Mail Thread Index
- [Full-disclosure] Fileutils ruby gem possible remote command execution and insecure file handling in /tmp,
Larry W. Cashdollar
- [Full-disclosure] TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-2013-0353),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355),
Shatter
- [Full-disclosure] TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358),
Shatter
- [Full-disclosure] [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05,
Janek Vind
- Re: [Full-disclosure] test,
Hey, Lukas (KRZ)
- [Full-disclosure] ROOTCON 7 Call for Papers,
JJ Turla
- Re: [Full-disclosure] Arbitrary command execution and trivial password guessing on Brother printers,
auto61149890
- [Full-disclosure] Oracle Auto Service Request /tmp file clobbering vulnerability,
Larry W. Cashdollar
- [Full-disclosure] [CTF] nullcon Battle UnderGround is On,
nullcon
- [Full-disclosure] list patch,
Jan van Niekerk
- <Possible follow-ups>
- Re: [Full-disclosure] list patch,
John Cartwright
[Full-disclosure] CVE-2013-1413,
Stephan Rickauer
[Full-disclosure] [SECURITY] [DSA 2635-1] cfingerd security update,
Salvatore Bonaccorso
[Full-disclosure] [Security-news] SA-CONTRIB-2013-031 - Premium Responsive theme - Cross Site Scripting (XSS),
security-news
[Full-disclosure] [SECURITY] [DSA 2636-1] xen security update,
Moritz Muehlenhoff
[Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS,
MustLive
[Full-disclosure] BF, IAA and CSRF vulnerabilities in Question2Answer,
MustLive
[Full-disclosure] USB Disk & File Transfer v1.3.1 - File Include > Arbitrary File Upload Vulnerability,
Vulnerability Lab
[Full-disclosure] IPMap v2.5 iPad iPhone - File Upload Web Vulnerabilities,
Vulnerability Lab
[Full-disclosure] Paypal Bug Bounty #5 - Persistent Web Vulnerability,
Vulnerability Lab
[Full-disclosure] Proofpoint Protection Server Session Persistence,
BugsNotHugs
[Full-disclosure] Administrivia: FD Returns,
John Cartwright
[Full-disclosure] Whonix ALPHA 0.5.5 - Anonymous Operating System released,
adrelanos
[Full-disclosure] how do I know the fbi is followin,
Jerry dePriest
[Full-disclosure] Remote command execution for Ruby Gem ftpd-0.2.1,
Larry W. Cashdollar
[Full-disclosure] [SECURITY] [DSA 2636-2] xen regression update,
Moritz Muehlenhoff
[Full-disclosure] AoF, IAA and CSRF vulnerabilities in Question2Answer,
MustLive
[Full-disclosure] Ruby Gem Flash Tool 0.6.0 Remote code execution vulnerability,
Larry W. Cashdollar
[Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013,
Marc Heuse
[Full-disclosure] [SE-2012-01] One more attack affecting Oracle's Java SE 7u15,
Security Explorations
[Full-disclosure] WordPress Counter per Day plugin <= 3.2.3. Path Disclosure and Denial-Of-Service (DOS) and WordPress Counter per Day plugin <= 3.2.5. Path Disclosure,
alej andr0
[Full-disclosure] [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting,
Inshell Security
[Full-disclosure] [SECURITY] [DSA 2638-1] openafs security update,
Moritz Muehlenhoff
[Full-disclosure] [SECURITY] [DSA 2637-1] apache2 security update,
Stefan Fritsch
[Full-disclosure] WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS),
alej andr0
Re: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053),
Vulnerability Mailbox
[Full-disclosure] Samsung S3 : Full Lock Screen Bypass,
Sean McMillan
[Full-disclosure] [SECURITY] [DSA 2639-1] php5 security update,
Thijs Kinkhorst
[Full-disclosure] [ MDVSA-2013:017 ] libxml2,
security
Re: [Full-disclosure] Kingcopes AthCon 2012 Slides & Notes --> Video online,
king cope
[Full-disclosure] Security BSides Las Vegas 31Jul -01Aug Call For Presenters / Call For Mentors,
Info
[Full-disclosure] Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header,
tytusromekiatomek
[Full-disclosure] Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND,
tytusromekiatomek
[Full-disclosure] Samsung TV DoS (possible overflow) via SOAPACTION,
tytusromekiatomek
[Full-disclosure] Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header,
tytusromekiatomek
[Full-disclosure] Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc,
tytusromekiatomek
[Full-disclosure] SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2,
tytusromekiatomek
[Full-disclosure] Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header,
tytusromekiatomek
[Full-disclosure] Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.,
