Mail Thread Index

• Date Index

• [SECURITY] [DSA 2593-1] moin security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2594-1] virtualbox-ose security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2596-1] mediawiki-extensions security update, Jonathan Wiltshire
• [SECURITY] [DSA 2595-1] ghostscript security update, Moritz Muehlenhoff
• Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling, YGN Ethical Hacker Group
• CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities, YGN Ethical Hacker Group
• Charybdis: Improper assumptions in the server handshake code may lead to a remote crash, muztapha
• CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
• Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption, Kurt Seifried
  • Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption, Kurt Seifried
• AthCon 2013 CFP OPEN, cfp
• ShakaCon 2013 - Call for Papers, Shakacon
• [ MDVSA-2013:001 ] gnupg, security
• AST-2012-014: Crashes due to large stack allocations when using TCP, Asterisk Security Team
• AST-2012-015: Denial of Service Through Exploitation of Device State Caching, Asterisk Security Team
• Aastra IP Telephone encrypted .tuz configuration file leakage, Timo Juhani Lindfors
• Simple Webserver 2.3-rc1 Directory Traversal, cwggenius
• CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF), i@xxxxxxxxxx
• CVE-2012-6494 - Nexpose Security Console - Session Hijacking, i@xxxxxxxxxx
• TomatoCart 1.x | Unrestricted File Creation, YGN Ethical Hacker Group
• CFP: InfoSec Southwest 2013, todb
• [SECURITY] [DSA 2597-1] rails security update, Nico Golde
• [SECURITY] [DSA 2598-1] weechat security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2599-1] nss security update, Thijs Kinkhorst
• [SECURITY] [DSA 2600-1] cups security update, Nico Golde
• [security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• Chrome for Android - UXSS via com.android.browser.application_id Intent extra, mbsdtest01
• Chrome for Android - Download Function Information Disclosure, mbsdtest01
• Chrome for Android - Android APIs exposed to JavaScript, mbsdtest01
• Chrome for Android - Bypassing SOP for Local Files By Symlinks, mbsdtest01
• Chrome for Android - Cookie theft from Chrome by malicious Android app, mbsdtest01
• Facebook for Android - Information Diclosure Vulnerability, mbsdtest01
• ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability, Security Alert
• [security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access, security-alert
• [SECURITY] [DSA 2602-1] zendframework security update, Florian Weimer
• Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2013:002 ] firefox, security
• Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart, advisory
• Remote Buffer Overflow Vulnerability in Samsung Kies, advisory
• Nero MediaHome Multiple Remote DoS Vulnerabilities, advisory
• [ MDVSA-2013:003 ] rootcerts, security
• [SECURITY] [DSA 2603-1] emacs23 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2604-1] rails security update, Thijs Kinkhorst
• [slackware-security] mozilla-firefox (SSA:2013-009-01), Slackware Security Team
• [slackware-security] seamonkey (SSA:2013-009-03), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2013-009-02), Slackware Security Team
• [ MDVSA-2013:004 ] tomcat5, security
• OrangeHRM 2.7.1 Vacancy Name Persistent XSS, SBV Research
• Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability, Beni_vanda
  • Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability, Henri Salo
    • Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability, Paolo Perego
• Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee), Arne Vidström
• DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit, DefenseCode
• [SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code, Security Explorations
• [security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS), security-alert
• CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows, Jan Lehnardt
• [SECURITY] [DSA 2606-1] proftpd-dfsg security update, Thijs Kinkhorst
• CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI, Jan Lehnardt
• [SECURITY] [DSA 2605-1] asterisk security update, Thijs Kinkhorst
• CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash, Jan Lehnardt
• Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect, Include Security Research
• [IA33] Serva v2.0.0 DNS Server Remote Denial of Service, Inshell Security
• Updated - CA20121018-01: Security Notice for CA ARCserve Backup, Kotas, Kevin J
• [IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service, Inshell Security
• [SECURITY] [DSA 2607-1] qemu-kvm security update, Florian Weimer
