Mail Thread Index

• Date Index

• MailOrderWorks v5.907 - Multiple Web Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code, security-alert
• [Suspected Spam] [slackware-security] libssh (SSA:2013-087-01), Slackware Security Team
• [waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50, come2waraxe
• [waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5, come2waraxe
• Authentication bypass on Netgear WNR1000, roberto
• [SECURITY] [DSA 2656-1] bind9 security update, Salvatore Bonaccorso
• US-CERT Alert TA13-088A: DNS Amplification Attacks, US-CERT Alerts
• [security bulletin] HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities, security-alert
• Remote command execution in Ruby Gem ldoce 0.0.2, larry0
• NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities, NCC Group Research
• FreeBSD Security Advisory FreeBSD-SA-13:03.openssl, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-13:04.bind, FreeBSD Security Advisories
• SEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web Protection Appliance, SEC Consult Vulnerability Lab
• Google AD Sync Tool - Exposure of Sensitive Information Vulnerability - Security Advisory - SOS-13-001, Lists
• [slackware-security] mozilla-thunderbird (SSA:2013-093-02), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2013-093-01), Slackware Security Team
• SQL Injection Vulnerability in Symphony, advisory
• PHP Code Injection in FUDforum, advisory
• TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2, Simon Bieber
• Novell GroupWise Multiple Remote Code Execution Vulnerabilities, advisory
• [SECURITY] [DSA 2654-1] libxslt security update, Salvatore Bonaccorso
• [SECURITY] [DSA 2657-1] postgresql-8.4 security update, Giuseppe Iuculano
• [SECURITY] [DSA 2658-1] postgresql-9.1 security update, Giuseppe Iuculano
• [ MDVSA-2013:015-1 ] apache, security
  • <Possible follow-ups>
  • [ MDVSA-2013:015-1 ] apache, security
• SEC Consult 20130404-0 :: Multiple Vulnerabilities in Censornet Professional v4 (2.1.7), SEC Consult Vulnerability Lab
• GreHack 2013 - Call For Papers - November 15, Grenoble, France, F. Duchene
• Hackersh 0.1 Release Announcement, Itzik Kotler
• Groovy Media Player buffer overflow Vulnerability, akshay . vaghela
• [ MDVSA-2013:016 ] apache-mod_security, security
• [ MDVSA-2013:017 ] arpwatch, security
• [ MDVSA-2013:018 ] automake, security
• [ MDVSA-2013:019 ] bash, security
• [ MDVSA-2013:027-1 ] clamav, security
• [slackware-security] subversion (SSA:2013-095-01), Slackware Security Team
• [ MDVSA-2013:029 ] apache-mod_security, security
• [ MDVSA-2013:030 ] arpwatch, security
• [ MDVSA-2013:031 ] automake, security
• [ MDVSA-2013:032 ] bash, security
• [ MDVSA-2013:023-1 ] coreutils, security
• [ MDVSA-2013:033 ] cronie, security
• Aastra IP Telephone hardcoded telnet admin password, Timo Juhani Lindfors
• [ MDVSA-2013:034 ] cups, security
• [ MDVSA-2013:035 ] libexif, security
• [ MDVSA-2013:036 ] exif, security
• [ MDVSA-2013:037 ] fetchmail, security
• [ MDVSA-2013:038 ] freeradius, security
• [ MDVSA-2013:039 ] freetype2, security
• [ MDVSA-2013:001-1 ] gnupg, security
• [ MDVSA-2013:040 ] gnutls, security
• [ MDVSA-2013:041 ] html2ps, security
• [security bulletin] HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [ MDVSA-2013:042 ] krb5, security
• [ MDVSA-2013:043 ] libgssglue, security
• [ MDVSA-2013:044 ] libjpeg, security
• [ MDVSA-2013:045 ] libssh, security
• [ MDVSA-2013:046 ] libtiff, security
• [ MDVSA-2013:047 ] libxslt, security
• [ MDVSA-2013:048 ] ncpfs, security
• [ MDVSA-2013:049 ] net-snmp, security
• [ MDVSA-2013:050 ] nss, security
• [ MDVSA-2013:051 ] openssh, security
• [ MDVSA-2013:052 ] openssl, security
• [ MDVSA-2013:053 ] proftpd, security
• [ MDVSA-2013:054 ] sudo, security
• [ MDVSA-2013:055 ] wireshark, security
• Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable, mschratt
• Multiple Vulnerabilities in D-Link devices, devnull
• [slackware-security] seamonkey (SSA:2013-097-01), Slackware Security Team
• [ MDVSA-2013:056 ] libxml2, security
• [ MDVSA-2013:057 ] xinetd, security
• [ MDVSA-2013:058 ] bind, security
• [ MDVSA-2013:059 ] dhcp, security
• [ MDVSA-2013:060 ] accountsservice, security
• [ MDVSA-2013:061 ] awstats, security
• [ MDVSA-2013:062 ] backuppc, security
• [ MDVSA-2013:063 ] bip, security
• [ MDVSA-2013:064 ] bogofilter, security
• [ MDVSA-2013:065 ] boost, security
• [ MDVSA-2013:066 ] bugzilla, security
