Mail Thread Index

• Date Index

• [security bulletin] HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• script-fu buffer overflow in GIMP 2.6, Joseph Sheridan
• [ MDVSA-2012:086 ] acpid, security
• [security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, security-alert
• OpenSSL 1.0.1 Buffer Overflow Vulnerability, chenz9187
• [SECURITY] [DSA 2483-1] strongswan security update, Yves-Alexis Perez
• [SECURITY] [DSA 2484-1] nut security update, Thijs Kinkhorst
• [SECURITY] [DSA 2481-1] arpwatch security update, Yves-Alexis Perez
• [SECURITY] [DSA 2482-1] arpwatch security update, Yves-Alexis Perez
• [SECURITY] [DSA 2482-1] libgdata security update, Yves-Alexis Perez
• [SECURITY] [DSA 2485-1] imp4 security update, Thijs Kinkhorst
• EUSecWest 2012 - Amsterdam, Sept 19/20 featuring Mobile PWN2OWN - CFP Deadline June 15, Dragos Ruiu
• Arbitrary File Upload/Execution in Collabtive, Mark Hoopes
• [ MDVSA-2012:087 ] nut, security
• Sielco Sistemi Winlog Buffer Overflow <= v2.07.14, devnull
  • <Possible follow-ups>
  • Re: Sielco Sistemi Winlog Buffer Overflow <= v2.07.14, devnull
• SQL injection in Bigware shop software, rwenzel
• [SECURITY] [DSA 2486-1] bind9 security update, Florian Weimer
• SQL injection in Serendipity, advisory
• Re: rssh security announcement, Derek Martin
• ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution, ZDI Disclosures
• ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability, Zero Day Initiative
• ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability, ZDI Disclosures
  • Re: ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability, Steve Shockley
• ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service, Secunia Research
• Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows, Secunia Research
• Mybb 1.6.8 Sql Injection Vulnerabilitiy, Amir
  • Re: Mybb 1.6.8 Sql Injection Vulnerabilitiy, Henri Salo
  • Re: Mybb 1.6.8 Sql Injection Vulnerabilitiy, Henri Salo
• ComSndFTP Server Remote Format String Overflow Vulnerability, demonalex
• [SECURITY] [DSA 2480-3] request-tracker3.8 regression update, Florian Weimer
• CVE-2012-3287: md5crypt is no longer considered safe, phk
  • Re: CVE-2012-3287: md5crypt is no longer considered safe, Solar Designer
• [SECURITY] [DSA 2487-1] openoffice.org security update, Florian Weimer
• [SECURITY] [DSA 2489-1] iceape security update, Thijs Kinkhorst
• [SECURITY] [DSA 2490-1] nss security update, Thijs Kinkhorst
• [SECURITY] [DSA 2488-1] iceweasel security update, Thijs Kinkhorst
• Analysis: Vast IPv6 address space actually enables IPv6 attacks, Fernando Gont
  • Re: Analysis: Vast IPv6 address space actually enables IPv6 attacks, Fernando Gont
  • Re: Analysis: Vast IPv6 address space actually enables IPv6 attacks, Lee Dilkie
  • Message not available
    • Re: Analysis: Vast IPv6 address space actually enables IPv6 attacks, Fernando Gont
• ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2491-1] postgresql-8.4 security update, Florian Weimer
• [ MDVSA-2012:089 ] bind, security
• [SECURITY] [DSA 2492-1] php5 security update, Florian Weimer
• [MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability, Florent Daigniere
• [security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS), security-alert
• APPLE-SA-2012-06-11-1 iTunes 10.6.3, Apple Product Security
• FreeBSD Security Advisory FreeBSD-SA-12:03.bind, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-12:04.sysret, FreeBSD Security Advisories
• [ MDVSA-2012:088 ] mozilla, security
• IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE, king cope
• [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability, Inshell Security
• [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation, 0x721427D8 0x721427D8
• [SECURITY] [DSA 2493-1] asterisk security update, Florian Weimer
• ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability, ZDI Disclosures
• APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9, Apple Product Security
• CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file., Boston Cyber Defense
• [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability, Code Audit Labs
• [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability, Code Audit Labs
• [SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE, Security Explorations
• Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack, moshez
• [Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities, Research
• Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities, Research
• QuickBlog v0.8 CMS - Multiple Web Vulnerabilities, Research
• ADICO CMS v1.1 - Blind SQL Injection Vulnerability, Research
• iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites, Research
• Interspire Shopping Cart v6 - Multiple Web Vulnerabilities, Research
• Nuked Klan SP CMS v4.5 - SQL injection Vulnerability, Research
• VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues, VMware Security Team
• [ MDVSA-2012:090 ] openoffice.org, security
• [ MDVSA-2012:091 ] libreoffice, security
  • <Possible follow-ups>
  • [ MDVSA-2012:091 ] libreoffice, security
• [security bulletin] HPSBOV02774 SSRT100684 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Remote Denial of Service (DoS), security-alert
• Re: Bugtraq ID# 53694 is invalid/fake, Information Booth
• [SECURITY] [DSA 2494-1] ffmpeg security update, Florian Weimer
• [slackware-security] mozilla-firefox (SSA:2012-166-02), Slackware Security Team
• [slackware-security] seamonkey (SSA:2012-166-04), Slackware Security Team
• [slackware-security] bind (SSA:2012-166-01), Slackware Security Team
• [ MDVSA-2012:092 ] postgresql, security
• [ MDVSA-2012:093 ] php, security
• IObit Protected Folder Authentication Bypass, Adam Behnke
• Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities, Research
