Bugtraq: by thread
193 messages
starting Jan 03 11 and
ending Jan 31 11
Date index |
Thread index |
Author index
- Announcing cross_fuzz, a potential 0-day in circulation, and more Michal Zalewski (Jan 03)
- www.eVuln.com : SQL Injection in WikLink bt (Jan 03)
- Geeklog 1.7.1 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 03)
- [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration Andrea Purificato (Jan 03)
- Mathematica8 on Linux /tmp/MathLink vulnerability paul . szabo (Jan 04)
- [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss Crash (Jan 04)
- Plunging Through the Palo Alto Networks Firewall Jeromie (Jan 05)
- VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap VMware Security Team (Jan 05)
- www.eVuln.com : "id" SQL Injection in WikLink bt (Jan 05)
- [USN-1035-1] Evince vulnerabilities Marc Deslauriers (Jan 05)
- Getting root, the hard way Dan Rosenberg (Jan 05)
- [ MDVSA-2011:000 ] phpmyadmin security (Jan 05)
- BlogEngine.NET 1.6 Multiple Vulnerabilities Deniz CEVIK (Jan 05)
- Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section Walikar Riyaz Ahemed Dawalmalik (Jan 05)
- Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section Walikar Riyaz Ahemed Dawalmalik (Jan 05)
- Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 05)
- Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 07)
- [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code Tim Sammut (Jan 05)
- Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference Kyprianos Vasilopoulos (Jan 06)
- [SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow Stefan Fritsch (Jan 06)
- [SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw Stefan Fritsch (Jan 06)
- [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option Stefan Fritsch (Jan 06)
- [SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw Stefan Fritsch (Jan 06)
- SQL Injection in phpMySport advisory (Jan 06)
- <Possible follow-ups>
- SQL Injection in phpMySport advisory (Jan 06)
- SQL Injection in phpMySport advisory (Jan 06)
- Authentication bypass in phpMySport advisory (Jan 06)
- SQL Injection in Phenotype CMS advisory (Jan 06)
- Path disclousure in phpMySport advisory (Jan 06)
- XSRF (CSRF) in PHP MicroCMS advisory (Jan 06)
- XSS vulnerability in WonderCMS advisory (Jan 06)
- XSS vulnerability in PHP MicroCMS advisory (Jan 06)
- [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal Raphael Geissert (Jan 06)
- [USN-1037-1] ifupdown update Jamie Strandboge (Jan 07)
- [USN-1039-1] AppArmor update Jamie Strandboge (Jan 07)
- [USN-1040-1] Django vulnerabilities Jamie Strandboge (Jan 07)
- GNU libc/regcomp(3) Multiple Vulnerabilities cxib (Jan 07)
- [USN-1038-1] dpkg vulnerability Kees Cook (Jan 07)
- McAfee Commandline Updater Technion (Jan 07)
- CUDA drivers/Linux security hole gran (Jan 07)
- Web Hacking & Database Hijack Online Challenge Ivan Buetler (Jan 07)
- call for participation chpardhasaradhisarma (Jan 07)
- [ MDVSA-2011:002 ] wireshark security (Jan 10)
- Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service Digit Security Research (Jan 10)
- [ MDVSA-2011:003 ] MHonArc security (Jan 10)
- www.eVuln.com : "fold" and "site" SQL Injections in WikLink bt (Jan 10)
- NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute yuguo . cn (Jan 10)
- NewvCommon.ocx ActiveX Insecure Method Vulnerability wsn1983 (Jan 10)
- NewvCommon.ocx ActiveX Remote Code Execution Vulnerability wsn1983 (Jan 10)
- [ MDVSA-2011:004 ] php-phar security (Jan 11)
- SQL injection vulnerability in Energine advisory (Jan 11)
- XSRF (CSRF) in VaM Shop advisory (Jan 11)
- Stored XSS vulnerability in diafan.CMS advisory (Jan 11)
- Path disclosure in Energine advisory (Jan 11)
- XSRF (CSRF) in Energine advisory (Jan 11)
- XSS vulnerability in VaM Shop advisory (Jan 11)
- <Possible follow-ups>
- XSS vulnerability in VaM Shop advisory (Jan 11)
- XSS vulnerability in VaM Shop advisory (Jan 11)
- XSRF (CSRF) in diafan.CMS advisory (Jan 11)
- XSS vulnerability in diafan.CMS advisory (Jan 11)
- XSRF (CSRF) in Cambio advisory (Jan 11)
- XSRF (CSRF) in whCMS advisory (Jan 11)
- [security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Jan 11)
- ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products ACROS Security Lists (Jan 11)
- [security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code security-alert (Jan 11)
- [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation Florian Weimer (Jan 11)
- [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito (Jan 11)
