Mail Index
- MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015]
- [SECURITY] [DSA 2518-1] krb5 security update
- Barracuda Appliances - Validation Filter Bypass Vulnerability
- Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities
- ME Application Manager 10 - Multiple Web Vulnerabilities
- Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities
- ME Mobile Application Manager v10 - SQL Vulnerabilities
- Kaspersky PM 5.0.0.164 - Software Filter Vulnerability
- Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow
- Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow
- [ MDVSA-2012:111 ] krb5
- [SECURITY] [DSA 2519-1] isc-dhcp security update
- [ MDVSA-2012:121 ] libjpeg-turbo
- [security bulletin] HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code
- Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability
- Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability
- My ROP mitigation
- [SECURITY] [DSA 2520-1] openoffice.org security update
- [ MDVSA-2012:122 ] icedtea-web
- 29C3: Call for Participation for 29th Chaos Communication Congress
- ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
- ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
- ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability
- ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability
- ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability
- ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities
- ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability
- ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability
- [ MDVSA-2012:123 ] libreoffice
- [SECURITY] [DSA 2521-1] libxml2 security update
- [ MDVSA-2012:124 ] openoffice.org
- [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
- Joomla com_package - SQL Injection Vulnerability
- [SECURITY] [DSA 2522-1] fckeditor security update
- [SECURITY] [DSA 2519-2] isc-dhcp regression
- AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
- iAuto Mobile Application 2012 - Multiple Web Vulnerabilities
- Inout Mobile Webmail APP - Multiple Web Vulnerabilities
- [ MDVSA-2012:125 ] wireshark
- Joomla com_photo - SQL Injection Vulnerability
- BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability
- [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities
- From: lorenzo . cantoni86
- [CVE-2012-3872] Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities
- From: lorenzo . cantoni86
- [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability
- From: lorenzo . cantoni86
- [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities
- From: lorenzo . cantoni86
- Dir2web3 Mutiple Vulnerabilities
- [SECURITY] [DSA 2523-1] globus-gridftp-server security update
- [SECURITY] [DSA 2524-1] openttd security update
- [SECURITY] [DSA 2525-1] expat security update
- FreeBSD Security Advisory FreeBSD-SA-12:05.bind
- From: FreeBSD Security Advisories
- Oracle Business Transaction Management Server FlashTunnelService WriteToFile Message Remote Code Execution
- Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion
- nullcon International security conference Delhi 2012 Highlights
- [security bulletin] HPSBMU02781 SSRT100617 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [ MDVSA-2012:126 ] libxml2
- [ MDVSA-2012:127 ] libtiff
- ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability
- MobileCartly 1.0 <= Remote Code Execution Vulnerability
- Multiple vulnerabilities in PBBoard
- Multiple Vulnerabilities in phpList
- [ MDVSA-2012:128 ] bash
- Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities
- Joomla com_fireboard - SQL Injection Vulnerability
- Arasism (IR) CMS - File Upload Vulnerability
- [HITB-Announce] HITB Magazine Issue 009 - Call for Submissions
- Another Solaris 10 Patch Cluster Symlink Attack
- How well does Microsoft support (and follow) their mantra "keep your PC updated"?
- WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities
- [PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice
- [ MDVSA-2012:129 ] busybox
- [ MDVSA-2012:129-1 ] busybox
- [ MDVSA-2012:130 ] openldap
- [SECURITY] [DSA 2526-1] libotr security update
- Last reminder for Passwords^12 : Call for Presentations
- [ MDVSA-2012:131 ] libotr
- [SECURITY] [DSA 2527-1] php5 security update
- [security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS)
- GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012
- [Announcement] ClubHack Magazine's Aug 2012 Issue Released
- TCExam Edit SQL Injection
- [security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information
- [security bulletin] HPSBMU02802 SSRT100923 rev.1 - HP Fortify Software Security Center, Remote Disclosure of Privileged Information
- [security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU02803 SSRT100926 rev.1 - HP Service Manager and HP Service Center Web Tier, Remote Cross Site Scripting (XSS)
- [security bulletin] HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities
- Re: How well does Microsoft support (and follow) their mantra "keep your PC updated"?