tytusromekiatomek
[Full-disclosure] Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header,
tytusromekiatomek
[Full-disclosure] Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
[Full-disclosure] AirDrive HD 1.6 iPad iPhone - Multiple Web Vulnerabilities,
Vulnerability Lab
[Full-disclosure] SANS PHP Port Scanner Remote Code Execution,
laurent gaffie
Re: [Full-disclosure] rpi-update tmpfile vulnerability,
Larry W. Cashdollar
[Full-disclosure] USB Disk & File Transfer v1.3.1 - File Include Vulnerability,
Vulnerability Lab
[Full-disclosure] [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples,
Mark Thomas
[Full-disclosure] Get rid of french marketing spam,
Arnaud Jacques
[Full-disclosure] Fwd: lame,
Michael Simpson
[Full-disclosure] OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability,
Larry W. Cashdollar
[Full-disclosure] [ MDVSA-2013:018 ] openssl,
security
[Full-disclosure] DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion,
ddivulnalert
[Full-disclosure] [ MDVSA-2013:019 ] gnutls,
security
[Full-disclosure] Exploit for stealing admin's account in Question2Answer,
MustLive
[Full-disclosure] [ MDVSA-2013:020 ] wireshark,
security
[Full-disclosure] Results of a XSLT fuzzing effort,
Nicolas Grégoire
[Full-disclosure] [ MDVSA-2013:021 ] java-1.6.0-openjdk,
security
[Full-disclosure] SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1),
SEC Consult Vulnerability Lab
[Full-disclosure] SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2),
SEC Consult Vulnerability Lab
[Full-disclosure] Exploit for D-Link DAP 1150,
MustLive
[Full-disclosure] [SECURITY] [DSA 2642-1] sudo security update,
Michael Gilbert
[Full-disclosure] [SECURITY] [DSA 2641-1] perl security update,
Salvatore Bonaccorso
[Full-disclosure] Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM),
Adam Zabrocki
[Full-disclosure] CS and XSS vulnerabilities in SWFUpload,
MustLive
[Full-disclosure] Host tracking in IPv6 (SI6 Networks' IPv6 toolkit v1.3.3),
Fernando Gont
[Full-disclosure] [ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics,
ISecAuditors Security Advisories
[Full-disclosure] SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum,
SEC Consult Vulnerability Lab
[Full-disclosure] XSS Vulnerability in TinyMCE,
Justin C. Klein Keane
[Full-disclosure] CVE-2013-1763 Ubuntu 12.10 64bit,
Kacper Szczesniak
[Full-disclosure] Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others,
MustLive
[Full-disclosure] Paypal Bug Bounty #19 - Persistent Web Vulnerability,
Vulnerability Lab
[Full-disclosure] Announcing ChronIC - a wearable Sub-GHz RF hacking tool,
Adam Laurie
***UNCHECKED*** [Full-disclosure] Cam2pc BMP Image Processing Integer Overflow Vulnerability,
kaveh ghaemmaghami
[Full-disclosure] Ruby gem fastreader-1.0.8 remote code exec,
Larry W. Cashdollar
[Full-disclosure] MiniMagic ruby gem remote code execution,
Larry W. Cashdollar
[Full-disclosure] Curl Ruby Gem Remote command execution,
Larry W. Cashdollar
[Full-disclosure] [SECURITY] [DSA 2643-1] puppet security update,
Yves-Alexis Perez
[Full-disclosure] [CVE-2013-1814] Apache Rave exposes User over API,
Matt Franklin
[Full-disclosure] ASUS RT-N66U multiple vulns,
sec
[Full-disclosure] SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow,
SEC Consult Vulnerability Lab
[Full-disclosure] [ MDVSA-2013:022 ] openssh,
security
[Full-disclosure] [ MDVSA-2013:023 ] coreutils,
security
[Full-disclosure] [ MDVSA-2013:024 ] firefox,
security
[Full-disclosure] [Security-news] SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass,
security-news
[Full-disclosure] Chrome Null Pointer in InspectDataSource::StartDataRequest,
Heyder Andrade
[Full-disclosure] FULL-DISCLOSURE Exclusive,
Henry Garrison
[Full-disclosure] List Charter,
John Cartwright
[Full-disclosure] [ MDVSA-2013:025 ] pidgin,
security
[Full-disclosure] [SECURITY] [DSA 2644-1] wireshark security update,
Moritz Muehlenhoff
[Full-disclosure] [SECURITY] [DSA 2640-1] zoneminder security update,
Salvatore Bonaccorso
[Full-disclosure] A few android security issues,
Jann Horn
[Full-disclosure] [SECURITY] [DSA 2645-1] inetutils security update,
Yves-Alexis Perez
[Full-disclosure] web app pentesting - short research survey,
kill my xss
[Full-disclosure] Petite Annonce v1 XSS Vulnerability,
metropolis haxor
