Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
192 messages
starting Jan 16 12 and
ending Jan 06 12
Date index |
Thread index |
Author index
abhijeet
[Announcement] ClubHack Mag Issue 24-Jan 2012 Released abhijeet (Jan 16)
[Announcement] ClubHack Mag - Call for Articles abhijeet (Jan 16)
ACROS Security Lists
Is Your Online Bank Vulnerable To Currency Rounding Attacks? ACROS Security Lists (Jan 10)
Google Chrome HTTPS Address Bar Spoofing ACROS Security Lists (Jan 04)
adic
Microsoft Anti-XSS Library Bypass (MS12-007) adic (Jan 19)
advisory
Multiple XSS in KnowledgeTree Community Edition advisory (Jan 11)
CSRF (Cross-Site Request Forgery) in DClassifieds advisory (Jan 25)
Re: Multiple XSS in KnowledgeTree Community Edition advisory (Jan 16)
XSS in OneOrZero AIMS advisory (Jan 18)
Multiple vulnerabilities in OSclass advisory (Jan 25)
Multiple vulnerabilities in ImpressCMS advisory (Jan 04)
Akita Software Security
Office arbitrary ClickOnce application execution vulnerability Akita Software Security (Jan 12)
Alex Legler
[ GLSA 201201-18 ] bip: Multiple vulnerabilities Alex Legler (Jan 30)
[ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities Alex Legler (Jan 30)
[ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Alex Legler (Jan 30)
Antoine Martin
Xpra memory disclosure Antoine Martin (Jan 18)
AppSec DC
AppSec DC 2012 CFP EXTENDED! AppSec DC (Jan 09)
Christian Papathanasiou
AthCon 2012 CFP is now OPEN! Christian Papathanasiou (Jan 12)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jan 26)
Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Jan 18)
Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account Cisco Systems Product Security Incident Response Team (Jan 18)
cxib
PHP 5.3.8 Multiple vulnerabilities cxib (Jan 16)
Cyrill Brunschwiler
OpenKM 5.1.7 Privilege Escalation Cyrill Brunschwiler (Jan 03)
OpenKM 5.1.7 OS Command Execution (XSRF based) Cyrill Brunschwiler (Jan 03)
dann frazier
[SECURITY] [DSA 2389-1] linux-2.6 security update dann frazier (Jan 16)
[SECURITY] [DSA-2393-1] bip security update dann frazier (Jan 25)
ddivulnalert
DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass ddivulnalert (Jan 23)
DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785) ddivulnalert (Jan 09)
demonalex
IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability demonalex (Jan 06)
HServer webserver - Directory Traversal Vulnerability demonalex (Jan 05)
BigACE CMS - XSS Vulnerabilities demonalex (Jan 03)
mavili guestbook - SQL Injection and XSS Vulnerabilities demonalex (Jan 03)
Simple Mail Server - SMTP Authentication Bypass Vulnerability demonalex (Jan 09)
Ggb Guestbook - XSS Vulnerabilities demonalex (Jan 05)
IpTools - Rcmd Remote Overflow Vulnerability demonalex (Jan 06)
Fernando Gont
First-hop security in IPv6 Fernando Gont (Jan 16)
Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation Fernando Gont (Jan 12)
Revised IETF I-D: Advice on IPv6 RA-Guard Implementation Fernando Gont (Jan 05)
(CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean Fernando Gont (Jan 16)
Filippo Cavallarin
Multiple vulnerabilities in postfixadmin Filippo Cavallarin (Jan 30)
Multiple vulnerabilities in OSClass Filippo Cavallarin (Jan 30)
Mibew messenger multiple XSS Filippo Cavallarin (Jan 30)
Florian Weimer
[SECURITY] [DSA 2381-1] squid3 security update Florian Weimer (Jan 06)
[SECURITY] [DSA 2380-1] foomatic-filters security update Florian Weimer (Jan 04)
[SECURITY] [DSA 2390-1] openssl security update Florian Weimer (Jan 16)
[SECURITY] [DSA 2385-1] pdns security update Florian Weimer (Jan 10)
[SECURITY] [DSA 2392-1] openssl security update Florian Weimer (Jan 23)
[SECURITY] [DSA 2301-2] rails regression Florian Weimer (Jan 23)
[SECURITY] [DSA 2379-1] krb5 security update Florian Weimer (Jan 04)
geinblues
SafeSEH+SEHOP all-at-once bypass explotation method principles geinblues (Jan 12)
Hafez Kamal
[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon Hafez Kamal (Jan 27)
hapsec
VLC media player v1.1.11 (.amr) Local Crash PoC hapsec (Jan 05)
Henri Salo
Re: Multiple XSS in KnowledgeTree Community Edition Henri Salo (Jan 16)
Re: Tinyguestbook XSS Henri Salo (Jan 04)
Re: PHP Booking Calendar 10e XSS Henri Salo (Jan 03)
ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389 Henri Salo (Jan 13)
InterN0T Advisories
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS InterN0T Advisories (Jan 18)
I)ruid
InfoSec Southwest 2012 Open Registration I)ruid (Jan 20)
InfoSec Southwest 2012 CFP First-round Speaker Selections I)ruid (Jan 04)
Jan Wrobel
Reflection Scan: an Off-Path Attack on TCP Jan Wrobel (Jan 18)
joernchen of Phenoelit
Advisory: sudo 1.8 Format String Vulnerability joernchen of Phenoelit (Jan 30)
Jonathan Wiltshire
[SECURITY] [DSA 2382-1] ecryptfs-utils security update Jonathan Wiltshire (Jan 09)
Luciano Bello
[SECURITY] [DSA 2394-1] libxml2 security update Luciano Bello (Jan 27)
luk
