Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
173 messages
starting Mar 01 12 and
ending Mar 30 12
Date index |
Thread index |
Author index
Thursday, 01 March
[ MDVSA-2012:028 ] libxslt security
Friday, 02 March
[Suspected Spam] FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability research () vulnerability-lab com
[Suspected Spam] Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities research () vulnerability-lab com
Monday, 05 March
[SECURITY] [DSA 2423-1] movabletype-opensource security update Florian Weimer
Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D) Fernando Gont
Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability demonalex
[SECURITY] [DSA 2424-1] libxml-atom-perl security update Florian Weimer
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process) Stefan Kanthak
[SECURITY] [DSA 2425-1] plib security update Florian Weimer
Symfony2 Local File Disclosure - Security Advisory - SOS-12-002 Lists
Timesheet Next Gen 1.5.2 Multiple SQLi Thomas Richards
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Tuesday, 06 March
11in1 CMS v1.2.1 - SQL Injection Vulnerabilities admin@v-lab
[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface Joao Paulo Caldas Campello
[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection Joao Paulo Caldas Campello
ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability Security_Alert
Wednesday, 07 March
[SECURITY] [DSA 2426-1] gimp security update Florian Weimer
[SECURITY] [DSA 2427-1] imagemagick security update Florian Weimer
[security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert
XCon 2012 XFocus Information Security Conference Call for Paper xcon
Multiple XSS in Fork CMS advisory
Multiple SQL injections in rivettracker <=1.03 ali . raheem
OSClass directory traversal (leads to arbitrary file upload) Filippo Cavallarin
[security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert
Thursday, 08 March
[SECURITY] [DSA 2429-1] mysql-5.1 security update Florian Weimer
APPLE-SA-2012-03-07-1 iTunes 10.6 Apple Product Security
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update Apple Product Security
APPLE-SA-2012-03-07-3 Apple TV 5.0 Apple Product Security
[Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability research () vulnerability-lab com
[Suspected Spam] Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities research () vulnerability-lab com
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities research () vulnerability-lab com
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities research () vulnerability-lab com
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability research () vulnerability-lab com
SAP Business Objects XI R2 Infoview Multiple XSS vulns
Iciniti Store SQL Injection - Security Advisory - SOS-12-003 Lists
gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Mark Krenz
Eleytt Research ER-03-2012 Michal Bucko
[SECURITY] [DSA 2428-1] freetype security update Moritz Muehlenhoff
Friday, 09 March
Re: gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk Dmitry Yu. Bolkhovityanov
VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Team
VMSA-2012-0003 VMware VirtualCenter Update and ESX 3.5 patch update JRE VMware Security Team
Re: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS Henri Salo
LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption Markus Vervier
Monday, 12 March
Synology Photo Station 5 - Reflected Cross-Site Scripting simon . ganiere
Wikidforum 2.10 Multiple security vulnerabilities sschurtz
Re: Ariadne 2.7.6 Multiple XSS vulnerabilities Henri Salo
[SECURITY] [DSA 2430-1] python-pam security update Moritz Muehlenhoff
[SECURITY] [DSA 2431-1] libdbd-pg-perl security update Moritz Muehlenhoff
OSI Security: CheckPoint Firewall VPN - Information Disclosure Patrick Webster
Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List
Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004 Lists
APPLE-SA-2012-03-12-1 Safari 5.1.4 Apple Product Security
[SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update Moritz Muehlenhoff
Tuesday, 13 March
[security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code security-alert
Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417] Narendra Shinde
ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities Security_Alert
Announcing Hackademic CFP B Potter
PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability moshez
Wednesday, 14 March
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team
Struts2 Security Challenge Ivan Buetler
Oracle Exadata Infiniband Switch default logins and world readable shadow file larry0
Thursday, 15 March
Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Security Mailing List
nginx fix for malformed HTTP responses from upstream servers security-bulletin
WikyBlog 1.7.3RC2 XSS vulnerability sschurtz
Friday, 16 March
[SECURITY] [DSA 2433-1] iceweasel security update Moritz Muehlenhoff
AST-2012-002: Remote Crash Vulnerability in Milliwatt Application Asterisk Security Team
AST-2012-003: Stack Buffer Overflow in HTTP Manager Asterisk Security Team
VMSA-2012-0004 VMware View privilege escalation and cross-site scripting VMware Security Team
[ MDVSA-2012:029 ] pidgin security
[ MDVSA-2012:030 ] systemd security
[Announcement] ClubHack Mag - Call for Articles abhijeet
Monday, 19 March
VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues VMware Security Team
[ MDVSA-2012:031 ] firefox security
Re: WikyBlog 1.7.3RC2 XSS vulnerability Henri Salo
Android wipe unreliable Jan Schejbal
[security bulletin] HPSBPI02728 SSRT100692 rev.5 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert
