Bugtraq: by thread
233 messages
starting Apr 04 12 and
ending Apr 30 12
Date index |
Thread index |
Author index
- Landshop v0.9.2 - Multiple Web Vulnerabilities Research (Apr 04)
- VMSA-2012-0006 VMware ESXi and ESX address several security issues VMware Security Team (Apr 04)
- [SECURITY] [DSA 2445-1] typo3-src security update Florian Weimer (Apr 04)
- [SECURITY] [DSA 2442-2] openarena regression Florian Weimer (Apr 04)
- SQL injection in Wordpress plugin Buddypress ivan_terkin (Apr 04)
- [SECURITY] [DSA 2398-2] curl regression Florian Weimer (Apr 04)
- IPv6 stable privacy addresses Fernando Gont (Apr 04)
- Hackito 2012 Crypto Challenge Jonathan Brossard (Apr 04)
- [ MDVSA-2012:046 ] libpng security (Apr 04)
- [ MDVSA-2012:047 ] freeradius security (Apr 04)
- [ MDVSA-2012:048 ] mutt security (Apr 04)
- [ MDVSA-2012:049 ] nagios security (Apr 04)
- [security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection security-alert (Apr 04)
- [ MDVSA-2012:050 ] phpmyadmin security (Apr 04)
- [security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS) security-alert (Apr 04)
- [ MDVSA-2012:051 ] libvorbis security (Apr 04)
- [ MDVSA-2012:052 ] libvorbis security (Apr 04)
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research (Apr 04)
- <Possible follow-ups>
- [Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research (Apr 09)
- Arbor Networks Peakflow SP web interface XSS b . saleh (Apr 04)
- Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario (Apr 04)
- Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario (Apr 05)
- APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 Apple Product Security (Apr 04)
- Multiple vulnerabilities in osCmax advisory (Apr 04)
- 'e-ticketing' SQL Injection (CVE-2012-1673) Mark Stanislav (Apr 04)
- 'phpPaleo' Local File Inclusion (CVE-2012-1671) Mark Stanislav (Apr 04)
- [DCA-2011-0016] - Tufin SecureTrack Cross Site Script Crash (Apr 04)
- 'Hotel Booking Portal' SQL Injection (CVE-2012-1672) Mark Stanislav (Apr 04)
- [security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS) security-alert (Apr 04)
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Systems Product Security Incident Response Team (Apr 04)
- [ MDVSA-2012:053 ] ocsinventory security (Apr 04)
- [SE-2012-01] Security vulnerabilities in Java SE Security Explorations (Apr 04)
- Sourcefire Defense Center - multiple vulnerabilities. Filip Palian (Apr 04)
- [SECURITY] [DSA 2446-1] libpng security update Moritz Muehlenhoff (Apr 04)
- Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Research (Apr 04)
- ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Research (Apr 04)
- DirectAdmin v1.403 - Cross Site Scripting Vulnerability Research (Apr 04)
- [SECURITY] [DSA 2447-1] tiff security update Moritz Muehlenhoff (Apr 04)
- [ MDVSA-2012:054 ] libtiff security (Apr 05)
- [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7 Florent Daigniere (Apr 05)
- Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite nospam (Apr 05)
- Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite nospam (Apr 05)
- vBulletin 4.1.10 Sql Injection Vulnerabilitiy Amir (Apr 05)
- Sony Bravia Remote Denial of Service - CVE-2012-2210 gab . mnunes (Apr 05)
- Wordpress taggator plugin Sql Injection Vulnerabilities Amir (Apr 05)
- [waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0 come2waraxe (Apr 05)
- [waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4 come2waraxe (Apr 05)
- [security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Apr 05)
- [security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS) security-alert (Apr 05)
- [security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Apr 05)
- PHPNuke Module's Name Download SQL Injection Vulnerabilities CrAzY_CrAcKeR (Apr 09)
- [CVE-2012-1574] Apache Hadoop user impersonation vulnerability Aaron T. Myers (Apr 09)
- [waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1 come2waraxe (Apr 09)
- [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin come2waraxe (Apr 09)
- CitrusDB 2.4.1 - LFI/SQLi Vulnerability blaszczakm (Apr 09)
- [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities Research (Apr 09)
- idev Game Site CMS v1.0 - Multiple Web Vulnerabilites Research (Apr 09)
- osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Research (Apr 09)
- CsForum v0.8 - Cross Site Scripting Vulnerability Research (Apr 09)
- [Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Research (Apr 09)