• [ MDVSA-2013:067 ] couchdb, security
• [ MDVSA-2013:068 ] courier-authlib, security
• [ MDVSA-2013:069 ] cups-pk-helper, security
• [ MDVSA-2013:070 ] dbus, security
• [ MDVSA-2013:071 ] dbus-glib, security
• [CVE-2012-5389] Null Pointer Derefence in Dart Webserver <= 1.9.2, Ken
• [CVE-REQUEST] Multiple CSRF vulnerabilities on Foscam IP cameras web UI, shekyan
• [ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9, ISecAuditors Security Advisories
• [ MDVSA-2013:072 ] dnsmasq, security
• [ MDVSA-2013:073 ] dokuwiki, security
• [ MDVSA-2013:074 ] drupal, security
• [ MDVSA-2013:075 ] elinks, security
• [ MDVSA-2013:076 ] emacs, security
• [ MDVSA-2013:081 ] gegl, security
• [ MDVSA-2013:082 ] gimp, security
• [ MDVSA-2013:083 ] glib2.0, security
• [ MDVSA-2013:084 ] gnome-keyring, security
• [ MDVSA-2013:085 ] groff, security
• [ MDVSA-2013:086 ] groff, security
• [ MDVSA-2013:087 ] firefox, security
• [ MDVSA-2013:088 ] hplip, security
• [ MDVSA-2013:089 ] icclib, security
• [ MDVSA-2013:090 ] argyllcms, security
• [ MDVSA-2013:091 ] icecast, security
• [ MDVSA-2013:092 ] imagemagick, security
• Hackito Ergo Sum 2013 Speaker Announcement!, Alexandre De Oliveira
• CVE-2013-0798 : World read and write access to app_tmp directory on Android, suzuki
• [waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7, come2waraxe
• [ MDVSA-2013:078 ] fail2ban, security
• [ MDVSA-2013:077 ] ettercap, security
• [ MDVSA-2013:093 ] ircd-hybrid, security
• [ MDVSA-2013:094 ] jakarta-poi, security
• [ MDVSA-2013:095 ] java-1.7.0-openjdk, security
• [ MDVSA-2013:096 ] keepalived, security
• [ MDVSA-2013:097 ] libotr, security
• [ MDVSA-2013:098 ] libupnp, security
• [ MDVSA-2013:099 ] libytnef, security
• [ MDVSA-2013:100 ] lighttpd, security
• [ MDVSA-2013:101 ] lynx, security
• [ MDVSA-2013:102 ] mariadb, security
• [ MDVSA-2013:103 ] mesa, security
• [ MDVSA-2013:104 ] mosh, security
• [ MDVSA-2013:105 ] munin, security
• [ MDVSA-2013:106 ] nss-pam-ldapd, security
• [ MDVSA-2013:107 ] ocaml-xml-light, security
• [ MDVSA-2013:108 ] openconnect, security
• [ MDVSA-2013:109 ] open-iscsi, security
• [ MDVSA-2013:110 ] openjpeg, security
• [ MDVSA-2013:111 ] openslp, security
• [ MDVSA-2013:112 ] otrs, security
• [ MDVSA-2013:113 ] perl, security
• [ MDVSA-2013:114 ] php, security
• [ MDVSA-2013:115 ] php-ZendFramework, security
• [ MDVSA-2013:116 ] pixman, security
• [ MDVSA-2013:117 ] python, security
• [ MDVSA-2013:118 ] python-feedparser, security
• [ MDVSA-2013:119 ] python-httplib2, security
• [ MDVSA-2013:120 ] python-pycrypto, security
• DeepSec 2013 - Call for Papers, DeepSec Conference
• [ MDVSA-2013:121 ] qemu, security
• [ MDVSA-2013:122 ] quagga, security
• [ MDVSA-2013:123 ] rpmdevtools, security
• [ MDVSA-2013:124 ] ruby, security
• [ MDVSA-2013:125 ] sleuthkit, security
• [ MDVSA-2013:126 ] snack, security
• [ MDVSA-2013:127 ] socat, security
• [ MDVSA-2013:128 ] squashfs-tools, security
• [ MDVSA-2013:129 ] squid, security
• [ MDVSA-2013:130 ] stunnel, security
• [ MDVSA-2013:131 ] taglib, security
• [ MDVSA-2013:132 ] tor, security
• [ MDVSA-2013:133 ] usbmuxd, security
• [ MDVSA-2013:134 ] viewvc, security
• [ MDVSA-2013:135 ] vte, security
• [ MDVSA-2013:136 ] weechat, security
• [ MDVSA-2013:137 ] wordpress, security
• [ MDVSA-2013:138 ] x11-driver-video-qxl, security
• [ MDVSA-2013:139 ] x11-server, security
• [security bulletin] HPSBUX02859 SSRT101144 rev.2 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code, security-alert
• [security bulletin] HPSBUX02864 SSRT101156 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Software, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Network Control Systems Database Default Credentials Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2659-1] libapache-mod-security security update, Salvatore Bonaccorso
• [ MDVSA-2013:141 ] libxslt, security
• MacOSX 10.8.3 ftpd Remote Resource Exhaustion, submit
• [ MDVSA-2013:142 ] postgresql, security
• Remote command injection in Ruby Gem kelredd-pruview 0.3.8, larry0
• [ MDVSA-2013:143 ] poppler, security
• DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal, ddivulnalert
• [security bulletin] HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities, security-alert
• [SE-2012-01] Details of issues fixed by Java SE 7 Update 21, Security Explorations
  • Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21, Security Explorations
