Bugtraq: by date

PreviousPrevious period
Next periodNext

233 messages starting Apr 04 12 and ending Apr 30 12
Date index | Thread index | Author index

Wednesday, 04 April

Landshop v0.9.2 - Multiple Web Vulnerabilities Research
VMSA-2012-0006 VMware ESXi and ESX address several security issues VMware Security Team
[SECURITY] [DSA 2445-1] typo3-src security update Florian Weimer
[SECURITY] [DSA 2442-2] openarena regression Florian Weimer
SQL injection in Wordpress plugin Buddypress ivan_terkin
[SECURITY] [DSA 2398-2] curl regression Florian Weimer
IPv6 stable privacy addresses Fernando Gont
Hackito 2012 Crypto Challenge Jonathan Brossard
[ MDVSA-2012:046 ] libpng security
[ MDVSA-2012:047 ] freeradius security
[ MDVSA-2012:048 ] mutt security
[ MDVSA-2012:049 ] nagios security
[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection security-alert
[ MDVSA-2012:050 ] phpmyadmin security
[security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS) security-alert
[ MDVSA-2012:051 ] libvorbis security
[ MDVSA-2012:052 ] libvorbis security
[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research
Arbor Networks Peakflow SP web interface XSS b . saleh
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 Apple Product Security
Multiple vulnerabilities in osCmax advisory
'e-ticketing' SQL Injection (CVE-2012-1673) Mark Stanislav
'phpPaleo' Local File Inclusion (CVE-2012-1671) Mark Stanislav
[DCA-2011-0016] - Tufin SecureTrack Cross Site Script Crash
'Hotel Booking Portal' SQL Injection (CVE-2012-1672) Mark Stanislav
[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS) security-alert
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Systems Product Security Incident Response Team
[ MDVSA-2012:053 ] ocsinventory security
[SE-2012-01] Security vulnerabilities in Java SE Security Explorations
Sourcefire Defense Center - multiple vulnerabilities. Filip Palian
[SECURITY] [DSA 2446-1] libpng security update Moritz Muehlenhoff
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Research
ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Research
DirectAdmin v1.403 - Cross Site Scripting Vulnerability Research
[SECURITY] [DSA 2447-1] tiff security update Moritz Muehlenhoff
Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario

Thursday, 05 April

Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario
[ MDVSA-2012:054 ] libtiff security
[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7 Florent Daigniere
Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite nospam
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite nospam
vBulletin 4.1.10 Sql Injection Vulnerabilitiy Amir
Sony Bravia Remote Denial of Service - CVE-2012-2210 gab . mnunes
Wordpress taggator plugin Sql Injection Vulnerabilities Amir
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0 come2waraxe
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4 come2waraxe
[security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert

Monday, 09 April

PHPNuke Module's Name Download SQL Injection Vulnerabilities CrAzY_CrAcKeR
[CVE-2012-1574] Apache Hadoop user impersonation vulnerability Aaron T. Myers
[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1 come2waraxe
[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin come2waraxe
CitrusDB 2.4.1 - LFI/SQLi Vulnerability blaszczakm
[Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities Research
idev Game Site CMS v1.0 - Multiple Web Vulnerabilites Research
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Research
CsForum v0.8 - Cross Site Scripting Vulnerability Research
[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research
[Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Research
OWASP ZAP 1.4.0 released psiinon
Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue Secunia Research
Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities Secunia Research
CVE-2012-0769, the case of the perfect info leak Fermín J . Serna

Tuesday, 10 April

[SECURITY] [DSA 2448-1] inspircd security update Jonathan Wiltshire
Matterdaddy Market v1.1 - SQL Injection Vulnerabilities Research
GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Research

Wednesday, 11 April

[security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus security-alert
[ MDVSA-2012:055 ] samba security
Android information leak sumanj
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress advisory
Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed! info
Backtrack 5 R2 priv escalation 0day found in CTF exercise Adam Behnke