[SECURITY] [DSA 2384-1] cacti security update luk (Jan 09)
Luk Claes
[SECURITY] [DSA 2386-1] openttd security update Luk Claes (Jan 12)
Major Malfunction
DC4420 - London DEFCON - 24 January 2012 Major Malfunction (Jan 20)
Mark Thomas
[SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service Mark Thomas (Jan 17)
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure Mark Thomas (Jan 17)
Michal Zalewski
p0f3 release candidate Michal Zalewski (Jan 10)
Re: p0f3 release candidate Michal Zalewski (Jan 17)
Moritz Muehlenhoff
[SECURITY] [DSA 2396-1] qemu-kvm security update Moritz Muehlenhoff (Jan 30)
[SECURITY] [DSA 2398-1] curl security update Moritz Muehlenhoff (Jan 31)
[SECURITY] [DSA 2397-1] icu security update Moritz Muehlenhoff (Jan 30)
[SECURITY] [DSA 2395-1] wireshark security update Moritz Muehlenhoff (Jan 30)
[SECURITY] [DSA 2378-1] ffmpeg security update Moritz Muehlenhoff (Jan 04)
[SECURITY] [DSA 2383-1] super security update Moritz Muehlenhoff (Jan 09)
n0b0d13s
Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability n0b0d13s (Jan 23)
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability n0b0d13s (Jan 20)
Netsparker Advisories
SQL Injection Vulnerability in OpenEMR 4.1.0 Netsparker Advisories (Jan 03)
Open Redirection Vulnerability in Orchard 1.3.9 Netsparker Advisories (Jan 04)
Nico Golde
[SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update Nico Golde (Jan 02)
noreply
[PT-2011-03] Information disclosure in Kayako Support Suite noreply (Jan 11)
[PT-2011-01] Cross-Site Scripting in Kayako Support Suite noreply (Jan 11)
[PT-2011-04] Cross-Site Scripting in Kayako Support Suite noreply (Jan 11)
[PT-2011-02] PHP code Injection in Kayako Support Suite noreply (Jan 11)
[PT-2011-03] Information disclosure in Kayako Support Suite noreply (Jan 11)
otr
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability otr (Jan 25)
pavel
AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload pavel (Jan 23)
pavila
Re: OpenKM 5.1.7 Privilege Escalation pavila (Jan 04)
Peter Conrad
Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability Peter Conrad (Jan 10)
RedTeam Pentesting GmbH
[RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting GmbH (Jan 03)
Research@NGSSecure
NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM Research@NGSSecure (Jan 25)
NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability Research@NGSSecure (Jan 05)
NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Research@NGSSecure (Jan 24)
NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation Research@NGSSecure (Jan 25)
NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS Research@NGSSecure (Jan 05)
research () vulnerability-lab com
FAA US Academy (AFS) - Auth Bypass Vulnerability research () vulnerability-lab com (Jan 30)
[Suspected Spam] Bart`s CMS - SQL Injection Vulnerability research () vulnerability-lab com (Jan 23)
[Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities research () vulnerability-lab com (Jan 20)
eBank IT Online Banking - Multiple Web Vulnerabilities research () vulnerability-lab com (Jan 30)
robkraus
D-Link DIR-601 TFTP Directory Traversal Vulnerability robkraus (Jan 25)
rwenzel
SQL injection in Bigware shop software rwenzel (Jan 23)
SANS AppSec CFP
Only 7 Days Left: SANS AppSec 2012 CFP SANS AppSec CFP (Jan 24)
Sean Amoss
[ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities Sean Amoss (Jan 24)
[ GLSA 201201-04 ] Logsurfer: Arbitrary code execution Sean Amoss (Jan 20)
[ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities Sean Amoss (Jan 23)
[ GLSA 201201-12 ] Tor: Multiple vulnerabilities Sean Amoss (Jan 23)
[ GLSA 201201-15 ] ktsuss: Privilege escalation Sean Amoss (Jan 27)
SEC Consult Vulnerability Lab
SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 SEC Consult Vulnerability Lab (Jan 05)
Secunia Research
Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability Secunia Research (Jan 11)
Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities Secunia Research (Jan 11)
security
SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities security (Jan 05)
VertrigoServ 2.25 Cross-Site-Scripting vulnerability security (Jan 05)
[ MDVSA-2012:001 ] fcgi security (Jan 02)
[ MDVSA-2012:002 ] t1lib security (Jan 03)
[ MDVSA-2012:004 ] t1lib security (Jan 12)
[ MDVSA-2012:006 ] openssl security (Jan 16)
Multiple Cross-Site-Scripting vulnerabilities in x3cms security (Jan 11)
[ MDVSA-2011:198 ] phpmyadmin security (Jan 02)
[ MDVSA-2012:009 ] perl security (Jan 18)
[ MDVSA-2012:003 ] apache security (Jan 10)
[ MDVSA-2012:007 ] openssl security (Jan 16)
[ MDVSA-2012:008 ] perl security (Jan 18)
[ MDVSA-2012:011 ] openssl security (Jan 30)
[ MDVSA-2012:010 ] cacti security (Jan 20)
[ MDVSA-2012:005 ] libxml2 security (Jan 16)
Security_Alert
ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. Security_Alert (Jan 17)
ESA-2012-005: EMC NetWorker buffer overflow vulnerability Security_Alert (Jan 26)
ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision Security_Alert (Jan 26)
security-alert
[security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert (Jan 31)
[security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Jan 25)
[security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access security-alert (Jan 25)
[security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access security-alert (Jan 31)
[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Jan 25)
[security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Jan 25)
[security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert (Jan 09)
[security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code security-alert (Jan 12)
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code security-alert (Jan 16)
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information security-alert (Jan 19)
[security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert (Jan 31)
[security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Jan 31)
[security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Jan 09)
Security Explorations
Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations (Jan 09)
Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations (Jan 04)
[SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations (Jan 03)
Solar Designer
pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 20)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 18)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 23)
sschurtz
phpVideoPro Multiple XSS vulnerabilities sschurtz (Jan 16)
ATutor 2.0.3 Multiple XSS vulnerabilities sschurtz (Jan 16)
Beehive Forum 101 Multiple XSS vulnerabilities sschurtz (Jan 16)
BoltWire 3.4.16 Multiple XSS vulnerabilities sschurtz (Jan 16)
Stefan Esser
Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Stefan Esser (Jan 19)
Thijs Kinkhorst
[SECURITY] [DSA 2399-2] php5 regression fix Thijs Kinkhorst (Jan 31)
[SECURITY] [DSA 2387-1] simplesamlphp security update Thijs Kinkhorst (Jan 11)
[SECURITY] [DSA 2391-1] phpmyadmin security update Thijs Kinkhorst (Jan 23)
[SECURITY] [DSA 2399-1] php5 security update Thijs Kinkhorst (Jan 31)
[SECURITY] [DSA 2376-2] ipmitool security update Thijs Kinkhorst (Jan 02)
Thomas Quinot
AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS Thomas Quinot (Jan 27)
Tim Sammut
[ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities Tim Sammut (Jan 09)
[ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities Tim Sammut (Jan 05)
[ GLSA 201201-02 ] MySQL: Multiple vulnerabilities Tim Sammut (Jan 06)
[ GLSA 201201-17 ] Chromium: Multiple vulnerabilities Tim Sammut (Jan 30)
tom
Webcalendar 1.2.4 'location' XSS tom (Jan 20)
Tinyguestbook XSS tom (Jan 03)
Family Connections 2.7.2 Multiple XSS tom (Jan 16)
Trustwave Advisories
TWSL2012-002: Multiple Vulnerabilities in WordPress Trustwave Advisories (Jan 25)
TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System Trustwave Advisories (Jan 04)
VMware Security Team
VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security Team (Jan 31)
vuln
GreenBrowser iframe content Double Free Vulnerability vuln (Jan 12)
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01) VUPEN Security Research (Jan 11)
Yves-Alexis Perez
[SECURITY] [DSA 2388-1] t1lib security update Yves-Alexis Perez (Jan 16)
ZDI Disclosures
ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability ZDI Disclosures (Jan 10)
ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability ZDI Disclosures (Jan 06)
ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability ZDI Disclosures (Jan 06)
ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities ZDI Disclosures (Jan 12)
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability ZDI Disclosures (Jan 06)
ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures (Jan 12)
ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability ZDI Disclosures (Jan 06)
ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability ZDI Disclosures (Jan 25)
ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities ZDI Disclosures (Jan 06)
ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability ZDI Disclosures (Jan 10)
ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jan 23)
ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability ZDI Disclosures (Jan 10)
ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability ZDI Disclosures (Jan 12)
ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability ZDI Disclosures (Jan 12)
ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jan 10)
ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability ZDI Disclosures (Jan 06)
ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability ZDI Disclosures (Jan 31)
ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution ZDI Disclosures (Jan 12)
ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability ZDI Disclosures (Jan 06)