Bugtraq: by date

PreviousPrevious period
Next periodNext

236 messages starting Jul 01 11 and ending Jul 29 11
Date index | Thread index | Author index

Friday, 01 July

Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group
ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability ZDI Disclosures

Saturday, 02 July

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses Asterisk Security Team
ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures

Sunday, 03 July

ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
[slackware-security] pidgin (SSA:2011-178-01) Slackware Security Team
Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460 dennis . brunnen
CORE-2011-0514: Multiple vulnerabilities in HP Data Protector CORE Security Technologies Advisories

Monday, 04 July

ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2271-1] curl security update Giuseppe Iuculano
Arbitrary files deletion in HP OpenView Performance Agent Luigi Auriemma
Multiple Cross-Site Scripting vulnerabilities in WebCalendar sschurtz
bcksrvr format string in Sybase Adaptive Server 15.5 Luigi Auriemma
Off-by-one in Sybase Advantage Server 10.0.0.3 Luigi Auriemma
Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2 Luigi Auriemma
CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability CORE Security Technologies Advisories
[security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert
in_midi multiple vulnerabilities in Winamp 5.61 Luigi Auriemma
[SECURITY] [DSA 2266-1] php5 security update Moritz Muehlenhoff
ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability ZDI Disclosures
SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress SEC Consult Vulnerability Lab
[security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code security-alert
Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used pierre . ernst
Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Darren Tucker
NetBSD 5.1 libc/net multiple functions stack buffer overflow cxib
Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD) HI-TECH .
Re: [Full-disclosure] Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD) HI-TECH .
[SECURITY] [DSA 2267-1] perl security update Moritz Muehlenhoff
[SECURITY] [DSA 2268-1] iceweasel security update Moritz Muehlenhoff
[SECURITY] [DSA 2262-2] php5 update Moritz Muehlenhoff
[SECURITY] [DSA 2269-1] iceape security update Moritz Muehlenhoff
Vega beta release: a new open-source web-application security assessment platform David Mirza
[SECURITY] [DSA 2270-1] qemu-kvm security update Moritz Muehlenhoff
APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10 Apple Product Security
Breaking the links: Exploiting the linker Tim Brown
NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow Research@NGSSecure
NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation Research@NGSSecure
NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows Research@NGSSecure
NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow Research@NGSSecure
Multiple vulnerabilities in Open-Realty advisory
XSS in FlatPress advisory

Wednesday, 06 July

Arbitrary files deletion in HP OpenView Communication Broker Luigi Auriemma
Integer overflow in foobar2000 1.1.7 Luigi Auriemma
NGS00060 Technical Advisory: Blue Coat BCAAA Remote Code Execution Vulnerability Research@NGSSecure
MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526] Tom Yu
[SECURITY] [DSA 2272-1] bind9 security update Florian Weimer
Fwd: RFC 6274 on Security Assessment of the Internet Protocol Version 4 Fernando Gont
[security bulletin] HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) security-alert
Ubuntu: reseed(8), random.org, and HTTP request Jeffrey Walton
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request coderman
IDrive Online Backup ActiveX control Insecure Method advisory
aTube Catcher ActiveX Control Insecure Method advisory
Re: in_midi multiple vulnerabilities in Winamp 5.61 Henri Salo
Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar Henri Salo
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Jamie Strandboge
Re: SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress Henri Salo
Cisco Security Advisory: Cisco Content Services Gateway Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team

Thursday, 07 July

Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers Barry Greene
Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations Barry Greene
[SECURITY] [DSA 2273-1] icedove security update Moritz Muehlenhoff
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Michal Zalewski
[security bulletin] HPSBMA02674 SSRT100487 rev.2 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject security-alert
Security Advisory: CVE-2011-2516 Cantor, Scott E.
Re: Re: Multiple Cross-Site Scripting vulnerabilities in WebCalendar sschurtz
Aruba Advisory AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces RGill
Re: [Full-disclosure] Ubuntu: reseed(8), random.org, and HTTP request Michal Zalewski

