188 messages
starting Dec 01 11 and
ending Dec 30 11
Date index |
Thread index |
Author index
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo (Dec 01)
- [SECURITY] [DSA 2355-1] clearsilver security update Moritz Muehlenhoff (Dec 01)
- Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Henri Salo (Dec 01)
- [security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Dec 01)
- Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo (Dec 01)
- Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue Henri Salo (Dec 01)
- Re: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo (Dec 01)
- Ariadne 2.7.6 Multiple XSS vulnerabilities sschurtz (Dec 01)
- Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
- Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
- [SECURITY] [DSA 2356-1] openjdk-6 security update Florian Weimer (Dec 01)
- [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service security-alert (Dec 02)
- FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit HI-TECH . (Dec 02)
- SANS AppSec 2012 CFP reminder SANS AppSec CFP (Dec 02)
- [PT-2011-43] Database information disclosure in Kayako Fusion noreply (Dec 02)
- Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store advisory (Dec 02)
- InfoSec Southwest 2012 CFP I)ruid (Dec 02)
- XSSer v1.6 -beta- aka "Grey Swarm!" released. psy (Dec 02)
- [security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 05)
- fast and somewhat reliable cache timing Michal Zalewski (Dec 05)
- Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012) Matthieu Suiche (Dec 05)
- Vulnerabilities in Serv-U 11.1.0.3 Luigi Auriemma (Dec 05)
- [DCA-2011-0014] - Elxis CMS Cross Site Script Crash (Dec 05)
- [SECURITY] [DSA 2358-1] openjdk-6 security update Florian Weimer (Dec 05)
- Meditate Web Content Editor 'username_input' SQL-Injection vulnerability sschurtz (Dec 05)
- Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities irist . ir (Dec 06)
- [security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert (Dec 06)
- MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530] Tom Yu (Dec 06)
- [SECURITY] [DSA 2359-1] mojarra security update Florian Weimer (Dec 06)
- [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable Moritz Muehlenhoff (Dec 06)
- [security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Dec 07)
- [ MDVSA-2011:181 ] proftpd security (Dec 07)
- DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection ddivulnalert (Dec 07)
- [SECURITY] [DSA 2361-1] chasen security update Florian Weimer (Dec 07)
- ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
- ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
- ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
- ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
- ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
- ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
- seamless bait-and-switch Michal Zalewski (Dec 08)
0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11 0a29 40 (Dec 08)
[DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure Crash (Dec 08)
[ MDVSA-2011:182 ] dhcp security (Dec 08)
Call for Papers - 2012 Rocky Mountain Information Security Conference president (Dec 08)
DC4420 - London DEFCON - 13 December 2011 Major Malfunction (Dec 09)
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings Asterisk Security Team (Dec 09)
AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled Asterisk Security Team (Dec 09)
CA20111208-01: Security Notice for CA SiteMinder Williams, James K (Dec 09)
[SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption signaladvisory (Dec 09)
*CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers AppSec DC (Dec 09)
the week of silly PoCs continues: data://www.mybank.com/ Michal Zalewski (Dec 09)
[SECURITY] [DSA 2362-1] acpid security update Moritz Muehlenhoff (Dec 12)
Call for Papers -YSTS 6 - Security Conference, Brazil Luiz Eduardo (Dec 12)
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal security (Dec 12)
[ MDVSA-2011:183 ] pidgin security (Dec 12)
Introduction to R-sequence public key cryptography attack Michal Bucko (Dec 12)
OSI Security: Squiz Matrix - User Account Enumeration Troy Rose (Dec 12)
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Amir (Dec 12)
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities Secunia Research (Dec 12)
[ MDVSA-2011:184 ] krb5 security (Dec 12)
Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 12)
[ MDVSA-2011:185 ] libcap security (Dec 13)
[ MDVSA-2011:186 ] nfs-utils security (Dec 13)
ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise) Security_Alert (Dec 13)
Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities Amir (Dec 13)
Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability Secunia Research (Dec 13)
ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability ZDI Disclosures (Dec 13)
ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability ZDI Disclosures (Dec 13)
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability ZDI Disclosures (Dec 13)
Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities brian (Dec 14)
Citrix Receiver, XenDesktop "Pass-the-hash" Attack vtek63 (Dec 14)
Multiple vulnerabilities in Browser CRM advisory (Dec 14)
Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities support (Dec 14)
[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202 Tavaris Desamito (Dec 14)
0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9 0a29 40 (Dec 14)
0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9 0a29 40 (Dec 14)
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability sschurtz (Dec 14)
ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) Security_Alert (Dec 14)
HTML 5 Security Report Ivan Buetler (Dec 14)
NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI Research@NGSSecure (Dec 15)
