Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
173 messages
starting Mar 16 12 and
ending Mar 05 12
Date index |
Thread index |
Author index
abhijeet
[Announcement] ClubHack Mag - Call for Articles abhijeet (Mar 16)
admin@v-lab
11in1 CMS v1.2.1 - SQL Injection Vulnerabilities admin@v-lab (Mar 06)
advisory
Multiple XSS in Fork CMS advisory (Mar 07)
Multiple vulnerabilities in Open Journal Systems (OJS) advisory (Mar 21)
ali . raheem
Multiple SQL injections in rivettracker <=1.03 ali . raheem (Mar 07)
Apple Product Security
APPLE-SA-2012-03-07-3 Apple TV 5.0 Apple Product Security (Mar 08)
APPLE-SA-2012-03-12-1 Safari 5.1.4 Apple Product Security (Mar 12)
APPLE-SA-2012-03-07-1 iTunes 10.6 Apple Product Security (Mar 08)
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update Apple Product Security (Mar 08)
Asterisk Security Team
AST-2012-003: Stack Buffer Overflow in HTTP Manager Asterisk Security Team (Mar 16)
AST-2012-002: Remote Crash Vulnerability in Milliwatt Application Asterisk Security Team (Mar 16)
B Potter
Announcing Hackademic CFP B Potter (Mar 13)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco Systems Product Security Incident Response Team (Mar 14)
Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 14)
Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 28)
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Mar 14)
come2waraxe
[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0 come2waraxe (Mar 27)
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 come2waraxe (Mar 29)
cxib
PHP 5.4/5.3 deprecated eregi() memory_limit bypass cxib (Mar 30)
CXySuYg5DuKktzX
Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug" CXySuYg5DuKktzX (Mar 19)
dann frazier
[SECURITY] [DSA 2443-1] linux-2.6 security update dann frazier (Mar 27)
david . kurz
[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability david . kurz (Mar 20)
demonalex
Matthew1471s ASP BlogX - XSS Vulnerabilities demonalex (Mar 27)
at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability demonalex (Mar 19)
Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability demonalex (Mar 05)
Dmitry Yu. Bolkhovityanov
Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Dmitry Yu. Bolkhovityanov (Mar 09)
ds . adv . pub
Intuit Help System Protocol File Retrieval ds . adv . pub (Mar 30)
VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation ds . adv . pub (Mar 30)
Intuit Help System Protocol URL Heap Corruption and Memory Leak ds . adv . pub (Mar 30)
Fernando Gont
Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D) Fernando Gont (Mar 05)
Filippo Cavallarin
OSClass directory traversal (leads to arbitrary file upload) Filippo Cavallarin (Mar 07)
Florian Weimer
[SECURITY] [DSA 2425-1] plib security update Florian Weimer (Mar 05)
[SECURITY] [DSA 2440-1] libtasn1-3 security update Florian Weimer (Mar 27)
[SECURITY] [DSA 2442-1] openarena security update Florian Weimer (Mar 27)
[SECURITY] [DSA 2423-1] movabletype-opensource security update Florian Weimer (Mar 05)
[SECURITY] [DSA 2429-1] mysql-5.1 security update Florian Weimer (Mar 08)
[SECURITY] [DSA 2426-1] gimp security update Florian Weimer (Mar 07)
[SECURITY] [DSA 2427-1] imagemagick security update Florian Weimer (Mar 07)
[SECURITY] [DSA 2441-1] gnutls26 security update Florian Weimer (Mar 27)
[SECURITY] [DSA 2444-1] tryton-server security update Florian Weimer (Mar 29)
[SECURITY] [DSA 2424-1] libxml-atom-perl security update Florian Weimer (Mar 05)
gabor . berczi
Prado TJavaScript::encode() script injection vulnerability gabor . berczi (Mar 23)
Gabriele Giacone
[SECURITY] [DSA 2435-1] gnash security update Gabriele Giacone (Mar 20)
Henri Salo
Re: WikyBlog 1.7.3RC2 XSS vulnerability Henri Salo (Mar 19)
Re: Ariadne 2.7.6 Multiple XSS vulnerabilities Henri Salo (Mar 12)
Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS Henri Salo (Mar 09)
Irene Abezgauz
Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter) Irene Abezgauz (Mar 21)
Ivan Buetler
Struts2 Security Challenge Ivan Buetler (Mar 14)
Jan Schejbal
Android wipe unreliable Jan Schejbal (Mar 19)
Jim Harrison
RE: Regarding MS12-020 Jim Harrison (Mar 21)
Joao Paulo Caldas Campello
[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection Joao Paulo Caldas Campello (Mar 06)
[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface Joao Paulo Caldas Campello (Mar 06)
Joe Arnold
RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Joe Arnold (Mar 19)
Kotas, Kevin J
CA20120320-01: Security Notice for CA ARCserve Backup Kotas, Kevin J (Mar 22)
