Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
203 messages
starting May 11 11 and
ending May 11 11
Date index |
Thread index |
Author index
abhijeet
[Announcement] ClubHACK Magazine Issue 16-May 2011 released abhijeet (May 11)
[Annoucement] ClubHack Magazine - Call for Articles abhijeet (May 16)
ACROS Security Lists
The Anatomy of COM Server-Based Binary Planting Exploits ACROS Security Lists (May 25)
Advisories Toucan-System
TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection Advisories Toucan-System (May 09)
TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write Advisories Toucan-System (May 09)
advisory
HTB22964: XSS in SelectaPix Image Gallery advisory (May 03)
HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar advisory (May 05)
HTB22977: XSRF (CSRF) in poMMo advisory (May 10)
HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social advisory (May 12)
HTB22968: XSS in PHP Directory Listing Script advisory (May 05)
HTB22962: Multiple XSS in YaPiG advisory (May 03)
HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery advisory (May 03)
HTB22980: XSRF (CSRF) in Open Classifieds advisory (May 12)
HTB22966: XSS in (e)2 interactive Photo Gallery advisory (May 03)
HTB22970: Multiple XSS vulnerabilities in PHPDug advisory (May 05)
HTB22987: Multiple XSS in phpScheduleIt advisory (May 24)
HTB22971: XSRF (CSRF) in PHPDug advisory (May 05)
HTB22974: Multiple XSS in Calendarix advisory (May 10)
HTB22995: XSS in Ajax Chat advisory (May 24)
HTB22986: SQL injection in ExtCalendar 2 advisory (May 24)
HTB22972: Multiple SQL injection vulnerabilities in PHPDug advisory (May 05)
HTB22975: SQL injection in Calendarix advisory (May 10)
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo advisory (May 10)
HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic advisory (May 17)
HTB22973: XSS in AJAX Calendar advisory (May 05)
HTB22967: Multiple SQL Injection in Shutter advisory (May 03)
HTB22978: XSRF (CSRF) in Argyle Social advisory (May 12)
Barry Greene
Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones Barry Greene (May 06)
Bkis
[Bkis] sNews 1.7.1 XSS vulnerability Bkis (May 12)
bolok . boloke80
XSS in DEAL INFORMER bolok . boloke80 (May 03)
XSS in CLASSIFIED ADS bolok . boloke80 (May 03)
CSRF (Cross-Site Request Forgery) in FREELANCER bolok . boloke80 (May 03)
SQL injection in 4images bolok . boloke80 (May 03)
Path disclousure in MEGA PORTAL bolok . boloke80 (May 03)
XSS in GOT.MY CLASSMATES bolok . boloke80 (May 03)
Carsten Eilers
WebTech Conference 2011 Call for Papers Carsten Eilers (May 16)
cfp
Ruxcon 2011 Call For Papers cfp (May 17)
Cisco Systems Product Security Incident Response Team
Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (May 05)
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability Cisco Systems Product Security Incident Response Team (May 25)
CORE Security Technologies Advisories
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow CORE Security Technologies Advisories (May 25)
CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass CORE Security Technologies Advisories (May 12)
CORE-2011-0204: Adobe Audition vulnerability processing malformed session file CORE Security Technologies Advisories (May 12)
cxib
Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion cxib (May 02)
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc) cxib (May 16)
Damien Miller
Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv Damien Miller (May 03)
Daniel Clemens
CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Daniel Clemens (May 17)
dann frazier
[SECURITY] [DSA 2240-1] linux-2.6 security update dann frazier (May 25)
DeepSec Conference
Announcement - DeepSec 2011 - Call for Papers DeepSec Conference (May 04)
Deng Ching
[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Deng Ching (May 27)
[SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Deng Ching (May 27)
Dennis Brunnen
NNT Change Tracker - Hard-Coded Encryption Key Dennis Brunnen (May 24)
eko security conference
CFP for ekoparty 2011 is now OPEN! [Buenos Aires, Argentina] eko security conference (May 30)
Fernando Gont
Viewpoint: Security implications of IPv6 Fernando Gont (May 27)
Florian Weimer
[SECURITY] [DSA 2233-1] postfix security update Florian Weimer (May 11)
[SECURITY] [DSA 2232-1] exim4 security update Florian Weimer (May 06)
[SECURITY] [DSA 2244-1] bind9 security update Florian Weimer (May 30)
[SECURITY] [DSA 2236-1] exim4 security update Florian Weimer (May 16)
[SECURITY] [DSA 2243-1] unbound security update Florian Weimer (May 30)
[SECURITY] [DSA 2231-1] otrs2 security update Florian Weimer (May 07)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:02.bind FreeBSD Security Advisories (May 30)
Giuseppe Iuculano
[SECURITY] [DSA 2246-1] mahara security update Giuseppe Iuculano (May 30)
[SECURITY] [DSA 2245-1] chromium-browser security update Giuseppe Iuculano (May 30)
Henri Lindberg
NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon Henri Lindberg (May 16)
