Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
296 messages
starting Apr 01 11 and
ending Apr 29 11
Date index |
Thread index |
Author index
Friday, 01 April
BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload Tavis Ormandy
[security bulletin] HPSBMA02650 SSRT100429 rev.1 - HP Operations for UNIX, Remote Cross Site Scripting (XSS), Unauthorized Access security-alert
[ MDVSA-2011:058 ] quagga security
iDefense Security Advisory 03.31.10: RealNetworks Helix DNA Server RTSP Stack Buffer Overflow labs-no-reply
[ MDVSA-2011:057 ] apache security
Microsoft VISTA TCP/IP heap buffer underflow J. Oquendo
RE: [Full-disclosure] Microsoft VISTA TCP/IP heap buffer underflow Thor (Hammer of God)
6-year FreeBSD-SA-05:02.sendfile exploit Solar Designer
[ MDVSA-2011:059 ] ffmpeg security
[security bulletin] HPSBUX02645 SSRT100387 rev.1 - HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02646 SSRT100396 rev.1 - HP-UX, Local Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02639 SSRT100293 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) security-alert
AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability SecPod Research
Flag this message Windows Media player 11.0.5721.5145 Buffer overflow/DOS Exploit ^Xecuti0N3r
Movie Player v4.82 0Day Buffer overflow/DOS Exploit ^Xecuti0N3r
Monday, 04 April
[ MDVSA-2011:060 ] ffmpeg security
Re: RFI in JAF CMS security curmudgeon
XCon 2011 XFocus Information Security Conference Call for Paper xcon
[SECURITY] [DSA 2210-1] tiff security update Thijs Kinkhorst
Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang) mike
[ MDVSA-2011:061 ] ffmpeg security
[ MDVSA-2011:062 ] ffmpeg security
[ MDVSA-2011:063 ] xmlsec1 security
[SECURITY] [DSA 2209-1] tgt security update Moritz Muehlenhoff
ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability ZDI Disclosures
THOMSON Router XSS edgard . chammas
Xymon monitor cross-site scripting vulnerabilities Henrik Størner
DC4420 - London DEFCON - April meet - Wednesday 22nd April 2011 Major Malfunction
Re: DC4420 - London DEFCON - April meet - Wednesday 20th April 2011 Adam Laurie
[ MDVSA-2011:064 ] libtiff security
ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability ZDI Disclosures
RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution and Code Execution Vulnerabilities nospam
ZDI-11-041: (0day) Multiple Browser Node Processing Stack Overflow Vulnerability ZDI Disclosures
RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities nospam
[USN-1103-1] tex-common vulnerability Marc Deslauriers
[USN-1102-1] tiff vulnerability Marc Deslauriers
Re: Xymon monitor cross-site scripting vulnerabilities Henri Salo
[USN-1104-1] FFmpeg vulnerabilities Marc Deslauriers
Tuesday, 05 April
HTB22914: Local File Inclusion in UseBB advisory
HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB advisory
HTB22912: Multiple SQL Injections in Eleanor CMS advisory
HTB22911: XSS in Eleanor CMS advisory
[security bulletin] HPSBMA02652 SSRT100432 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure security-alert
StartSite.ir Cross-site Scripting Vulnerability md . r00t . defacer
[ MDVSA-2011:065 ] logrotate security
Wednesday, 06 April
Re: XSS in CompactCMS security curmudgeon
Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL security curmudgeon
[USN-1105-1] Linux kernel vulnerabilities Kees Cook
[ MDVSA-2011:066 ] rsync security
XSS Vulnerability in Redmine 1.0.1 to 1.1.1 Netsparker Advisories
Re: AWCM v2.2 Auth Bypass Vulnerabilities security curmudgeon
ICMPv6 Router Announcement flooding denial of service affecting multiple systems Marc Heuse
Re: Multiple vulnerabilities in chCounter <= 3.1.3 security curmudgeon
[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure Mark Thomas
[SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass Mark Thomas
Sonexis ConferenceManager SQL Injection robkraus
[USN-1107-1] x11-xserver-utils vulnerability Marc Deslauriers
[USN-1106-1] NSS vulnerabilities Micah Gersten
Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities robkraus
Thursday, 07 April
[SECURITY] [DSA 2211-1] vlc security update Moritz Muehlenhoff
SEC Consult SA-20110407-0 :: Libmodplug ReadS3M Stack Overflow SEC Consult Vulnerability Lab
HTB22921: SQL Injection in Viscacha advisory
HTB22919: Multiple XSS in Viscacha advisory
HTB22915: Path disclosure in Joomla advisory
HTB22920: Path disclosure in Viscacha advisory
HTB22918: Path disclosure in phpCollab advisory
HTB22917: XSS vulnerabilities in phpCollab advisory
HTB22916: XSRF (CSRF) in phpCollab advisory
Friday, 08 April
O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF) Hanno Böck
phplist: cross site request forgery (CSRF), CVE-2011-0748 Hanno Böck