Monday, 11 July

bcksrvr format string in Sybase Adaptive Server 15.5 Luigi Auriemma
phpMyAdmin 3.x Multiple Remote Code Executions Mango
[SECURITY] [DSA 2274-1] wireshark security update Moritz Muehlenhoff
ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability ZDI Disclosures
[SECURITY] [DSA 2275-1] openoffice.org security update Nico Golde
Re: [Full-disclosure] Binary Planting Goes "Any File Type" Mitja Kolsek
POC2011 Call for Paper pocadm
[security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on Solaris and Windows, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert
Re: [Full-disclosure] Binary Planting Goes "Any File Type" Dan Kaminsky
phpMyAdmin 3.x preg_replace RCE POC Mango
[slackware-security] mozilla-thunderbird (SSA:2011-189-02) Slackware Security Team
[slackware-security] bind (SSA:2011-189-01) Slackware Security Team
Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities admin
ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2277-1] xml-security-c security update Nico Golde
Re: [Full-disclosure] Binary Planting Goes "Any File Type" Dan Kaminsky
[SECURITY] [DSA 2276-1] asterisk security update Luciano Bello
Wireshark 1.4.0 Malformed IKE Packet Denial of Service vuln
[HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th Hafez Kamal

Tuesday, 12 July

[SECURITY] [DSA 2276-2] asterisk regression update Luciano Bello
Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss) randy
[Announcement] ClubHack Magazine Issue 18-July2011 Released abhijeet
ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability ZDI Disclosures

Friday, 15 July

Static Analysis Tool Exposition (SATE) - Call for Participation Delaitre, Aurelien
Alice (Telefonica Germany) Modem 1111 DoS + XSS Moritz Naumann
CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite Aditya K Sood
[Annoucement] ClubHack Magazine - Call for Articles abhijeet
Paltalk Messenger ActiveX Control Multiple Insecure Methods advisory
Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability nospam
Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service gerald
DC4420 - London DEFCON - July meet - Tuesday 19th July 2011 Major Malfunction
Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011 Major Malfunction
[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities Mark Thomas
[oCERT-2011-001] Chyrp input sanitization errors Andrea Barisani
iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability labs-no-reply
Torque Server Buffer Overflow Vulnerability pi3
[slackware-security] mozilla-firefox (SSA:2011-195-02) Slackware Security Team
[slackware-security] seamonkey (SSA:2011-195-01) Slackware Security Team

Monday, 18 July

ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability Security_Alert
APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone Apple Product Security
APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update Apple Product Security
[SECURITY] [DSA 2254-2] oprofile security update Luciano Bello
[SECURITY] [DSA 2278-1] horde3 security update Steffen Joeris
Reminder - DeepSec 2011 Call For Papers DeepSec Conference
Call for Papers: ICITST-2011 Call for papers
ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2011:112 ] blender security
[ MDVSA-2011:114 ] blender security

Tuesday, 19 July

[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update Steffen Joeris
[SECURITY] [DSA 2280-1] libvirt security update Steffen Joeris

Wednesday, 20 July

H2HC Brazil (Hackers 2 Hackers Conference) 8th Edition - Call for Papers Rodrigo Rubira Branco (BSDaemon)
Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009 Lists
HTC / Android OBEX FTP Service Directory Traversal Vulnerability alberto . morenot
OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability Patrick Webster
XSS in Tiki Wiki CMS Groupware advisory
[ MDVSA-2011:115 ] bind security

Thursday, 21 July

APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Apple Product Security
Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability ZDI Disclosures
Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities Cisco Systems Product Security Incident Response Team
CA20110720-01: Security Notice for CA Gateway Security and Total Defense Kotas, Kevin J
Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation Digit Security Research
[SECURITY] [DSA 2281-1] opie security update Steffen Joeris
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability labs-no-reply
iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability labs-no-reply
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability labs-no-reply
iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability labs-no-reply
iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability labs-no-reply
Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability fb1h2s Hack 2 Secure
Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure adic
ZDI-11-238: Oracle Secure Backup validate_login Command Injection Remote Code Execution Vulnerability ZDI Disclosures
Foxit Reader Insecure Library Loading robkraus

Monday, 25 July

Permutation Oriented Programming Nelson Brito
Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group
[ MDVSA-2011:116 ] curl security
[ MDVSA-2011:117 ] krb5-appl security
Hiding Backdoors in plain sight, again CoreTex Team
Re: [Full-disclosure] [Bkis] sNews 1.7.1 XSS vulnerability Henri Salo
[ MDVSA-2011:118 ] wireshark security
CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability ehsan_hp200
phpMyAdmin 3.x Conditional Session Manipulation Mango
NGS00042 Patch Notification: Solaris USB configuration descriptor kernel stack overflow Research@NGSSecure
[SECURITY] [DSA 2282-1] qemu-kvm security update Moritz Muehlenhoff
[SECURITY] [DSA 2283-1] krb5-appl security update Moritz Muehlenhoff
phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability spamgoeshere
[SECURITY] [DSA 2284-1] opensaml2 security update Moritz Muehlenhoff
[ MDVSA-2011:119 ] libsndfile security
[DSB-2011-01] Security Advisory FreeRADIUS 2.1.11 advisory
OWASP AppSec USA 2011 Pre-conference Challenge #3 - July adam . baso
APPLE-SA-2011-07-20-2 iWork 9.1 Update Apple Product Security
APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update Apple Product Security
APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone Apple Product Security