iccc
NATO CCD COE's 3rd International Conference on Cyber Conflict . 7-10 June, Tallinn, Estonia. iccc (May 03)
ISecAuditors Security Advisories
[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g ISecAuditors Security Advisories (May 02)
Ivan Buetler
Swiss Cyber Storm 3 Ivan Buetler (May 09)
Jamie Strandboge
Ubuntu Security Notice publication update Jamie Strandboge (May 19)
jeffto
Session hacking via authentication cookie on Oracle CRM on Demand jeffto (May 20)
Kacper Szczesniak
Gadu-Gadu 0-Day Remote Code Execution Kacper Szczesniak (May 24)
Kees Cook
[USN-1130-1] Exim vulnerability Kees Cook (May 11)
[USN-1111-1] Linux kernel vulnerabilities Kees Cook (May 06)
Kotas, Kevin J
CA20110510-01: Security Notice for CA eHealth Kotas, Kevin J (May 11)
labs-no-reply
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow labs-no-reply (May 25)
Lists
Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005 Lists (May 03)
Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 Lists (May 19)
PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007 Lists (May 20)
Luciano Bello
[SECURITY] [DSA 2234-1] zodb security update Luciano Bello (May 11)
Major Malfunction
DC4420 - London DEFCON - May meet - Tuesday 24th May 2011 Major Malfunction (May 16)
Marc Deslauriers
[USN-1131-1] Postfix vulnerability Marc Deslauriers (May 11)
[USN-1128-1] Vino vulnerabilities Marc Deslauriers (May 03)
[USN-1127-1] usb-creator vulnerability Marc Deslauriers (May 03)
[USN-1129-1] Perl vulnerabilities Marc Deslauriers (May 03)
[USN-1132-1] apturl vulnerability Marc Deslauriers (May 16)
Marc Heuse
Bypassing Cisco's ICMPv6 Router Advertisement Guard feature Marc Heuse (May 24)
marian . ventuneac
Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure marian . ventuneac (May 19)
Apache Struts 2 Multiple Reflected XSS in XWork error pages marian . ventuneac (May 11)
Mark Thomas
[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass Mark Thomas (May 17)
matthew
[CVE-REQUEST] Plone XSS and permission errors matthew (May 26)
Micah Gersten
[USN-1122-2] Thunderbird vulnerabilities Micah Gersten (May 05)
Fwd: [USN-1122-1] Thunderbird vulnerabilities Micah Gersten (May 05)
[USN-1123-1] xulrunner-1.9.1 vulnerabilities Micah Gersten (May 02)
[USN-1112-1] Firefox and Xulrunner vulnerabilities Micah Gersten (May 02)
[USN-1121-1] firefox vulnerabilities Micah Gersten (May 02)
Mitja Kolsek
Silently Pwning Protected-Mode IE9 and Innocent Windows Applications Mitja Kolsek (May 06)
Moritz Muehlenhoff
[SECURITY] [DSA 2228-1] iceweasel security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2230-1] qemu-kvm security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2227-1] iceape security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2239-1] libmojolicious-perl security update Moritz Muehlenhoff (May 24)
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update Moritz Muehlenhoff (May 26)
[SECURITY] [DSA 2235-1] icedove security update Moritz Muehlenhoff (May 11)
[SECURITY] [DSA 2229-1] spip security update Moritz Muehlenhoff (May 02)
[SECURITY] [DSA 2241-1] qemu-kvm security update Moritz Muehlenhoff (May 25)
[SECURITY] [DSA 2238-1] vino security update Moritz Muehlenhoff (May 19)
Netsparker Advisories
XSS vulnerability in TWiki < 5.0.2 Netsparker Advisories (May 18)
paranoia
Paranoia 2011: Call for papers paranoia (May 31)
Patrick Webster
OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability Patrick Webster (May 02)
OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability Patrick Webster (May 10)
psirt
Re: Cisco IOS SNMP Message Processing Denial Of Service Vulnerability psirt (May 05)
Re: Cisco IOS UDP Denial of Service Vulnerability psirt (May 05)
RedTeam Pentesting GmbH
[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface RedTeam Pentesting GmbH (May 04)
[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances RedTeam Pentesting GmbH (May 04)
research
PR10-17 Various XSS and information disclosure flaws within KeyFax response management system research (May 09)
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing) research (May 16)
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager) research (May 24)
PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management research (May 05)
Research@NGSSecure
NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption Research@NGSSecure (May 24)
roberto . paleari
Linux Kernel 2.6.38 Remote NULL Pointer Dereference roberto . paleari (May 16)
security
[ MDVSA-2011:082 ] python-feedparser security (May 03)
[ MDVSA-2011:099 ] libzip security (May 24)
[ MDVSA-2011:098 ] ruby security (May 24)
[ MDVSA-2011:083 ] wireshark security (May 16)
[ MDVSA-2011:094 ] pure-ftpd security (May 19)
[ MDVSA-2011:092 ] perl-IO-Socket-SSL security (May 18)
[ MDVSA-2011:095 ] apr security (May 20)
[ MDVSA-2011:088 ] mplayer security (May 16)
[ MDVSA-2011:096 ] python security (May 24)
[ MDVSA-2011:081 ] kdenetwork4 security (May 02)
[ MDVSA-2011:090 ] postfix security (May 17)
