Bugtraq: by thread
189 messages
starting Nov 01 11 and
ending Nov 30 11
Date index |
Thread index |
Author index
- DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359] ddivulnalert (Nov 01)
- CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY tan (Nov 01)
- IBSng all version Cross-Site Scripting Vulnerability apa-iutcert (Nov 01)
- [ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities Alex Legler (Nov 01)
- GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability demonalex (Nov 01)
- [security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Nov 01)
- [ MDVSA-2011:162 ] kdelibs4 security (Nov 01)
- XSS Vulnerabilities in eFront Netsparker Advisories (Nov 01)
- XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3 Netsparker Advisories (Nov 01)
- Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability nospam (Nov 01)
- Multiple vulnerabilities in Efront advisory (Nov 02)
- [ MDVSA-2011:163 ] phpldapadmin security (Nov 02)
- NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295) Research@NGSSecure (Nov 02)
- [ MDVSA-2011:164 ] wireshark security (Nov 02)
- Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
- Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability sschurtz (Nov 03)
- Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting sschurtz (Nov 03)
- ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. Security_Alert (Nov 03)
- CmyDocument Content Management Application - XSS Vulnerabilities demonalex (Nov 03)
- [security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS) security-alert (Nov 03)
- [ MDVSA-2011:165 ] php security (Nov 03)
- ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Security_Alert (Nov 03)
- [ MDVSA-2011:166 ] php security (Nov 03)
- Multiple BSD libc/regcomp(3) Multiple Vulnerabilities cxib (Nov 04)
- [security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert (Nov 04)
- [security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access security-alert (Nov 04)
- [SECURITY] [DSA 2334-1] mahara security update Moritz Muehlenhoff (Nov 04)
- [ MDVSA-2011:167 ] gimp security (Nov 04)
- Malware detection evasion in antivirus software reset557 (Nov 07)
- [SECURITY] [DSA 2335-1] man2html security update Nico Golde (Nov 07)
- [SECURITY] [DSA 2337-1] xen security update Thijs Kinkhorst (Nov 07)
- [ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities Alex Legler (Nov 07)
- foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx (Nov 08)
- Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage Sergio Gelato (Nov 10)
- <Possible follow-ups>
- Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx (Nov 14)
- [SECURITY] [DSA 2338-1] moodle security update Moritz Muehlenhoff (Nov 08)
- TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon Trustwave Advisories (Nov 08)
- [SECURITY] [DSA 2339-1] nss security update Moritz Muehlenhoff (Nov 08)
- [SECURITY] [DSA 2336-1] ffmpeg security update Yves-Alexis Perez (Nov 08)
- [SECURITY] [DSA 2340-1] postgresql security update Thijs Kinkhorst (Nov 08)
- Cisco CUCM - Multiple Vulnerabilities entomology (Nov 08)
- IPv6 security (slides and training) Fernando Gont (Nov 08)
- New online security challenge - GotWurzel Ivan Buetler (Nov 08)
- [security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification security-alert (Nov 08)
- osCSS2 "_ID" parameter Local file inclusion sschurtz (Nov 08)
- [SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Mark Thomas (Nov 08)
- OrderSys <= 1.6.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab (Nov 09)
- LabStoRe <= 1.5.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab (Nov 09)
- APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Apple Product Security (Nov 09)
- [CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities Code Audit Labs (Nov 09)
- [CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability Code Audit Labs (Nov 09)
- Local file inclusion in VtigerCRM advisory (Nov 09)
- <Possible follow-ups>
- Re: Local file inclusion in VtigerCRM n0b0d13s (Nov 10)
- LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab (Nov 09)
- Re: LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab (Nov 09)
- Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 security (Nov 09)
- Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo (Nov 21)
- Multiple security vulnerabilities in AShop security (Nov 09)
- DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November Major Malfunction (Nov 09)
- [ MDVSA-2011:168 ] apache security (Nov 09)
- <Possible follow-ups>
- [ MDVSA-2011:168 ] apache security (Nov 09)
- Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Cisco Systems Product Security Incident Response Team (Nov 09)
- [SECURITY] [DSA 2341-1] iceweasel security update Moritz Muehlenhoff (Nov 09)
- [SECURITY] [DSA 2343-1] openssl security update Raphael Geissert (Nov 09)
- [SECURITY] [DSA 2342-1] iceape security update Moritz Muehlenhoff (Nov 10)
- [security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert (Nov 10)
- [security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access security-alert (Nov 10)
- XSS vulnerability in Joomla 1.6.3 Netsparker Advisories (Nov 14)
- [security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Nov 14)
- APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update Apple Product Security (Nov 14)
- CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass CORE Security Technologies Advisories (Nov 14)
- [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities Jose Carlos de Arriba (Nov 14)
- APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 Apple Product Security (Nov 14)
- [security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code security-alert (Nov 14)
- [security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access security-alert (Nov 14)
- [ MDVSA-2011:170 ] java-1.6.0-openjdk security (Nov 14)
- iGuard Biometric Access Control - Multiple Vulnerabilities research () vulnerability-lab com (Nov 14)
- [SECURITY] [DSA 2344-1] python-django-piston security update Florian Weimer (Nov 14)
- [ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities Tim Sammut (Nov 14)
- [ GLSA 201111-04 ] phpDocumentor: Function call injection Tim Sammut (Nov 14)
- [ MDVSA-2011:171 ] networkmanager security (Nov 14)
- [ MDVSA-2011:172 ] libreoffice security (Nov 14)
- [ MDVSA-2011:173 ] openssl0.9.8 security (Nov 14)
- [Announcement] ClubHack Mag Issue 22- Nov 2011 Released abhijeet (Nov 14)
- [Announcement] ClubHack 2011 Hacking and Security Conference abhijeet (Nov 14)
- Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability n0b0d13s (Nov 14)
- [ MDVSA-2011:174 ] graphite2 security (Nov 15)
- APPLE-SA-2011-11-14-1 iTunes 10.5.1 Apple Product Security (Nov 15)
- [ MDVSA-2011:175 ] poppler security (Nov 15)
- [SECURITY] [DSA 2346-1] proftpd-dfsg security update Florian Weimer (Nov 16)
- FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability n0b0d13s (Nov 17)
- wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir (Nov 17)
- <Possible follow-ups>
- wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir (Nov 17)
- [security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert (Nov 17)
- ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability ZDI Disclosures (Nov 17)
- ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability ZDI Disclosures (Nov 17)
- [SECURITY] [DSA 2346-2] proftpd-dfsg regression fix Florian Weimer (Nov 17)
- [SECURITY] [DSA 2347-1] bind9 security update Florian Weimer (Nov 17)
- CA20111116-01: Security Notice for CA Directory Kotas, Kevin J (Nov 17)
- [ MDVSA-2011:176 ] bind security (Nov 17)
- Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability Secunia Research (Nov 17)
- Tiki Wiki CMS Groupware Multiple XSS vulnerabilities security (Nov 17)
- [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS Alexandr Polyakov (Nov 17)
- [DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay Alexandr Polyakov (Nov 17)
- [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose Alexandr Polyakov (Nov 17)
- [DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose Alexandr Polyakov (Nov 17)
- [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS Alexandr Polyakov (Nov 17)
- [DSECRG-11-037] SAP BW Doc - Multiple XSS Alexandr Polyakov (Nov 17)
- [DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability Alexandr Polyakov (Nov 17)
- [DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW) Alexandr Polyakov (Nov 17)
- [DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation Alexandr Polyakov (Nov 17)
- [DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering) Alexandr Polyakov (Nov 17)
- [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability Alexandr Polyakov (Nov 17)
- Multiple vulnerabilities in webERP advisory (Nov 17)
- Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus James Webb (Nov 17)
- VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Team (Nov 18)
- [ MDVSA-2011:176-1 ] bind security (Nov 18)
- [ MDVSA-2011:176-2 ] bind security (Nov 18)
- Blogs manager <= 1.101 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
- Valid tiny-erp <= 1.6 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
