Bugtraq: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

217 messages starting Aug 01 11 and ending Aug 31 11
Date index | Thread index | Author index

Monday, 01 August

[slackware-security] dhcpcd (SSA:2011-210-02) Slackware Security Team
[slackware-security] samba (SSA:2011-210-03) Slackware Security Team
[slackware-security] libpng (SSA:2011-210-01) Slackware Security Team
cgcraft llc (collections.php?id) Cross Site Scripting Vulnerabilities ehsan_hp200
Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
CFP open for ClubHack2011 Abhijeet Patil
NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write Research@NGSSecure

Thursday, 04 August

Android Browser Cross-Application Scripting (CVE-2011-2357) Roee Hay
Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5 haroon
XSS in WP e-Commerce advisory
Multiple XSS in HESK advisory
ThreeDify Designer ActiveX control Insecure Method advisory
ThreeDify Designer ActiveX control multiple buffer overflow vulnerabilities advisory
APPLE-SA-2011-08-03-1 QuickTime 7.7 Apple Product Security
Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation Henri Salo
Community Server - Reflected Cross-Site Scripting - Advisories PontoSec
Community Server - Stored Cross-Site Scripting in User's Signature Advisories PontoSec
Useless OpenSSH resources exhausion bug via GSSAPI pi3

Tuesday, 09 August

Sophos Antivirus Review Tavis Ormandy
[SECURITY] [DSA 2291-1] squirrelmail security update Thijs Kinkhorst
[SECURITY] [DSA 2289-1] typo3-src security update Florian Weimer
[security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code security-alert
TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability ZDI Disclosures
Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability ehsan_hp200
Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability ehsan_hp200
Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability ehsan_hp200
Liberating IT (picture.php?gid) Remote SQL injection Vulnerability ehsan_hp200
Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Williams, James K
Amigot Corp (story.php?id) Remote SQL injection Vulnerability ehsan_hp200
6House Design (product_details.php?id) Remote SQL injection Vulnerability ehsan_hp200
Webdesigns-studio (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities ehsan_hp200
THE STUDIO (prod.php?id) Remote SQL injection Vulnerability ehsan_hp200
TWSL2011-008: Focus Stealing Vulnerability in Android Trustwave Advisories
SEO New York (prod.php?id) Remote SQL injection Vulnerability ehsan_hp200
IPv6 Hackers mailing-list Fernando Gont
EasyContent CMS (participant.php?id) Remote SQL injection Vulnerability ehsan_hp200
Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability ehsan_hp200
XWeavers (sysMsg.php?errMsg) Cross Site Scripting Vulnerabilities ehsan_hp200
Kimia Remote SQL injection Vulnerability ehsan_hp200
Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability ehsan_hp200
XWeavers (page.asp?id) Remote SQL injection Vulnerability ehsan_hp200
[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access security-alert
[SECURITY] [DSA 2290-1] samba security update Florian Weimer
TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability ZDI Disclosures

Wednesday, 10 August

Fwd: {Lostmon´s Group} Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability Lostmon lords
ZDI-11-247: Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-248: Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability ZDI Disclosures
ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability ZDI Disclosures
CfP for 4th OWASP Day Germany 2011 now open Tobias Glemser
[security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure security-alert
Multiple XSS in eShop for Wordpress advisory
[security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code security-alert
SQL injection in Social Slider advisory
[security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code security-alert
[oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco
CA20110809-01: Security Notice for CA ARCserve D2D ken
iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability labs-no-reply
iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow labs-no-reply

Monday, 15 August

SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827 SEC Consult Vulnerability Lab
[SECURITY] [DSA 2292-1] ISC DHCP security update Florian Weimer
CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass s2-security
VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19) VUPEN Security Research
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21) VUPEN Security Research
[ MDVSA-2011:122 ] clamav security
[ MDVSA-2011:123 ] squirrelmail security
[ MDVSA-2011:124 ] phpmyadmin security
[ MDVSA-2011:125 ] foomatic-filters security
[SECURITY] [DSA 2294-1] freetype security update Moritz Muehlenhoff
Calisto light, light plus and full, Sql Injection And user or Admin bypass Lostmon lords
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat) Mark Thomas
[SECURITY] CVE-2011-2481: Apache Tomcat information disclosure vulnerability Mark Thomas
Neox (categoria.php?id) Remote SQL injection Vulnerability ehsan_hp200
[SECURITY] [DSA 2293-1] libxfont security update Thijs Kinkhorst
QOLQA (categoria.php?id) Remote SQL injection Vulnerability ehsan_hp200
cdeVision (index.php?page) Remote File Inclusion Vulnerability ehsan_hp200
CdeVision Cross Site Scripting Vulnerabilities ehsan_hp200
PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit runlvl
ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures
[slackware-security] bind (SSA:2011-224-01) Slackware Security Team
WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability YGN Ethical Hacker Group
CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability ehsan_hp200
DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability ehsan_hp200
BACKEND (categoria.php?id) Remote SQL injection Vulnerability ehsan_hp200
SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability ehsan_hp200
awiki 20100125 multiple local file inclusion vulnerabilities muuratsalo experimental hack lab
Ruxcon 2011 Final Call For Papers cfp
[security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS) security-alert
The LAD Melbourne Cms Sql Injection Vulnerability cyber netron
NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability robkraus
NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability robkraus
Call for Papers: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)! Call for papers
[ MDVSA-2011:126 ] java-1.6.0-openjdk security
[Annoucement] ClubHack Magazine - Call for Articles abhijeet