[SECURITY] [DSA 2212-1] tmux security update Nico Golde
XSS Vulnerabilities in 1024cms Admin Control Panel v1.1.0 Beta by_argos
LFI Vulnerability in 024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) by_argos
Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) by_argos
XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) by_argos
LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) by_argos
[ MDVSA-2011:069 ] php security
[ MDVSA-2011:070 ] gdm security
[ MDVSA-2011:071 ] kdelibs4 security
[ MDVSA-2011:072 ] gwenhywfar security
joomlacontenteditor (com_jce) BLIND sql injection vulnerability eidelweiss
Monday, 11 April
[SECURITY] [DSA 2213-1] x11-xserver-utils security update Nico Golde
[SECURITY] [DSA 2214-1] ikiwiki security update Nico Golde
Re: XSRF (CSRF) in Wolf CMS security curmudgeon
Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1 by_argos
[SECURITY] [DSA 2215-1] gitolite security update Nico Golde
WOOT '11 Call for Papers (reminder) Michal Zalewski
[Tool] sqlmap 0.9 released Miroslav Stampar
[SECURITY] [DSA 2216-1] isc-dhcp security update Nico Golde
Linksys WRT54G - read router password from file placed on FTP rafdw
ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability ZDI Disclosures
[ MDVSA-2011:073 ] dhcp security
[SECURITY] [DSA 2217-1] dhcp3 security update Nico Golde
Vulnerabilities in Microsoft Reader and HIS Luigi Auriemma
ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability ZDI Disclosures
rPSA-2011-0013-1 openssl openssl-scripts rPath Update Announcements
Passwords^11 - Call for Papers ending April 17! Per Thorsheim
rPSA-2011-0014-1 httpd mod_ssl rPath Update Announcements
Tuesday, 12 April
[USN-1108-1] DHCP vulnerability Marc Deslauriers
Medium severity flaw in Konqueror Tim Brown
Re: [Full-disclosure] Medium severity flaw in Konqueror Vincent Danen
CFP for BugCON 2011 @ Mexico City Carlos A. Lozano
HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe advisory
HTB22930: Multiple XSS in WebCalendar advisory
[SECURITY] [DSA 2218-1] vlc security update Nico Golde
HTB22926: XSS vulnerability in Plogger advisory
HTB22925: Path disclosure in Plogger advisory
Stack overflow in Microsoft HTML Help 6.1 (CHM files) Luigi Auriemma
HTB22929: Multiple Path disclosure in WebsiteBaker advisory
[security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS) security-alert
Re: [Full-disclosure] Medium severity flaw in Konqueror Tim Brown
[IMF 2011] Call for Participation Oliver Goebel
HTB22928: Multiple SQL Injections in WebsiteBaker advisory
Wednesday, 13 April
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability ZDI Disclosures
Announcing TakeDownCon Dallas - May 14-19 - Dallas, TX EC-Council USA
ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability ZDI Disclosures
nSense-2011-001: VeryPDF pdf2tif Henri Lindberg
[security bulletin] HPSBUX02655 SSRT100353 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS) security-alert
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability VUPEN Security Research
iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability labs-no-reply
[security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS) security-alert
Re: joomlacontenteditor (com_jce) BLIND sql injection vulnerability Stephen Brandon
iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability labs-no-reply
[USN-1109-1] GIMP vulnerabilities Marc Deslauriers
[PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel Timo Warns
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2011:074 ] qt4 security
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability VUPEN Security Research
[DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption Flavio do Carmo Junior aka waKKu
[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) security-alert
Microsoft Patches Binary Planting Issues In Various Vendors' Products ACROS Security Lists
MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285] Tom Yu
Thursday, 14 April
Re: ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability nospam
ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability ZDI Disclosures
ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability ZDI Disclosures
ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability ZDI Disclosures
ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability ZDI Disclosures
ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability ZDI Disclosures
CA20110413-01: Security Notice for CA Total Defense Kotas, Kevin J
ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability ZDI Disclosures
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability ZDI Disclosures
ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability ZDI Disclosures
HTB22924: Arbitrary Command Execution in phpAlbum.net advisory
HTB22923: XSRF (CSRF) in phpAlbum.net advisory
HTB22922: XSS vulnerabilities in phpAlbum.net advisory
[security bulletin] HPSBMA02652 SSRT100432 rev.3 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure security-alert
The BodgeIt Store - another vulnerable web app psiinon
Recon 2011 - Accepted Talks , Training, Call For Papers Reminder - July 8 to 10, 2011 - Montreal, Quebec hfortier
[USN-1110-1] KDE-Libs vulnerabilities Jamie Strandboge
ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability ZDI Disclosures
Friday, 15 April
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034) VUPEN Security Research
ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability ZDI Disclosures
VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345) VUPEN Security Research
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094) VUPEN Security Research
RE: THOMSON Router XSS Auffret Patrice
Monday, 18 April
Does anyone know how to contact OpenSSH non-public? Jann Horn
Re: DC4420 - London DEFCON - April meet - Wednesday 20th April 2011 Major Malfunction
Announcement: ClubHACK Magazine Issue 15-April 2011 released abhijeet
[USN-1113-1] Postfix vulnerabilities Marc Deslauriers
ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability Security_Alert
ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch Security_Alert
cPassMan v1.82 Arbitrary File Download - SOS-11-004 Lists
Re: Does anyone know how to contact OpenSSH non-public? Rico Secada
Tuesday, 19 April
HTB22932: Multiple XSS in webSPELL advisory
HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin advisory
[DCA-2011-0011] - Ocomon Multiple SQL Injection Crash
HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin advisory
[Annoucement] CHMag Call for Articles abhijeet
HTB22940: XSS in SocialGrid wordpress plugin advisory
HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum advisory
HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin advisory
HTB22933: Multiple Path disclosure in webSPELL advisory
ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2219-1] xmlsec1 security update Thijs Kinkhorst
[USN-1114-1] KDENetwork vulnerability Jamie Strandboge
[security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access security-alert
Windows Synchronization Object Vulnerabilites in Antivirus Suites Lists
HTB22931: XSS vulnerability in InTerra Blog Machine advisory
HTB22943: XSS in Dalbum advisory
HTB22937: Path disclosure in Universal Post Manager wordpress plugin advisory
Re: SQL Injection in LightNEasy security curmudgeon
HTB22942: Path disclousure in Dalbum advisory
HTB22938: Multiple XSS in Universal Post Manager wordpress plugin advisory
Re: SQL Injection in LightNEasy security curmudgeon
Wednesday, 20 April
[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS) security-alert
[security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert
[USN-1118-1] OpenSLP vulnerability Marc Deslauriers
ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS) security-alert
[USN-1108-2] DHCP vulnerability Marc Deslauriers
[SECURITY] [DSA 2221-1] Mojolicious security update Moritz Muehlenhoff
ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Service (DoS) security-alert
ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability ZDI Disclosures
[USN-1115-1] language-selector vulnerability Kees Cook
[security bulletin] HPSBMA02660 SSRT100433 rev.1 - HP Performance Insight Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access to Sensitive Information security-alert
[USN-1116-1] Kerberos vulnerability Kees Cook
[SECURITY] [DSA 2220-1] Request Tracker security update Florian Weimer
[USN-1117-1] PolicyKit vulnerability Kees Cook
Directory Traversal Vulnerability in Viola DVR VIO-4/1000 by_argos
[ MDVSA-2011:075 ] kdelibs4 security
[SECURITY] [DSA 2222-1] tinyproxy security update Moritz Muehlenhoff
[SECURITY] [DSA 2223-1] doctrine security update Florian Weimer
Thursday, 21 April
[security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF) security-alert
[security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation security-alert
[SECURITY] [DSA 2224-1] openjdk-6 security update Florian Weimer
CA20110420-02: Security Notice for CA Output Management Web Viewer Williams, James K
[USN-1119-1] Linux kernel (OMAP4) vulnerabilities Kees Cook
CA20110420-01: Security Notice for CA SiteMinder Williams, James K
HTB22947: XSS in Ajax Category Dropdown wordpress plugin advisory
FreeBSD Security Advisory FreeBSD-SA-11:01.mountd FreeBSD Security Advisories
HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin advisory