• [SECURITY] [DSA 2608-1] qemu security update, Florian Weimer
• Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability, Rustein, Fara Denise \(LATCO - Buenos Aires\)
• [slackware-security] freetype (SSA:2013-015-01), Slackware Security Team
• Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities, rgilbert
• Re: [CVE-ID REQUEST] vBulletin - Multiple Open Redirects, rgilbert
• Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• DC4420 - 2013 CFP, Major Malfunction
• [SECURITY] [DSA 2609-1] rails security update, Florian Weimer
• Cisco Security Advisory Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability, Cisco Systems Product Security Incident Response Team
• Secunia Research: Oracle Outside In Technology Paradox Database Handling Denial of Service, Secunia Research
• Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow, Secunia Research
• NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/), NSO Research
• NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/), NSO Research
• CVE-2012-6452 Axway Secure Messenger Username Disclosure, jason . doyle
• Recently-revised IETF I-Ds about IPv6 security, Fernando Gont
• [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable, Security Explorations
  • Message not available
    • Message not available
      • Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable, Security Explorations
• ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities, Security Alert
• CA20121220-01: Security Notice for CA IdentityMinder [updated], Williams, James K
• [SECURITY] [DSA 2605-2] asterisk regression update, Thijs Kinkhorst
• Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069, Stefan Kanthak
• NoSuchCon CFP / 15-17 May 2013 / Paris, France, Jonathan Brossard
• (AUSCERT#20131775e) AusCERT 2013 Call For Presentations - closing in 10 days, auto-bulletins
• Multiple Vulnerabilities in Linksys WRT54GL, devnull
• Re: EMC Avamar: World writable cache files, security_alert
• Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin, marcelavbx
• [SECURITY] [DSA 2610-1] ganglia security update, Yves-Alexis Perez
• [HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb, Hafez Kamal
• [SECURITY] [DSA 2611-1] movabletype-opensource security update, Yves-Alexis Perez
• Looking for security contacts, DefenseCode
• Wordpress Developer Formatter CSRF Vulnerability, illSecResearchGroup
• SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability, SEC Consult Vulnerability Lab
• SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability, SEC Consult Vulnerability Lab
• CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability, i
• Wordpress Valums Uploader - File Upload Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • Re: Wordpress Valums Uploader - File Upload Vulnerability, fineuploader
• [security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code, security-alert
• [slackware-security] mysql (SSA:2013-022-01), Slackware Security Team
• DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013, Major Malfunction
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers, Cisco Systems Product Security Incident Response Team
• CVE ID Syntax Change - Call for Public Feedback, cve-id-change
• CVE-2013-0805 / CSNC-2013-001, stephan . rickauer
• Cross-Site Scripting (XSS) vulnerability in gpEasy, advisory
• SQL Injection Vulnerability in ImageCMS, advisory
• New Blog Post: Attacking the Windows 7/8 Address Space Randomization, king cope
• IPv6: How to avoid security issues with VPN leaks on dual-stack networks, Fernando Gont
• SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 2612-1] ircd-ratbox security update, Moritz Muehlenhoff
• WordPress SolveMedia 1.1.0 CSRF Vulnerability, illSecResearchGroup
• [SE-2012-01] An issue with new Java SE 7 security features, Security Explorations
• [ MDVSA-2013:005 ] perl, security
• nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities, Vulnerability Lab
• ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability, Security Alert
• Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities, Vulnerability Lab
• Kohana Framework v2.3.3 - Directory Traversal Vulnerability, Vulnerability Lab
• [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability, Egidio Romano
• APPLE-SA-2013-01-28-1 iOS 6.1 Software Update, Apple Product Security
• APPLE-SA-2013-01-28-2 Apple TV 5.2, Apple Product Security
• Unauthenticated remote access to D-Link DCS cameras, roberto
• XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget"), Moritz Naumann
• Adobe Reader XI versions are vulnerable to a heap overflow, n1s0o
• Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2613-1] rails security update, Thijs Kinkhorst