Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
189 messages
starting Nov 01 11 and
ending Nov 30 11
Date index |
Thread index |
Author index
Tuesday, 01 November
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359] ddivulnalert
CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY tan
IBSng all version Cross-Site Scripting Vulnerability apa-iutcert
[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities Alex Legler
GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability demonalex
[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
[ MDVSA-2011:162 ] kdelibs4 security
XSS Vulnerabilities in eFront Netsparker Advisories
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3 Netsparker Advisories
Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability nospam
Wednesday, 02 November
Multiple vulnerabilities in Efront advisory
[ MDVSA-2011:163 ] phpldapadmin security
NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295) Research@NGSSecure
[ MDVSA-2011:164 ] wireshark security
Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Cisco Systems Product Security Incident Response Team
Thursday, 03 November
Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability sschurtz
Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting sschurtz
ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. Security_Alert
CmyDocument Content Management Application - XSS Vulnerabilities demonalex
[security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS) security-alert
[ MDVSA-2011:165 ] php security
ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Security_Alert
[ MDVSA-2011:166 ] php security
Friday, 04 November
Multiple BSD libc/regcomp(3) Multiple Vulnerabilities cxib
[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access security-alert
[SECURITY] [DSA 2334-1] mahara security update Moritz Muehlenhoff
[ MDVSA-2011:167 ] gimp security
Monday, 07 November
Malware detection evasion in antivirus software reset557
[SECURITY] [DSA 2335-1] man2html security update Nico Golde
[SECURITY] [DSA 2337-1] xen security update Thijs Kinkhorst
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities Alex Legler
Tuesday, 08 November
foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx
[SECURITY] [DSA 2338-1] moodle security update Moritz Muehlenhoff
TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon Trustwave Advisories
[SECURITY] [DSA 2339-1] nss security update Moritz Muehlenhoff
[SECURITY] [DSA 2336-1] ffmpeg security update Yves-Alexis Perez
[SECURITY] [DSA 2340-1] postgresql security update Thijs Kinkhorst
Cisco CUCM - Multiple Vulnerabilities entomology
IPv6 security (slides and training) Fernando Gont
New online security challenge - GotWurzel Ivan Buetler
[security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification security-alert
osCSS2 "_ID" parameter Local file inclusion sschurtz
[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Mark Thomas
Wednesday, 09 November
OrderSys <= 1.6.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab
LabStoRe <= 1.5.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Apple Product Security
[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities Code Audit Labs
[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability Code Audit Labs
Local file inclusion in VtigerCRM advisory
LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 security
Re: LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab
Multiple security vulnerabilities in AShop security
DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November Major Malfunction
[ MDVSA-2011:168 ] apache security
Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 2341-1] iceweasel security update Moritz Muehlenhoff
[ MDVSA-2011:168 ] apache security
[SECURITY] [DSA 2343-1] openssl security update Raphael Geissert
Thursday, 10 November
[SECURITY] [DSA 2342-1] iceape security update Moritz Muehlenhoff
Re: Local file inclusion in VtigerCRM n0b0d13s
Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage Sergio Gelato
[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access security-alert
Monday, 14 November
XSS vulnerability in Joomla 1.6.3 Netsparker Advisories
Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update Apple Product Security
CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass CORE Security Technologies Advisories
[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities Jose Carlos de Arriba
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 Apple Product Security
[security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code security-alert
[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access security-alert
[ MDVSA-2011:170 ] java-1.6.0-openjdk security
iGuard Biometric Access Control - Multiple Vulnerabilities research () vulnerability-lab com
[SECURITY] [DSA 2344-1] python-django-piston security update Florian Weimer
[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities Tim Sammut
[ GLSA 201111-04 ] phpDocumentor: Function call injection Tim Sammut
[ MDVSA-2011:171 ] networkmanager security
[ MDVSA-2011:172 ] libreoffice security
[ MDVSA-2011:173 ] openssl0.9.8 security
[Announcement] ClubHack Mag Issue 22- Nov 2011 Released abhijeet
[Announcement] ClubHack 2011 Hacking and Security Conference abhijeet
Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability n0b0d13s
Tuesday, 15 November
[ MDVSA-2011:174 ] graphite2 security
APPLE-SA-2011-11-14-1 iTunes 10.5.1 Apple Product Security
[ MDVSA-2011:175 ] poppler security
Wednesday, 16 November
[SECURITY] [DSA 2346-1] proftpd-dfsg security update Florian Weimer
Thursday, 17 November
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability n0b0d13s
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir
[security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert
ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability ZDI Disclosures
