Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
188 messages
starting Dec 14 11 and
ending Dec 13 11
Date index |
Thread index |
Author index
0a29 40
0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9 0a29 40 (Dec 14)
0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11 0a29 40 (Dec 08)
0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9 0a29 40 (Dec 14)
advisory
Multiple vulnerabilities in Browser CRM advisory (Dec 14)
Multiple vulnerabilities in PHPShop CMS Free advisory (Dec 20)
Multiple vulnerabilities in epesi BIM advisory (Dec 21)
Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store advisory (Dec 02)
Multiple vulnerabilities in OBM advisory (Dec 21)
Amir
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Amir (Dec 12)
Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities Amir (Dec 13)
Andrea Barisani
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
Andrea Fabrizi
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal Andrea Fabrizi (Dec 19)
AppSec DC
*CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers AppSec DC (Dec 09)
Asterisk Security Team
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings Asterisk Security Team (Dec 09)
AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled Asterisk Security Team (Dec 09)
Ben Williams
Exploit for Asterisk Security Advisory AST-2011-013 Ben Williams (Dec 23)
Bouke van Laethem
<BASE> tag used for hijacking external resources (XSS) Bouke van Laethem (Dec 16)
Re: <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem (Dec 19)
Re: <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem (Dec 19)
brian
Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities brian (Dec 14)
Charles Morris
Re: seamless bait-and-switch Charles Morris (Dec 12)
Crash
[DCA-2011-0014] - Elxis CMS Cross Site Script Crash (Dec 05)
[DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure Crash (Dec 08)
ddivulnalert
DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection ddivulnalert (Dec 07)
Felipe M. Aragon
Syhunt: Time-Based Blind NoSQL Injection Felipe M. Aragon (Dec 19)
Fernando Gont
New IETF I-Ds on Fragmentation-related security issues Fernando Gont (Dec 15)
Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011 Fernando Gont (Dec 19)
New IETF I-D on "Stable Privacy Addresses" Fernando Gont (Dec 15)
Florent Daigniere
[MATTA-2011-001] pfSense x509 Insecure Certificate Creation Florent Daigniere (Dec 23)
Florian Weimer
[SECURITY] [DSA 2356-1] openjdk-6 security update Florian Weimer (Dec 01)
[SECURITY] [DSA 2361-1] chasen security update Florian Weimer (Dec 07)
[SECURITY] [DSA 2359-1] mojarra security update Florian Weimer (Dec 06)
[SECURITY] [DSA 2372-1] heimdal security update Florian Weimer (Dec 27)
[SECURITY] [DSA 2358-1] openjdk-6 security update Florian Weimer (Dec 05)
[SECURITY] [DSA 2370-1] unbound security update Florian Weimer (Dec 23)
[SECURITY] [DSA 2375-1] krb5. krb5-appl security update Florian Weimer (Dec 27)
[SECURITY] [DSA 2373-1] inetutils security update Florian Weimer (Dec 27)
Frédéric BOURLA
RE: RFI in JAF CMS Frédéric BOURLA (Dec 21)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:07.chroot FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:06.bind FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd FreeBSD Security Advisories (Dec 27)
FreeBSD Security Advisory FreeBSD-SA-11:10.pam FreeBSD Security Advisories (Dec 27)
FreeBSD Security Officer
Merry Christmas from the FreeBSD Security Team FreeBSD Security Officer (Dec 27)
Henri Salo
Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo (Dec 01)
Re: RFI in JAF CMS Henri Salo (Dec 19)
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo (Dec 05)
Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo (Dec 01)
Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities Henri Salo (Dec 08)
Re: SASHA v0.2.0 Mutiple XSS Henri Salo (Dec 20)
Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities Henri Salo (Dec 08)
Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue Henri Salo (Dec 01)
Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Henri Salo (Dec 19)
Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Henri Salo (Dec 29)
Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Henri Salo (Dec 01)
Re: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo (Dec 01)
HI-TECH .
FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit HI-TECH . (Dec 02)
irist . ir
Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities irist . ir (Dec 06)
I)ruid
InfoSec Southwest 2012 CFP I)ruid (Dec 02)
Ivan Buetler
Xmas 2011 Security Puzzle Ivan Buetler (Dec 27)
HTML 5 Security Report Ivan Buetler (Dec 14)
Jann Horn
Re: <BASE> tag used for hijacking external resources (XSS) Jann Horn (Dec 16)
Re: seamless bait-and-switch Jann Horn (Dec 09)
Jonathan Wiltshire
[SECURITY] [DSA 2366-1] mediawiki security update Jonathan Wiltshire (Dec 19)
LpSolit
Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13 LpSolit (Dec 29)
Luigi Auriemma
Vulnerabilities in Serv-U 11.1.0.3 Luigi Auriemma (Dec 05)
Luiz Eduardo
Call for Papers -YSTS 6 - Security Conference, Brazil Luiz Eduardo (Dec 12)
Major Malfunction
DC4420 - London DEFCON - 13 December 2011 Major Malfunction (Dec 09)
Mario Vilas
Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas (Dec 19)
Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas (Dec 19)
Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas (Dec 19)
Matthieu Suiche
Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012) Matthieu Suiche (Dec 05)
Michal Bucko
Introduction to R-sequence public key cryptography attack Michal Bucko (Dec 12)
Re:Re: Introduction to R-sequence public key cryptography attack Michal Bucko (Dec 14)
Michal Zalewski
fast and somewhat reliable cache timing Michal Zalewski (Dec 05)
post-XSS landscape Michal Zalewski (Dec 21)
Re: seamless bait-and-switch Michal Zalewski (Dec 08)
Re: seamless bait-and-switch Michal Zalewski (Dec 09)
seamless bait-and-switch Michal Zalewski (Dec 08)
Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 12)
silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 19)
the week of silly PoCs continues: data://www.mybank.com/ Michal Zalewski (Dec 09)
Moritz Muehlenhoff
[SECURITY] [DSA 2367-1] asterisk security update Moritz Muehlenhoff (Dec 19)
[SECURITY] [DSA 2374-1] openswan security update Moritz Muehlenhoff (Dec 27)
[SECURITY] [DSA 2365-1] dtc security update Moritz Muehlenhoff (Dec 19)
[SECURITY] [DSA 2364-1] xorg security update Moritz Muehlenhoff (Dec 19)
[SECURITY] [DSA 2362-1] acpid security update Moritz Muehlenhoff (Dec 12)
[SECURITY] [DSA 2363-1] tor security update Moritz Muehlenhoff (Dec 19)
[SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable Moritz Muehlenhoff (Dec 06)
[SECURITY] [DSA 2355-1] clearsilver security update Moritz Muehlenhoff (Dec 01)
n0b0d13s
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection n0b0d13s (Dec 23)
Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities n0b0d13s (Dec 14)
Nico Golde
[SECURITY] [DSA 2381-] lighttpd security update Nico Golde (Dec 21)
[SECURITY] [DSA 2369-1] libsoup2.4 security update Nico Golde (Dec 23)
[SECURITY] [DSA 2368-1] lighttpd security update Nico Golde (Dec 21)
noreply
[PT-2011-43] Database information disclosure in Kayako Fusion noreply (Dec 02)
nothanks
Re: the week of silly PoCs continues: data://www.mybank.com/ nothanks (Dec 12)
pi3
Lighttpd Proof of Concept code for CVE-2011-4362 pi3 (Dec 27)
president
Call for Papers - 2012 Rocky Mountain Information Security Conference president (Dec 08)
psy
XSSer v1.6 -beta- aka "Grey Swarm!" released. psy (Dec 02)
publicity
IFIP NTMS'2012 - Deadline Extended to 12 January 2012 publicity (Dec 19)
RedTeam Pentesting GmbH
[RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes RedTeam Pentesting GmbH (Dec 15)
[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass RedTeam Pentesting GmbH (Dec 15)
Research@NGSSecure
NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI Research@NGSSecure (Dec 15)
NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM Research@NGSSecure (Dec 15)
NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI Research@NGSSecure (Dec 15)
NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI Research@NGSSecure (Dec 15)
research () vulnerability-lab com
[Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities research () vulnerability-lab com (Dec 19)
appRain CMF v0.1.5 - Multiple Web Vulnerabilities research () vulnerability-lab com (Dec 19)
SANS AppSec CFP
SANS AppSec 2012 CFP reminder SANS AppSec CFP (Dec 02)
SEC Consult Vulnerability Lab
SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416 SEC Consult Vulnerability Lab (Dec 30)
SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet SEC Consult Vulnerability Lab (Dec 19)
SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp SEC Consult Vulnerability Lab (Dec 19)
Secunia Research
Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability Secunia Research (Dec 13)
