Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
203 messages
starting May 02 11 and
ending May 31 11
Date index |
Thread index |
Author index
Monday, 02 May
[ MDVSA-2011:079 ] firefox security
[SECURITY] [DSA 2227-1] iceape security update Moritz Muehlenhoff
[ MDVSA-2011:081 ] kdenetwork4 security
[USN-1121-1] firefox vulnerabilities Micah Gersten
[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g ISecAuditors Security Advisories
OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability Patrick Webster
[SECURITY] [DSA 2230-1] qemu-kvm security update Moritz Muehlenhoff
[USN-1112-1] Firefox and Xulrunner vulnerabilities Micah Gersten
Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion cxib
[USN-1123-1] xulrunner-1.9.1 vulnerabilities Micah Gersten
[ MDVSA-2011:080 ] mozilla-thunderbird security
[SECURITY] [DSA 2229-1] spip security update Moritz Muehlenhoff
[SECURITY] [DSA 2228-1] iceweasel security update Moritz Muehlenhoff
Tuesday, 03 May
[security bulletin] HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert
HTB22967: Multiple SQL Injection in Shutter advisory
HTB22966: XSS in (e)2 interactive Photo Gallery advisory
[USN-1127-1] usb-creator vulnerability Marc Deslauriers
SQL injection in 4images bolok . boloke80
HTB22964: XSS in SelectaPix Image Gallery advisory
XSS in GOT.MY CLASSMATES bolok . boloke80
HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery advisory
[ MDVSA-2011:082 ] python-feedparser security
XSS in DEAL INFORMER bolok . boloke80
HTB22962: Multiple XSS in YaPiG advisory
TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html Shatter
[USN-1129-1] Perl vulnerabilities Marc Deslauriers
Path disclousure in MEGA PORTAL bolok . boloke80
Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv Damien Miller
XSS in CLASSIFIED ADS bolok . boloke80
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU Shatter
NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia. iccc
Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005 Lists
[USN-1128-1] Vino vulnerabilities Marc Deslauriers
CSRF (Cross-Site Request Forgery) in FREELANCER bolok . boloke80
TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component Shatter
Wednesday, 04 May
Cisco IOS UDP Denial of Service Vulnerability vuln
[security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection security-alert
[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface RedTeam Pentesting GmbH
[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances RedTeam Pentesting GmbH
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability vuln
Announcement - DeepSec 2011 - Call for Papers DeepSec Conference
Thursday, 05 May
[USN-1126-2] PHP Regressions Steve Beattie
t2'11: Call for Papers 2011 (Helsinki / Finland) Tomi Tuominen
Re: Cisco IOS UDP Denial of Service Vulnerability psirt
Fwd: [USN-1122-1] Thunderbird vulnerabilities Micah Gersten
Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
HTB22968: XSS in PHP Directory Listing Script advisory
HTB22970: Multiple XSS vulnerabilities in PHPDug advisory
HTB22973: XSS in AJAX Calendar advisory
HTB22971: XSRF (CSRF) in PHPDug advisory
Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability psirt
HTB22972: Multiple SQL injection vulnerabilities in PHPDug advisory
HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar advisory
[USN-1122-2] Thunderbird vulnerabilities Micah Gersten
PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management research
Friday, 06 May
[SECURITY] [DSA 2232-1] exim4 security update Florian Weimer
Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones Barry Greene
[USN-1111-1] Linux kernel vulnerabilities Kees Cook
Silently Pwning Protected-Mode IE9 and Innocent Windows Applications Mitja Kolsek
VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities VMware Security Team
Saturday, 07 May
[SECURITY] [DSA 2231-1] otrs2 security update Florian Weimer
Monday, 09 May
Swiss Cyber Storm 3 Ivan Buetler
TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write Advisories Toucan-System
TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection Advisories Toucan-System
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) Wietse Venema
[security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification security-alert
[security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert
[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification security-alert
PR10-17 Various XSS and information disclosure flaws within KeyFax response management system research
ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability ZDI Disclosures
Tuesday, 10 May
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability ZDI Disclosures
OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability Patrick Webster
Re: SQL Injection in Pixie security curmudgeon
HTB22974: Multiple XSS in Calendarix advisory
HTB22975: SQL injection in Calendarix advisory
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo advisory
HTB22977: XSRF (CSRF) in poMMo advisory
Wednesday, 11 May
Apache Struts 2 Multiple Reflected XSS in XWork error pages marian . ventuneac
[security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code security-alert
ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2235-1] icedove security update Moritz Muehlenhoff
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability ZDI Disclosures
[USN-1131-1] Postfix vulnerability Marc Deslauriers
ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access security-alert
[SECURITY] [DSA 2234-1] zodb security update Luciano Bello
ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2233-1] postfix security update Florian Weimer
CA20110510-01: Security Notice for CA eHealth Kotas, Kevin J
[PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel Timo Warns
[Announcement] ClubHACK Magazine Issue 16-May 2011 released abhijeet
[security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files security-alert
ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) security-alert