[ MDVSA-2011:102 ] rdesktop security (May 30)
[ MDVSA-2011:095-1 ] apr security (May 24)
[ MDVSA-2011:097 ] ruby security (May 24)
[ MDVSA-2011:087 ] vino security (May 16)
[ MDVSA-2011:093 ] gnome-screensaver security (May 18)
[ MDVSA-2011:080 ] mozilla-thunderbird security (May 02)
[ MDVSA-2011:100 ] cyrus-imapd security (May 24)
[ MDVSA-2011:084 ] apr security (May 16)
[ MDVSA-2011:103 ] gimp security (May 30)
[ MDVSA-2011:086 ] polkit security (May 16)
[ MDVSA-2011:079 ] firefox security (May 02)
[ MDVSA-2011:101 ] dovecot security (May 26)
[ MDVSA-2011:089 ] mplayer security (May 16)
[ MDVSA-2011:085 ] libmodplug security (May 16)
Security_Alert
ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability Security_Alert (May 16)
security-alert
[security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code security-alert (May 11)
[security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS) security-alert (May 16)
[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification security-alert (May 09)
[security bulletin] HPSBMA02661 SSRT100408 rev.3 - HP SNMP Agents Running on Linux and HP Insight Management Agents Running on Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert (May 12)
[security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert (May 09)
[security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS) security-alert (May 09)
[security bulletin] HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure security-alert (May 03)
[security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection security-alert (May 04)
[security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS) security-alert (May 09)
[security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) security-alert (May 11)
[security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files security-alert (May 11)
[security bulletin] HPSBMI02632 SSRT100379 rev.1 - HP/Palm webOS, Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized File System Write Access security-alert (May 11)
[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification security-alert (May 09)
security curmudgeon
Re: SQL Injection in Pixie security curmudgeon (May 10)
Shatter
TeamSHATTER Security Advisory: XSS in locale parameter on IASTOP_CS_FARM_PAGE.html Shatter (May 03)
TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU Shatter (May 03)
TeamSHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager Service Level component Shatter (May 03)
sschurtz
Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag" sschurtz (May 31)
Stefan Fritsch
[SECURITY] [DSA 2237-2] apr security update Stefan Fritsch (May 24)
[SECURITY] [DSA 2237-1] apr security update Stefan Fritsch (May 16)
Stefan Kanthak
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer Stefan Kanthak (May 16)
Stefano Di Paola
DOMinator - The DOMXss Analyzer Tool - is finally public Stefano Di Paola (May 18)
Steve Beattie
[USN-1126-2] PHP Regressions Steve Beattie (May 05)
supernothing
Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others supernothing (May 25)
Thijs Kinkhorst
[SECURITY] [DSA 2247-1] rails security update Thijs Kinkhorst (May 31)
Timo Warns
[PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel Timo Warns (May 11)
Tomi Tuominen
t2'11: Call for Papers 2011 (Helsinki / Finland) Tomi Tuominen (May 05)
Veronica
Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure Veronica (May 26)
VMware Security Team
VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities VMware Security Team (May 06)
vuln
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability vuln (May 04)
Cisco IOS UDP Denial of Service Vulnerability vuln (May 04)
VUPEN Security Research
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption VUPEN Security Research (May 24)
Walikar Riyaz Ahemed Dawalmalik
[CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities Walikar Riyaz Ahemed Dawalmalik (May 31)
[CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities Walikar Riyaz Ahemed Dawalmalik (May 31)
Wietse Venema
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) Wietse Venema (May 09)
Williams, James K
RE: CA20110420-02: Security Notice for CA Output Management Web Viewer Williams, James K (May 19)
Wouter Coekaerts
E-mail address spoofing with RLO Wouter Coekaerts (May 24)
Xiaobo
MalBox Release! A Program Behavior Analysis System! Xiaobo (May 16)
ZDI Disclosures
ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability ZDI Disclosures (May 09)
ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability ZDI Disclosures (May 16)
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability ZDI Disclosures (May 09)
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability ZDI Disclosures (May 09)
ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability ZDI Disclosures (May 10)
ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability ZDI Disclosures (May 11)
ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability ZDI Disclosures (May 11)