- NeoInvoice Blind SQL Injection (CVE-2012-3477)
- 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities
- Total Shop UK eCommerce Generic Cross-Site Scripting
- TCExam Edit Cross-Site Scripting
- Group-Office Cleartext Credentials Stored in Cookies
- [SECURITY] [DSA 2528-1] icedove security update
- CFP for ZeroNights conference Moscow 19-20 November 2012
- [2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2012:132 ] glpi
- [SECURITY] [DSA 2530-1] rssh security update
- [slackware-security] t1lib (SSA:2012-228-01)
- From: Slackware Security Team
- [ MDVSA-2012:133 ] usbmuxd
- vulnerabilities in Samsung Epic 4G Touch with 2.3.6 and probably other Samsung Galaxies
- [ MDVSA-2012:135 ] wireshark
- [security bulletin] HPSBUX02806 SSRT100789 rev.1 - HP Serviceguard, Remote Denial of Service (DoS)
- [ MDVSA-2012:137 ] acpid
- [ MDVSA-2012:138 ] acpid
- [ MDVSA-2012:136 ] phpmyadmin
- NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3
- GIMP Scriptfu Python Remote Command Execution
- Social Engine v4.2.5 - Multiple Web Vulnerabilities
- ShopperPress v2.7 Wordpress - SQL Injection Vulnerability
- ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities
- Nike+ Panel & Mobile App - Multiple Web Vulnerabilities
- ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities
- [FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS
- From: Jose Carlos de Arriba
- [ MDVSA-2012:134 ] wireshark
- Internet Explorer Script Interjection Code Execution
- [slackware-security] emacs (SSA:2012-228-02)
- From: Slackware Security Team
- ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability
- ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability
- ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability
- ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
- ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability
- ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability
- ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty
- ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability
- ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability
- [SECURITY] [DSA 2531-1] xen security update
- [ MDVSA-2012:139 ] postgresql
- [ MDVSA-2012:140 ] mono
- ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability
- From: YGN Ethical Hacker Group
- ocPoral CMS 8.x | Session Hijacking Vulnerability
- From: YGN Ethical Hacker Group
- NGS00330 Patch Notification: Squiz CMS Directory Traversal
- NGS00208 Patch Notification: Moodle CMS stored XSS
- NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection
- NGS00242 Patch Notification: SysAid Helpdesk stored XSS
- APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1
- From: Apple Product Security
- [ MDVSA-2012:141 ] openslp
- apache struts2 remote code execute
- [ MDVSA-2012:142 ] gimp
- XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS
- From: Netsparker Advisories
- XSS and SQL Injection Vulnerabilities in OrderSys
- From: Netsparker Advisories
- XSS Vulnerabilities in LabWiki
- From: Netsparker Advisories
- XSS and SQL Injection Vulnerabilities in Jara
- From: Netsparker Advisories
- ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability
- ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability
- ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
- ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
- ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability
- ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability
- ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability
- ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability
- ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability
- ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability
- ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability
- ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability
- ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability
- ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability
- ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability
- ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability
- ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability
- This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.
- ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability
- [security bulletin] HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
- SaltOS 3.1 Cross-Site Scripting vulnerability
- ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability
- Ad Manager Pro v. 4 Remote FLI
- [ MDVSA-2012:143 ] python-django
- ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability
- ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability
- ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability
- [security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS)
- [SECURITY] [DSA 2533-1] pcp security update
- Re: [Full-disclosure] XSS Vulnerabilities in LabWiki
- Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008
- Re: [Full-disclosure] XSS and SQL Injection Vulnerabilities in Jara
- [slackware-security] dhcp (SSA:2012-237-01)
- From: Slackware Security Team
- Chamilo 1.8.8.4 Multiple Vulnerabilities
- Paliz CMS Full Path Disclosure Vulnerability
- Exploit Title: Mihalism Multi Host v 5.0
- Wordpress fckeditor Arbitrary File Upload Vulnerability
- CommPort 1.01 <= SQL Injection Vulnerability
- CA20111208-01: Security Notice for CA SiteMinder [updated]
- CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0
- [ MDVSA-2012:144 ] tetex
- [SE-2012-01] information regarding recently discovered Java 7 attack
- From: Security Explorations
- ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability
- [security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- ToorCon 14 Call For Papers
- [ MDVSA-2012:145 ] firefox
- t2′12: Challenge to be released 2012-09-01 10:00 EEST
- Cross-Site Scripting (XSS) in Phorum
- XSS in PrestaShop
- [ MDVSA-2012:146 ] firefox
- ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
- ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability
- ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability
- ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability
- ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability
- ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability
- ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability
- ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability
- ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability
- ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability
- ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability
- ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability
- ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability
- ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability
- ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability
- [ MDVSA-2012:147 ] mozilla-thunderbird
- Sistem Biwes Multiple Vulnerability
- Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing
- From: Seeker Research Center
- ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability
- squidGuard 1.4 - Remote Denial of Service - POC
- Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack
- From: Security Explorations
- [SECURITY] [DSA 2535-1] rtfm security update
- [security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code
- SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor
- From: SEC Consult Vulnerability Lab
- [ MDVSA-2012:074-1 ] ffmpeg
- [ MDVSA-2012:148 ] ffmpeg
- ESA-2012-038: EMC NetWorker Format String Vulnerability
Mail converted by MHonArc