Mail Thread Index

• Date Index

• [SECURITY] [DSA 2536-1] otrs2 security update, Florian Weimer
• [SECURITY] [DSA 2537-1] typo3-src security update, Florian Weimer
• AST-2012-012: Asterisk Manager User Unauthorized Shell Access, Asterisk Security Team
• AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users, Asterisk Security Team
• Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11, LpSolit
• VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries, VMware Security Team
• [SE-2012-01] New security issue affecting Java SE 7 Update 7, Security Explorations
• [slackware-security] mozilla-firefox (SSA:2012-244-02), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2012-244-03), Slackware Security Team
• [slackware-security] glibc (SSA:2012-244-01), Slackware Security Team
• [ MDVSA-2012:149 ] fetchmail, security
• Admidio 2.3.5 Multiple security vulnerabilities, sschurtz
• [slackware-security] seamonkey (SSA:2012-244-04), Slackware Security Team
• [slackware-security] slocate (SSA:2012-244-05), Slackware Security Team
• Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage, mattijs
• Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center, mattijs
• Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow, Secunia Research
• Group-Office Calendar SQL Injection, Joseph Sheridan
• QNAP Turbo NAS Multiple Path Injection, Andrea Fabrizi
• VMWare Tools susceptible to binary planting by hijack, moshez
• IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion", Fernando Gont
• eFront Educational v3.6.11 - Multiple Web Vulnerabilities, Vulnerability Lab
• ES Job Search Engine v3.0 - SQL injection vulnerability, Vulnerability Lab
• eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities, Vulnerability Lab
• Barracuda Web Filter 910 5.0.015 - Multiple Vulnerabilities, Vulnerability Lab
• Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009, Lists
• KIWICON: THE ANNUCIATION, Kiwicon
• Cross-Site Scripting (XSS) Vulnerabilities in Flogr, advisory
• Cross-Site Scripting (XSS) in Kayako Fusion, advisory
• Сross-Site Request Forgery (CSRF) in TestLink, advisory
• [IMF 2013] Call for Papers, Oliver Goebel
• APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10, Apple Product Security
• [Rooted CON 2013] CFP starts!, Román Ramírez
• [SECURITY] [DSA 2538-1] moin security update, Raphael Geissert
• [SECURITY] [DSA 2539-1] zabbix security update, Raphael Geissert
• [CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter, Carl-Eric Menzel
• [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking, security-alert
• [SECURITY] [DSA 2540-1] mahara security update, Raphael Geissert
• [SECURITY] [DSA 2541-1] beaker security update, Raphael Geissert
• [SECURITY] [DSA 2542-1] qemu-kvm security update, Raphael Geissert
• [SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update, Raphael Geissert
• [SECURITY] [DSA 2544-1] xen security update, Raphael Geissert
• [SECURITY] [DSA 2545-1] qemu security update, Raphael Geissert
• [ MDVSA-2012:150 ] java-1.6.0-openjdk, security
• [SE-2012-01] Security vulnerabilities in IBM Java, Security Explorations
• ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks, Security Alert
• nullcon CTF HackIM is on, nullcon
• Wordpress Download Monitor - Download Page Cross-Site Scripting, Joseph Sheridan
• [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods, Timo Warns
• GreHack 2012 - 19th Oct. Grenoble, France - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ], Fabien DUCHENE
• Multiple vulnerabilities in Ezylog photovoltaic management server, roberto
• ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities, Security Alert
• VUPEN - Adobe Flash Player "Matrix3D" Integer Overflow Code Execution (APSB12-19), VUPEN Security Research
• VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060), VUPEN Security Research
• VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58), VUPEN Security Research
• [SECURITY] [DSA 2546-1] freeradius security update, Nico Golde
• [ MDVSA-2012:151 ] ghostscript, security
• Cisco Security Advisory: Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center, mattijs
• Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center, mattijs
• [SECURITY] [DSA 2547-1] bind9 security update, Florian Weimer
• APPLE-SA-2012-09-12-1 iTunes 10.7, Apple Product Security
• Knowledge Base EE v4.62.0 - SQL Injection Vulnerability, Vulnerability Lab
• Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities, Vulnerability Lab