Kurt Seifried
Re: [oss-security] Case YVS Image Gallery Kurt Seifried (Mar 19)
larry0
Oracle Exadata Infiniband Switch default logins and world readable shadow file larry0 (Mar 14)
Leif Hedstrom
[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 Leif Hedstrom (Mar 23)
Lists
Symfony2 Local File Disclosure - Security Advisory - SOS-12-002 Lists (Mar 05)
Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004 Lists (Mar 12)
Iciniti Store SQL Injection - Security Advisory - SOS-12-003 Lists (Mar 08)
Luciano Bello
[SECURITY] [DSA 2434-1] nginx security update Luciano Bello (Mar 20)
Mark Krenz
gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Mark Krenz (Mar 08)
Mark Stanislav
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) Mark Stanislav (Mar 23)
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) Mark Stanislav (Mar 23)
Markus Vervier
LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption Markus Vervier (Mar 09)
Martin Grigorov
[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter Martin Grigorov (Mar 23)
[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability Martin Grigorov (Mar 23)
Michal Bucko
Eleytt Research ER-03-2012 Michal Bucko (Mar 08)
Moritz Muehlenhoff
[SECURITY] [DSA 2428-1] freetype security update Moritz Muehlenhoff (Mar 08)
[SECURITY] [DSA 2437-1] icedove security update Moritz Muehlenhoff (Mar 21)
[SECURITY] [DSA 2438-1] raptor security update Moritz Muehlenhoff (Mar 23)
[SECURITY] [DSA 2430-1] python-pam security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2431-1] libdbd-pg-perl security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update Moritz Muehlenhoff (Mar 12)
[SECURITY] [DSA 2433-1] iceweasel security update Moritz Muehlenhoff (Mar 16)
[SECURITY] [DSA 2439-1] libpng security update Moritz Muehlenhoff (Mar 23)
moshez
PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability moshez (Mar 13)
Narendra Shinde
Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417] Narendra Shinde (Mar 13)
Netsparker Advisories
Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Netsparker Advisories (Mar 29)
nospam
Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability nospam (Mar 28)
D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability nospam (Mar 28)
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability nospam (Mar 19)
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability nospam (Mar 22)
Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability nospam (Mar 19)
Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution nospam (Mar 28)
TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow nospam (Mar 28)
otr
PcwRunAs Password Obfuscation Design Flaw otr (Mar 27)
OWASP AppSec EU
OWASP AppSec Research EU CFP/CFT OWASP AppSec EU (Mar 29)
Patrick Webster
OSI Security: CheckPoint Firewall VPN - Information Disclosure Patrick Webster (Mar 12)
Research
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Research (Mar 30)
Research@NGSSecure
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked Research@NGSSecure (Mar 29)
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI Research@NGSSecure (Mar 29)
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens Research@NGSSecure (Mar 29)
NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts Research@NGSSecure (Mar 29)
NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user Research@NGSSecure (Mar 29)
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators Research@NGSSecure (Mar 29)
research () vulnerability-lab com
[Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities research () vulnerability-lab com (Mar 08)
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities research () vulnerability-lab com (Mar 08)
[Suspected Spam] FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability research () vulnerability-lab com (Mar 02)
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities research () vulnerability-lab com (Mar 08)
[Suspected Spam] Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities research () vulnerability-lab com (Mar 02)
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability research () vulnerability-lab com (Mar 08)
[Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability research () vulnerability-lab com (Mar 08)
RGill
Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass RGill (Mar 19)
Saurabh Harit
Cyberoam Unified Threat Management: Insecure Password Handling Saurabh Harit (Mar 21)
