Mail Thread Index

• Date Index

• CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9, Ken
• [ MDVSA-2012:154-1 ] apache, security
• [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBUX02814 SSRT100930 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
• [ MDVSA-2012:152-1 ] bind, security
• [ MDVSA-2012:156 ] inn, security
• [ MDVSA-2012:155-1 ] xinetd, security
• GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities, Vulnerability Lab
• Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities, Vulnerability Lab
• Better WP Security v3.4.3 Wordpress - Web Vulnerabilities, Vulnerability Lab
• CA20121001-01: Security Notice for CA License, Williams, James K
• Reminder: ClubHack2012 Call for Papers Closing Soon, abhijeet
• phptax 0.8 <= Remote Code Execution Vulnerability, pereira
• XSS Vulnerabilities in phpFreeChat, Netsparker Advisories
• [ MDVSA-2012:153-1 ] dhcp, security
• [ MDVSA-2012:157 ] openjpeg, security
• [ MDVSA-2012:158 ] gc, security
• Multiple vulnerabilities in Template CMS, advisory
• Omnistar Mailer v7.2 - Multiple Web Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, security-alert
• [ MDVSA-2012:159 ] freeradius, security
• One week left! CFP for ZeroNights Conference in Moscow 19-20 November 2012, Alexander Polyakov
• ANNOUNCE: RFIDIOt v1.0d released and code migration, Adam Laurie
• XnView JLS File Decompression Heap Overflow, Joseph Sheridan
• Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters, Stefan Kanthak
• [DCA-2011-0013] - IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow, Ewerson Guimarães (Crash) - Dclabs
• Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2, Shatter
• Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets components), Shatter
• Team SHATTER Security Advisory: Elevated roles through DBCC, Shatter
• Team SHATTER Security Advisory: Java Operating System command execution, Shatter
• [ MDVSA-2012:151-1 ] ghostscript, security
• [ MDVSA-2012:150-1 ] java-1.6.0-openjdk, security
• [ MDVSA-2012:160 ] imagemagick, security
• [SECURITY] [DSA 2555-1] libxslt security update, Moritz Muehlenhoff
• ESA-2012-035: RSAR Adaptive Authentication (On-Premise) Information Disclosure Vulnerability, Security Alert
• Blender 2.63 Exploitable User Mode Write AV, beford
• [ MDVSA-2012:161 ] html2ps, security
• utempter allows fake host setting, paul . szabo
• [SECURITY] [DSA 2556-1] icedove security update, Nico Golde
• [SECURITY] [DSA 2557-1] hostapd security update, Nico Golde
• [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation, Timo Warns
• Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites, Vulnerability Lab
• Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 2558-1] bacula security update, Raphael Geissert
• [security bulletin] HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information, security-alert
• Privilege Escalation Vulnerability in Microsoft Windows, advisory
• soapbox Local Root / Privilege Escalation Vulnerability, pereira
• WingFTP Server Denial of Service Vulnerability, Anil Pazvant
  • <Possible follow-ups>
  • WingFTP Server Denial of Service Vulnerability, Anil Pazvant
• BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface, Anil Pazvant
• Hardcoreview WriteAV Arbitrary Code Execution, pereira
• FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution, pereira
  • <Possible follow-ups>
  • Re: FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution, pereira
• Key Systems Electronic Key Lockers command injection and weak authentication vulnerabilities, Travis Lee
• [slackware-security] mozilla-firefox (SSA:2012-283-01), Slackware Security Team
• [ MDVSA-2012:162 ] bind, security
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format Player, Cisco Systems Product Security Incident Response Team
• [CVE-2012-4501] CloudStack configuration vulnerability, John Kinsella
• VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update), pereira
  • <Possible follow-ups>
  • Re: VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update), pereira
• Microsoft Office Excel ReadAV Arbitrary Code Execution, pereira
• Multiple vulnerabilities in OpenX, advisory
• Omnistar Document Manager v8.0 - Multiple Vulnerabilities, Vulnerability Lab
• vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities, Vulnerability Lab
• ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities, Security Alert
• VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates, VMware Security Response Center
• FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010, Lists
• [slackware-security] bind (SSA:2012-284-01), Slackware Security Team
• Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB, roberto
• [ MDVSA-2012:163 ] firefox, security
• [ MDVSA-2012:164 ] libxslt, security
• Last reminder for ClubHack 2012 : Call for Papers, abhijeet
• [slackware-security] mozilla-thunderbird (SSA:2012-285-02), Slackware Security Team