- 2011 Rocky Mountain Information Security Conference Call for Papers alex . wood (Jan 12)
- [USN-1009-2] GNU C Library vulnerability Kees Cook (Jan 12)
- SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1 Spala Ferenc (Jan 12)
- [USN-1042-1] PHP vulnerabilities Steve Beattie (Jan 12)
- [USN-1043-1] Little CMS vulnerability Steve Beattie (Jan 12)
- Call for Papers: DIMVA 2011 - Extended Deadline Jan 21 Konrad Rieck (Jan 12)
- [Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart Onapsis Research Labs (Jan 12)
- [Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure Onapsis Research Labs (Jan 12)
- iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability labs-no-reply (Jan 12)
- [security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Jan 12)
- [SECURITY] [DSA-2141-4] New lighttpd packages fix regression Stefan Fritsch (Jan 12)
- CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland Andrzej Targosz (Jan 13)
- [USN-1042-2] PHP5 regression Steve Beattie (Jan 13)
- Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11) Dragos Ruiu (Jan 13)
- [security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code security-alert (Jan 13)
- [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue david . kurz (Jan 13)
- [ MDVSA-2011:005 ] evince security (Jan 13)
- [security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities security-alert (Jan 14)
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 14)
- [SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Giuseppe Iuculano (Jan 14)
- [ MDVSA-2011:007 ] wireshark security (Jan 14)
- [ MDVSA-2011:006 ] subversion security (Jan 14)
- <Possible follow-ups>
- [ MDVSA-2011:006 ] subversion security (Jan 14)
- Remote Code Execution in ICQ 7 Daniel Seither (Jan 14)
- Re: Remote Code Execution in ICQ 7 Daniel Seither (Jan 27)
- [ MDVSA-2011:008 ] perl-CGI security (Jan 14)
- [ MDVSA-2011:009 ] gif2png security (Jan 14)
- [ MDVSA-2011:011 ] opensc security (Jan 17)
- [SECURITY] [DSA 2146-1] Security update for mydms Moritz Muehlenhoff (Jan 17)
- [ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow Tim Sammut (Jan 17)
- [ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error Stefan Behte (Jan 17)
- [ GLSA 201101-04 ] aria2: Directory traversal Tobias Heinlein (Jan 17)
- [SECURITY] [DSA 2147-1] Security update for pimd Steve Kemp (Jan 17)
- [SECURITY] [DSA 2145-1] Security update for libsmi Moritz Muehlenhoff (Jan 17)
- [SECURITY] [DSA 2144-1] Security update for wireshark Moritz Muehlenhoff (Jan 17)
- [ GLSA 201101-07 ] Prewikka: password disclosure Stefan Behte (Jan 17)
- [ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code Tim Sammut (Jan 17)
- [ GLSA 201101-05 ] OpenAFS: Arbitrary code execution Stefan Behte (Jan 17)
- [ MDVSA-2011:010 ] xfig security (Jan 17)
- Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code) th_decoder (Jan 17)
- 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331) Mark Stanislav (Jan 17)
- [ MDVSA-2011:012 ] mysql security (Jan 17)
- [SECURITY] [DSA 2148-1] Security update for tor Moritz Muehlenhoff (Jan 17)
- AST-2011-001: Stack buffer overflow in SIP channel driver Asterisk Security Team (Jan 18)
- [USN-1044-1] D-Bus vulnerability Jamie Strandboge (Jan 18)
- Simploo CMS Community Edition - Remote PHP Code Execution Issue david . kurz (Jan 19)
- [USN-1045-2] util-linux update Marc Deslauriers (Jan 19)
- [ MDVSA-2011:013 ] hplip security (Jan 19)
- [USN-1045-1] FUSE vulnerability Marc Deslauriers (Jan 19)
- [security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert (Jan 20)
- [SECURITY] [DSA 2149-1] Security update for dbus Nico Golde (Jan 20)
- [USN-1046-1] Sudo vulnerability Jamie Strandboge (Jan 20)
- DotNetNuke Remote Code Execution vulnerability Daniel Niggebrugge (Jan 20)
- SQL Injection in Pixie advisory (Jan 20)
- <Possible follow-ups>
- SQL Injection in Pixie advisory (Jan 20)
- [security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification security-alert (Jan 21)
- [security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS) security-alert (Jan 21)
- [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry Laurent OUDOT at TEHTRI-Security (Jan 21)
- London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL Major Malfunction (Jan 21)
- Code execution in Microsoft Fax Cover Page Editor Luigi Auriemma (Jan 21)
- [ MDVSA-2011:015 ] pcsc-lite security (Jan 21)
- IETF RFC on Port Randomization Fernando Gont (Jan 21)
- [ MDVSA-2011:014 ] ccid security (Jan 21)
- NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability NSO Research (Jan 21)