Thursday, 12 April

TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command Shatter
[ MDVSA-2012:056 ] rpm security
Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Research
[Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Research
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0 come2waraxe
TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Trustwave Advisories
[ MDVSA-2012:057 ] freetype2 security
online newspaper university"newsdesc.php" SQL Injection Vulnerabilities CrAzY_CrAcKeR
[SECURITY] [DSA 2449-1] sqlalchemy security update Nico Golde
Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Research
[SE-2012-01] Security weakness in Apple Quicktime Java extensions Security Explorations

Friday, 13 April

[SECURITY] [DSA 2450-1] samba security update Thijs Kinkhorst
APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 Apple Product Security
Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise InterN0T Advisories
Erronous post concerning Backtrack 5 R2 0day Adam Behnke
VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security Team
[SECURITY] [DSA 2451-1] puppet security update Nico Golde
[ MDVSA-2012:058 ] curl security
Re: Erronous post concerning Backtrack 5 R2 0day Jamie Riden
ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Research

Monday, 16 April

APPLE-SA-2012-04-13-1 Flashback malware removal tool Apple Product Security
[Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability Research
Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012 Fernando Gont
Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities CrAzY_CrAcKeR
Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo
Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Research
[Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Research
Passwords^12 : Call for Presentations Per Thorsheim
[CVE-2012-1621] Apache OFBiz information disclosure vulnerability Jacopo Cappellato
[CVE-2012-1622] Apache OFBiz information disclosure vulnerability Jacopo Cappellato
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
[SECURITY] [DSA 2452-1] apache2 security update Stefan Fritsch
[SECURITY] [DSA 2453-1] gajim security update Nico Golde
[ MDVSA-2012:059 ] python-sqlalchemy security
ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting ACROS Security Lists

Tuesday, 17 April

Fwd: PHP Gift Registry 1.5.5 SQL Injection Thomas Richards
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability Vikram Dhillon
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo
[security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alert
[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alert
[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alert

Wednesday, 18 April

[security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS) security-alert
Squid URL Filtering Bypass Gabriel Menezes Nunes
McAfee Web Gateway URL Filtering Bypass Gabriel Menezes Nunes
Re: Wordpress advanced-text-widget Plugin Vulnerabilities Henri Salo
Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Henri Salo
Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Henri Salo
DokuWiki Ver.2012/01/25 CSRF Add User Exploit irancrash
ClubHack Magazine's April 2012 Issue is released. v . hirve
VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172) VUPEN Security Research
Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group
[ MDVSA-2012:032-1 ] mozilla security
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Tobias Glemser
Multiple XSS vulnerabilities in XOOPS advisory
Multiple vulnerabilities in Newscoop advisory
[security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS) security-alert

Thursday, 19 April

Re: Squid URL Filtering Bypass Richard Barrett
Re: Squid URL Filtering Bypass Gabriel Menezes Nunes
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities Security_Alert
The history of a -probably- 13 years old Oracle bug: TNS Poison Joxean Koret
Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9 LpSolit
[SECURITY] [DSA 2453-2] gajim regression Nico Golde
Ruxcon 2012 Call For Papers cfp
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773) VUPEN Security Research
[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64) Ange Albertini
Re: Squid URL Filtering Bypass Mario Vilas
[ MDVSA-2012:060 ] openssl security
Vulnerabilities in Samsung TV (remote controller protocol) Luigi Auriemma

Friday, 20 April

[SECURITY] [DSA 2454-1] openssl security update Raphael Geissert
[security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege security-alert
DC4420 - London DEFCON - April meet - Tuesday April 24th 2012 Major Malfunction
RE: Squid URL Filtering Bypass Jim Harrison
Incomplete protection of Oracle Database locked accounts (CVE-2012-0510) Shatter
OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Esteban Martinez Fayo
Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511) Shatter
Specially crafted Json service request allows full control over a Liferay portal instance Jelmer Kuperus
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512) Shatter
Liferay 6.1 can be compromised in its default configuration Jelmer Kuperus
SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525) Shatter
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526) Shatter
HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527) Shatter
Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528) Shatter
OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Shatter
Specially crafted webdav request allows reading of local files on liferay 6.0.x Jelmer Kuperus
IPv6 host scanning in IPv6 Fernando Gont
[security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alert
XSS in Kaseya version 6.2.0.0 web interface bede