Tuesday, 16 August

{Lostmon´s Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection Lostmon lords
phpList Improper Access Control and Information Leakage vulnerabilities Davide Canali
CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products Matthew Flanagan
Malformed DHCPv6 packets cause RPC to become unresponsive tunterleitner

Wednesday, 17 August

phpWebSite (userpage) Cross Site Scripting Vulnerabilities ehsan_hp200
dedacom (dettaglio.php?id) Remote SQL injection Vulnerability ehsan_hp200
dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability ehsan_hp200
ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability ehsan_hp200
Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability ehsan_hp200
netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability ehsan_hp200
InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability ehsan_hp200
ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-266: RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-267: RealNetworks Realplayer MP3 ID3 tags Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-268: RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-269: RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability ZDI Disclosures
lab382 (dettaglio.php?id) Remote SQL injection Vulnerability ehsan_hp200
ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise) Security_Alert
XSS in Fast Secure Contact Form wordpress plugin advisory
Multiple XSS in WP-Stats-Dashboard advisory
StudioLine Photo Basic 3 ActiveX control Insecure Method advisory
ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability ZDI Disclosures
WebRising (dettaglio.asp?id) Remote SQL injection Vulnerability ehsan_hp200
ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2011:127 ] mozilla security
Xplace Company (dettaglio.asp?id) (alloggi-dett.asp?id) (eventi.asp?id) Remote SQL injection Vulnerability ehsan_hp200
[SECURITY] [DSA 2295-1] iceape security update Moritz Muehlenhoff
ZDI-11-272: (0day) FlexNet License Server Manager Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2296-1] iceweasel security update Moritz Muehlenhoff

Thursday, 18 August

[ MDVSA-2011:128 ] dhcp security
ToorCon 13 Call For Papers h1kari
Elgg 1.7.10 <= | Multiple Vulnerabilities YGN Ethical Hacker Group
ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird ACROS Security Lists
ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox ACROS Security Lists
ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart Security_Alert

Friday, 19 August

ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability ehsan_hp200

Thursday, 25 August

ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability ZDI Disclosures
Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Cisco Systems Product Security Incident Response Team
Grupo Argentina Web Remote SQL injection Vulnerability ehsan_hp200
Concrete CMS 5.4.1.1 <= Cross Site Scripting YGN Ethical Hacker Group
ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision Security_Alert
[SECURITY] [DSA 2297-1] icedove security update Moritz Muehlenhoff
Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution Brett Moore
Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower Chris Travers
ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability ZDI Disclosures
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
PHP 5.3.6 multiple null pointer dereference cxib
[CVE-2011-2712] Apache Wicket XSS vulnerability Martin Grigorov
ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability ZDI Disclosures
[PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS Timo Warns
PHP 5.3.6 ZipArchive invalid use glob(3) cxib
[slackware-security] php (SSA:2011-237-01) Slackware Security Team
ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability ehsan_hp200
CreatiWeb Remote SQL injection Vulnerability ehsan_hp200
Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability ehsan_hp200
Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability ehsan_hp200
Simply Media Web (archivio.asp?categoria_id) Remote SQL injection Vulnerability ehsan_hp200
Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability ehsan_hp200
NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure robkraus
Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls info
SQL-Ledger patch update for SQL injection Chris Travers
JagoanStore CMS Arbitary file upload vulnerability eidelweiss
[PT-2011-23] Database information disclosure in GLPI noreply
Nafis Group (review.php?ID) Remote SQL injection Vulnerability ehsan_hp200
Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability ehsan_hp200
Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability ehsan_hp200
LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability ehsan_hp200
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability ZDI Disclosures
Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine Cisco Systems Product Security Incident Response Team
NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption Research@NGSSecure

Friday, 26 August

B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability ehsan_hp200
BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability ehsan_hp200
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability ehsan_hp200
Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability ehsan_hp200
Spherica Remote SQL injection Vulnerability ehsan_hp200
Marinet Remote SQL injection Vulnerability ehsan_hp200
Marinet Remote SQL injection Vulnerability ehsan_hp200
TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability ehsan_hp200
Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability ehsan_hp200
OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability ehsan_hp200
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability ehsan_hp200
Jcow CMS 4.2 <= | Cross Site Scripting YGN Ethical Hacker Group
Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution YGN Ethical Hacker Group

Monday, 29 August

phpWebSite (publisher) Remote SQL injection Vulnerability ehsan_hp200
[Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting Jose Carlos de Arriba
JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities admin
Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200
Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability ehsan_hp200
Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability ehsan_hp200
Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200
LifeSize Room Vulnerabilities smcintyre
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal ddivulnalert

Tuesday, 30 August

[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure Mark Thomas
[SECURITY] [DSA 2298-1] apache2 security update Stefan Fritsch
XSS in IBM Open Admin Tool sk
bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability ehsan_hp200
Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200

Wednesday, 31 August

Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2299-1] ca-certificates security update Thijs Kinkhorst
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger Chris Travers
[SECURITY] [DSA 2200-1] nss security update Moritz Muehlenhoff
Mediagrafic (prodotto.asp?id) (records.asp?id_p) Remote SQL injection Vulnerability ehsan_hp200
CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability ehsan_hp200
Dexanet Remote SQL injection Vulnerability ehsan_hp200
Sana Net (viewnews.php?id) Remote SQL injection Vulnerability ehsan_hp200
XSS in Redirection wordpress plugin advisory

Previous period

Next period