• [ MDVSA-2012:165 ] graphicsmagick, security
• [ MDVSA-2012:166 ] bacula, security
• [slackware-security] mozilla-firefox (SSA:2012-285-01), Slackware Security Team
• [ MDVSA-2012:167 ] firefox, security
• [CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability, lorenzo . cantoni86
• SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection, YGN Ethical Hacker Group
• SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability, YGN Ethical Hacker Group
• Multiple vulnerabilities in Samsung Kies, advisory
• Critical issues affecting Steam users, ReVuln
• [slackware-security] seamonkey (SSA:2012-288-01), Slackware Security Team
• Visual Tools DVR multiple vulnerabilities, Andrea Fabrizi
• APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11, Apple Product Security
• [SECURITY] [DSA 2559-1] libexif security update, Yves-Alexis Perez
• SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass, SEC Consult Vulnerability Lab
• SEC Consult SA-20121017-1 :: Unirgy uStoreLocator SQL Injection - Magento extension, SEC Consult Vulnerability Lab
• [IMF 2013] 3rd Call for Papers: Deadline Extended, Oliver Goebel
• SEC Consult SA-20121017-2 :: Multiple vulnerabilities in Oracle WebCenter Sites (former FatWire Content Server), SEC Consult Vulnerability Lab
• Multiple vulnerabilities in AContent, advisory
• Multiple vulnerabilities in Subrion CMS, advisory
• Multiple vulnerabilities in jCore, advisory
• [waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin, come2waraxe
• [waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions Plugin, come2waraxe
• MitM-vulnerability in Palo Alto Networks GlobalProtect, Micha Borrmann
• Internet Explorer 9 XSS Filter Bypass, pereira
• CA20121018-01: Security Notice for CA ARCserve Backup, Kotas, Kevin J
• Multiple Vulnerabilities in Campaign Enterprise <= 11.0.538, Ken
• CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies, Vulnerability Lab
• Old Habits Die Hard: Cross-Zone Scripting in Dropbox & Google Drive Mobile Apps, Roi Saltzman
• XSS Vulnerabilities in TaskFreak, Netsparker Advisories
• XSS Vulnerabilities in CMSMini, Netsparker Advisories
• XSS Vulnerabilities in ClipBucket, Netsparker Advisories
• F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection, YGN Ethical Hacker Group
  • Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection, Gary Driggs
• [SECURITY] [DSA 2560-1] bind9 security update, Florian Weimer
• [SECURITY] [DSA 2561-1] tiff security update, Moritz Muehlenhoff
• VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities, sec . team
• [ MDVSA-2012:168 ] hostapd, security
• DC4420 - London DEFCON - October meet - tomorrow, Tuesday 23rd October., alien DC4420
• [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities, security-alert
• VUPEN Security Research - Microsoft Internet Explorer "OnMove" Use-After-Free Vulnerability (MS12-063), VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer "scrollIntoView" Use-After-Free Vulnerability (MS12-063), VUPEN Security Research
• VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability, VUPEN Security Research
• [SECURITY] [DSA 2565-1] iceweasel security update, Florian Weimer
• HP/H3C and Huawei SNMP Weak Access to Critical Data, Kurt Grutzmacher
• [SECURITY] [DSA 2563-1] viewvc security update, Thijs Kinkhorst
• [SECURITY] [DSA 2562-1] cups-pk-helper security update, Thijs Kinkhorst
• [SECURITY] [DSA 2564-1] tinyproxy security update, Thijs Kinkhorst
• [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin, come2waraxe
• Smf 2.0.2 Cross-Site Scripting Vulnerability, irist . ir
• Wordpress 3.4 Cross-Site Scripting Vulnerability, irist . ir
• [security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 2566-1] exim4 security update, Nico Golde
• Inventory 1.0 Multiple SQL Vulnerabilities, Thomas Richards
• Inventory 1.0 Multiple XSS Vulnerabilities, Thomas Richards
• [SECURITY] [DSA 2567-1] request-tracker3.8 security update, Florian Weimer
• [SECURITY] [DSA 2568-1] rtfm security update, Florian Weimer
• [slackware-security] mozilla-firefox (SSA:2012-300-01), Slackware Security Team
• EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability, Security Alert
• Exploit - EasyITSP by Lemens Telephone Systems 2.0.2, Michał Błaszczak
• KmPlayer v3.0.0.1440 Local Crash PoC, irist . ir
• PIAF H.M.S - SQL Injection, Michał Błaszczak
• Call for Papers: DIMVA 2013, Collin Mulliner
• [SECURITY] [DSA 2569-1] icedove security update, Florian Weimer
• [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities, security-alert
• [waraxe-2012-SA#095] - Multiple Vulnerabilities in Wordpress FoxyPress Plugin, come2waraxe
• [slackware-security] mozilla-thunderbird (SSA:2012-304-01), Slackware Security Team
• [slackware-security] seamonkey (SSA:2012-304-02), Slackware Security Team
• [BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE], Matan Azugi