Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
188 messages
starting Dec 01 11 and
ending Dec 30 11
Date index |
Thread index |
Author index
Thursday, 01 December
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo
[SECURITY] [DSA 2355-1] clearsilver security update Moritz Muehlenhoff
Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Henri Salo
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo
Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue Henri Salo
Re: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo
Ariadne 2.7.6 Multiple XSS vulnerabilities sschurtz
Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability Henri Salo
Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo
[SECURITY] [DSA 2356-1] openjdk-6 security update Florian Weimer
Friday, 02 December
[security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service security-alert
FreeBSD ftpd/ProFTPD on FreeBSD Remote Root Exploit HI-TECH .
SANS AppSec 2012 CFP reminder SANS AppSec CFP
[PT-2011-43] Database information disclosure in Kayako Fusion noreply
Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store advisory
InfoSec Southwest 2012 CFP I)ruid
XSSer v1.6 -beta- aka "Grey Swarm!" released. psy
Monday, 05 December
[security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
fast and somewhat reliable cache timing Michal Zalewski
Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012) Matthieu Suiche
Vulnerabilities in Serv-U 11.1.0.3 Luigi Auriemma
[DCA-2011-0014] - Elxis CMS Cross Site Script Crash
[SECURITY] [DSA 2358-1] openjdk-6 security update Florian Weimer
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo
Meditate Web Content Editor 'username_input' SQL-Injection vulnerability sschurtz
Tuesday, 06 December
Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities irist . ir
[security bulletin] HPSBMU02726 SSRT100685 rev.2 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert
MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530] Tom Yu
[SECURITY] [DSA 2359-1] mojarra security update Florian Weimer
[SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable Moritz Muehlenhoff
Wednesday, 07 December
[security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
[ MDVSA-2011:181 ] proftpd security
DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection ddivulnalert
[SECURITY] [DSA 2361-1] chasen security update Florian Weimer
Thursday, 08 December
ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability ZDI Disclosures
seamless bait-and-switch Michal Zalewski
Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities Henri Salo
Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities Henri Salo
0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11 0a29 40
[DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure Crash
[ MDVSA-2011:182 ] dhcp security
Re: seamless bait-and-switch Michal Zalewski
Call for Papers - 2012 Rocky Mountain Information Security Conference president
Friday, 09 December
Re: seamless bait-and-switch Michal Zalewski
DC4420 - London DEFCON - 13 December 2011 Major Malfunction
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings Asterisk Security Team
AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled Asterisk Security Team
CA20111208-01: Security Notice for CA SiteMinder Williams, James K
[SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption signaladvisory
*CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers AppSec DC
the week of silly PoCs continues: data://www.mybank.com/ Michal Zalewski
Re: seamless bait-and-switch Jann Horn
Monday, 12 December
[SECURITY] [DSA 2362-1] acpid security update Moritz Muehlenhoff
Call for Papers -YSTS 6 - Security Conference, Brazil Luiz Eduardo
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal security
[ MDVSA-2011:183 ] pidgin security
Introduction to R-sequence public key cryptography attack Michal Bucko
OSI Security: Squiz Matrix - User Account Enumeration Troy Rose
WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Amir
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities Secunia Research
[ MDVSA-2011:184 ] krb5 security
Re: seamless bait-and-switch Charles Morris
Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski
Re: the week of silly PoCs continues: data://www.mybank.com/ nothanks
Tuesday, 13 December
[ MDVSA-2011:185 ] libcap security
[ MDVSA-2011:186 ] nfs-utils security
ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise) Security_Alert
Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities Amir
Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability Secunia Research
ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability ZDI Disclosures
Wednesday, 14 December
Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities brian
Citrix Receiver, XenDesktop "Pass-the-hash" Attack vtek63
Multiple vulnerabilities in Browser CRM advisory
Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities support
Re:Re: Introduction to R-sequence public key cryptography attack Michal Bucko
[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202 Tavaris Desamito
Re: Re: WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities n0b0d13s
0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9 0a29 40
0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9 0a29 40
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability sschurtz
ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) Security_Alert
HTML 5 Security Report Ivan Buetler
Thursday, 15 December
NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI Research@NGSSecure
[ MDVSA-2011:187 ] php-pear security
NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI Research@NGSSecure
NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM Research@NGSSecure
NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI Research@NGSSecure
[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass RedTeam Pentesting GmbH
[RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes RedTeam Pentesting GmbH
New IETF I-D on "Stable Privacy Addresses" Fernando Gont
New IETF I-Ds on Fragmentation-related security issues Fernando Gont
Seotoaster SQL-Injection Admin Login Bypass security
[ MDVSA-2011:188 ] libxml2 security
Friday, 16 December
<BASE> tag used for hijacking external resources (XSS) Bouke van Laethem
[security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[ MDVSA-2011:189 ] jasper security
Re: <BASE> tag used for hijacking external resources (XSS) Jann Horn
Monday, 19 December
silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) VUPEN Security Research
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) VUPEN Security Research
VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) VUPEN Security Research
VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) VUPEN Security Research
[SECURITY] [DSA 2363-1] tor security update Moritz Muehlenhoff
Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas
Re: <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem
Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas
Re: <BASE> tag used for hijacking external resources (XSS) Bouke van Laethem
Re: <BASE> tag used for hijacking external resources (XSS) Mario Vilas
Re: RFI in JAF CMS Henri Salo
Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability Henri Salo
[SECURITY] [DSA 2364-1] xorg security update Moritz Muehlenhoff
[Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities research () vulnerability-lab com
appRain CMF v0.1.5 - Multiple Web Vulnerabilities research () vulnerability-lab com
SASHA v0.2.0 Mutiple XSS tom
PHP Booking Calendar 10e XSS tom
[SECURITY] [DSA 2365-1] dtc security update Moritz Muehlenhoff
IFIP NTMS'2012 - Deadline Extended to 12 January 2012 publicity
[ MDVSA-2011:190 ] libarchive security
[ MDVSA-2011:191 ] libarchive security
SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet SEC Consult Vulnerability Lab
SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp SEC Consult Vulnerability Lab
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal Andrea Fabrizi
Syhunt: Time-Based Blind NoSQL Injection Felipe M. Aragon
[SECURITY] [DSA 2366-1] mediawiki security update Jonathan Wiltshire
Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011 Fernando Gont
[SECURITY] [DSA 2367-1] asterisk security update Moritz Muehlenhoff
Tuesday, 20 December
ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
Re: SASHA v0.2.0 Mutiple XSS Henri Salo
Multiple vulnerabilities in PHPShop CMS Free advisory
Tiki Wiki CMS Groupware Stored Cross-Site-Scripting security
Re: ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) security_alert
Wednesday, 21 December
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface Trustwave Advisories
post-XSS landscape Michal Zalewski
[SECURITY] [DSA 2381-] lighttpd security update Nico Golde
[SECURITY] [DSA 2368-1] lighttpd security update Nico Golde
RE: RFI in JAF CMS Frédéric BOURLA
Multiple vulnerabilities in OBM advisory
Multiple vulnerabilities in epesi BIM advisory
Friday, 23 December
[SECURITY] [DSA 2369-1] libsoup2.4 security update Nico Golde
[SECURITY] [DSA 2370-1] unbound security update Florian Weimer
Exploit for Asterisk Security Advisory AST-2011-013 Ben Williams
[MATTA-2011-001] pfSense x509 Insecure Certificate Creation Florent Daigniere
ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities ZDI Disclosures
ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities ZDI Disclosures
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin Trustwave Advisories
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection n0b0d13s
Tuesday, 27 December
Xmas 2011 Security Puzzle Ivan Buetler
FreeBSD Security Advisory FreeBSD-SA-11:06.bind FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:07.chroot FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:10.pam FreeBSD Security Advisories
Merry Christmas from the FreeBSD Security Team FreeBSD Security Officer
[ MDVSA-2011:192 ] mozilla security
Lighttpd Proof of Concept code for CVE-2011-4362 pi3
[SECURITY] [DSA 2372-1] heimdal security update Florian Weimer
[SECURITY] [DSA 2373-1] inetutils security update Florian Weimer
[SECURITY] [DSA 2374-1] openswan security update Moritz Muehlenhoff
[SECURITY] [DSA 2375-1] krb5. krb5-appl security update Florian Weimer
MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] Tom Yu
[ MDVSA-2011:193 ] squid security
[ MDVSA-2011:194 ] icu security
Thursday, 29 December
[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert
[security bulletin] HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code security-alert
[ MDVSA-2011:195 ] krb5-appl security
[ MDVSA-2011:196 ] ipmitool security
Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Henri Salo
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table security
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani
Winn Guestbook v2.4.8c Stored XSS tom
Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13 LpSolit
Friday, 30 December
[SECURITY] [DSA 2376-1] ipmitool security update Thijs Kinkhorst
[SECURITY] [DSA 2263-2] movabletype-opensource security update Thijs Kinkhorst
[ MDVSA-2011:197 ] php security
SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416 SEC Consult Vulnerability Lab