Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
193 messages
starting Jan 03 11 and
ending Jan 31 11
Date index |
Thread index |
Author index
Monday, 03 January
Announcing cross_fuzz, a potential 0-day in circulation, and more Michal Zalewski
www.eVuln.com : SQL Injection in WikLink bt
Geeklog 1.7.1 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
[ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration Andrea Purificato
Tuesday, 04 January
Mathematica8 on Linux /tmp/MathLink vulnerability paul . szabo
[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss Crash
Wednesday, 05 January
Plunging Through the Palo Alto Networks Firewall Jeromie
VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap VMware Security Team
www.eVuln.com : "id" SQL Injection in WikLink bt
[USN-1035-1] Evince vulnerabilities Marc Deslauriers
Getting root, the hard way Dan Rosenberg
[ MDVSA-2011:000 ] phpmyadmin security
BlogEngine.NET 1.6 Multiple Vulnerabilities Deniz CEVIK
Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section Walikar Riyaz Ahemed Dawalmalik
Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section Walikar Riyaz Ahemed Dawalmalik
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
[ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code Tim Sammut
Thursday, 06 January
Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference Kyprianos Vasilopoulos
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow Stefan Fritsch
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw Stefan Fritsch
[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option Stefan Fritsch
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw Stefan Fritsch
SQL Injection in phpMySport advisory
Authentication bypass in phpMySport advisory
SQL Injection in Phenotype CMS advisory
Path disclousure in phpMySport advisory
XSRF (CSRF) in PHP MicroCMS advisory
XSS vulnerability in WonderCMS advisory
SQL Injection in phpMySport advisory
SQL Injection in phpMySport advisory
XSS vulnerability in PHP MicroCMS advisory
[SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal Raphael Geissert
Friday, 07 January
[USN-1037-1] ifupdown update Jamie Strandboge
[USN-1039-1] AppArmor update Jamie Strandboge
[USN-1040-1] Django vulnerabilities Jamie Strandboge
GNU libc/regcomp(3) Multiple Vulnerabilities cxib
Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
[USN-1038-1] dpkg vulnerability Kees Cook
McAfee Commandline Updater Technion
CUDA drivers/Linux security hole gran
Web Hacking & Database Hijack Online Challenge Ivan Buetler
call for participation chpardhasaradhisarma
Monday, 10 January
[ MDVSA-2011:002 ] wireshark security
Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service Digit Security Research
[ MDVSA-2011:003 ] MHonArc security
www.eVuln.com : "fold" and "site" SQL Injections in WikLink bt
NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute yuguo . cn
NewvCommon.ocx ActiveX Insecure Method Vulnerability wsn1983
NewvCommon.ocx ActiveX Remote Code Execution Vulnerability wsn1983
Tuesday, 11 January
[ MDVSA-2011:004 ] php-phar security
SQL injection vulnerability in Energine advisory
XSRF (CSRF) in VaM Shop advisory
Stored XSS vulnerability in diafan.CMS advisory
Path disclosure in Energine advisory
XSRF (CSRF) in Energine advisory
XSS vulnerability in VaM Shop advisory
XSS vulnerability in VaM Shop advisory
XSS vulnerability in VaM Shop advisory
XSRF (CSRF) in diafan.CMS advisory
XSS vulnerability in diafan.CMS advisory
XSRF (CSRF) in Cambio advisory
XSRF (CSRF) in whCMS advisory
[security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products ACROS Security Lists
[security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code security-alert
[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation Florian Weimer
[TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito
Wednesday, 12 January
2011 Rocky Mountain Information Security Conference Call for Papers alex . wood
[USN-1009-2] GNU C Library vulnerability Kees Cook
SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1 Spala Ferenc
[USN-1042-1] PHP vulnerabilities Steve Beattie
[USN-1043-1] Little CMS vulnerability Steve Beattie
Call for Papers: DIMVA 2011 - Extended Deadline Jan 21 Konrad Rieck
[Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart Onapsis Research Labs
[Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure Onapsis Research Labs
iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability labs-no-reply
[security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression Stefan Fritsch
Thursday, 13 January
CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland Andrzej Targosz
[USN-1042-2] PHP5 regression Steve Beattie
Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11) Dragos Ruiu
[security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code security-alert
[MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue david . kurz
[ MDVSA-2011:005 ] evince security
Friday, 14 January
[security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities security-alert
Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group
[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Giuseppe Iuculano
[ MDVSA-2011:007 ] wireshark security
[ MDVSA-2011:006 ] subversion security
[ MDVSA-2011:006 ] subversion security
Remote Code Execution in ICQ 7 Daniel Seither
[ MDVSA-2011:008 ] perl-CGI security
[ MDVSA-2011:009 ] gif2png security
Monday, 17 January
[ MDVSA-2011:011 ] opensc security
[SECURITY] [DSA 2146-1] Security update for mydms Moritz Muehlenhoff
[ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow Tim Sammut
[ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error Stefan Behte
[ GLSA 201101-04 ] aria2: Directory traversal Tobias Heinlein
[SECURITY] [DSA 2147-1] Security update for pimd Steve Kemp
[SECURITY] [DSA 2145-1] Security update for libsmi Moritz Muehlenhoff
