Mail Index

• Thread Index

• [SECURITY] [DSA 2536-1] otrs2 security update
  • From: Florian Weimer
• [SECURITY] [DSA 2537-1] typo3-src security update
  • From: Florian Weimer
• AST-2012-012: Asterisk Manager User Unauthorized Shell Access
  • From: Asterisk Security Team
• AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users
  • From: Asterisk Security Team
• Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11
  • From: LpSolit
• VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries
  • From: VMware Security Team
• [SE-2012-01] New security issue affecting Java SE 7 Update 7
  • From: Security Explorations
• [slackware-security] mozilla-firefox (SSA:2012-244-02)
  • From: Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2012-244-03)
  • From: Slackware Security Team
• [slackware-security] glibc (SSA:2012-244-01)
  • From: Slackware Security Team
• [ MDVSA-2012:149 ] fetchmail
  • From: security
• Admidio 2.3.5 Multiple security vulnerabilities
  • From: sschurtz
• [slackware-security] seamonkey (SSA:2012-244-04)
  • From: Slackware Security Team
• [slackware-security] slocate (SSA:2012-244-05)
  • From: Slackware Security Team
• Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage
  • From: mattijs
• Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center
  • From: mattijs
• Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow
  • From: Secunia Research
• Group-Office Calendar SQL Injection
  • From: Joseph Sheridan
• QNAP Turbo NAS Multiple Path Injection
  • From: Andrea Fabrizi
• VMWare Tools susceptible to binary planting by hijack
  • From: moshez
• IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"
  • From: Fernando Gont
• eFront Educational v3.6.11 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• ES Job Search Engine v3.0 - SQL injection vulnerability
  • From: Vulnerability Lab
• eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities
  • From: Vulnerability Lab
• Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009
  • From: Lists
• KIWICON: THE ANNUCIATION
  • From: Kiwicon
• Cross-Site Scripting (XSS) Vulnerabilities in Flogr
  • From: advisory
• Cross-Site Scripting (XSS) in Kayako Fusion
  • From: advisory
• Сross-Site Request Forgery (CSRF) in TestLink
  • From: advisory
• [IMF 2013] Call for Papers
  • From: Oliver Goebel
• APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
  • From: Apple Product Security
• [Rooted CON 2013] CFP starts!
  • From: Román Ramírez
• [SECURITY] [DSA 2538-1] moin security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2539-1] zabbix security update
  • From: Raphael Geissert
• [CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter
  • From: Carl-Eric Menzel
• [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking
  • From: security-alert
• [SECURITY] [DSA 2540-1] mahara security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2541-1] beaker security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2542-1] qemu-kvm security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2544-1] xen security update
  • From: Raphael Geissert
• [SECURITY] [DSA 2545-1] qemu security update
  • From: Raphael Geissert
• [ MDVSA-2012:150 ] java-1.6.0-openjdk
  • From: security
• [SE-2012-01] Security vulnerabilities in IBM Java
  • From: Security Explorations
• ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
  • From: Security Alert
• nullcon CTF HackIM is on
  • From: nullcon
• Wordpress Download Monitor - Download Page Cross-Site Scripting
  • From: Joseph Sheridan
• [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
  • From: Timo Warns
• GreHack 2012 - 19th Oct. Grenoble, France - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ]
  • From: Fabien DUCHENE
• Multiple vulnerabilities in Ezylog photovoltaic management server
  • From: roberto
• ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
  • From: Security Alert
• VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19)
  • From: VUPEN Security Research
• VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)
  • From: VUPEN Security Research
• VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58)
  • From: VUPEN Security Research
• [SECURITY] [DSA 2546-1] freeradius security update
  • From: Nico Golde
• [ MDVSA-2012:151 ] ghostscript
  • From: security
• Cisco Security Advisory: Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center
  • From: mattijs
• Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center
  • From: mattijs
• [SECURITY] [DSA 2547-1] bind9 security update
  • From: Florian Weimer
• APPLE-SA-2012-09-12-1 iTunes 10.7
  • From: Apple Product Security
• Knowledge Base EE v4.62.0 - SQL Injection Vulnerability
  • From: Vulnerability Lab
• Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [ MDVSA-2012:152 ] bind