Monday, 23 April

[SECURITY] [DSA 2455-1] typo3-src security update Nico Golde
Re: Squid URL Filtering Bypass Amos Jeffries
Re: McAfee Web Gateway URL Filtering Bypass Vikram Dhillon
Re: Squid URL Filtering Bypass Gabriel Menezes Nunes
[ MDVSA-2012:061 ] raptor security
[ MDVSA-2012:062 ] openoffice.org security
[ MDVSA-2012:063 ] libreoffice security
phpMyBible 0.5.1 Mutiple XSS Thomas Richards
[Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability Research
[Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Research
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability Research
[Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability Research
XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Netsparker Advisories
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) Hafez Kamal
HTC IQRD Android Permission Leakage (CVE-2012-2217) VSR Advisories
.NET Framework EncoderParameter integer overflow vulnerability Akita Software Security
ChurchCMS 0.0.1 'admin.php' Multiple SQLi Thomas Richards
AST-2012-004: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver Asterisk Security Team
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver Asterisk Security Team
WebCalendar <= 1.2.4 Two Security Vulnerabilities n0b0d13s
FYI: We're now paying up to $20,000 for web vulns in our services Michal Zalewski
Re: phpMyBible 0.5.1 Mutiple XSS Lostmon

Tuesday, 24 April

[ MDVSA-2012:064 ] openssl0.9.8 security
RuggedCom - Backdoor Accounts in my SCADA network? You don't say... jc
[security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS) security-alert
New IETF I-D: Security Implications of IPv6 on IPv4 networks Fernando Gont
RE: McAfee Web Gateway URL Filtering Bypass Jim Harrison
PHP Ticket System Beta 1 'p' SQL Injection Thomas Richards

Wednesday, 25 April

[SECURITY] [DSA 2456-1] dropbear security update Moritz Muehlenhoff
[SECURITY] [DSA 2457-1] iceweasel security update Moritz Muehlenhoff
[SECURITY] [DSA 2548-1] iceape security update Moritz Muehlenhoff
[SECURITY] [DSA 2454-2] openssl incomplete fix Raphael Geissert
linux privileged and arbitrary chdir() (fixed at 5.4 cifs release) Jesús Olmos
Multiple vulnerabilities in Piwigo advisory
[SECURITY] [DSA 2460-1] asterisk security update Moritz Muehlenhoff
RE: We're now paying up to $20,000 for web vulns in our services Jim Harrison
Re: We're now paying up to $20,000 for web vulns in our services Michal Zalewski
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Charles Morris
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Michal Zalewski

Thursday, 26 April

ToorCamp 2012: The American Hacker Camp h1kari
[SECURITY] [DSA 2459-1] quagga security update Florian Weimer
Oracle TNS Poison vulnerability is actually a 0day with no patch available Joxean Koret
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison laurenz . albe
PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities Thomas Richards
[security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal ddivulnalert
DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal ddivulnalert

Friday, 27 April

[ MDVSA-2012:066 ] mozilla security
[security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware security-alert
[SECURITY] [DSA 2461-1] spip security update Moritz Muehlenhoff
DIY CMS v1.0 Poll - Multiple Web Vulnerabilities Research
DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities Research
Car Portal CMS v3.0 - Multiple Web Vulnerabilities Research
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research
VMSA-2012-0008 VMware ESX updates to ESX Service Console VMware Security Team
[ MDVSA-2012:065 ] php security

Monday, 30 April

[SECURITY] [DSA 2462-1] imagemagick security update Moritz Muehlenhoff
PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities ariosrandy
Opial CMS v2.0 - Multiple Web Vulnerabilities Research
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research
OWASP 2012 Online Competition with Hacking-Lab Ivan Buetler
Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities Amir
Pritlog v0.821 CMS - Multiple Web Vulnerabilities Research
NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow Research@NGSSecure
NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI Research@NGSSecure
NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI Research@NGSSecure
NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM Research@NGSSecure
NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI Research@NGSSecure
NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation Research@NGSSecure
NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM Research@NGSSecure
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability nospam
PreviousPrevious period
Next periodNext