[Full-disclosure] Skype Click to Call Update Service local privilege escalation,
Oliver-Tobias Ripka
[Full-disclosure] DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal,
ddivulnalert
[Full-disclosure] [SECURITY] [DSA 2647-1] firebird2.1 security update,
Moritz Muehlenhoff
[Full-disclosure] [SECURITY] [DSA 2648-1] firebird2.5 security update,
Moritz Muehlenhoff
[Full-disclosure] n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access,
security
[Full-disclosure] n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection,
security
[Full-disclosure] n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection,
security
[Full-disclosure] n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability,
security
[Full-disclosure] [SECURITY] [DSA 2646-1] typo3-src security update,
Yves-Alexis Perez
[Full-disclosure] [SECURITY] [DSA 2649-1] lighttpd security update,
Yves-Alexis Perez
[Full-disclosure] [SECURITY] [DSA 2650-1] libvirt-bin security update,
Yves-Alexis Perez
[Full-disclosure] Critical issue affecting EA Origin users,
ReVuln
[Full-disclosure] 10 years of Hackers to Hackers Conference - Call for Papers,
Rodrigo Rubira Branco (BSDaemon)
[Full-disclosure] "Data-Clone" -- a new way to attack android apps,
IEhrepus
[Full-disclosure] NOPcon 2013 - Call for paper - Istanbul , Turkey,
NOPcon Team
[Full-disclosure] Fake Applications in browser,
Roman Kümmel
[Full-disclosure] [SECURITY] [DSA 2650-2] libvirt regression update,
Yves-Alexis Perez
[Full-disclosure] Port scanning /0 using insecure embedded devices,
internet census
[Full-disclosure] [SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54),
Security Explorations
[Full-disclosure] [ MDVSA-2013:026 ] sudo,
security
[Full-disclosure] [ MDVSA-2013:027 ] clamav,
security
[Full-disclosure] [ MDVSA-2013:028 ] nagios,
security
[Full-disclosure] Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] iKAT 2013 Release - Interactive Kiosk Attack Tool,
Paul Craig
[Full-disclosure] [CVE-2013-2294] Multiple Cross Site Scripting (XSS) vulnerabilities in ViewGit,
Matthew Bucci
[Full-disclosure] Remote command execution in Ruby Gem Command Wrap,
larry Cashdollar
[Full-disclosure] [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1,
Janek Vind
[Full-disclosure] [IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation,
Inshell Security
[Full-disclosure] Owning Samsung Android devices,
Roberto Paleari
[Full-disclosure] CA20130319-01: Security Notice for SiteMinder products using SAML,
Kotas, Kevin J
[Full-disclosure] Deutsche Post Security Cup 2013,
Juergen.Pabel
[Full-disclosure] CVE-2013-186y: tokend (Apple, Gemalto) - privacy leak & arbitrary file creation (OSX, All versions),
Dirk-Willem van Gulik
[Full-disclosure] CVE-2013-1866: OpenSC.tokend - privacy leak & arbitrary file creation (OSX, All versions),
Dirk-Willem van Gulik
[Full-disclosure] CVE-2013-1867: tokend (Apple, Gemalto) - privacy leak & arbitrary file creation (OSX, All versions),
Dirk-Willem van Gulik
[Full-disclosure] [SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1,
Salvatore Bonaccorso
[Full-disclosure] [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS),
security-news
[Full-disclosure] New WinCC/TIA Porta vulns/fixes,
scadastrangelove
[Full-disclosure] [SECURITY] [DSA 2651-1] smokeping security update,
Salvatore Bonaccorso
[Full-disclosure] [SE-2011-01] PoC code for digital SAT TV research released,
Security Explorations
[Full-disclosure] PHDays Call For Papers Initiates Its Second Stage,
PHD
[Full-disclosure] [waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2,
Janek Vind
[Full-disclosure] CFP (Extended Deadline) : S.I. on Intrusion Detection and Security Mechanisms for WSNs,
Jaime Lloret Mauri
[Full-disclosure] DC4420 - London DEFCON - March meet - Tuesday 26th March 2013,
Major Malfunction
[Full-disclosure] Great read for the Australians,
Jody Melbourne (HackLabs)
[Full-disclosure] JAOW 2.4.8 XSS Vulnerability,
metropolis haxor
[Full-disclosure] Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php,
Rob Armstrong
[Full-disclosure] XSS vulnerabilities in ZeroClipboard and multiple web applications,
MustLive
[Full-disclosure] Book announcement: Los 27 Controles Criticos de Seguridad Informática (Spanish),
sergio
[Full-disclosure] XSS vulnerability on WP-Banners-Lite (wordpress plugin),
Fernando A. Lagos B.