• [Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities, Research
  • <Possible follow-ups>
  • [Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities, Research
• Simple Forum PHP 2.1 - SQL Injection Vulnerabilities, Research
• Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites, Research
• Cells Blog CMS v1.1 - Multiple Web Vulnerabilites, Research
• MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities, Research
• [CAL-2012-0015] opera website spoof, Code Audit Labs
  • Re: [CAL-2012-0015] opera website spoof, Code Audit Labs
• CSNC-2012-004 Generic XSS in AdNovum nevisProxy, Cyrill Brunschwiler
• 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0, 0a29 40
• AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections, Ivan Buetler
• AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability, Asterisk Security Team
• nullcon Delhi 2012 Final call for Paper/Events (extended to 10th July) and First round of speakers, nullcon
• News Script PHP v1.2 - Multiple Web Vulnerabilites, Research
• Webify Product Series - Multiple Web Vulnerabilities, Research
• [SECURITY] [DSA 2495-1] openconnect security update, Moritz Muehlenhoff
• QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory, Lists
• Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007, Lists
• [ MDVSA-2012:094 ] clamav, security
• [ MDVSA-2012:095 ] java-1.6.0-openjdk, security
• SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure, SEC Consult Vulnerability Lab
• SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass, SEC Consult Vulnerability Lab
• DC4420 - London DEFCON - June meet - Tuesday June 19th 2012, Major Malfunction
• Re: SAXoPRESS - directory traversal, foo
• [SECURITY] [DSA 2496-1] mysql-5.1 security update, Thijs Kinkhorst
• [security bulletin] HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges, security-alert
• [security bulletin] HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS), security-alert
• FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED], FreeBSD Security Advisories
• [security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS), security-alert
• VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037), VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875), VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876), VUPEN Security Research
• [Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs, Stefan Kanthak
• [Announcement] ClubHack Magazine Issue 29, June 2012 Released, abhijeet
• Multiple vulnerabilities in web@all, advisory
• Commentics 2.0 <= Multiple Vulnerabilities, pereira
• [ MDVSA-2012:096 ] python, security
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2012:097 ] python, security
• [SECURITY] [DSA 2497-1] quagga security update, Florian Weimer
• [ MDVSA-2012:098 ] libxml2, security
• Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy, Amir
  • Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy, Henri Salo
    • Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy, Yaniv Shaked
      • Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy, Gianluca Brindisi
    • Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy, coptang
  • <Possible follow-ups>
  • Re: Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy, nathan
• [ MDVSA-2012:099 ] net-snmp, security
• CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow, CORE Security Technologies Advisories
• ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBOV02780 SSRT100766 rev.2 - HP OpenVMS ACMELOGIN, Local Unauthorized Access and Increased Privileges, security-alert
• [security bulletin] HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Access, security-alert
• [ MDVSA-2012:088-1 ] mozilla, security
• [SECURITY] [DSA 2499-1] icedove security update, Florian Weimer
• [SECURITY] [DSA 2500-1] mantis security update, Florian Weimer
• [SECURITY] [DSA 2501-1] xen security update, Florian Weimer
• [SECURITY] [DSA 2502-1] python-crypto security update, Moritz Muehlenhoff
• hashdays 2012 - Call for Papers (#days CFP), Hashdays CFP
• [ MDVSA-2012:100 ] rsyslog, security
• [slackware-security] freetype (SSA:2012-176-01), Slackware Security Team
• Re: The history of a -probably- 13 years old Oracle bug: TNS Poison, prpgk1
  • Re: The history of a -probably- 13 years old Oracle bug: TNS Poison, Gary Driggs
• CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability, Dave
• CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability, Dave
• [SECURITY] [DSA 2498-1] dhcpcd security update, Yves-Alexis Perez
• [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released), Security Explorations
• [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution, n0b0d13s
  • <Possible follow-ups>
  • [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution, n0b0d13s
• OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components, Stefan Kanthak
• SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection, SEC Consult Vulnerability Lab
• [security bulletin] HPSBMU02792 SSRT100820 rev.2 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities, ZDI Disclosures
• ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution, ZDI Disclosures
• ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution, ZDI Disclosures
• Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS), security-alert
• ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2503-1] bcfg2 security update, Florian Weimer
• [SECURITY] [DSA 2504-1] libspring-2.5-java security update, Florian Weimer
• ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
• REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability, Rewterz - Research Group
• Vulnerabilities in Winlog 2.07.16, Luigi Auriemma
• Irfanview Plugins JLS Decompression, Joseph Sheridan
• GIMP FIT File Format DoS, Joseph Sheridan