- OWASP ZAP 1.4.0 released psiinon (Apr 09)
- Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue Secunia Research (Apr 09)
- Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities Secunia Research (Apr 09)
- CVE-2012-0769, the case of the perfect info leak Fermín J . Serna (Apr 09)
- [SECURITY] [DSA 2448-1] inspircd security update Jonathan Wiltshire (Apr 10)
- Matterdaddy Market v1.1 - SQL Injection Vulnerabilities Research (Apr 10)
- GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Research (Apr 10)
- [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus security-alert (Apr 11)
- [ MDVSA-2012:055 ] samba security (Apr 11)
- Android information leak sumanj (Apr 11)
- Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress advisory (Apr 11)
- Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed! info (Apr 11)
- Backtrack 5 R2 priv escalation 0day found in CTF exercise Adam Behnke (Apr 11)
- Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise InterN0T Advisories (Apr 13)
- TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command Shatter (Apr 12)
- [ MDVSA-2012:056 ] rpm security (Apr 12)
- Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Research (Apr 12)
- [Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Research (Apr 12)
- [waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0 come2waraxe (Apr 12)
- TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Trustwave Advisories (Apr 12)
- [ MDVSA-2012:057 ] freetype2 security (Apr 12)
- online newspaper university"newsdesc.php" SQL Injection Vulnerabilities CrAzY_CrAcKeR (Apr 12)
- [SECURITY] [DSA 2449-1] sqlalchemy security update Nico Golde (Apr 12)
- Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Research (Apr 12)
- [SE-2012-01] Security weakness in Apple Quicktime Java extensions Security Explorations (Apr 12)
- [SECURITY] [DSA 2450-1] samba security update Thijs Kinkhorst (Apr 13)
- APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 Apple Product Security (Apr 13)
- Erronous post concerning Backtrack 5 R2 0day Adam Behnke (Apr 13)
- Re: Erronous post concerning Backtrack 5 R2 0day Jamie Riden (Apr 13)
- VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security Team (Apr 13)
- [SECURITY] [DSA 2451-1] puppet security update Nico Golde (Apr 13)
- [ MDVSA-2012:058 ] curl security (Apr 13)
- ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Research (Apr 13)
- APPLE-SA-2012-04-13-1 Flashback malware removal tool Apple Product Security (Apr 16)
- [Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability Research (Apr 16)
- Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012 Fernando Gont (Apr 16)
- Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities CrAzY_CrAcKeR (Apr 16)
- Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo (Apr 16)
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability Vikram Dhillon (Apr 17)
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo (Apr 17)
- Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability Vikram Dhillon (Apr 17)
- Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Research (Apr 16)
- [Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Research (Apr 16)
- Passwords^12 : Call for Presentations Per Thorsheim (Apr 16)
- [CVE-2012-1621] Apache OFBiz information disclosure vulnerability Jacopo Cappellato (Apr 16)
- [CVE-2012-1622] Apache OFBiz information disclosure vulnerability Jacopo Cappellato (Apr 16)
- FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 16)
- Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 16)
- [SECURITY] [DSA 2452-1] apache2 security update Stefan Fritsch (Apr 16)
- [SECURITY] [DSA 2453-1] gajim security update Nico Golde (Apr 16)
- [ MDVSA-2012:059 ] python-sqlalchemy security (Apr 16)
- ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting ACROS Security Lists (Apr 16)
- Fwd: PHP Gift Registry 1.5.5 SQL Injection Thomas Richards (Apr 17)
- [security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alert (Apr 17)
- [security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alert (Apr 17)
- [security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alert (Apr 17)
- [security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS) security-alert (Apr 18)
- Squid URL Filtering Bypass Gabriel Menezes Nunes (Apr 18)
- Re: Squid URL Filtering Bypass Richard Barrett (Apr 19)
- Re: Squid URL Filtering Bypass Gabriel Menezes Nunes (Apr 19)
- Re: Squid URL Filtering Bypass Mario Vilas (Apr 19)