[USN-1130-1] Exim vulnerability Kees Cook
Thursday, 12 May
CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass CORE Security Technologies Advisories
[Bkis] sNews 1.7.1 XSS vulnerability Bkis
HTB22980: XSRF (CSRF) in Open Classifieds advisory
[security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert
HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social advisory
HTB22978: XSRF (CSRF) in Argyle Social advisory
CORE-2011-0204: Adobe Audition vulnerability processing malformed session file CORE Security Technologies Advisories
Monday, 16 May
[security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS) security-alert
[Annoucement] ClubHack Magazine - Call for Articles abhijeet
[ MDVSA-2011:083 ] wireshark security
[ MDVSA-2011:084 ] apr security
ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability Security_Alert
[ MDVSA-2011:085 ] libmodplug security
[SECURITY] [DSA 2237-1] apr security update Stefan Fritsch
[SECURITY] [DSA 2236-1] exim4 security update Florian Weimer
[ MDVSA-2011:086 ] polkit security
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc) cxib
NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon Henri Lindberg
DC4420 - London DEFCON - May meet - Tuesday 24th May 2011 Major Malfunction
Linux Kernel 2.6.38 Remote NULL Pointer Dereference roberto . paleari
[ MDVSA-2011:087 ] vino security
WebTech Conference 2011 Call for Papers Carsten Eilers
MalBox Release! A Program Behavior Analysis System! Xiaobo
[ MDVSA-2011:088 ] mplayer security
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing) research
[ MDVSA-2011:089 ] mplayer security
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer Stefan Kanthak
[USN-1132-1] apturl vulnerability Marc Deslauriers
ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability ZDI Disclosures
Tuesday, 17 May
[ MDVSA-2011:090 ] postfix security
[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass Mark Thomas
HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic advisory
Ruxcon 2011 Call For Papers cfp
CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Daniel Clemens
Wednesday, 18 May
[ MDVSA-2011:092 ] perl-IO-Socket-SSL security
XSS vulnerability in TWiki < 5.0.2 Netsparker Advisories
DOMinator - The DOMXss Analyzer Tool - is finally public Stefano Di Paola
[ MDVSA-2011:093 ] gnome-screensaver security
Thursday, 19 May
Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 Lists
Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure marian . ventuneac
[ MDVSA-2011:094 ] pure-ftpd security
Ubuntu Security Notice publication update Jamie Strandboge
RE: CA20110420-02: Security Notice for CA Output Management Web Viewer Williams, James K
[SECURITY] [DSA 2238-1] vino security update Moritz Muehlenhoff
Friday, 20 May
[ MDVSA-2011:095 ] apr security
PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007 Lists
Session hacking via authentication cookie on Oracle CRM on Demand jeffto
Tuesday, 24 May
NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption Research@NGSSecure
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager) research
Bypassing Cisco's ICMPv6 Router Advertisement Guard feature Marc Heuse
[ MDVSA-2011:096 ] python security
HTB22995: XSS in Ajax Chat advisory
[SECURITY] [DSA 2237-2] apr security update Stefan Fritsch
[ MDVSA-2011:098 ] ruby security
NNT Change Tracker - Hard-Coded Encryption Key Dennis Brunnen
[ MDVSA-2011:099 ] libzip security
[ MDVSA-2011:100 ] cyrus-imapd security
[ MDVSA-2011:097 ] ruby security
HTB22987: Multiple XSS in phpScheduleIt advisory
Gadu-Gadu 0-Day Remote Code Execution Kacper Szczesniak
HTB22986: SQL injection in ExtCalendar 2 advisory
[ MDVSA-2011:095-1 ] apr security
E-mail address spoofing with RLO Wouter Coekaerts
[SECURITY] [DSA 2239-1] libmojolicious-perl security update Moritz Muehlenhoff
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption VUPEN Security Research
Wednesday, 25 May
The Anatomy of COM Server-Based Binary Planting Exploits ACROS Security Lists
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow CORE Security Technologies Advisories
[SECURITY] [DSA 2240-1] linux-2.6 security update dann frazier
Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others supernothing
[SECURITY] [DSA 2241-1] qemu-kvm security update Moritz Muehlenhoff
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability Cisco Systems Product Security Incident Response Team
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow labs-no-reply
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow labs-no-reply
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow labs-no-reply
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow labs-no-reply
Thursday, 26 May
Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure Veronica
[ MDVSA-2011:101 ] dovecot security
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update Moritz Muehlenhoff
[CVE-REQUEST] Plone XSS and permission errors matthew
Friday, 27 May
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Deng Ching
[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Deng Ching
Viewpoint: Security implications of IPv6 Fernando Gont
Monday, 30 May
[SECURITY] [DSA 2243-1] unbound security update Florian Weimer
[SECURITY] [DSA 2244-1] bind9 security update Florian Weimer
[ MDVSA-2011:103 ] gimp security
[ MDVSA-2011:102 ] rdesktop security
FreeBSD Security Advisory FreeBSD-SA-11:02.bind FreeBSD Security Advisories
CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina] eko security conference
[SECURITY] [DSA 2246-1] mahara security update Giuseppe Iuculano
[SECURITY] [DSA 2245-1] chromium-browser security update Giuseppe Iuculano
Tuesday, 31 May
[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities Walikar Riyaz Ahemed Dawalmalik
Paranoia 2011: Call for papers paranoia
Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag" sschurtz
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities Walikar Riyaz Ahemed Dawalmalik
[SECURITY] [DSA 2247-1] rails security update Thijs Kinkhorst