Bugtraq: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

184 messages starting Jun 01 11 and ending Jun 30 11
Date index | Thread index | Author index

Wednesday, 01 June

ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2248-1] ejabberd security update Nico Golde
IPv6 RA-Guard evasion (and neighbor discovery monitoring) vulnerabilities Fernando Gont
[SECURITY] [DSA 2249-1] jabberd14 security update Nico Golde
[SECURITY] [DSA 2250-1] citadel security update Nico Golde
CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability robkraus
Post Revolution 0.8.0c Multiple Remote Vulnerabilities Javier Bassi
Re: Ra-Guard evasion (new Internet-Drafts) Marc Heuse
HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC) advisory
HTB22997: XSS in A Really Simple Chat (ARSC) advisory
[ MDVSA-2011:104 ] bind security
[ MDVSA-2011:105 ] wireshark security
Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Cisco Systems Product Security Incident Response Team
Cross-Site Scripting vulnerability in Icinga sschurtz
Cross-Site Scripting vulnerability in Nagios sschurtz
Re: Ra-Guard evasion (new Internet-Drafts) Fernando Gont

Thursday, 02 June

International PHP Conference - Call for Papers Carsten Eilers
[SECURITY] [DSA 2251-1] subversion security update Thijs Kinkhorst
COM Server-Based Binary Planting Proof Of Concept ACROS Security Lists
RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept Thor (Hammer of God)
RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept ACROS Security Lists
RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek
Re: [Full-disclosure] COM Server-Based Binary Planting Proof Of Concept Dan Kaminsky

Friday, 03 June

RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek
AST-2011-007 Jonathan Rose
Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Dan Kaminsky
[CVE-ID REQUEST] vBulletin - Multiple Open Redirects Robert Gilbert
[SECURITY] [DSA 2252-1] dovecot security update Moritz Muehlenhoff
Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek
iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability labs-no-reply
CFP: IEEE SocialCom11 /PASSAT11 justinzzhan
WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability nospam
[security bulletin] HPSBMA02652 SSRT100432 rev.4 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure security-alert
ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability ZDI Disclosures

Monday, 06 June

fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947) ma+bt
iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability labs-no-reply
VMware Tools Multiple Vulnerabilities VSR Advisories
[SECURITY] [DSA 2253-1] fontforge security update Thijs Kinkhorst
AppSec USA 2011 CFP Reminder, CTF Pre-Conference Challenge #2 adam . baso
[ MDVSA-2011:106 ] subversion security
[SECURITY] [DSA 2254-1] oprofile security update Luciano Bello
PopScript Multiple Vulnerabilities root
Squiz Matrix - Cross-Site Scripting Vulnerability Patrick Webster
ESA-2011-009 (revised): RSA, The Security Division of EMC, announces new fix for potential security vulnerability in RSA(r) Access Manager Server. Security_Alert
[SECURITY] [DSA 2255-1] libxml2 security update Thijs Kinkhorst
Java HotSpot Cryptographic Provider signature verification vulnerability Zacheusz Siedlecki

Tuesday, 07 June

ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability ZDI Disclosures
ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability Fly, Kate
ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability ZDI Disclosures
Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS sschurtz
[ MDVSA-2011:107 ] fetchmail security
OWASP Zed Attack Proxy version 1.3.0 psiinon

Wednesday, 08 June

[HITB-Announce] HITB2011AMS Conference Materials & Photos Hafez Kamal
Multiple vulnerabilities in several IP camera products roberto . paleari
ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject security-alert
ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures

Thursday, 09 June

[security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code security-alert
[Announcement] ClubHACK Magazine Issue 17-June 2011 released abhijeet
PDFill Insecure Library Loading robkraus

Friday, 10 June

IEEE SocialCom/PASSAT Call For Paper Deadline: June 15, 2011 justinzzhan
[SECURITY] [DSA 2256-1] tiff security update Thijs Kinkhorst
VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research
VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research
Call for Participation: DIMVA 2011 Konrad Rieck
[SECURITY] [DSA 2257-1] vlc security update Nico Golde
VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability VUPEN Security Research

