Bugtraq: by date

PreviousPrevious period
Next periodNext

132 messages starting Jan 01 13 and ending Jan 31 13
Date index | Thread index | Author index

Tuesday, 01 January

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash muztapha
Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling YGN Ethical Hacker Group
CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried
AthCon 2013 CFP OPEN cfp

Wednesday, 02 January

Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried
ShakaCon 2013 - Call for Papers Shakacon
[ MDVSA-2013:001 ] gnupg security

Thursday, 03 January

AST-2012-014: Crashes due to large stack allocations when using TCP Asterisk Security Team
AST-2012-015: Denial of Service Through Exploitation of Device State Caching Asterisk Security Team
Aastra IP Telephone encrypted .tuz configuration file leakage Timo Juhani Lindfors
Simple Webserver 2.3-rc1 Directory Traversal cwggenius

Friday, 04 January

CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF) i () amroot com
CVE-2012-6494 - Nexpose Security Console - Session Hijacking i () amroot com
TomatoCart 1.x | Unrestricted File Creation YGN Ethical Hacker Group

Monday, 07 January

CFP: InfoSec Southwest 2013 todb
[SECURITY] [DSA 2597-1] rails security update Nico Golde
[SECURITY] [DSA 2598-1] weechat security update Moritz Muehlenhoff
[SECURITY] [DSA 2599-1] nss security update Thijs Kinkhorst
[SECURITY] [DSA 2600-1] cups security update Nico Golde
[security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
Chrome for Android - UXSS via com.android.browser.application_id Intent extra mbsdtest01
Chrome for Android - Download Function Information Disclosure mbsdtest01
Chrome for Android - Android APIs exposed to JavaScript mbsdtest01
Chrome for Android - Bypassing SOP for Local Files By Symlinks mbsdtest01
Chrome for Android - Cookie theft from Chrome by malicious Android app mbsdtest01
Facebook for Android - Information Diclosure Vulnerability mbsdtest01

Tuesday, 08 January

ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability Security Alert
[security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access security-alert
[SECURITY] [DSA 2602-1] zendframework security update Florian Weimer

Wednesday, 09 January

Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Cisco Systems Product Security Incident Response Team
[ MDVSA-2013:002 ] firefox security
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart advisory
Remote Buffer Overflow Vulnerability in Samsung Kies advisory
Nero MediaHome Multiple Remote DoS Vulnerabilities advisory
[ MDVSA-2013:003 ] rootcerts security
[SECURITY] [DSA 2603-1] emacs23 security update Moritz Muehlenhoff
[SECURITY] [DSA 2604-1] rails security update Thijs Kinkhorst

Thursday, 10 January

[slackware-security] mozilla-firefox (SSA:2013-009-01) Slackware Security Team
[slackware-security] seamonkey (SSA:2013-009-03) Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2013-009-02) Slackware Security Team
[ MDVSA-2013:004 ] tomcat5 security
OrangeHRM 2.7.1 Vacancy Name Persistent XSS SBV Research
Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Beni_vanda
Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) Arne Vidström
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit DefenseCode

Friday, 11 January

[SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code Security Explorations
[security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) security-alert
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Henri Salo

Monday, 14 January

Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect Include Security Research
[SECURITY] [DSA 2606-1] proftpd-dfsg security update Thijs Kinkhorst
[SECURITY] [DSA 2605-1] asterisk security update Thijs Kinkhorst
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows Jan Lehnardt
CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI Jan Lehnardt
CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash Jan Lehnardt
Updated - CA20121018-01: Security Notice for CA ARCserve Backup Kotas, Kevin J
[IA33] Serva v2.0.0 DNS Server Remote Denial of Service Inshell Security
[IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service Inshell Security

Tuesday, 15 January

[SECURITY] [DSA 2607-1] qemu-kvm security update Florian Weimer
[SECURITY] [DSA 2608-1] qemu security update Florian Weimer
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability Rustein, Fara Denise (LATCO - Buenos Aires)

Wednesday, 16 January

[slackware-security] freetype (SSA:2013-015-01) Slackware Security Team
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Paolo Perego
Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities rgilbert
Re: [CVE-ID REQUEST] vBulletin - Multiple Open Redirects rgilbert
Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
DC4420 - 2013 CFP Major Malfunction