[ MDVSA-2011:187 ] php-pear security (Dec 15)
NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI Research@NGSSecure (Dec 15)
NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM Research@NGSSecure (Dec 15)
NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI Research@NGSSecure (Dec 15)
[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass RedTeam Pentesting GmbH (Dec 15)
[RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes RedTeam Pentesting GmbH (Dec 15)
New IETF I-D on "Stable Privacy Addresses" Fernando Gont (Dec 15)
New IETF I-Ds on Fragmentation-related security issues Fernando Gont (Dec 15)
Seotoaster SQL-Injection Admin Login Bypass security (Dec 15)
[ MDVSA-2011:188 ] libxml2 security (Dec 15)
<BASE> tag used for hijacking external resources (XSS) Bouke van Laethem (Dec 16)
[security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 16)
[ MDVSA-2011:189 ] jasper security (Dec 16)
silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 19)
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) VUPEN Security Research (Dec 19)
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) VUPEN Security Research (Dec 19)
VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) VUPEN Security Research (Dec 19)
VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) VUPEN Security Research (Dec 19)
[SECURITY] [DSA 2363-1] tor security update Moritz Muehlenhoff (Dec 19)
Re: RFI in JAF CMS Henri Salo (Dec 19)
[SECURITY] [DSA 2364-1] xorg security update Moritz Muehlenhoff (Dec 19)
[Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities research () vulnerability-lab com (Dec 19)
appRain CMF v0.1.5 - Multiple Web Vulnerabilities research () vulnerability-lab com (Dec 19)
SASHA v0.2.0 Mutiple XSS tom (Dec 19)
PHP Booking Calendar 10e XSS tom (Dec 19)
[SECURITY] [DSA 2365-1] dtc security update Moritz Muehlenhoff (Dec 19)
IFIP NTMS'2012 - Deadline Extended to 12 January 2012 publicity (Dec 19)
[ MDVSA-2011:190 ] libarchive security (Dec 19)
[ MDVSA-2011:191 ] libarchive security (Dec 19)
SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet SEC Consult Vulnerability Lab (Dec 19)
SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp SEC Consult Vulnerability Lab (Dec 19)
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal Andrea Fabrizi (Dec 19)
Syhunt: Time-Based Blind NoSQL Injection Felipe M. Aragon (Dec 19)
[SECURITY] [DSA 2366-1] mediawiki security update Jonathan Wiltshire (Dec 19)
Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011 Fernando Gont (Dec 19)
[SECURITY] [DSA 2367-1] asterisk security update Moritz Muehlenhoff (Dec 19)
ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability ZDI Disclosures (Dec 20)
[security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 20)
Multiple vulnerabilities in PHPShop CMS Free advisory (Dec 20)
Tiki Wiki CMS Groupware Stored Cross-Site-Scripting security (Dec 20)
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface Trustwave Advisories (Dec 21)
post-XSS landscape Michal Zalewski (Dec 21)
[SECURITY] [DSA 2381-] lighttpd security update Nico Golde (Dec 21)
[SECURITY] [DSA 2368-1] lighttpd security update Nico Golde (Dec 21)
Multiple vulnerabilities in OBM advisory (Dec 21)
Multiple vulnerabilities in epesi BIM advisory (Dec 21)
[SECURITY] [DSA 2369-1] libsoup2.4 security update Nico Golde (Dec 23)
[SECURITY] [DSA 2370-1] unbound security update Florian Weimer (Dec 23)
Exploit for Asterisk Security Advisory AST-2011-013 Ben Williams (Dec 23)
[MATTA-2011-001] pfSense x509 Insecure Certificate Creation Florent Daigniere (Dec 23)
ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Dec 23)
ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities ZDI Disclosures (Dec 23)
ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability ZDI Disclosures (Dec 23)
ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities ZDI Disclosures (Dec 23)
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin Trustwave Advisories (Dec 23)
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection n0b0d13s (Dec 23)
Xmas 2011 Security Puzzle Ivan Buetler (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:06.bind FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:07.chroot FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:10.pam FreeBSD Security Advisories (Dec 27)
Merry Christmas from the FreeBSD Security Team FreeBSD Security Officer (Dec 27)
[ MDVSA-2011:192 ] mozilla security (Dec 27)
Lighttpd Proof of Concept code for CVE-2011-4362 pi3 (Dec 27)
[SECURITY] [DSA 2372-1] heimdal security update Florian Weimer (Dec 27)
[SECURITY] [DSA 2373-1] inetutils security update Florian Weimer (Dec 27)
[SECURITY] [DSA 2374-1] openswan security update Moritz Muehlenhoff (Dec 27)
[SECURITY] [DSA 2375-1] krb5. krb5-appl security update Florian Weimer (Dec 27)
MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] Tom Yu (Dec 27)
[ MDVSA-2011:193 ] squid security (Dec 27)
[ MDVSA-2011:194 ] icu security (Dec 27)
[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert (Dec 29)
[security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Dec 29)
[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code security-alert (Dec 29)
[ MDVSA-2011:195 ] krb5-appl security (Dec 29)
[ MDVSA-2011:196 ] ipmitool security (Dec 29)
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table security (Dec 29)
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
Winn Guestbook v2.4.8c Stored XSS tom (Dec 29)
Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13 LpSolit (Dec 29)
[SECURITY] [DSA 2376-1] ipmitool security update Thijs Kinkhorst (Dec 30)
[SECURITY] [DSA 2263-2] movabletype-opensource security update Thijs Kinkhorst (Dec 30)
[ MDVSA-2011:197 ] php security (Dec 30)
SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416 SEC Consult Vulnerability Lab (Dec 30)