[Full-disclosure] Fwd: Remote command injection vulnerability in Rosewill RSVA11001 (Hi3515 based),
Eric Urban
[Full-disclosure] [SECURITY] [DSA 2652-1] libxml2 security update,
Michael Gilbert
[Full-disclosure] [ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn,
ISecAuditors Security Advisories
[Full-disclosure] [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in LinkedIn Investors,
ISecAuditors Security Advisories
[Full-disclosure] Ruby gem Thumbshooter 0.1.5 remote command execution,
Larry W. Cashdollar
[Full-disclosure] Multiple XSS vulnerabilities in IBM Lotus Domino,
MustLive
[Full-disclosure] [SECURITY] [DSA 2653-1] icinga security update,
Florian Weimer
[Full-disclosure] Justice for Molly (cops killing civillians),
Jerry dePriest
[Full-disclosure] Fw: Justice for Molly (cops killing civillians),
Jerry dePriest
[Full-disclosure] Fw: Fw: Justice for Molly (cops killing civillians),
Jerry dePriest
[Full-disclosure] reward,
Jerry dePriest
[Full-disclosure] [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail <= v7.0.2,
ISecAuditors Security Advisories
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Protocol Translation Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
[Full-disclosure] winAUTOPWN v3.4 Released - Completing 4 years !!,
QUAKER DOOMER
[Full-disclosure] AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header,
Asterisk Security Team
[Full-disclosure] AST-2013-002: Denial of Service in HTTP server,
Asterisk Security Team
[Full-disclosure] AST-2013-003: Username disclosure in SIP channel driver,
Asterisk Security Team
[Full-disclosure] [Security-news] SA-CONTRIB-2013-036 - Zero Point - Cross Site Scripting (XSS),
security-news
[Full-disclosure] [Security-news] SA-CONTRIB-2013-038 - Commons Groups - Access bypass & Privilege escalation,
security-news
[Full-disclosure] [Security-news] SA-CONTRIB-2013-037 - Rules - Cross Site Scripting (XSS),
security-news
[Full-disclosure] [Security-news] SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation,
security-news
[Full-disclosure] On the impact of CVE-2013-2266 (BIND9),
Daniel Franke
[Full-disclosure] [SECURITY] [DSA 2655-1] rails security update,
Moritz Muehlenhoff
[Full-disclosure] Paypal Bug Bounty #46 - Persistent Web Vulnerability,
Vulnerability Lab
[Full-disclosure] MailOrderWorks v5.907 - Multiple Web Vulnerabilities,
Vulnerability Lab
[Full-disclosure] Fw: Fw: Justice for Molly (cops killingcivillians),
Jerry dePriest
[Full-disclosure] Fw: Fw: Fw: Justice for Molly (cops killingcivillians),
Jerry dePriest
Re: [Full-disclosure] petition to remove Aaron Swartz prosecutor,
Jerry dePriest
[Full-disclosure] Fw: (no subject),
Jerry dePriest
[Full-disclosure] Fw: Fw: News Delivery Report (Failure),
Jerry dePriest
[Full-disclosure] [waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50,
Janek Vind
[Full-disclosure] [waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1,
Janek Vind
[Full-disclosure] Fw: [waraxe-2013-SA#101] - Update SpoofingVulnerability in Royal TS 2.1,
Jerry dePriest
[Full-disclosure] Fw: petition to remove Aaron Swartz prosecutor,
Jerry dePriest
[Full-disclosure] Donkey Kick Exploit,
Daniel Sichel
[Full-disclosure] Crossbow, a lightweight, cross-platform exploit development framework.,
Zachary Cutlip
[Full-disclosure] [SECURITY] [DSA 2656-1] bind9 security update,
Salvatore Bonaccorso
[Full-disclosure] WP FuneralPress - Stored XSS in Guestbook,
Rob Armstrong
[Full-disclosure] AUTO: Roee Hay is on vacation (returning 10/04/2013),
Roee Hay
Mail converted by MHonArc