  • From: security
• [SECURITY] [DSA 2548-1] tor security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2480-4] request-tracker3.8 regression update
  • From: Raphael Geissert
• [SECURITY] [DSA 2549-1] devscripts security update
  • From: Raphael Geissert
• [ MDVSA-2012:153 ] dhcp
  • From: security
• [SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice
  • From: Nico Golde
• ipv6mon v1.0 released! (IPv6 address monitoring daemon)
  • From: Fernando Gont
• ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability
  • From: INTREST SEC
• [slackware-security] patch (SSA:2012-257-02)
  • From: Slackware Security Team
• [slackware-security] bind (SSA:2012-257-01)
  • From: Slackware Security Team
• [slackware-security] dhcp (SSA:2012-258-01)
  • From: Slackware Security Team
• IPv6 Toolkit v1.2.3 released! (and upcoming IPv6 security trainings)
  • From: Fernando Gont
• [IA38] NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow
  • From: Inshell Security
• Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service
  • From: Secunia Research
• [waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08
  • From: come2waraxe
• [Positive Research] Intel SMEP overview and partial bypass on Windows 8 (whitepaper)
  • From: noreply
• Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities
  • From: Vulnerability Lab
• Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [security bulletin] HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code
  • From: security-alert
• Fortigate UTM WAF Appliance - Cross Site Vulnerabilities
  • From: Vulnerability Lab
• APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3
  • From: Apple Product Security
• NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account
  • From: NCC Group Research
• NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email
  • From: NCC Group Research
• NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator
  • From: NCC Group Research
• NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure
  • From: NCC Group Research
• NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL
  • From: NCC Group Research
• Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability
  • From: irist . ir
• [SECURITY] [DSA 2550-1] asterisk security update
  • From: Moritz Muehlenhoff
• Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
  • From: sschurtz
• [2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
  • From: security-alert
• APPLE-SA-2012-09-19-1 iOS 6
  • From: Apple Product Security
• APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
  • From: Apple Product Security
• APPLE-SA-2012-09-19-3 Safari 6.0.1
  • From: Apple Product Security
• [security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 2551-1] isc-dhcp security update
  • From: Nico Golde
• GreHack 2012 - 19th Oct. Grenoble, France - Conference + CTF - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ]
  • From: Fabien DUCHENE
• [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
  • From: Robert Gilbert
• [Announcement] ClubHack Magazine's Sept 2012 Issue Out
  • From: abhijeet
• ESA-2012-037: RSA(r) Authentication Agent 7.1 for Microsoft Windows(r) and RSA(r) Authentication Client 3.5 Access Control Vulnerability
  • From: Security Alert
• Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
  • From: Joseph Sheridan
• Toshiba ConfigFree CF7 File Remote Command Execution
  • From: Joseph Sheridan
• Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field
  • From: Joseph Sheridan
• DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)
  • From: ddivulnalert
• CVE-2012-4415: guacamole local root vulnerability
  • From: Timo Juhani Lindfors
• [Positive Research] Intel SMEP Part II: Bypassing Intel SMEP on Windows 8 x64 Using Return-oriented Programming
  • From: noreply
• APPLE-SA-2012-09-24-1 Apple TV 5.1
  • From: Apple Product Security
• [SE-2012-01] Critical security issue affecting Java SE 5/6/7
  • From: Security Explorations
• [waraxe-2012-SA#090] - Insecure SSL Connection in Thomson SpeedTouch ST780
  • From: come2waraxe
• [Announcement] CHMag - Call for Articles
  • From: abhijeet
• [Full-disclosure] "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
  • From: Stefan Kanthak
• [SECURITY] [DSA 2550-2] asterisk regression update
  • From: Moritz Muehlenhoff
• Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2554-1] iceape security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 2552-1] tiff security update
  • From: Luciano Bello
• XSS in OSSEC wui 0.3
  • From: A. Ramos
• NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution
  • From: NCC Group Research
• [IMF 2013] 2nd Call for Papers
  • From: Oliver Goebel
• [ MDVSA-2012:154 ] apache
  • From: security
• [ MDVSA-2012:155 ] xinetd
  • From: security