- RE: Squid URL Filtering Bypass Jim Harrison (Apr 20)
- Re: Squid URL Filtering Bypass Amos Jeffries (Apr 23)
- Re: Squid URL Filtering Bypass Gabriel Menezes Nunes (Apr 23)
- Re: Squid URL Filtering Bypass Richard Barrett (Apr 19)
- McAfee Web Gateway URL Filtering Bypass Gabriel Menezes Nunes (Apr 18)
- Re: McAfee Web Gateway URL Filtering Bypass Vikram Dhillon (Apr 23)
- RE: McAfee Web Gateway URL Filtering Bypass Jim Harrison (Apr 24)
- Re: McAfee Web Gateway URL Filtering Bypass Vikram Dhillon (Apr 23)
- Re: Wordpress advanced-text-widget Plugin Vulnerabilities Henri Salo (Apr 18)
- Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Henri Salo (Apr 18)
- Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Henri Salo (Apr 18)
- DokuWiki Ver.2012/01/25 CSRF Add User Exploit irancrash (Apr 18)
- ClubHack Magazine's April 2012 Issue is released. v . hirve (Apr 18)
- VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172) VUPEN Security Research (Apr 18)
- Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group (Apr 18)
- [ MDVSA-2012:032-1 ] mozilla security (Apr 18)
- TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Tobias Glemser (Apr 18)
- Multiple XSS vulnerabilities in XOOPS advisory (Apr 18)
- Multiple vulnerabilities in Newscoop advisory (Apr 18)
- [security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS) security-alert (Apr 18)
- ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities Security_Alert (Apr 19)
- The history of a -probably- 13 years old Oracle bug: TNS Poison Joxean Koret (Apr 19)
- <Possible follow-ups>
- Re: The history of a -probably- 13 years old Oracle bug: TNS Poison laurenz . albe (Apr 26)
- Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9 LpSolit (Apr 19)
- [SECURITY] [DSA 2453-2] gajim regression Nico Golde (Apr 19)
- Ruxcon 2012 Call For Papers cfp (Apr 19)
- VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773) VUPEN Security Research (Apr 19)
- [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64) Ange Albertini (Apr 19)
- [ MDVSA-2012:060 ] openssl security (Apr 19)
- Vulnerabilities in Samsung TV (remote controller protocol) Luigi Auriemma (Apr 19)
- [SECURITY] [DSA 2454-1] openssl security update Raphael Geissert (Apr 20)
- [security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege security-alert (Apr 20)
- DC4420 - London DEFCON - April meet - Tuesday April 24th 2012 Major Malfunction (Apr 20)
- Incomplete protection of Oracle Database locked accounts (CVE-2012-0510) Shatter (Apr 20)
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Esteban Martinez Fayo (Apr 20)
- <Possible follow-ups>
- OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Shatter (Apr 20)
- Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511) Shatter (Apr 20)
- Specially crafted Json service request allows full control over a Liferay portal instance Jelmer Kuperus (Apr 20)
- SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512) Shatter (Apr 20)
- Liferay 6.1 can be compromised in its default configuration Jelmer Kuperus (Apr 20)
- SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525) Shatter (Apr 20)
- HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526) Shatter (Apr 20)
- HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527) Shatter (Apr 20)
- Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528) Shatter (Apr 20)
- Specially crafted webdav request allows reading of local files on liferay 6.0.x Jelmer Kuperus (Apr 20)
- IPv6 host scanning in IPv6 Fernando Gont (Apr 20)
- [security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alert (Apr 20)
- XSS in Kaseya version 6.2.0.0 web interface bede (Apr 20)
- [SECURITY] [DSA 2455-1] typo3-src security update Nico Golde (Apr 23)
- [ MDVSA-2012:061 ] raptor security (Apr 23)
- [ MDVSA-2012:062 ] openoffice.org security (Apr 23)
- [ MDVSA-2012:063 ] libreoffice security (Apr 23)
- phpMyBible 0.5.1 Mutiple XSS Thomas Richards (Apr 23)
- <Possible follow-ups>
- Re: phpMyBible 0.5.1 Mutiple XSS Lostmon (Apr 23)
- [Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability Research (Apr 23)
- [Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Research (Apr 23)
- PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability Research (Apr 23)
- [Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability Research (Apr 23)
- XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Netsparker Advisories (Apr 23)
- [HITB-Announce] HITB Magazine Issue 008 (now with print edition!) Hafez Kamal (Apr 23)