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities Secunia Research (Dec 12)
security
[ MDVSA-2011:187 ] php-pear security (Dec 15)
[ MDVSA-2011:196 ] ipmitool security (Dec 29)
[ MDVSA-2011:197 ] php security (Dec 30)
[ MDVSA-2011:181 ] proftpd security (Dec 07)
Seotoaster SQL-Injection Admin Login Bypass security (Dec 15)
[ MDVSA-2011:183 ] pidgin security (Dec 12)
Tiki Wiki CMS Groupware Stored Cross-Site-Scripting security (Dec 20)
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table security (Dec 29)
[ MDVSA-2011:192 ] mozilla security (Dec 27)
[ MDVSA-2011:186 ] nfs-utils security (Dec 13)
[ MDVSA-2011:189 ] jasper security (Dec 16)
[ MDVSA-2011:193 ] squid security (Dec 27)
[ MDVSA-2011:190 ] libarchive security (Dec 19)
[ MDVSA-2011:188 ] libxml2 security (Dec 15)
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal security (Dec 12)
[ MDVSA-2011:184 ] krb5 security (Dec 12)
[ MDVSA-2011:195 ] krb5-appl security (Dec 29)
[ MDVSA-2011:185 ] libcap security (Dec 13)
[ MDVSA-2011:182 ] dhcp security (Dec 08)
[ MDVSA-2011:194 ] icu security (Dec 27)
[ MDVSA-2011:191 ] libarchive security (Dec 19)
Security_Alert
ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) Security_Alert (Dec 14)
Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) security_alert (Dec 20)
ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise) Security_Alert (Dec 13)
security-alert
[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert (Dec 29)
[security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Dec 07)
[security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code security-alert (Dec 29)
[security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Dec 01)
[security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 05)
[security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 20)
[security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service security-alert (Dec 02)
[security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert (Dec 06)
[security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Dec 29)
signaladvisory
[SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption signaladvisory (Dec 09)
sschurtz
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability sschurtz (Dec 14)
Ariadne 2.7.6 Multiple XSS vulnerabilities sschurtz (Dec 01)
Meditate Web Content Editor 'username_input' SQL-Injection vulnerability sschurtz (Dec 05)
support
Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities support (Dec 14)
Tavaris Desamito
[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202 Tavaris Desamito (Dec 14)
Thijs Kinkhorst
[SECURITY] [DSA 2263-2] movabletype-opensource security update Thijs Kinkhorst (Dec 30)
[SECURITY] [DSA 2376-1] ipmitool security update Thijs Kinkhorst (Dec 30)
tom
PHP Booking Calendar 10e XSS tom (Dec 19)
Winn Guestbook v2.4.8c Stored XSS tom (Dec 29)
SASHA v0.2.0 Mutiple XSS tom (Dec 19)
Tom Yu
MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] Tom Yu (Dec 27)
MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530] Tom Yu (Dec 06)
Troy Rose
OSI Security: Squiz Matrix - User Account Enumeration Troy Rose (Dec 12)
Trustwave Advisories
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin Trustwave Advisories (Dec 23)
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface Trustwave Advisories (Dec 21)
vtek63
Citrix Receiver, XenDesktop "Pass-the-hash" Attack vtek63 (Dec 14)
VUPEN Security Research
VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) VUPEN Security Research (Dec 19)
VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) VUPEN Security Research (Dec 19)
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) VUPEN Security Research (Dec 19)
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) VUPEN Security Research (Dec 19)
Williams, James K
CA20111208-01: Security Notice for CA SiteMinder Williams, James K (Dec 09)
ZDI Disclosures
ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Dec 23)
ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability ZDI Disclosures (Dec 13)
ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability ZDI Disclosures (Dec 23)
ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability ZDI Disclosures (Dec 20)
ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities ZDI Disclosures (Dec 23)
ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities ZDI Disclosures (Dec 23)
ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability ZDI Disclosures (Dec 08)
ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability ZDI Disclosures (Dec 13)
ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability ZDI Disclosures (Dec 13)