• [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution, ESNC Security
• Sitecom WLM-3500 backdoor accounts, roberto . paleari
• [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control, ESNC Security
• [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services, ESNC Security
• [ MDVSA-2013:144 ] phpmyadmin, security
• APPLE-SA-2013-04-16-1 Safari 6.0.4, Apple Product Security
• APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15, Apple Product Security
• Open-Xchange Security Advisory 2013-04-17, Martin Braun
• Multiple Vulnerabilities in KrisonAV CMS, advisory
• SI6 Networks' IPv6 Toolkit v1.3.4 released!, Fernando Gont
• SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey, SEC Consult Vulnerability Lab
• SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption, SEC Consult Vulnerability Lab
  • <Possible follow-ups>
  • Re: SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption, SEC Consult Vulnerability Lab
• SEC Consult SA-20130417-2 :: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server, SEC Consult Vulnerability Lab
• Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Infrastructure Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 2661-1] xorg-server security update, Yves-Alexis Perez
• DC4420 - London DEFCON - April meet - Tuesday 23rd April 2013, Major Malfunction
• VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow (Pwn2Own 2013), VUPEN Security Research
• [SECURITY] [DSA 2662-1] xen security update, Salvatore Bonaccorso
• CVE-2013-2504 : Matrix42 Service Desk XSS, 43z sec
• VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555), VUPEN Security Research
• TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation, Trustwave Advisories
• [ MDVSA-2013:145 ] java-1.6.0-openjdk, security
• [ MDVSA-2013:146 ] icedtea-web, security
• [ MDVSA-2013:147 ] libarchive, security
• [SECURITY] [DSA 2660-1] curl security update, Salvatore Bonaccorso
• [SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE, Security Explorations
• 44Café 23rd April details, Steve
• [SQLi] vBilling for FreeSWITCH, Michał Błaszczak
• Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A, devnull
• [ MDVSA-2013:148 ] roundcubemail, security
• [ MDVSA-2013:149 ] roundcubemail, security
• [ MDVSA-2013:150 ] mysql, security
• [SECURITY] [DSA 2663-1] tinc security update, Yves-Alexis Perez
• [security bulletin] HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency, security-alert
• Cisco/Linksys HTTP Service Remote DoS (Denial of Service), Carl Benedict
• [ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver, ESNC Security
• Cisco Security Advisory: Cisco Device Manager Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Computing System, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Product, Cisco Systems Product Security Incident Response Team
• [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin, come2waraxe
• Nginx ngx_http_close_connection function integer overflow, safe3q
  • Re: Nginx ngx_http_close_connection function integer overflow, Maxim Konovalov
    • Re: Nginx ngx_http_close_connection function integer overflow, Maxim Konovalov
• Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows, nospam
• Borland Silk Central 12.1 TeeChart Pro Activex control AddSeries Remote Code Execution, nospam
• Multiple Vulnerabilities in D'Link DIR-635, devnull
• [security bulletin] HPSBMU02830 SSRT100889 rev.2 - HP Data Protector, Local Increase of Privilege, security-alert
• [security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS), security-alert
• [security bulletin] HPSBPI02869 SSRT100936 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files, security-alert
• Hacking IPv6 networks training (slideware, upcoming trainings, etc.), Fernando Gont
• EDSC 2013 CFP Open, Michael Eddington
• [ MDVSA-2013:151 ] curl, security
• [ MDVSA-2013:152 ] subversion, security
• [ MDVSA-2013:153 ] subversion, security
• [KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability, Egidio Romano
• Cisco/Linksys E1200 N300 Reflected XSS, Carl Benedict
• [ MDVSA-2013:154 ] util-linux, security
• [ MDVSA-2013:155 ] fuse, security
• [security bulletin] HPSBMU02873 SSRT101182 rev.1 - HP Service Manager, Apache Tomcat Security Update, security-alert
• [security bulletin] HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE) Security Update, security-alert
• [ MDVSA-2013:156 ] apache-mod_security, security