Mail Index

• Thread Index

• Cisco Security Advisory: Cisco Unified Presence Server Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2013:016 ] php
  • From: security
• [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05
  • From: come2waraxe
• Unauthenticated remote access to D-Link DIR-645 devices
  • From: roberto
• [KIS-2013-03] Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• Multiple Vulnerabilities in Piwigo
  • From: advisory
• Cross-Site Scripting (XSS) in Geeklog
  • From: advisory
• Stored Cross-site Scripting ('XSS') in Airvana HubBub C1-600-RT Femtocell
  • From: scott . behrens
• PHEARCON Call For Papers
  • From: AA
• Fileutils ruby gem possible remote command execution and insecure file handling in /tmp
  • From: larry0
• ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability
  • From: Security Alert
• [SECURITY] [DSA 2635-1] cfingerd security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2636-1] xen security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2636-2] xen regression update
  • From: Moritz Muehlenhoff
• [slackware-security] httpd (SSA:2013-062-01)
  • From: Slackware Security Team
• [SE-2012-01] One more attack affecting Oracle's Java SE 7u15
  • From: Security Explorations
• rpi-update tmpfile vulnerability
  • From: Technion
• CVE-2013-1413
  • From: stephan . rickauer
• [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability
  • From: Frédéric Basse
• Proofpoint Protection Server Session Persistence
  • From: BugsNotHugs
• Remote command execution for Ruby Gem ftpd-0.2.1
  • From: larry0
• Remote system freeze thanks to Kaspersky Internet Security 2013
  • From: Marc Heuse
• [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting
  • From: Inshell Security
• [SECURITY] [DSA 2637-1] apache2 security update
  • From: Stefan Fritsch
• APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14
  • From: Apple Product Security
• [SECURITY] [DSA 2638-1] openafs security update
  • From: Moritz Muehlenhoff
• WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)
  • From: alej andr0
• [PT-2013-17] Arbitrary Files Reading in mnoGoSearch
  • From: noreply
• RE: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053)
  • From: Vulnerability Mailbox
• [SECURITY] [DSA 2639-1] php5 security update
  • From: Thijs Kinkhorst
• [ MDVSA-2013:017 ] libxml2
  • From: security
• Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header
  • From: tytusromekiatomek
• Samsung TV DoS (possible overflow) via SOAPACTION
  • From: tytusromekiatomek
• Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header
  • From: tytusromekiatomek
• Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
  • From: tytusromekiatomek
• SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2
  • From: tytusromekiatomek
• Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header
  • From: tytusromekiatomek
• Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.
  • From: tytusromekiatomek
• Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header
  • From: tytusromekiatomek
• Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND
  • From: tytusromekiatomek
• Re: Kingcopes AthCon 2012 Slides & Notes --> Video online
  • From: king cope
• Re: rpi-update tmpfile vulnerability
  • From: larry0
• OS Command Injection in CosCms
  • From: advisory
• Multiple XSS vulnerabilities in Events Manager WordPress plugin
  • From: advisory
• [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples
  • From: Mark Thomas
• Verax NMS Authenication Bypass (CVE-2013-1350)
  • From: Just Bugs
• Verax NMS Password Replay Attack (CVE-2013-1351)
  • From: Just Bugs
• Verax NMS Hardcoded Private Key (CVE-2013-1352)
  • From: Just Bugs
• Verax NMS Password Disclosure (CVE-2013-1631)
  • From: Just Bugs
• [ MDVSA-2013:018 ] openssl
  • From: security
• DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
  • From: ddivulnalert
• [security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS)
  • From: security-alert
• [slackware-security] sudo (SSA:2013-065-01)
  • From: Slackware Security Team
• [security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data
  • From: security-alert
• [ MDVSA-2013:019 ] gnutls
  • From: security
• [security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of Information
  • From: security-alert
• Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6
  • From: advisory
• Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6
  • From: advisory
• Re: Oracle Auto Service Request /tmp file clobbering vulnerability
  • From: larry0
• Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
  • From: Kurt Seifried
• [ MDVSA-2013:020 ] wireshark
  • From: security
• [ MDVSA-2013:021 ] java-1.6.0-openjdk
  • From: security
• SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1)
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)
  • From: SEC Consult Vulnerability Lab
• Stored XSS in Terillion Reviews Wordpress Plugin
  • From: nauty . me04
• [SECURITY] [DSA 2642-1] sudo security update
  • From: Michael Gilbert
• [slackware-security] mozilla-thunderbird (SSA:2013-068-02)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2013-068-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 2641-1] perl security update
  • From: Salvatore Bonaccorso
• Recon 2013 Call For Papers - June 21-23, 2013 - Montreal, Quebec
  • From: cfp2013@xxxxxxxx
• OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability
  • From: larry0
• [ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics
  • From: ISecAuditors Security Advisories
• Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503
  • From: Chris John Riley
• Host tracking in IPv6 (SI6 Networks' IPv6 toolkit v1.3.3)
  • From: Fernando Gont
• SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum
  • From: SEC Consult Vulnerability Lab
• AthCon 2013 Rev. Challenge 2013
  • From: info
• Results of a XSLT fuzzing effort
  • From: Nicolas Grégoire
• Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
  • From: Amos Jeffries
• Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
  • From: Amos Jeffries
• Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503
  • From: contact
• Announcing ChronIC - a wearable Sub-GHz RF hacking tool