Tuesday, 26 July

TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain Trustwave Advisories
[SECURITY] [DSA 2285-1] mapserver security update Nico Golde
PHP-Barcode 0.3pl1 Remote Code Execution beford
CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution nospam
Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability ehsan_hp200
Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability ehsan_hp200
Funnel Web (directory.php?cid) Remote SQL injection Vulnerability ehsan_hp200
Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability ehsan_hp200
Funnel Web (pages.php?page) Remote SQL injection Vulnerability ehsan_hp200
Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability ehsan_hp200
DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
Precision (products.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability ehsan_hp200
[PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1 noreply
[PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker noreply
[PT-2011-05] Cross-Site Scripting in Koha Library Software noreply
Hacking IPv6 Networks (slides) Fernando Gont
Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Williams, James K
[Tool] DoS for OpenSLP (and others) Nicolas Grégoire

Wednesday, 27 July

[SECURITY] [DSA 2286-1] phpmyadmin security update Thijs Kinkhorst
ESA-2011-024: EMC Captiva eInput multiple vulnerabilities Security_Alert
ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability Security_Alert
Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability ehsan_hp200
SA500 vulnerabilities - details michal . sajdak
[ MDVSA-2011:120 ] freetype2 security
G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability ehsan_hp200
iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability ehsan_hp200
Multiple XSS in GBook PHP guestbook advisory
Redirection vulnerability in MBoard advisory
[ MDVSA-2011:121 ] samba security
ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability ZDI Disclosures
Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability ehsan_hp200
FootBall Cms (view_table_lig.php?group) XSS Vulnerability ehsan_hp200

Thursday, 28 July

TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (notifRuleInfo$mode page) Shatter
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page) Shatter
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (metricDetail$type page) Shatter
Coherendz (products.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability ehsan_hp200
Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability ehsan_hp200
Zones Web Solution (StoneDetails.php?stone) XSS Vulnerability ehsan_hp200
Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities ehsan_hp200
Web Fusion Nepal (tour.php?category) XSS Vulnerability ehsan_hp200
Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability ehsan_hp200
Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability ehsan_hp200
Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability ehsan_hp200
A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability ehsan_hp200
indiacon (selloffers.php?cid) Remote SQL injection Vulnerability ehsan_hp200
CobraScripts (selloffers.php?cid) Remote SQL injection Vulnerability ehsan_hp200
Wireshark 1.6.1 Malformed IKE Packet Denial of Service vuln
Re: [Full-disclosure] [BMSA-2009-07] Backdoor in PyForum Henri Salo
Two security issues fixed in ioQuake3 engine Thilo Schulz
[security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack security-alert
[SECURITY] [DSA 2287-1] libpng security update Luciano Bello
[security bulletin] HPSBMU02693 SSRT100583 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02689 SSRT100494 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion security-alert
Gopal Systems (products.php?cat_id) Remote SQL injection Vulnerability ehsan_hp200
n.runs-SA-2011.001 - Citrix XenApp / XenDesktop Stack-Based Buffer Overflow security
n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption security
ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability ZDI Disclosures

Friday, 29 July

Sitecore CMS 6.4 Open URL Redirect Vulnerability Tom Neaves
[SECURITY] [DSA 2288-1] libsndfile security update Moritz Muehlenhoff
PacSec CFP note, deadline Aug 3; conf Nov 9/10 Tokyo Dragos Ruiu
Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability Cisco Systems Product Security Incident Response Team
Vegetav (news_item.php?id) Remote SQL injection Vulnerability ehsan_hp200
cgcraft llc (info.php?id) (news_item.php?id) Remote SQL injection Vulnerability ehsan_hp200
AppSec USA 2011 Open Source Showcase Call for Demos adam . baso
ZDI-11-245: Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability ZDI Disclosures
PreviousPrevious period
Next periodNext