HTB22945: Multiple XSS in ZENphoto advisory
HTB22950: SQL injection in 4images advisory
HTB22949: Multiple Path disclousure in 4images advisory
HTB22944: Path disclousure in ZENphoto advisory
hack.lu 2011 CFP hack.lu 2011 information team
[USN-1120-1] tiff vulnerability Marc Deslauriers
[ MDVSA-2011:076 ] xrdb security
Monday, 25 April
AST-2011-005: File Descriptor Resource Exhaustion Asterisk Security Team
[security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection security-alert
[DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay Alexandr Polyakov
[security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure security-alert
[ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011) ACM CCS 2011
[ MDVSA-2011:077 ] krb5 security
[ MDVSA-2011:078 ] libtiff security
XSS in Webmin 1.540 + exploit for privilege escalation Javier Bassi
AT-TFTP Server Remote Denial of Service Vulnerability SecPod Research
AST-2011-006: Asterisk Manager User Shell Access Asterisk Security Team
Re: HTB22945: Multiple XSS in ZENphoto Christian Kujau
[TOOL RELEASE] T50 - an Experimental Mixed Packet Injector ( v5.3) Nelson Brito
Tuesday, 26 April
HTB22957: XSRF (CSRF) in phpList advisory
HTB22954: Path disclousure in yappa-ng Photo Gallery advisory
HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin advisory
HTB22956: XSS vulnerabilities in phpList advisory
HTB22948: Path disclosure in Cotonti advisory
HTB22952: XSS vulnerabilities in Noah's Classifieds advisory
HTB22953: XSS in Max's PHP Photo Album advisory
Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay Vladimir '3APA3A' Dubrovin
Re: SQL Injection in phpMySport security curmudgeon
HTB22955: Path disclosure in BuddyPress WordPress plugin advisory
Wednesday, 27 April
[security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert
[SECURITY] [DSA 2225-1] asterisk security update Moritz Muehlenhoff
[SECURITY] [DSA 2226-1] libmodplug security update Moritz Muehlenhoff
CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Kotas, Kevin J
[security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection security-alert
Re: Stored XSS vulnerability in diafan.CMS security curmudgeon
B-Sides Vienna | NinjaCon 11 Call For Participation astera
NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write Research@NGSSecure
[USN-1124-1] rsync vulnerability Marc Deslauriers
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Thursday, 28 April
[USN-1125-1] PCSC-Lite vulnerability Marc Deslauriers
HTB22958: XSS in phpGraphy advisory
HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy advisory
HTB22961: XSS in WP Photo Album wordpress plugin advisory
CFP: Hacktivity 2011, September 17-18, Budapest, Hungary jozsef . tiborcz
HTB22965: Multiple XSS vulnerabilities in BackupPC advisory
hashdays 2011 - Call for Papers (#days CFP) Hashdays CFP
HTB22960: XSS in Daily Maui Photo Widget wordpress plugin advisory
[Onapsis Security Advisory 2011-010] Oracle JD Edwards JDENET Remote Logging Deactivation Onapsis Research Labs
[Onapsis Security Advisory 2011-011] Oracle JD Edwards JDENET Buffer Overflow Onapsis Research Labs
[Onapsis Security Advisory 2011-012] Oracle JD Edwards JDENET Firewall Bypass Onapsis Research Labs
[Onapsis Security Advisory 2011-013] Oracle JD Edwards JDENET USRBROADCAST Denial of Service Onapsis Research Labs
[Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure Onapsis Research Labs
VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console VMware Security Team
[Onapsis Security Advisory 2011-006] Oracle JD Edwards JDENET Kernel Denial of Service Onapsis Research Labs
ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability ZDI Disclosures
[Onapsis Security Advisory 2011-008] Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution Onapsis Research Labs
[Onapsis Security Advisory 2011-007] Oracle JD Edwards JDENET Kernel Shutdown Onapsis Research Labs
[Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure Onapsis Research Labs
[Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities Onapsis Research Labs
[Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities Onapsis Research Labs
Friday, 29 April
[security bulletin] HPSBMA02668 SSRT100474 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert
Re: HTB22827: File Content Disclosure in Wikipad security curmudgeon
ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention Security_Alert
ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-145: HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability ZDI Disclosures
ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability ZDI Disclosures
[USN-1126-1] PHP vulnerabilities Steve Beattie