Thursday, 17 January

[SECURITY] [DSA 2609-1] rails security update Florian Weimer
Cisco Security Advisory Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Cisco Systems Product Security Incident Response Team
Secunia Research: Oracle Outside In Technology Paradox Database Handling Denial of Service Secunia Research
Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow Secunia Research
NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/) NSO Research
NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/) NSO Research

Friday, 18 January

CVE-2012-6452 Axway Secure Messenger Username Disclosure jason . doyle

Monday, 21 January

Recently-revised IETF I-Ds about IPv6 security Fernando Gont
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable Security Explorations
ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities Security Alert
CA20121220-01: Security Notice for CA IdentityMinder [updated] Williams, James K
[SECURITY] [DSA 2605-2] asterisk regression update Thijs Kinkhorst
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069 Stefan Kanthak
NoSuchCon CFP / 15-17 May 2013 / Paris, France Jonathan Brossard
(AUSCERT#20131775e) AusCERT 2013 Call For Presentations - closing in 10 days auto-bulletins
Multiple Vulnerabilities in Linksys WRT54GL devnull
Re: EMC Avamar: World writable cache files security_alert
Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin marcelavbx

Tuesday, 22 January

[SECURITY] [DSA 2610-1] ganglia security update Yves-Alexis Perez
[HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb Hafez Kamal
[SECURITY] [DSA 2611-1] movabletype-opensource security update Yves-Alexis Perez
Looking for security contacts DefenseCode
Wordpress Developer Formatter CSRF Vulnerability illSecResearchGroup
SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability SEC Consult Vulnerability Lab
SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability SEC Consult Vulnerability Lab
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability i
Wordpress Valums Uploader - File Upload Vulnerability Vulnerability Lab
Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable Security Explorations

Wednesday, 23 January

[security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code security-alert
[slackware-security] mysql (SSA:2013-022-01) Slackware Security Team
DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013 Major Malfunction

Thursday, 24 January

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team
CVE ID Syntax Change - Call for Public Feedback cve-id-change
CVE-2013-0805 / CSNC-2013-001 stephan . rickauer
Cross-Site Scripting (XSS) vulnerability in gpEasy advisory
SQL Injection Vulnerability in ImageCMS advisory
New Blog Post: Attacking the Windows 7/8 Address Space Randomization king cope
IPv6: How to avoid security issues with VPN leaks on dual-stack networks Fernando Gont
SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products SEC Consult Vulnerability Lab

Friday, 25 January

[SECURITY] [DSA 2612-1] ircd-ratbox security update Moritz Muehlenhoff
WordPress SolveMedia 1.1.0 CSRF Vulnerability illSecResearchGroup

Tuesday, 29 January

[SE-2012-01] An issue with new Java SE 7 security features Security Explorations
[ MDVSA-2013:005 ] perl security
nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities Vulnerability Lab
Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Vulnerability Lab
ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability Security Alert
Kohana Framework v2.3.3 - Directory Traversal Vulnerability Vulnerability Lab
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability Egidio Romano
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update Apple Product Security
APPLE-SA-2013-01-28-2 Apple TV 5.2 Apple Product Security
Unauthenticated remote access to D-Link DCS cameras roberto
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Moritz Naumann
Adobe Reader XI versions are vulnerable to a heap overflow n1s0o
Re: Wordpress Valums Uploader - File Upload Vulnerability fineuploader

Wednesday, 30 January

Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2613-1] rails security update Thijs Kinkhorst

Thursday, 31 January

Buffalo TeraStation TS-Series multiple vulnerabilities Andrea Fabrizi
CFP Observe. Hack. Make. Walter Belgers
OWASP Zed Attack Proxy 2.0.0 psiinon
marc4dasm - Atmel MARC microprocessor disassembler published Adam Laurie
[security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS) security-alert
DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability DefenseCode
Released: rompar - Semi-automation tool for data extraction of microscopic Masked ROM images Major Malfunction
PreviousPrevious period
Next periodNext