Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
193 messages
starting Jan 11 11 and
ending Jan 10 11
Date index |
Thread index |
Author index
ACROS Security Lists
ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products ACROS Security Lists (Jan 11)
advisory
SQL Injection in phpMySport advisory (Jan 06)
XSRF (CSRF) in diafan.CMS advisory (Jan 11)
SQL Injection in Pixie advisory (Jan 20)
HTB22789: Path disclousure in Pivotx advisory (Jan 25)
Path disclousure in phpMySport advisory (Jan 06)
XSRF (CSRF) in PHP MicroCMS advisory (Jan 06)
SQL Injection in Pixie advisory (Jan 20)
SQL Injection in phpMySport advisory (Jan 06)
XSS vulnerability in VaM Shop advisory (Jan 11)
HTB22794: Path disclousure in Pixelpost advisory (Jan 25)
HTB22793: XSRF (CSRF) in KaiBB advisory (Jan 27)
HTB22795: Path disclosure in Hycus CMS advisory (Jan 27)
HTB22787: Path disclousure in Pligg CMS advisory (Jan 25)
SQL Injection in Phenotype CMS advisory (Jan 06)
HTB22790: XSS in Pivotx advisory (Jan 25)
XSS vulnerability in diafan.CMS advisory (Jan 11)
XSS vulnerability in PHP MicroCMS advisory (Jan 06)
Authentication bypass in phpMySport advisory (Jan 06)
HTB22796: Path disclousure in DBHcms advisory (Jan 27)
Stored XSS vulnerability in diafan.CMS advisory (Jan 11)
Path disclosure in Energine advisory (Jan 11)
XSRF (CSRF) in Energine advisory (Jan 11)
HTB22797: Path disclousure in BLOG:CMS advisory (Jan 27)
XSRF (CSRF) in Cambio advisory (Jan 11)
HTB22792: XSS in Pixelpost advisory (Jan 25)
XSRF (CSRF) in whCMS advisory (Jan 11)
XSS vulnerability in WonderCMS advisory (Jan 06)
HTB22791: File Content Disclosure in Pixelpost advisory (Jan 25)
XSS vulnerability in VaM Shop advisory (Jan 11)
HTB22788: XSS in Pivotx advisory (Jan 25)
SQL injection vulnerability in Energine advisory (Jan 11)
XSS vulnerability in VaM Shop advisory (Jan 11)
XSRF (CSRF) in VaM Shop advisory (Jan 11)
SQL Injection in phpMySport advisory (Jan 06)
Alexandr Polyakov
[DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods Alexandr Polyakov (Jan 25)
[DSECRG-11-007] Oracle Document Capture ImportBodyText - read files Alexandr Polyakov (Jan 25)
[DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED) Alexandr Polyakov (Jan 25)
[DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow Alexandr Polyakov (Jan 25)
[DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method Alexandr Polyakov (Jan 25)
[DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method Alexandr Polyakov (Jan 25)
[DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss Alexandr Polyakov (Jan 25)
[DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal Alexandr Polyakov (Jan 25)
alex . wood
2011 Rocky Mountain Information Security Conference Call for Papers alex . wood (Jan 12)
Andrea Fabrizi
VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection Andrea Fabrizi (Jan 31)
Andrea Purificato
[ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration Andrea Purificato (Jan 03)
Andrzej Targosz
CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland Andrzej Targosz (Jan 13)
Asterisk Security Team
AST-2011-001: Stack buffer overflow in SIP channel driver Asterisk Security Team (Jan 18)
bt
www.eVuln.com : SQL Injection in WikLink bt (Jan 03)
www.eVuln.com : "id" SQL Injection in WikLink bt (Jan 05)
www.eVuln.com : "fold" and "site" SQL Injections in WikLink bt (Jan 10)
chpardhasaradhisarma
call for participation chpardhasaradhisarma (Jan 07)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 27)
Crash
[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss Crash (Jan 04)
cxib
GNU libc/regcomp(3) Multiple Vulnerabilities cxib (Jan 07)
Daniel Niggebrugge
DotNetNuke Remote Code Execution vulnerability Daniel Niggebrugge (Jan 20)
Daniel Seither
Remote Code Execution in ICQ 7 Daniel Seither (Jan 14)
Re: Remote Code Execution in ICQ 7 Daniel Seither (Jan 27)
dann frazier
[SECURITY] [DSA 2153-1] linux-2.6 security update dann frazier (Jan 31)
Dan Rosenberg
Getting root, the hard way Dan Rosenberg (Jan 05)
david . kurz
[MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue david . kurz (Jan 13)
Simploo CMS Community Edition - Remote PHP Code Execution Issue david . kurz (Jan 19)
Deniz CEVIK
BlogEngine.NET 1.6 Multiple Vulnerabilities Deniz CEVIK (Jan 05)
Digit Security Research
Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service Digit Security Research (Jan 10)
Dragos Ruiu
Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11) Dragos Ruiu (Jan 13)
eidelweiss
phpcms V9 BLind SQL Injection Vulnerability eidelweiss (Jan 24)
Fernando Gont
[CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean Fernando Gont (Jan 24)
IETF RFC on "the implementation of the TCP urgent mechanism" Fernando Gont (Jan 27)
IETF RFC on Port Randomization Fernando Gont (Jan 21)
Florian Weimer
[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation Florian Weimer (Jan 11)
Giuseppe Iuculano
[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Giuseppe Iuculano (Jan 14)
gran
CUDA drivers/Linux security hole gran (Jan 07)
Hafez Kamal
[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal (Jan 31)
HI-TECH .