[SECURITY] [DSA 2346-2] proftpd-dfsg regression fix Florian Weimer
[SECURITY] [DSA 2347-1] bind9 security update Florian Weimer
CA20111116-01: Security Notice for CA Directory Kotas, Kevin J
[ MDVSA-2011:176 ] bind security
Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability Secunia Research
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities security
[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS Alexandr Polyakov
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay Alexandr Polyakov
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose Alexandr Polyakov
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose Alexandr Polyakov
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS Alexandr Polyakov
[DSECRG-11-037] SAP BW Doc - Multiple XSS Alexandr Polyakov
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability Alexandr Polyakov
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW) Alexandr Polyakov
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation Alexandr Polyakov
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering) Alexandr Polyakov
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability Alexandr Polyakov
Multiple vulnerabilities in webERP advisory
Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus James Webb
Friday, 18 November
VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Team
[ MDVSA-2011:176-1 ] bind security
[ MDVSA-2011:176-2 ] bind security
Monday, 21 November
Blogs manager <= 1.101 SQL Injection Vulnerability muuratsalo experimental hack lab
Valid tiny-erp <= 1.6 SQL Injection Vulnerability muuratsalo experimental hack lab
Freelancer calendar <= 1.01 SQL Injection Vulnerability muuratsalo experimental hack lab
wordpress Lanoba Social Plugin Xss Vulnerabilities Amir
[SECURITY] [DSA 2349-1] spip security update Moritz Muehlenhoff
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability n0b0d13s
[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities Tim Sammut
[ GLSA 201111-06 ] MaraDNS: Arbitrary code execution Alex Legler
[ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities Alex Legler
[ GLSA 201111-08 ] radvd: Multiple vulnerabilities Alex Legler
[ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection Alex Legler
[ GLSA 201111-10 ] Evince: Multiple vulnerabilities Alex Legler
[ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code Alex Legler
[SECURITY] [DSA 2350-1] freetype security update Moritz Muehlenhoff
[SECURITY] [DSA 2348-1] systemtap security update Moritz Muehlenhoff
Implications of IPv6 on network firewalls Fernando Gont
Wordpress advanced-text-widget Plugin Vulnerabilities Amir
Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities Amir
Wordpress adminimize Plugin Vulnerabilities Amir
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Ivan Buetler
Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo
Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Henri Salo
[SECURITY] [DSA 2351-1] wireshark security update Moritz Muehlenhoff
Tuesday, 22 November
Re: XSS in Tiki Wiki CMS Groupware Henri Salo
Re: jara 1.6 sql injection vulnerability Henri Salo
[security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert
Wednesday, 23 November
[SECURITY] [DSA 2352-1] puppet security update Moritz Muehlenhoff
Multiple vulnerabilities in Dolibarr advisory
NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution Research@NGSSecure
NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution Research@NGSSecure
NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution Research@NGSSecure
Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Amir
Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Amir
Wordpress enable-latex plugin Remote File Include Vulnerabilities Amir
Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Amir
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability n0b0d13s
Debut issue of Web App Pentesting Magazine - Free Download! maciej . kozuszek
TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Tobias Glemser
[ MDVSA-2011:177 ] freetype2 security
Thursday, 24 November
[security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert
[security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) security-alert
Friday, 25 November
0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 0a29 40
[SECURITY] [DSA 2353-1] ldns security update Moritz Muehlenhoff
Monday, 28 November
[ MDVSA-2011:178 ] glibc security
[ MDVSA-2011:179 ] glibc security
Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Amir
Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2 Luigi Auriemma
Vulnerabilities in Siemens Automation License Manager Luigi Auriemma
[ MDVSA-2011:180 ] php-suhosin security
ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability ZDI Disclosures
ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability ZDI Disclosures
Tuesday, 29 November
MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter marian . ventuneac
Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits Nick Freeman
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability demonalex
Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Alex Davis
Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 Luigi Auriemma
Wednesday, 30 November
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011 Dragos Ruiu
Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 Daniel Roethlisberger
Multiple vulnerabilities in OrangeHRM advisory
Sql injection in SugarCRM advisory
New issue of PenTest Magazine is out - 21 pages of free content. maciej . kozuszek
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities n0b0d13s
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Amir
Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Amir
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability security
[SECURITY] [DSA 2354-1] cups security update Yves-Alexis Perez