at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability demonalex
ESA-2012-014: RSA enVision Multiple Vulnerabilities Security_Alert
Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability nospam
SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom SEC Consult Vulnerability Lab
Re: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) vince
RE: Android wireless accepts fake response (No interaction requires) (Vulnerability ?) Joe Arnold
Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug" CXySuYg5DuKktzX
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability nospam
VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768) VUPEN Security Research
Evasion attacks expoliting file-parsing vulnerabilities in antivirus products sumanj
Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass RGill
[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update Thijs Kinkhorst
Re: [oss-security] Case YVS Image Gallery Kurt Seifried
Tuesday, 20 March
[SECURITY] [DSA 2434-1] nginx security update Luciano Bello
[SECURITY] [DSA 2435-1] gnash security update Gabriele Giacone
[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability david . kurz
[security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
Regarding MS12-020 Thor (Hammer of God)
[ MDVSA-2012:032 ] mozilla security
Wednesday, 21 March
Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 Security
Cyberoam Unified Threat Management: Insecure Password Handling Saurabh Harit
Cyberoam Unified Threat Management: OS Command Execution Saurabh Harit
Multiple vulnerabilities in Open Journal Systems (OJS) advisory
CMSimple_XH 1.5.2 Cross-site Scripting vulnerability sschurtz
[ MDVSA-2012:033 ] libpng security
Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter) Irene Abezgauz
[SECURITY] [DSA 2437-1] icedove security update Moritz Muehlenhoff
RE: Regarding MS12-020 Jim Harrison
RE: Regarding MS12-020 Thor (Hammer of God)
Thursday, 22 March
CA20120320-01: Security Notice for CA ARCserve Backup Kotas, Kevin J
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability nospam
Friday, 23 March
struts2 xsltResult Local code execution vulnerability voidloafer
[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter Martin Grigorov
[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability Martin Grigorov
Prado TJavaScript::encode() script injection vulnerability gabor . berczi
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) Mark Stanislav
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) Mark Stanislav
[SECURITY] [DSA 2438-1] raptor security update Moritz Muehlenhoff
[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 Leif Hedstrom
[SECURITY] [DSA 2439-1] libpng security update Moritz Muehlenhoff
[ MDVSA-2012:034 ] libzip security
[ MDVSA-2012:035 ] file security
[ MDVSA-2012:036 ] libsoup security
[ MDVSA-2012:037 ] cyrus-imapd security
Tuesday, 27 March
CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories
[SECURITY] [DSA 2440-1] libtasn1-3 security update Florian Weimer
SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer
[SECURITY] [DSA 2441-1] gnutls26 security update Florian Weimer
Traffic amplification via Quake 3-based servers Simon McVittie
[ MDVSA-2012:038 ] openssl security
Matthew1471s ASP BlogX - XSS Vulnerabilities demonalex
[SECURITY] [DSA 2442-1] openarena security update Florian Weimer
[SECURITY] [DSA 2443-1] linux-2.6 security update dann frazier
[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip Timo Warns
[ MDVSA-2012:039 ] libtasn1 security
[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0 come2waraxe
PcwRunAs Password Obfuscation Design Flaw otr
[ MDVSA-2012:040 ] gnutls security
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer
[ MDVSA-2012:041 ] expat security
Wednesday, 28 March
[ MDVSA-2012:042 ] wireshark security
[security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) security-alert
[security bulletin] HPSBMU02744 SSRT100776 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert
[security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data security-alert
[security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow nospam
Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution nospam
D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability nospam
Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability nospam
Thursday, 29 March
OWASP AppSec Research EU CFP/CFT OWASP AppSec EU
[SECURITY] [DSA 2444-1] tryton-server security update Florian Weimer
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens Research@NGSSecure
NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts Research@NGSSecure
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators Research@NGSSecure
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI Research@NGSSecure
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked Research@NGSSecure
NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user Research@NGSSecure
[ MDVSA-2012:043 ] nginx security
[ MDVSA-2012:044 ] cvs security
Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Netsparker Advisories
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 come2waraxe
Friday, 30 March
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Research
PHP 5.4/5.3 deprecated eregi() memory_limit bypass cxib
[ MDVSA-2012:045 ] gnutls security
Intuit Help System Protocol URL Heap Corruption and Memory Leak ds . adv . pub
Intuit Help System Protocol File Retrieval ds . adv . pub
VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation ds . adv . pub