Mail Thread Index

• Date Index

• MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015], Tom Yu
• [SECURITY] [DSA 2518-1] krb5 security update, Yves-Alexis Perez
• Barracuda Appliances - Validation Filter Bypass Vulnerability, Vulnerability Lab
• Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities, Vulnerability Lab
• ME Application Manager 10 - Multiple Web Vulnerabilities, Vulnerability Lab
• Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities, Vulnerability Lab
• ME Mobile Application Manager v10 - SQL Vulnerabilities, Vulnerability Lab
• Kaspersky PM 5.0.0.164 - Software Filter Vulnerability, Vulnerability Lab
• Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow, Secunia Research
• Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow, Secunia Research
• [ MDVSA-2012:111 ] krb5, security
• [SECURITY] [DSA 2519-1] isc-dhcp security update, Nico Golde
• [ MDVSA-2012:121 ] libjpeg-turbo, security
• [security bulletin] HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, security-alert
• Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability, Socket_0x03
• Kaspersky Password Manager 5.0.0.164 - Software Filter Vulnerability, Vulnerability Lab
• My ROP mitigation, Young Jun Ko
• [SECURITY] [DSA 2520-1] openoffice.org security update, Yves-Alexis Perez
• [ MDVSA-2012:122 ] icedtea-web, security
• 29C3: Call for Participation for 29th Chaos Communication Congress, fukami
• ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel), ZDI Disclosures
• ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities, ZDI Disclosures
• ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2012:123 ] libreoffice, security
• [SECURITY] [DSA 2521-1] libxml2 security update, Moritz Muehlenhoff
• [ MDVSA-2012:124 ] openoffice.org, security
• [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS), security-alert
• Joomla com_package - SQL Injection Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 2522-1] fckeditor security update, Yves-Alexis Perez
• [SECURITY] [DSA 2519-2] isc-dhcp regression, Nico Golde
• AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution, nospam
• iAuto Mobile Application 2012 - Multiple Web Vulnerabilities, Vulnerability Lab
• Inout Mobile Webmail APP - Multiple Web Vulnerabilities, Vulnerability Lab
• [ MDVSA-2012:125 ] wireshark, security
• Joomla com_photo - SQL Injection Vulnerability, Vulnerability Lab
• BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability, Vulnerability Lab
• [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities, lorenzo . cantoni86
• [CVE-2012-3872] Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities, lorenzo . cantoni86
• [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability, lorenzo . cantoni86
• [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities, lorenzo . cantoni86
• Dir2web3 Mutiple Vulnerabilities, Daniel Correa
• [SECURITY] [DSA 2523-1] globus-gridftp-server security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2524-1] openttd security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2525-1] expat security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-12:05.bind, FreeBSD Security Advisories
• Oracle Business Transaction Management Server FlashTunnelService WriteToFile Message Remote Code Execution, nospam
• Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion, nospam
• nullcon International security conference Delhi 2012 Highlights, nullcon
• [security bulletin] HPSBMU02781 SSRT100617 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [ MDVSA-2012:126 ] libxml2, security
• [ MDVSA-2012:127 ] libtiff, security
• ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability, Security Alert
• MobileCartly 1.0 <= Remote Code Execution Vulnerability, pereira
• Multiple vulnerabilities in PBBoard, advisory
• Multiple Vulnerabilities in phpList, advisory
• [ MDVSA-2012:128 ] bash, security
• Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities, Vulnerability Lab
• Joomla com_fireboard - SQL Injection Vulnerability, Vulnerability Lab
• Arasism (IR) CMS - File Upload Vulnerability, Vulnerability Lab
• [HITB-Announce] HITB Magazine Issue 009 - Call for Submissions, Hafez Kamal
• Another Solaris 10 Patch Cluster Symlink Attack, larry Cashdollar
• How well does Microsoft support (and follow) their mantra "keep your PC updated"?, Stefan Kanthak
  • Re: How well does Microsoft support (and follow) their mantra "keep your PC updated"?, Thomas D.
• WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities, sschurtz
• [PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice, Timo Warns
• [ MDVSA-2012:129 ] busybox, security
• [ MDVSA-2012:129-1 ] busybox, security
• [ MDVSA-2012:130 ] openldap, security
• [SECURITY] [DSA 2526-1] libotr security update, Nico Golde
• Last reminder for Passwords^12 : Call for Presentations, Per Thorsheim
• [ MDVSA-2012:131 ] libotr, security
• [SECURITY] [DSA 2527-1] php5 security update, Moritz Muehlenhoff
• [security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS), security-alert
• GreHack 2012 - LAST Call For Papers (Grenoble, France) till 15th August 2012, Fabien DUCHENE
• [Announcement] ClubHack Magazine's Aug 2012 Issue Released, abhijeet
• TCExam Edit SQL Injection, research
• [security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information, security-alert
• [security bulletin] HPSBMU02802 SSRT100923 rev.1 - HP Fortify Software Security Center, Remote Disclosure of Privileged Information, security-alert
• [security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02803 SSRT100926 rev.1 - HP Service Manager and HP Service Center Web Tier, Remote Cross Site Scripting (XSS), security-alert
• [security bulletin] HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities, Vulnerability Lab
• NeoInvoice Blind SQL Injection (CVE-2012-3477), Adam Caudill
• 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
• Total Shop UK eCommerce Generic Cross-Site Scripting, research
• TCExam Edit Cross-Site Scripting, research
• Group-Office Cleartext Credentials Stored in Cookies, research
• [SECURITY] [DSA 2528-1] icedove security update, Florian Weimer
• CFP for ZeroNights conference Moscow 19-20 November 2012, Alexander Polyakov
• [2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2012:132 ] glpi, security
• [SECURITY] [DSA 2530-1] rssh security update, Florian Weimer
• [slackware-security] t1lib (SSA:2012-228-01), Slackware Security Team
• [ MDVSA-2012:133 ] usbmuxd, security
• vulnerabilities in Samsung Epic 4G Touch with 2.3.6 and probably other Samsung Galaxies, Alexander Pruss
• [ MDVSA-2012:135 ] wireshark, security
• [security bulletin] HPSBUX02806 SSRT100789 rev.1 - HP Serviceguard, Remote Denial of Service (DoS), security-alert
• [ MDVSA-2012:137 ] acpid, security
• [ MDVSA-2012:138 ] acpid, security
• [ MDVSA-2012:136 ] phpmyadmin, security
• NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3, Research@NGSSecure
• GIMP Scriptfu Python Remote Command Execution, research
• Social Engine v4.2.5 - Multiple Web Vulnerabilities, Vulnerability Lab
• ShopperPress v2.7 Wordpress - SQL Injection Vulnerability, Vulnerability Lab
• ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities, Vulnerability Lab
• Nike+ Panel & Mobile App - Multiple Web Vulnerabilities, Vulnerability Lab
• ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities, Vulnerability Lab
• [FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS, Jose Carlos de Arriba
• [ MDVSA-2012:134 ] wireshark, security
• Internet Explorer Script Interjection Code Execution, ds . adv . pub
• [slackware-security] emacs (SSA:2012-228-02), Slackware Security Team
• ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty, ZDI Disclosures
• ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 2531-1] xen security update, Luciano Bello
• [ MDVSA-2012:139 ] postgresql, security
• [ MDVSA-2012:140 ] mono, security
• ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
• ocPoral CMS 8.x | Session Hijacking Vulnerability, YGN Ethical Hacker Group
• NGS00330 Patch Notification: Squiz CMS Directory Traversal, Research@NGSSecure
• NGS00208 Patch Notification: Moodle CMS stored XSS, Research@NGSSecure
• NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection, Research@NGSSecure
• NGS00242 Patch Notification: SysAid Helpdesk stored XSS, Research@NGSSecure
• APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1, Apple Product Security
• [ MDVSA-2012:141 ] openslp, security
• apache struts2 remote code execute, voidloafer
• [ MDVSA-2012:142 ] gimp, security
• XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS, Netsparker Advisories
• XSS and SQL Injection Vulnerabilities in OrderSys, Netsparker Advisories
• XSS Vulnerabilities in LabWiki, Netsparker Advisories
  • Re: [Full-disclosure] XSS Vulnerabilities in LabWiki, Henri Salo
• XSS and SQL Injection Vulnerabilities in Jara, Netsparker Advisories
  • Re: [Full-disclosure] XSS and SQL Injection Vulnerabilities in Jara, Henri Salo
• ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline., ZDI Disclosures
• ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability, ZDI Disclosures
• [security bulletin] HPSBUX02791 SSRT100856 rev.2 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS), security-alert
• SaltOS 3.1 Cross-Site Scripting vulnerability, sschurtz
• ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• Ad Manager Pro v. 4 Remote FLI, CorryL
• [ MDVSA-2012:143 ] python-django, security
• ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability, ZDI Disclosures
• ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability, Security Alert
• [security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 2533-1] pcp security update, Florian Weimer
• Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008, Lists
• [slackware-security] dhcp (SSA:2012-237-01), Slackware Security Team
• Chamilo 1.8.8.4 Multiple Vulnerabilities, beford
• Paliz CMS Full Path Disclosure Vulnerability, advisories
• Exploit Title: Mihalism Multi Host v 5.0, explo21ter
• Wordpress fckeditor Arbitrary File Upload Vulnerability, irist . ir
• CommPort 1.01 <= SQL Injection Vulnerability, pereira
• CA20111208-01: Security Notice for CA SiteMinder [updated], Williams, James K
• CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0, Rob Weir
• [ MDVSA-2012:144 ] tetex, security
• [SE-2012-01] information regarding recently discovered Java 7 attack, Security Explorations
  • Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack, Jeffrey Walton
    • Re: [SE-2012-01] information regarding recently discovered Java 7 attack, Security Explorations
• ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability, Security Alert
• [security bulletin] HPSBUX02805 SSRT100919 rev.3 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• ToorCon 14 Call For Papers, h1kari
• [ MDVSA-2012:145 ] firefox, security
• t2′12: Challenge to be released 2012-09-01 10:00 EEST, Tomi Tuominen
• Cross-Site Scripting (XSS) in Phorum, advisory
• XSS in PrestaShop, advisory
• [ MDVSA-2012:146 ] firefox, security
• ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-167 : (0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-169 : GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2012:147 ] mozilla-thunderbird, security
• Sistem Biwes Multiple Vulnerability, admin
• Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing, Seeker Research Center
• ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability, ZDI Disclosures
• squidGuard 1.4 - Remote Denial of Service - POC, Stefan Bauer
• [SECURITY] [DSA 2535-1] rtfm security update, Florian Weimer
• [security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code, security-alert
• SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor, SEC Consult Vulnerability Lab
• [ MDVSA-2012:074-1 ] ffmpeg, security
• [ MDVSA-2012:148 ] ffmpeg, security
• ESA-2012-038: EMC NetWorker Format String Vulnerability, Security Alert