities in ExponentCMS, Netsparker Advisories
• [HITB-Announce] HITB Magazine Issue 008 (now with print edition!), Hafez Kamal
• HTC IQRD Android Permission Leakage (CVE-2012-2217), VSR Advisories
• .NET Framework EncoderParameter integer overflow vulnerability, Akita Software Security
• ChurchCMS 0.0.1 'admin.php' Multiple SQLi, Thomas Richards
• AST-2012-004: Asterisk Manager User Unauthorized Shell Access, Asterisk Security Team
• AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver, Asterisk Security Team
• AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver, Asterisk Security Team
• WebCalendar <= 1.2.4 Two Security Vulnerabilities, n0b0d13s
• FYI: We're now paying up to $20,000 for web vulns in our services, Michal Zalewski
  • RE: We're now paying up to $20,000 for web vulns in our services, Jim Harrison
    • Re: We're now paying up to $20,000 for web vulns in our services, Michal Zalewski
      • Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services, Charles Morris
        • Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services, Michal Zalewski
• [ MDVSA-2012:064 ] openssl0.9.8, security
• RuggedCom - Backdoor Accounts in my SCADA network? You don't say..., jc
• [security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), security-alert
• New IETF I-D: Security Implications of IPv6 on IPv4 networks, Fernando Gont
• PHP Ticket System Beta 1 'p' SQL Injection, Thomas Richards
• [SECURITY] [DSA 2457-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2456-1] dropbear security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2548-1] iceape security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2454-2] openssl incomplete fix, Raphael Geissert
• linux privileged and arbitrary chdir() (fixed at 5.4 cifs release), Jesús Olmos
• Multiple vulnerabilities in Piwigo, advisory
• [SECURITY] [DSA 2460-1] asterisk security update, Moritz Muehlenhoff
• ToorCamp 2012: The American Hacker Camp, h1kari
• [SECURITY] [DSA 2459-1] quagga security update, Florian Weimer
• Oracle TNS Poison vulnerability is actually a 0day with no patch available, Joxean Koret
• PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities, Thomas Richards
• [security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
• DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal, ddivulnalert
• DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal, ddivulnalert
• [ MDVSA-2012:066 ] mozilla, security
• [security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware, security-alert
• [SECURITY] [DSA 2461-1] spip security update, Moritz Muehlenhoff
• DIY CMS v1.0 Poll - Multiple Web Vulnerabilities, Research
• DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities, Research
• Car Portal CMS v3.0 - Multiple Web Vulnerabilities, Research
• C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability, Research
• VMSA-2012-0008 VMware ESX updates to ESX Service Console, VMware Security Team
• [ MDVSA-2012:065 ] php, security
• [SECURITY] [DSA 2462-1] imagemagick security update, Moritz Muehlenhoff