  • From: Adam Laurie
• Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
  • From: Kurt Seifried
• TagScanner v5.1 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 2643-1] puppet security update
  • From: Yves-Alexis Perez
• Open-Xchange Security Advisory 2013-03-13
  • From: Martin Braun
• SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow
  • From: SEC Consult Vulnerability Lab
• [ MDVSA-2013:022 ] openssh
  • From: security
• [CVE-2013-1814] Apache Rave exposes User over API
  • From: Matt Franklin
• [ MDVSA-2013:023 ] coreutils
  • From: security
• Cisco Video Surveillance Operations Manager Multiple vulnerabilities
  • From: b . saleh
• Re: [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability
  • From: Frédéric BASSE
• [ MDVSA-2013:024 ] firefox
  • From: security
• Re: SQLi found in Kodak Insite
  • From: chris . joughin
• [slackware-security] perl (SSA:2013-072-01)
  • From: Slackware Security Team
• [slackware-security] seamonkey (SSA:2013-072-02)
  • From: Slackware Security Team
• [ MDVSA-2013:025 ] pidgin
  • From: security
• [SECURITY] [DSA 2640-1] zoneminder security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2644-1] wireshark security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
  • From: Apple Product Security
• APPLE-SA-2013-03-14-2 Safari 6.0.3
  • From: Apple Product Security
• [SECURITY] [DSA 2645-1] inetutils security update
  • From: Yves-Alexis Perez
• Curl Ruby Gem Remote command execution
  • From: Larry0
• MiniMagic ruby gem remote code execution
  • From: Larry0
• DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal
  • From: ddivulnalert
• Skype Click to Call Update Service local privilege escalation
  • From: Oliver-Tobias Ripka
• [SECURITY] [DSA 2647-1] firebird2.1 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2648-1] firebird2.5 security update
  • From: Moritz Muehlenhoff
• n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection
  • From: security
• n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection
  • From: security
• n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability
  • From: security
• n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access
  • From: security
• [SECURITY] [DSA 2646-1] typo3-src security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 2649-1] lighttpd security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 2650-1] libvirt-bin security update
  • From: Yves-Alexis Perez
• [slackware-security] ruby (SSA:2013-075-01)
  • From: Slackware Security Team
• Remote command execution in fastreader ruby gem
  • From: larry0
• [SECURITY] [DSA 2650-2] libvirt regression update
  • From: Yves-Alexis Perez
• [ MDVSA-2013:026 ] sudo
  • From: security
• [SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54)
  • From: Security Explorations
• [ MDVSA-2013:027 ] clamav
  • From: security
• [ MDVSA-2013:028 ] nagios
  • From: security
• NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow
  • From: NCC Group Research
• Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue
  • From: Cisco Systems Product Security Incident Response Team
• NOPcon 2013 - Call for paper - Istanbul , Turkey
  • From: info
• Remote command execution in Ruby Gem Command Wrap
  • From: Larry0
• VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087)
  • From: VUPEN Security Research
• CA20130319-01: Security Notice for SiteMinder products using SAML
  • From: Kotas, Kevin J
• [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1
  • From: come2waraxe
• Re: VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087)
  • From: Thomas D.
• APPLE-SA-2013-03-19-1 iOS 6.1.3
  • From: Apple Product Security
• APPLE-SA-2013-03-19-2 Apple TV 5.2.1
  • From: Apple Product Security
• [IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation
  • From: Inshell Security
• [SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 2651-1] smokeping security update
  • From: Salvatore Bonaccorso
• [SE-2011-01] PoC code for digital SAT TV research released
  • From: Security Explorations
• [security bulletin] HPSBUX02856 SSRT101104 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
  • From: security-alert
• [waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2
  • From: come2waraxe
• DC4420 - London DEFCON - March meet - Tuesday 26th March 2013
  • From: Major Malfunction
• [slackware-security] php (SSA:2013-081-01)
  • From: Slackware Security Team
• [security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)
  • From: security-alert
• [SECURITY] [DSA 2652-1] libxml2 security update
  • From: Michael Gilbert
• Report OWASP WAF Naxsi bypass Vulnerability
  • From: safe3q
• SynConnect PMS SQL Injection Vulnerability
  • From: bhadresh . k . patel
• ESA-2013-016: EMC Smarts Network Configuration Manager
  • From: Security Alert
• [security bulletin] HPSBOV02852 SSRT101108 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
  • From: security-alert
• [security bulletin] HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• [SECURITY] [DSA 2653-1] icinga security update
  • From: Florian Weimer
• Re: Report OWASP WAF Naxsi bypass Vulnerability
  • From: Jeffrey Walton
• [slackware-security] dhcp (SSA:2013-086-02)
  • From: Slackware Security Team
• [slackware-security] bind (SSA:2013-086-01)
  • From: Slackware Security Team
• Path Traversal in AWS XMS
  • From: advisory
• McAfee Virtual Technician ActiveX Control Insecure Method
  • From: advisory
• [security bulletin] HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information
  • From: security-alert
• Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Protocol Translation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability
  • From: Security Alert
• WordPress podPress Plugin XSS in SWF
  • From: hip
• AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header
  • From: Asterisk Security Team
• AST-2013-002: Denial of Service in HTTP server
  • From: Asterisk Security Team
• AST-2013-003: Username disclosure in SIP channel driver
  • From: Asterisk Security Team
• Workshop Proposal/Paper Submission Deadlines
  • From: asemailing
• [SECURITY] [DSA 2655-1] rails security update
  • From: Moritz Muehlenhoff