Monday, 13 June

[ MDVSA-2011:109 ] webmin security
Javascript Injection in Microsoft Lync 4.0.7577.0 bede
phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges mailinglists
[SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update Nico Golde
[SECURITY] [DSA 2259-1] fex security update Nico Golde
Re: HTB22943: XSS in Dalbum Henri Salo
[HITB-Announce] HITB eZine Issue #006 Released! Hafez Kamal
[ MDVSA-2011:108 ] xerces-j2 security

Tuesday, 14 June

[Annoucement] ClubHack Magazine - Call for Articles abhijeet
Last Day for AppSec USA 2011 CFP! adam . baso
DC4420 - London DEFCON - June meet - Tuesday 21st June 2011 Major Malfunction
[security bulletin] HPSBMA02627 SSRT090246 rev.2 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code security-alert

Wednesday, 15 June

[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution signaladvisory
ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability ZDI Disclosures
HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability advisory

Thursday, 16 June

ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability ZDI Disclosures
TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability ZDI Disclosures
TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures
TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures

Friday, 17 June

[ MDVSA-2011:110 ] gimp security
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
iDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerability labs-no-reply
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries Stefan Kanthak
NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability NSFOCUS Security Team
[SECURITY] [DSA 2261-1] redmine security update Thijs Kinkhorst
ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2263-1] movabletype-opensource security update Florian Weimer
HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog advisory
iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability labs-no-reply
HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS advisory
HTB23004: Multiple Vulnerabilities in e107 advisory
ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability ZDI Disclosures
EQDKP plus Cross Site Scripting and Bypass file extension iPower N/A
JFreeChart - Path Disclosure vulnerability Patrick Webster
ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability ZDI Disclosures
ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability ZDI Disclosures
Re: WOOT '11 Call for Papers (reminder) Michal Zalewski
ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability ZDI Disclosures
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038) VUPEN Security Research
TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability ZDI Disclosures
Re: [Full-disclosure] XSS Vulnerability in Redmine 1.0.1 to 1.1.1 Henri Salo
CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability CORE Security Technologies Advisories

Saturday, 18 June

iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability labs-no-reply
ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2259-1] rails security update Florian Weimer
iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability labs-no-reply
TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2262-1] moodle security update Moritz Muehlenhoff
CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery CORE Security Technologies Advisories
myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique info
ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability ZDI Disclosures
HTB23005: Multiple XSS in N-13 News advisory

Monday, 20 June

[SECURITY] [DSA 2265-1] perl security update Florian Weimer
Perfect PDF products distributed with vulnerable MSVC++ libraries Stefan Kanthak
[SECURITY] [DSA 2264-1] linux-2.6 security update dann frazier

Tuesday, 21 June

ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability ZDI Disclosures

Wednesday, 22 June

HTB23016: Kofax e-Transactions Sender Sendbox ActiveX Control Insecure Method advisory

Thursday, 23 June

Re: Perfect PDF products distributed with vulnerable MSVC++ libraries Stefan Kanthak

Friday, 24 June

[slackware-security] fetchmail (SSA:2011-171-01) Slackware Security Team
HTB23015: Easewe FTP ActiveX Control Multiple Insecure Methods advisory
ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability ZDI Disclosures

Saturday, 25 June

Re: Perfect PDF products distributed with vulnerable MSVC++ libraries Brad Hards

Monday, 27 June

2wire password reset module techhelperjax

Tuesday, 28 June

TWSL2011-006: IBM Web Application Firewall Bypass Trustwave Advisories
ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability ZDI Disclosures

Wednesday, 29 June

[slackware-security] mozilla-firefox (SSA:2011-174-01) Slackware Security Team
[SECURITY] [DSA-2210-2] tiff security update Luciano Bello
Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460 support
Re: Perfect PDF products distributed with vulnerable MSVC++ libraries Jeffrey Walton
APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5 Apple Product Security

Thursday, 30 June

Multiple vulnerabilities in Winamp 5.61 Luigi Auriemma
Resolved - NNT Change Tracker - Hard-Coded Encryption Key - Originally posted as http://seclists.org/fulldisclosure/2011/May/460 NNT Support
Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method advisory

Previous period

Next period