• [ MDVSA-2012:152 ] bind, security
• [SECURITY] [DSA 2548-1] tor security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2480-4] request-tracker3.8 regression update, Raphael Geissert
• [SECURITY] [DSA 2549-1] devscripts security update, Raphael Geissert
• [ MDVSA-2012:153 ] dhcp, security
• [SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice, Nico Golde
• ipv6mon v1.0 released! (IPv6 address monitoring daemon), Fernando Gont
• ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities, Vulnerability Lab
• NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities, Vulnerability Lab
• [INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability, INTREST SEC
• [slackware-security] patch (SSA:2012-257-02), Slackware Security Team
• [slackware-security] bind (SSA:2012-257-01), Slackware Security Team
• [slackware-security] dhcp (SSA:2012-258-01), Slackware Security Team
• IPv6 Toolkit v1.2.3 released! (and upcoming IPv6 security trainings), Fernando Gont
• [IA38] NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow, Inshell Security
• Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service, Secunia Research
• [waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08, come2waraxe
• [Positive Research] Intel SMEP overview and partial bypass on Windows 8 (whitepaper), noreply
• Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities, Vulnerability Lab
• SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code, security-alert
• Fortigate UTM WAF Appliance - Cross Site Vulnerabilities, Vulnerability Lab
• APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3, Apple Product Security
• NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account, NCC Group Research
• NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email, NCC Group Research
• NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator, NCC Group Research
• NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure, NCC Group Research
• NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL, NCC Group Research
• Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability, irist . ir
• [SECURITY] [DSA 2550-1] asterisk security update, Moritz Muehlenhoff
• Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities, sschurtz
• [2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution, security-alert
• APPLE-SA-2012-09-19-1 iOS 6, Apple Product Security
• APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004, Apple Product Security
• APPLE-SA-2012-09-19-3 Safari 6.0.1, Apple Product Security
• [security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution, security-alert
• [SECURITY] [DSA 2551-1] isc-dhcp security update, Nico Golde
• GreHack 2012 - 19th Oct. Grenoble, France - Conference + CTF - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ], Fabien DUCHENE
• [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities, Robert Gilbert
• [Announcement] ClubHack Magazine's Sept 2012 Issue Out, abhijeet
• ESA-2012-037: RSA(r) Authentication Agent 7.1 for Microsoft Windows(r) and RSA(r) Authentication Client 3.5 Access Control Vulnerability, Security Alert
• Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName), Joseph Sheridan
• Toshiba ConfigFree CF7 File Remote Command Execution, Joseph Sheridan
• Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field, Joseph Sheridan
• DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419), ddivulnalert
• CVE-2012-4415: guacamole local root vulnerability, Timo Juhani Lindfors
• [Positive Research] Intel SMEP Part II: Bypassing Intel SMEP on Windows 8 x64 Using Return-oriented Programming, noreply
• APPLE-SA-2012-09-24-1 Apple TV 5.1, Apple Product Security
• [SE-2012-01] Critical security issue affecting Java SE 5/6/7, Security Explorations
• [waraxe-2012-SA#090] - Insecure SSL Connection in Thomson SpeedTouch ST780, come2waraxe
• [Announcement] CHMag - Call for Articles, abhijeet
• [Full-disclosure] "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers, Stefan Kanthak
• [SECURITY] [DSA 2550-2] asterisk regression update, Moritz Muehlenhoff
• Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2554-1] iceape security update, Yves-Alexis Perez
• [SECURITY] [DSA 2552-1] tiff security update, Luciano Bello
• XSS in OSSEC wui 0.3, A. Ramos
• NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution, NCC Group Research
• [IMF 2013] 2nd Call for Papers, Oliver Goebel
• [ MDVSA-2012:154 ] apache, security
• [ MDVSA-2012:155 ] xinetd, security