Mail Index
- [SECURITY] [DSA 2579-1] apache2 security update
- SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011
- NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout
- NGS000107 Technical Advisory: Oracle Gridengine sgepasswd Buffer Overflow
- NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection
- NGS000194 Technical Advisory: Nagios XI Network Monitor Blind SQL Injection
- NGS000330 Technical Advisory: Squiz CMS File Path Traversal
- NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection
- NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel
- NGS000266 Technical Advisory: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL
- NGS000268 Technical Advisory: Symantec Messaging Gateway - Out-of-band stored-XSS delivered by email
- NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
- [SECURITY] [DSA 2577-1] libssh security update
- ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities
- Low severity flaw in RIM BlackBerry PlayBook OS browser
- FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability
- FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities
- IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday)
- MySQL (Linux) Stack based buffer overrun PoC Zeroday
- MySQL (Linux) Heap Based Overrun PoC Zeroday
- MySQL (Linux) Database Privilege Elevation Zeroday Exploit
- MySQL Denial of Service Zeroday PoC
- MySQL Remote Preauth User Enumeration Zeroday
- Re: [Full-disclosure] MySQL (Linux) Heap Based Overrun PoC Zeroday
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- Re: [Full-disclosure] MySQL (Linux) Heap Based Overrun PoC Zeroday
- Re: [Full-disclosure] MySQL (Linux) Database Privilege Elevation Zeroday Exploit
- Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC
- Re: [Full-disclosure] MySQL Remote Preauth User Enumeration Zeroday
- Re: [Full-disclosure] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
- Re: [Full-disclosure] MySQL (Linux) Heap Based Overrun PoC Zeroday
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- From: Huzaifa Sidhpurwala
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- [SECURITY] [DSA 2580-1] libxml security update
- [ MDVSA-2012:176 ] libxml2
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
- tinymcpuk xss vulnerability
- SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
- From: SEC Consult Vulnerability Lab
- Re: phpGiftReq SQL Injection
- [SECURITY] [DSA 2581-1] mysql-5.1 security update
- DC4420 - London DEFCON - Christmas 2012 meet! Tuesday 11th December 2012
- MySQL Local/Remote FAST Account Password Cracking
- Privilege Escalation through Binary Planting in Panda Internet Security
- Centrify Deployment Manager v2.1.0.283
- Centrify Deployment Manager v2.1.0.283
- FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)
- FreeSSHD Remote Authentication Bypass Zeroday Exploit
- Re: MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day
- [security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access
- [security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
- CVE-2012-4534 Apache Tomcat denial of service
- CVE-2012-3546 Apache Tomcat Bypass of security constraints
- CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
- [security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code
- Re: Stack overflow in Microsoft HTML Help 6.1 (CHM files)
- From: chiles . simpson . ctr
- Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information
- [security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
- [ MDVSA-2012:177 ] bind
- CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux
- [slackware-security] ruby (SSA:2012-341-04)
- From: Slackware Security Team
- [slackware-security] libxml2 (SSA:2012-341-03)
- From: Slackware Security Team
- [SECURITY] [DSA 2582-1] xen security update
- TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
- Multiple SQL Injection vulnerabilities in ClipBucket
- Multiple vulnerabilities in Achievo
- Fwd: SQL injection
- CanSecWest13 CFP Open Until December 14 2012, Conf March 7-9 2013, Vancouver
- Update on CVE assigned for Video Lead Form Plugin Cross-Site
- Update on CVE assigned for Wordpress Plugin Simple Gmail Login
- Multiple vulnerabilities in Achievo
- Multiple SQL Injection vulnerabilities in ClipBucket
- TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
- [slackware-security] libssh (SSA:2012-341-02)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2012-341-01)
- From: Slackware Security Team
- [SECURITY] [DSA 2583-1] iceweasel security update
- [SECURITY] [DSA 2584-1] iceape security update
- [ MDVSA-2012:178 ] mysql
- Android Kernel 2.6 Local DoS
- Centrify Deployment Manager v2.1.0.283 local root
- FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution
- DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution
- SimpleInvoices 2011.1 Cross-Site-Scripting (XSS) Vulnerabilities CVE-2012-4932
- Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
- Call for Papers: DIMVA 2013
- Snare for Linux Cross-Site Scripting via Log Injection
- Snare for Linux Cross-Site Request Forgery
- Snare for Linux Password Disclosure
- [security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)
- Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier
- From: Perez, Sebastian \(LATCO - Buenos Aires\)
- Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10
- [SECURITY] [DSA 2585-1] bogofilter security update
- [SECURITY] [DSA 2586-1] perl security update
- Multiple critical vulnerabilities in Maxthon and Avant browsers
- From: Roberto Suggi Liverani
- [SECURITY] [DSA 2587-1] libcgi-pm-perl security update
- [ MDVSA-2012:179 ] cups
- Addressbook v8.1.24.1 Group Name XSS
- OpenDocMan 1.2.6.2 - 3 Vulnerabilities
- File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2
- FCKEditor File Upload Vulnerability
- Network Reconnaissance in IPv6 Networks
- 'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469)
- Network Reconnaissance in IPv6 Networks (errata)
- RVAsec 2013 CFP Now Open
- [security bulletin] HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- Re: Centrify Deployment Manager v2.1.0.283
- [btrfs] is vulnerable to a hash-DoS attack
- From: Pascal Junod \(Mailing Lists\)
- Password Disclosure in D-Link IP Cameras (CVE-2012-4046)
- Issues in Netgear WGR614 wireless router
- DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
- Wordpress Pingback Port Scanner
- [SECURITY] [DSA 2588-1] icedove security update
- [SECURITY] [DSA 2589-1] tiff security update
- [ MDVSA-2012:180 ] perl-CGI
- Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro
- Re: Issues in Netgear WGR614 wireless router
- RE: PHP Addressbook v8.2.5 Group Name XSS
- IPv6 Neighbor Discovery security (new documents)
- Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
- SonicWall SonicOS 5.8.1.8 WAF - POST Inject Vulnerability
- Enterpriser16 LoadBalancer v7.1 - Multiple Web Vulnerabilities
- Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root
- Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
- Firefly MediaServer Multiple Remote DoS Vulnerabilities
- Multiple vulnerabilities in Banana Dance
- [ MDVSA-2012:181 ] python-django
- Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339]
- EMC Avamar: World writable cache files
- Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
- Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
- DoS vulnerability in Siemens S7-1200 PLCs
- Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
- [security bulletin] HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation
- ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability.
- CA20121220-01: Security Notice for CA IdentityMinder
- VMSA-2012-0018 VMware security updates for vCSA and ESXi
- From: VMware Security Response Center
- Re: Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
- CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- CubeCart 3.0.20 (3.0.x) and lower | Arbitrary File Upload
- From: YGN Ethical Hacker Group
- CubeCart 3.0.20 (3.0.x) and lower | Multiple SQL Injection Vulnerabilities
- From: YGN Ethical Hacker Group
- [ MDVSA-2012:182 ] apache-mod_security
- CubeCart 4.4.6 and lower | Open URL Redirection Vulnerability
- From: YGN Ethical Hacker Group
- [TOOL RELEASE] SQL Fingerprint powered by ENG++ Technology [Version 1.33.23-170308]
- [ MDVSA-2012:183 ] apache-mod_security
- CubeCart 5.0.7 and lower | Open URL Redirection Vulnerability
- From: YGN Ethical Hacker Group
- CubeCart 4.4.6 and lower | Cross Site Request Forgery (CSRF) Vulnerability
- From: YGN Ethical Hacker Group
- CubeCart 4.4.6 and lower | Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- CubeCart 4.4.6 and lower | Multiple SQL Injection Vulnerabilities
- From: YGN Ethical Hacker Group
- CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability
- From: YGN Ethical Hacker Group
- CubeCart 4.x/5.x | Setup Re-installation Privilege Escalation Vulnerability
- From: YGN Ethical Hacker Group
- Open-Realty CMS 3.x | Cross Site Request Forgery (CSRF) Vulnerability
- From: YGN Ethical Hacker Group
- Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2590-1] wireshark security update
- [ MDVSA-2012:184 ] libtiff
- Polycom® HDX® Video End Points Web Management Cross Site Scripting (XSS) vulnerability
- From: Rustein, Fara Denise \(LATCO - Buenos Aires\)
- Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
- SonicWall Email Security 7.4.1.x - Persistent Web Vulnerability
- [SECURITY] [DSA 2591-1] mahara security update
- [SECURITY] [DSA 2592-1] elinks security update
- CubeCart 5.0.7 and lower versions | Insecure Backup File Handling
- From: YGN Ethical Hacker Group
- GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
- Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling
Mail converted by MHonArc