[SECURITY] [DSA 2144-1] Security update for wireshark Moritz Muehlenhoff
[ GLSA 201101-07 ] Prewikka: password disclosure Stefan Behte
[ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code Tim Sammut
[ GLSA 201101-05 ] OpenAFS: Arbitrary code execution Stefan Behte
[ MDVSA-2011:010 ] xfig security
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code) th_decoder
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331) Mark Stanislav
[ MDVSA-2011:012 ] mysql security
[SECURITY] [DSA 2148-1] Security update for tor Moritz Muehlenhoff
Tuesday, 18 January
AST-2011-001: Stack buffer overflow in SIP channel driver Asterisk Security Team
[USN-1044-1] D-Bus vulnerability Jamie Strandboge
Wednesday, 19 January
Simploo CMS Community Edition - Remote PHP Code Execution Issue david . kurz
[USN-1045-2] util-linux update Marc Deslauriers
[ MDVSA-2011:013 ] hplip security
[USN-1045-1] FUSE vulnerability Marc Deslauriers
Thursday, 20 January
[security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert
[SECURITY] [DSA 2149-1] Security update for dbus Nico Golde
[USN-1046-1] Sudo vulnerability Jamie Strandboge
DotNetNuke Remote Code Execution vulnerability Daniel Niggebrugge
SQL Injection in Pixie advisory
SQL Injection in Pixie advisory
Friday, 21 January
[security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification security-alert
[security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS) security-alert
[TEHTRI-Security] CVE-2010-2599: Update your BlackBerry Laurent OUDOT at TEHTRI-Security
London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL Major Malfunction
Code execution in Microsoft Fax Cover Page Editor Luigi Auriemma
[ MDVSA-2011:015 ] pcsc-lite security
IETF RFC on Port Randomization Fernando Gont
[ MDVSA-2011:014 ] ccid security
NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability NSO Research
[ MDVSA-2011:016 ] t1lib security
[ MDVSA-2011:017 ] tetex security
[ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities Tim Sammut
[ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities Tim Sammut
[ MDVSA-2011:018 ] sudo security
Monday, 24 January
[USN-1047-1] AWStats vulnerability Marc Deslauriers
[USN-1048-1] Tomcat vulnerability Marc Deslauriers
[SECURITY] [DSA 2150-1] request-tracker3.6 security update Thijs Kinkhorst
ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability Security_Alert
phpcms V9 BLind SQL Injection Vulnerability eidelweiss
[CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean Fernando Gont
Tuesday, 25 January
[DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method Alexandr Polyakov
HTB22791: File Content Disclosure in Pixelpost advisory
HTB22788: XSS in Pivotx advisory
HTB22792: XSS in Pixelpost advisory
HTB22790: XSS in Pivotx advisory
[DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods Alexandr Polyakov
[DSECRG-11-007] Oracle Document Capture ImportBodyText - read files Alexandr Polyakov
HTB22789: Path disclousure in Pivotx advisory
HTB22787: Path disclousure in Pligg CMS advisory
[security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code security-alert
[DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow Alexandr Polyakov
[DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method Alexandr Polyakov
syslog-ng wrong file permission vulnerability SZALAY Attila
[DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED) Alexandr Polyakov
[OVSA20110118] OpenVAS Manager Vulnerable To Command Injection Tim Brown
[DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss Alexandr Polyakov
HTB22794: Path disclousure in Pixelpost advisory
[DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal Alexandr Polyakov
Thursday, 27 January
[security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS) security-alert
[USN-1051-1] HPLIP vulnerability Marc Deslauriers
Microsoft IIS 6 parsing directory x.asp Vulnerability info
ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability. Security_Alert
Re: Remote Code Execution in ICQ 7 Daniel Seither
HTB22795: Path disclosure in Hycus CMS advisory
VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004) VUPEN Security Research
[ MDVSA-2011:019 ] libuser security
IETF RFC on "the implementation of the TCP urgent mechanism" Fernando Gont
PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm Joshua Gimer
Huawei HG default WEP/WPA generator Pedro JoaquĆn
Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Cisco Systems Product Security Incident Response Team
OpenOffice.org Multiple Memory Corruption Vulnerabilities VSR Advisories
[SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities Martin Schulze
[USN-1052-1] OpenJDK vulnerability Steve Beattie
HTB22796: Path disclousure in DBHcms advisory
Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212) StenoPlasma @ www.ExploitDevelopment.com
HTB22797: Path disclousure in BLOG:CMS advisory
HTB22793: XSRF (CSRF) in KaiBB advisory
Friday, 28 January
CA20101231-01: Security Notice for CA ARCserve D2D (updated) Williams, James K
[SECURITY] [DSA 2152-1] hplip security update Moritz Muehlenhoff
FreeBSD local denial of service - forced reboot HI-TECH .
TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution noreply
TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service noreply
TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow noreply
Monday, 31 January
CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue Jan Lehnardt
[SECURITY] [DSA-2154-2] exim4 regression fix Stefan Fritsch
[SECURITY] [DSA-2156-1] pcscd security update Steve Kemp
VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection Andrea Fabrizi
[SECURITY] [DSA 2155-1] freetype security update Moritz Muehlenhoff
[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal
[SECURITY] [DSA-2154-1] exim4 security update Stefan Fritsch
[SECURITY] [DSA 2153-1] linux-2.6 security update dann frazier