Cyberoam Unified Threat Management: OS Command Execution Saurabh Harit (Mar 21)
SEC Consult Vulnerability Lab
SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom SEC Consult Vulnerability Lab (Mar 19)
security
[ MDVSA-2012:038 ] openssl security (Mar 27)
[ MDVSA-2012:041 ] expat security (Mar 27)
[ MDVSA-2012:031 ] firefox security (Mar 19)
[ MDVSA-2012:043 ] nginx security (Mar 29)
[ MDVSA-2012:034 ] libzip security (Mar 23)
[ MDVSA-2012:039 ] libtasn1 security (Mar 27)
[ MDVSA-2012:033 ] libpng security (Mar 21)
[ MDVSA-2012:032 ] mozilla security (Mar 20)
[ MDVSA-2012:037 ] cyrus-imapd security (Mar 23)
[ MDVSA-2012:035 ] file security (Mar 23)
[ MDVSA-2012:036 ] libsoup security (Mar 23)
[ MDVSA-2012:029 ] pidgin security (Mar 16)
[ MDVSA-2012:042 ] wireshark security (Mar 28)
[ MDVSA-2012:030 ] systemd security (Mar 16)
[ MDVSA-2012:040 ] gnutls security (Mar 27)
[ MDVSA-2012:028 ] libxslt security (Mar 01)
[ MDVSA-2012:044 ] cvs security (Mar 29)
[ MDVSA-2012:045 ] gnutls security (Mar 30)
Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 Security (Mar 21)
Security_Alert
ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability Security_Alert (Mar 06)
ESA-2012-014: RSA enVision Multiple Vulnerabilities Security_Alert (Mar 19)
ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities Security_Alert (Mar 13)
security-alert
[security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Mar 28)
[security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Mar 20)
[security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert (Mar 07)
[security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS) security-alert (Mar 28)
[security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Mar 28)
[security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Mar 07)
[security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) security-alert (Mar 28)
[security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data security-alert (Mar 28)
[security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code security-alert (Mar 13)
[security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Mar 19)
security-bulletin
nginx fix for malformed HTTP responses from upstream servers security-bulletin (Mar 15)
Security Mailing List
Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List (Mar 12)
Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List (Mar 15)
simon . ganiere
Synology Photo Station 5 - Reflected Cross-Site Scripting simon . ganiere (Mar 12)
Simon McVittie
Traffic amplification via Quake 3-based servers Simon McVittie (Mar 27)
Solar Designer
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 27)
sschurtz
Wikidforum 2.10 Multiple security vulnerabilities sschurtz (Mar 12)
WikyBlog 1.7.3RC2 XSS vulnerability sschurtz (Mar 15)
CMSimple_XH 1.5.2 Cross-site Scripting vulnerability sschurtz (Mar 21)
Stefan Kanthak
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process) Stefan Kanthak (Mar 05)
Steffen Dettmer
SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer (Mar 27)
sumanj
Evasion attacks expoliting file-parsing vulnerabilities in antivirus products sumanj (Mar 19)
Thijs Kinkhorst
[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update Thijs Kinkhorst (Mar 19)
Thomas Richards
Timesheet Next Gen 1.5.2 Multiple SQLi Thomas Richards (Mar 05)
Thor (Hammer of God)
Regarding MS12-020 Thor (Hammer of God) (Mar 20)
RE: Regarding MS12-020 Thor (Hammer of God) (Mar 21)
Timo Warns
[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 27)
vince
Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) vince (Mar 19)
VMware Security Team
VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Team (Mar 09)
VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE VMware Security Team (Mar 09)
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting VMware Security Team (Mar 16)
VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues VMware Security Team (Mar 19)
voidloafer
struts2 xsltResult Local code execution vulnerability voidloafer (Mar 23)
VSR Advisories
CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories (Mar 27)
vulns
SAP Business Objects XI R2 Infoview Multiple XSS vulns (Mar 08)
VUPEN Security Research
VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768) VUPEN Security Research (Mar 19)
xcon
XCon 2012 XFocus Information Security Conference Call for Paper xcon (Mar 07)
YGN Ethical Hacker Group
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Mar 05)
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group (Mar 05)