- HTC IQRD Android Permission Leakage (CVE-2012-2217) VSR Advisories (Apr 23)
- .NET Framework EncoderParameter integer overflow vulnerability Akita Software Security (Apr 23)
- ChurchCMS 0.0.1 'admin.php' Multiple SQLi Thomas Richards (Apr 23)
- AST-2012-004: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team (Apr 23)
- AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver Asterisk Security Team (Apr 23)
- AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver Asterisk Security Team (Apr 23)
- WebCalendar <= 1.2.4 Two Security Vulnerabilities n0b0d13s (Apr 23)
- FYI: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Apr 23)
- RE: We're now paying up to $20,000 for web vulns in our services Jim Harrison (Apr 25)
- Re: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Apr 25)
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Charles Morris (Apr 25)
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Michal Zalewski (Apr 25)
- Re: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Apr 25)
- RE: We're now paying up to $20,000 for web vulns in our services Jim Harrison (Apr 25)
- [ MDVSA-2012:064 ] openssl0.9.8 security (Apr 24)
- RuggedCom - Backdoor Accounts in my SCADA network? You don't say... jc (Apr 24)
- [security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS) security-alert (Apr 24)
- New IETF I-D: Security Implications of IPv6 on IPv4 networks Fernando Gont (Apr 24)
- PHP Ticket System Beta 1 'p' SQL Injection Thomas Richards (Apr 24)
- [SECURITY] [DSA 2456-1] dropbear security update Moritz Muehlenhoff (Apr 25)
- [SECURITY] [DSA 2457-1] iceweasel security update Moritz Muehlenhoff (Apr 25)
- [SECURITY] [DSA 2548-1] iceape security update Moritz Muehlenhoff (Apr 25)
- [SECURITY] [DSA 2454-2] openssl incomplete fix Raphael Geissert (Apr 25)
- linux privileged and arbitrary chdir() (fixed at 5.4 cifs release) Jesús Olmos (Apr 25)
- Multiple vulnerabilities in Piwigo advisory (Apr 25)
- [SECURITY] [DSA 2460-1] asterisk security update Moritz Muehlenhoff (Apr 25)
- ToorCamp 2012: The American Hacker Camp h1kari (Apr 26)
- [SECURITY] [DSA 2459-1] quagga security update Florian Weimer (Apr 26)
- Oracle TNS Poison vulnerability is actually a 0day with no patch available Joxean Koret (Apr 26)
- PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities Thomas Richards (Apr 26)
- [security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Apr 26)
- DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal ddivulnalert (Apr 26)
- DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal ddivulnalert (Apr 26)
- [ MDVSA-2012:066 ] mozilla security (Apr 27)
- [security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware security-alert (Apr 27)
- [SECURITY] [DSA 2461-1] spip security update Moritz Muehlenhoff (Apr 27)
- DIY CMS v1.0 Poll - Multiple Web Vulnerabilities Research (Apr 27)
- DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities Research (Apr 27)
- Car Portal CMS v3.0 - Multiple Web Vulnerabilities Research (Apr 27)
- C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research (Apr 27)
- <Possible follow-ups>
- C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research (Apr 30)
- VMSA-2012-0008 VMware ESX updates to ESX Service Console VMware Security Team (Apr 27)
- [ MDVSA-2012:065 ] php security (Apr 27)
- [SECURITY] [DSA 2462-1] imagemagick security update Moritz Muehlenhoff (Apr 30)
- PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities ariosrandy (Apr 30)
- Opial CMS v2.0 - Multiple Web Vulnerabilities Research (Apr 30)
- OWASP 2012 Online Competition with Hacking-Lab Ivan Buetler (Apr 30)
- Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities Amir (Apr 30)
- Pritlog v0.821 CMS - Multiple Web Vulnerabilities Research (Apr 30)
- NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow Research@NGSSecure (Apr 30)
- NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI Research@NGSSecure (Apr 30)
- NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI Research@NGSSecure (Apr 30)
- NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM Research@NGSSecure (Apr 30)
- NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI Research@NGSSecure (Apr 30)
- NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation Research@NGSSecure (Apr 30)
- NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM Research@NGSSecure (Apr 30)
- McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability nospam (Apr 30)