- [ MDVSA-2011:016 ] t1lib security (Jan 21)
- [ MDVSA-2011:017 ] tetex security (Jan 21)
- [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities Tim Sammut (Jan 21)
- [ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities Tim Sammut (Jan 21)
- [ MDVSA-2011:018 ] sudo security (Jan 21)
- [USN-1047-1] AWStats vulnerability Marc Deslauriers (Jan 24)
- [USN-1048-1] Tomcat vulnerability Marc Deslauriers (Jan 24)
- [SECURITY] [DSA 2150-1] request-tracker3.6 security update Thijs Kinkhorst (Jan 24)
- ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability Security_Alert (Jan 24)
- ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability. Security_Alert (Jan 27)
- phpcms V9 BLind SQL Injection Vulnerability eidelweiss (Jan 24)
- [CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean Fernando Gont (Jan 24)
- [DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method Alexandr Polyakov (Jan 25)
- HTB22791: File Content Disclosure in Pixelpost advisory (Jan 25)
- HTB22788: XSS in Pivotx advisory (Jan 25)
- HTB22792: XSS in Pixelpost advisory (Jan 25)
- HTB22790: XSS in Pivotx advisory (Jan 25)
- [DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods Alexandr Polyakov (Jan 25)
- [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files Alexandr Polyakov (Jan 25)
- HTB22789: Path disclousure in Pivotx advisory (Jan 25)
- HTB22787: Path disclousure in Pligg CMS advisory (Jan 25)
- [security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code security-alert (Jan 25)
- [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow Alexandr Polyakov (Jan 25)
- [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method Alexandr Polyakov (Jan 25)
- syslog-ng wrong file permission vulnerability SZALAY Attila (Jan 25)
- [DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED) Alexandr Polyakov (Jan 25)
- [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Jan 25)
- [DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss Alexandr Polyakov (Jan 25)
- HTB22794: Path disclousure in Pixelpost advisory (Jan 25)
- [DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal Alexandr Polyakov (Jan 25)
- [security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS) security-alert (Jan 27)
- [USN-1051-1] HPLIP vulnerability Marc Deslauriers (Jan 27)
- Microsoft IIS 6 parsing directory x.asp Vulnerability info (Jan 27)
- HTB22795: Path disclosure in Hycus CMS advisory (Jan 27)
- VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004) VUPEN Security Research (Jan 27)
- [ MDVSA-2011:019 ] libuser security (Jan 27)
- IETF RFC on "the implementation of the TCP urgent mechanism" Fernando Gont (Jan 27)
- PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm Joshua Gimer (Jan 27)
- Huawei HG default WEP/WPA generator Pedro JoaquĆn (Jan 27)
- Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 27)
- Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 27)
- OpenOffice.org Multiple Memory Corruption Vulnerabilities VSR Advisories (Jan 27)
- [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities Martin Schulze (Jan 27)
- [USN-1052-1] OpenJDK vulnerability Steve Beattie (Jan 27)
- HTB22796: Path disclousure in DBHcms advisory (Jan 27)
- Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212) StenoPlasma @ www.ExploitDevelopment.com (Jan 27)
- HTB22797: Path disclousure in BLOG:CMS advisory (Jan 27)
- HTB22793: XSRF (CSRF) in KaiBB advisory (Jan 27)
- CA20101231-01: Security Notice for CA ARCserve D2D (updated) Williams, James K (Jan 28)
- [SECURITY] [DSA 2152-1] hplip security update Moritz Muehlenhoff (Jan 28)
- FreeBSD local denial of service - forced reboot HI-TECH . (Jan 28)
- TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution noreply (Jan 28)
- TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service noreply (Jan 28)
- TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow noreply (Jan 28)
- CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue Jan Lehnardt (Jan 31)
- [SECURITY] [DSA-2154-2] exim4 regression fix Stefan Fritsch (Jan 31)
- [SECURITY] [DSA-2156-1] pcscd security update Steve Kemp (Jan 31)
- VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection Andrea Fabrizi (Jan 31)
- [SECURITY] [DSA 2155-1] freetype security update Moritz Muehlenhoff (Jan 31)
- [HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal (Jan 31)
- [SECURITY] [DSA-2154-1] exim4 security update Stefan Fritsch (Jan 31)
- [SECURITY] [DSA 2153-1] linux-2.6 security update dann frazier (Jan 31)