- Freelancer calendar <= 1.01 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
- wordpress Lanoba Social Plugin Xss Vulnerabilities Amir (Nov 21)
- Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Henri Salo (Nov 21)
- [SECURITY] [DSA 2349-1] spip security update Moritz Muehlenhoff (Nov 21)
- Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability n0b0d13s (Nov 21)
- [ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities Tim Sammut (Nov 21)
- [ GLSA 201111-06 ] MaraDNS: Arbitrary code execution Alex Legler (Nov 21)
- [ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities Alex Legler (Nov 21)
- [ GLSA 201111-08 ] radvd: Multiple vulnerabilities Alex Legler (Nov 21)
- [ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection Alex Legler (Nov 21)
- [ GLSA 201111-10 ] Evince: Multiple vulnerabilities Alex Legler (Nov 21)
- [ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code Alex Legler (Nov 21)
- [SECURITY] [DSA 2350-1] freetype security update Moritz Muehlenhoff (Nov 21)
- [SECURITY] [DSA 2348-1] systemtap security update Moritz Muehlenhoff (Nov 21)
- Implications of IPv6 on network firewalls Fernando Gont (Nov 21)
- Wordpress advanced-text-widget Plugin Vulnerabilities Amir (Nov 21)
- Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities Amir (Nov 21)
- Wordpress adminimize Plugin Vulnerabilities Amir (Nov 21)
- OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Ivan Buetler (Nov 21)
- [SECURITY] [DSA 2351-1] wireshark security update Moritz Muehlenhoff (Nov 21)
- Re: XSS in Tiki Wiki CMS Groupware Henri Salo (Nov 22)
- Re: jara 1.6 sql injection vulnerability Henri Salo (Nov 22)
- [security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert (Nov 22)
- [SECURITY] [DSA 2352-1] puppet security update Moritz Muehlenhoff (Nov 23)
- Multiple vulnerabilities in Dolibarr advisory (Nov 23)
- NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution Research@NGSSecure (Nov 23)
- NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution Research@NGSSecure (Nov 23)
- NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution Research@NGSSecure (Nov 23)
- Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
- Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
- Wordpress enable-latex plugin Remote File Include Vulnerabilities Amir (Nov 23)
- Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
- PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability n0b0d13s (Nov 23)
- Debut issue of Web App Pentesting Magazine - Free Download! maciej . kozuszek (Nov 23)
- TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Tobias Glemser (Nov 23)
- [ MDVSA-2011:177 ] freetype2 security (Nov 23)
- [security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert (Nov 24)
- [security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) security-alert (Nov 24)
- 0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 0a29 40 (Nov 25)
- [SECURITY] [DSA 2353-1] ldns security update Moritz Muehlenhoff (Nov 25)
- [ MDVSA-2011:178 ] glibc security (Nov 28)
- [ MDVSA-2011:179 ] glibc security (Nov 28)
- Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Amir (Nov 28)
- Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2 Luigi Auriemma (Nov 28)
- Vulnerabilities in Siemens Automation License Manager Luigi Auriemma (Nov 28)
- [ MDVSA-2011:180 ] php-suhosin security (Nov 28)
- ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
- MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter marian . ventuneac (Nov 29)
- Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits Nick Freeman (Nov 29)
- Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability demonalex (Nov 29)
- Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Alex Davis (Nov 29)
- Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 Luigi Auriemma (Nov 29)
- CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011 Dragos Ruiu (Nov 30)
- Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 Daniel Roethlisberger (Nov 30)
- Multiple vulnerabilities in OrangeHRM advisory (Nov 30)
- Sql injection in SugarCRM advisory (Nov 30)
- New issue of PenTest Magazine is out - 21 pages of free content. maciej . kozuszek (Nov 30)
- WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities n0b0d13s (Nov 30)
- Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Amir (Nov 30)
- Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Amir (Nov 30)
- PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability security (Nov 30)
- [SECURITY] [DSA 2354-1] cups security update Yves-Alexis Perez (Nov 30)