FreeBSD local denial of service - forced reboot HI-TECH . (Jan 28)
info
Microsoft IIS 6 parsing directory x.asp Vulnerability info (Jan 27)
Ivan Buetler
Web Hacking & Database Hijack Online Challenge Ivan Buetler (Jan 07)
Jamie Strandboge
[USN-1046-1] Sudo vulnerability Jamie Strandboge (Jan 20)
[USN-1044-1] D-Bus vulnerability Jamie Strandboge (Jan 18)
[USN-1037-1] ifupdown update Jamie Strandboge (Jan 07)
[USN-1039-1] AppArmor update Jamie Strandboge (Jan 07)
[USN-1040-1] Django vulnerabilities Jamie Strandboge (Jan 07)
Jan Lehnardt
CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue Jan Lehnardt (Jan 31)
Jeromie
Plunging Through the Palo Alto Networks Firewall Jeromie (Jan 05)
Joshua Gimer
PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm Joshua Gimer (Jan 27)
Kees Cook
[USN-1038-1] dpkg vulnerability Kees Cook (Jan 07)
[USN-1009-2] GNU C Library vulnerability Kees Cook (Jan 12)
Konrad Rieck
Call for Papers: DIMVA 2011 - Extended Deadline Jan 21 Konrad Rieck (Jan 12)
Kyprianos Vasilopoulos
Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference Kyprianos Vasilopoulos (Jan 06)
labs-no-reply
iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability labs-no-reply (Jan 12)
Laurent OUDOT at TEHTRI-Security
[TEHTRI-Security] CVE-2010-2599: Update your BlackBerry Laurent OUDOT at TEHTRI-Security (Jan 21)
Luigi Auriemma
Code execution in Microsoft Fax Cover Page Editor Luigi Auriemma (Jan 21)
Major Malfunction
London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL Major Malfunction (Jan 21)
Marc Deslauriers
[USN-1035-1] Evince vulnerabilities Marc Deslauriers (Jan 05)
[USN-1048-1] Tomcat vulnerability Marc Deslauriers (Jan 24)
[USN-1045-2] util-linux update Marc Deslauriers (Jan 19)
[USN-1047-1] AWStats vulnerability Marc Deslauriers (Jan 24)
[USN-1051-1] HPLIP vulnerability Marc Deslauriers (Jan 27)
[USN-1045-1] FUSE vulnerability Marc Deslauriers (Jan 19)
Mark Stanislav
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331) Mark Stanislav (Jan 17)
Martin Schulze
[SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities Martin Schulze (Jan 27)
Michal Zalewski
Announcing cross_fuzz, a potential 0-day in circulation, and more Michal Zalewski (Jan 03)
Moritz Muehlenhoff
[SECURITY] [DSA 2146-1] Security update for mydms Moritz Muehlenhoff (Jan 17)
[SECURITY] [DSA 2145-1] Security update for libsmi Moritz Muehlenhoff (Jan 17)
[SECURITY] [DSA 2148-1] Security update for tor Moritz Muehlenhoff (Jan 17)
[SECURITY] [DSA 2144-1] Security update for wireshark Moritz Muehlenhoff (Jan 17)
[SECURITY] [DSA 2152-1] hplip security update Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 2155-1] freetype security update Moritz Muehlenhoff (Jan 31)
Nelson Brito
[TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito (Jan 11)
Nico Golde
[SECURITY] [DSA 2149-1] Security update for dbus Nico Golde (Jan 20)
noreply
TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution noreply (Jan 28)
TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service noreply (Jan 28)
TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow noreply (Jan 28)
NSO Research
NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability NSO Research (Jan 21)
Onapsis Research Labs
[Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart Onapsis Research Labs (Jan 12)
[Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure Onapsis Research Labs (Jan 12)
paul . szabo
Mathematica8 on Linux /tmp/MathLink vulnerability paul . szabo (Jan 04)
Pedro JoaquĆn
Huawei HG default WEP/WPA generator Pedro JoaquĆn (Jan 27)
Raphael Geissert
[SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal Raphael Geissert (Jan 06)
security
[ MDVSA-2011:003 ] MHonArc security (Jan 10)
[ MDVSA-2011:006 ] subversion security (Jan 14)
[ MDVSA-2011:007 ] wireshark security (Jan 14)
[ MDVSA-2011:018 ] sudo security (Jan 21)
[ MDVSA-2011:002 ] wireshark security (Jan 10)
[ MDVSA-2011:012 ] mysql security (Jan 17)
[ MDVSA-2011:006 ] subversion security (Jan 14)
[ MDVSA-2011:019 ] libuser security (Jan 27)
[ MDVSA-2011:008 ] perl-CGI security (Jan 14)
[ MDVSA-2011:015 ] pcsc-lite security (Jan 21)
[ MDVSA-2011:017 ] tetex security (Jan 21)
[ MDVSA-2011:016 ] t1lib security (Jan 21)
[ MDVSA-2011:013 ] hplip security (Jan 19)
[ MDVSA-2011:004 ] php-phar security (Jan 11)
[ MDVSA-2011:000 ] phpmyadmin security (Jan 05)
[ MDVSA-2011:005 ] evince security (Jan 13)
[ MDVSA-2011:014 ] ccid security (Jan 21)
[ MDVSA-2011:009 ] gif2png security (Jan 14)
[ MDVSA-2011:011 ] opensc security (Jan 17)
[ MDVSA-2011:010 ] xfig security (Jan 17)
Security_Alert
ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability Security_Alert (Jan 24)
ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability. Security_Alert (Jan 27)
security-alert
[security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities security-alert (Jan 14)
[security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Jan 12)
[security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Jan 11)
[security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code security-alert (Jan 25)
[security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code security-alert (Jan 13)
[security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code security-alert (Jan 11)
[security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert (Jan 20)
[security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification security-alert (Jan 21)
[security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS) security-alert (Jan 27)
[security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS) security-alert (Jan 21)
Spala Ferenc
SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1 Spala Ferenc (Jan 12)
Stefan Behte
[ GLSA 201101-05 ] OpenAFS: Arbitrary code execution Stefan Behte (Jan 17)
[ GLSA 201101-07 ] Prewikka: password disclosure Stefan Behte (Jan 17)
[ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error Stefan Behte (Jan 17)
Stefan Fritsch
[SECURITY] [DSA-2154-1] exim4 security update Stefan Fritsch (Jan 31)
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression Stefan Fritsch (Jan 12)
[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option Stefan Fritsch (Jan 06)
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow Stefan Fritsch (Jan 06)
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw Stefan Fritsch (Jan 06)
[SECURITY] [DSA-2154-2] exim4 regression fix Stefan Fritsch (Jan 31)
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw Stefan Fritsch (Jan 06)
StenoPlasma @ www.ExploitDevelopment.com
Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212) StenoPlasma @ www.ExploitDevelopment.com (Jan 27)
Steve Beattie
[USN-1042-1] PHP vulnerabilities Steve Beattie (Jan 12)
[USN-1042-2] PHP5 regression Steve Beattie (Jan 13)
[USN-1043-1] Little CMS vulnerability Steve Beattie (Jan 12)
[USN-1052-1] OpenJDK vulnerability Steve Beattie (Jan 27)
Steve Kemp
[SECURITY] [DSA 2147-1] Security update for pimd Steve Kemp (Jan 17)
[SECURITY] [DSA-2156-1] pcscd security update Steve Kemp (Jan 31)
SZALAY Attila
syslog-ng wrong file permission vulnerability SZALAY Attila (Jan 25)
Technion
McAfee Commandline Updater Technion (Jan 07)
th_decoder
Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code) th_decoder (Jan 17)
Thijs Kinkhorst
[SECURITY] [DSA 2150-1] request-tracker3.6 security update Thijs Kinkhorst (Jan 24)
Tim Brown
[OVSA20110118] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Jan 25)
Tim Sammut
[ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow Tim Sammut (Jan 17)
[ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities Tim Sammut (Jan 21)
[ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code Tim Sammut (Jan 17)
[ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code Tim Sammut (Jan 05)
[ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities Tim Sammut (Jan 21)
Tobias Heinlein
[ GLSA 201101-04 ] aria2: Directory traversal Tobias Heinlein (Jan 17)
VMware Security Team
VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap VMware Security Team (Jan 05)
VSR Advisories
OpenOffice.org Multiple Memory Corruption Vulnerabilities VSR Advisories (Jan 27)
VUPEN Security Research
VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004) VUPEN Security Research (Jan 27)
Walikar Riyaz Ahemed Dawalmalik
Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section Walikar Riyaz Ahemed Dawalmalik (Jan 05)
Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section Walikar Riyaz Ahemed Dawalmalik (Jan 05)
Williams, James K
CA20101231-01: Security Notice for CA ARCserve D2D (updated) Williams, James K (Jan 28)
wsn1983
NewvCommon.ocx ActiveX Insecure Method Vulnerability wsn1983 (Jan 10)
NewvCommon.ocx ActiveX Remote Code Execution Vulnerability wsn1983 (Jan 10)
YGN Ethical Hacker Group
Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 14)
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 05)
Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 27)
Geeklog 1.7.1 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 03)
Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 07)
yuguo . cn
NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute yuguo . cn (Jan 10)