Mail Index
- [SECURITY] [DSA 2593-1] moin security update
- [SECURITY] [DSA 2594-1] virtualbox-ose security update
- [SECURITY] [DSA 2596-1] mediawiki-extensions security update
- [SECURITY] [DSA 2595-1] ghostscript security update
- Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling
- From: YGN Ethical Hacker Group
- CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities
- From: YGN Ethical Hacker Group
- Charybdis: Improper assumptions in the server handshake code may lead to a remote crash
- CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability
- From: YGN Ethical Hacker Group
- Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
- AthCon 2013 CFP OPEN
- Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
- ShakaCon 2013 - Call for Papers
- [ MDVSA-2013:001 ] gnupg
- AST-2012-014: Crashes due to large stack allocations when using TCP
- From: Asterisk Security Team
- AST-2012-015: Denial of Service Through Exploitation of Device State Caching
- From: Asterisk Security Team
- Aastra IP Telephone encrypted .tuz configuration file leakage
- From: Timo Juhani Lindfors
- Simple Webserver 2.3-rc1 Directory Traversal
- CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)
- CVE-2012-6494 - Nexpose Security Console - Session Hijacking
- TomatoCart 1.x | Unrestricted File Creation
- From: YGN Ethical Hacker Group
- CFP: InfoSec Southwest 2013
- [SECURITY] [DSA 2597-1] rails security update
- [SECURITY] [DSA 2598-1] weechat security update
- [SECURITY] [DSA 2599-1] nss security update
- [SECURITY] [DSA 2600-1] cups security update
- [security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- Chrome for Android - UXSS via com.android.browser.application_id Intent extra
- Chrome for Android - Download Function Information Disclosure
- Chrome for Android - Android APIs exposed to JavaScript
- Chrome for Android - Bypassing SOP for Local Files By Symlinks
- Chrome for Android - Cookie theft from Chrome by malicious Android app
- Facebook for Android - Information Diclosure Vulnerability
- ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability
- [security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access
- [SECURITY] [DSA 2602-1] zendframework security update
- Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2013:002 ] firefox
- Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
- Remote Buffer Overflow Vulnerability in Samsung Kies
- Nero MediaHome Multiple Remote DoS Vulnerabilities
- [ MDVSA-2013:003 ] rootcerts
- [SECURITY] [DSA 2603-1] emacs23 security update
- [SECURITY] [DSA 2604-1] rails security update
- [slackware-security] mozilla-firefox (SSA:2013-009-01)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2013-009-03)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2013-009-02)
- From: Slackware Security Team
- [ MDVSA-2013:004 ] tomcat5
- OrangeHRM 2.7.1 Vacancy Name Persistent XSS
- Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
- Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee)
- DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
- [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code
- From: Security Explorations
- [security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS)
- Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
- CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows
- [SECURITY] [DSA 2606-1] proftpd-dfsg security update
- CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI
- [SECURITY] [DSA 2605-1] asterisk security update
- CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash
- Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect
- From: Include Security Research
- [IA33] Serva v2.0.0 DNS Server Remote Denial of Service
- Updated - CA20121018-01: Security Notice for CA ARCserve Backup
- [IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service
- [SECURITY] [DSA 2607-1] qemu-kvm security update
- [SECURITY] [DSA 2608-1] qemu security update
- Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability
- From: Rustein, Fara Denise \(LATCO - Buenos Aires\)
- [slackware-security] freetype (SSA:2013-015-01)
- From: Slackware Security Team
- Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
- Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
- Re: [CVE-ID REQUEST] vBulletin - Multiple Open Redirects
- Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- DC4420 - 2013 CFP
- [SECURITY] [DSA 2609-1] rails security update
- Cisco Security Advisory Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Secunia Research: Oracle Outside In Technology Paradox Database Handling Denial of Service
- Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow
- NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/)
- NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/)
- CVE-2012-6452 Axway Secure Messenger Username Disclosure
- Recently-revised IETF I-Ds about IPv6 security
- [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
- From: Security Explorations
- ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities
- CA20121220-01: Security Notice for CA IdentityMinder [updated]
- [SECURITY] [DSA 2605-2] asterisk regression update
- Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
- NoSuchCon CFP / 15-17 May 2013 / Paris, France
- (AUSCERT#20131775e) AusCERT 2013 Call For Presentations - closing in 10 days
- Multiple Vulnerabilities in Linksys WRT54GL
- Re: EMC Avamar: World writable cache files
- Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin
- [SECURITY] [DSA 2610-1] ganglia security update
- [HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb
- [SECURITY] [DSA 2611-1] movabletype-opensource security update
- Looking for security contacts
- Wordpress Developer Formatter CSRF Vulnerability
- From: illSecResearchGroup
- SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability
- From: SEC Consult Vulnerability Lab
- CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability
- Wordpress Valums Uploader - File Upload Vulnerability
- Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
- From: Security Explorations
- [security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code
- [slackware-security] mysql (SSA:2013-022-01)
- From: Slackware Security Team
- DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- CVE ID Syntax Change - Call for Public Feedback
- CVE-2013-0805 / CSNC-2013-001
- Cross-Site Scripting (XSS) vulnerability in gpEasy
- SQL Injection Vulnerability in ImageCMS
- New Blog Post: Attacking the Windows 7/8 Address Space Randomization
- IPv6: How to avoid security issues with VPN leaks on dual-stack networks
- SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 2612-1] ircd-ratbox security update
- WordPress SolveMedia 1.1.0 CSRF Vulnerability
- From: illSecResearchGroup
- [SE-2012-01] An issue with new Java SE 7 security features
- From: Security Explorations
- [ MDVSA-2013:005 ] perl
- nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities
- ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability
- Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities
- Kohana Framework v2.3.3 - Directory Traversal Vulnerability
- [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
- APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
- From: Apple Product Security
- APPLE-SA-2013-01-28-2 Apple TV 5.2
- From: Apple Product Security
- Unauthenticated remote access to D-Link DCS cameras
- XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
- Adobe Reader XI versions are vulnerable to a heap overflow
- Re: Wordpress Valums Uploader - File Upload Vulnerability
- Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 2613-1] rails security update
Mail converted by MHonArc