Bugtraq: by author
132 messages
starting Jan 31 13 and
ending Jan 22 13
Date index |
Thread index |
Author index
Adam Laurie
marc4dasm - Atmel MARC microprocessor disassembler published Adam Laurie (Jan 31)
advisory
Cross-Site Scripting (XSS) vulnerability in gpEasy advisory (Jan 24)
Nero MediaHome Multiple Remote DoS Vulnerabilities advisory (Jan 09)
SQL Injection Vulnerability in ImageCMS advisory (Jan 24)
Remote Buffer Overflow Vulnerability in Samsung Kies advisory (Jan 09)
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart advisory (Jan 09)
Andrea Fabrizi
Buffalo TeraStation TS-Series multiple vulnerabilities Andrea Fabrizi (Jan 31)
Apple Product Security
APPLE-SA-2013-01-28-2 Apple TV 5.2 Apple Product Security (Jan 29)
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update Apple Product Security (Jan 29)
Arne Vidström
Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) Arne Vidström (Jan 10)
Asterisk Security Team
AST-2012-014: Crashes due to large stack allocations when using TCP Asterisk Security Team (Jan 03)
AST-2012-015: Denial of Service Through Exploitation of Device State Caching Asterisk Security Team (Jan 03)
auto-bulletins
(AUSCERT#20131775e) AusCERT 2013 Call For Presentations - closing in 10 days auto-bulletins (Jan 21)
Beni_vanda
Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Beni_vanda (Jan 10)
cfp
AthCon 2013 CFP OPEN cfp (Jan 01)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team (Jan 24)
Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jan 09)
Cisco Security Advisory: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Cisco Systems Product Security Incident Response Team (Jan 09)
Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 30)
Cisco Security Advisory: Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jan 16)
Cisco Security Advisory Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Cisco Systems Product Security Incident Response Team (Jan 17)
cve-id-change
CVE ID Syntax Change - Call for Public Feedback cve-id-change (Jan 24)
cwggenius
Simple Webserver 2.3-rc1 Directory Traversal cwggenius (Jan 03)
DefenseCode
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit DefenseCode (Jan 10)
DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability DefenseCode (Jan 31)
Looking for security contacts DefenseCode (Jan 22)
devnull
Multiple Vulnerabilities in Linksys WRT54GL devnull (Jan 21)
Egidio Romano
[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability Egidio Romano (Jan 29)
Fernando Gont
IPv6: How to avoid security issues with VPN leaks on dual-stack networks Fernando Gont (Jan 24)
Recently-revised IETF I-Ds about IPv6 security Fernando Gont (Jan 21)
fineuploader
Re: Wordpress Valums Uploader - File Upload Vulnerability fineuploader (Jan 29)
Florian Weimer
[SECURITY] [DSA 2609-1] rails security update Florian Weimer (Jan 17)
[SECURITY] [DSA 2602-1] zendframework security update Florian Weimer (Jan 08)
[SECURITY] [DSA 2607-1] qemu-kvm security update Florian Weimer (Jan 15)
[SECURITY] [DSA 2608-1] qemu security update Florian Weimer (Jan 15)
Hafez Kamal
[HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb Hafez Kamal (Jan 22)
Henri Salo
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Henri Salo (Jan 11)
i
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability i (Jan 22)
i () amroot com
CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF) i () amroot com (Jan 04)
CVE-2012-6494 - Nexpose Security Console - Session Hijacking i () amroot com (Jan 04)
illSecResearchGroup
Wordpress Developer Formatter CSRF Vulnerability illSecResearchGroup (Jan 22)
WordPress SolveMedia 1.1.0 CSRF Vulnerability illSecResearchGroup (Jan 25)
Include Security Research
Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect Include Security Research (Jan 14)
Inshell Security
[IA33] Serva v2.0.0 DNS Server Remote Denial of Service Inshell Security (Jan 14)
[IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service Inshell Security (Jan 14)
Jan Lehnardt
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows Jan Lehnardt (Jan 14)
CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI Jan Lehnardt (Jan 14)
CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash Jan Lehnardt (Jan 14)
jason . doyle
CVE-2012-6452 Axway Secure Messenger Username Disclosure jason . doyle (Jan 18)
Jonathan Brossard
NoSuchCon CFP / 15-17 May 2013 / Paris, France Jonathan Brossard (Jan 21)
king cope
New Blog Post: Attacking the Windows 7/8 Address Space Randomization king cope (Jan 24)
Kotas, Kevin J
Updated - CA20121018-01: Security Notice for CA ARCserve Backup Kotas, Kevin J (Jan 14)
Kurt Seifried
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Jan 01)
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Jan 02)
Major Malfunction
DC4420 - 2013 CFP Major Malfunction (Jan 16)
DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013 Major Malfunction (Jan 23)
Released: rompar - Semi-automation tool for data extraction of microscopic Masked ROM images Major Malfunction (Jan 31)
marcelavbx
Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin marcelavbx (Jan 21)
mbsdtest01
Chrome for Android - Android APIs exposed to JavaScript mbsdtest01 (Jan 07)
Chrome for Android - UXSS via com.android.browser.application_id Intent extra mbsdtest01 (Jan 07)
Chrome for Android - Download Function Information Disclosure mbsdtest01 (Jan 07)
Chrome for Android - Bypassing SOP for Local Files By Symlinks mbsdtest01 (Jan 07)
Chrome for Android - Cookie theft from Chrome by malicious Android app mbsdtest01 (Jan 07)
Facebook for Android - Information Diclosure Vulnerability mbsdtest01 (Jan 07)
Moritz Muehlenhoff
[SECURITY] [DSA 2598-1] weechat security update Moritz Muehlenhoff (Jan 07)
[SECURITY] [DSA 2612-1] ircd-ratbox security update Moritz Muehlenhoff (Jan 25)
[SECURITY] [DSA 2603-1] emacs23 security update Moritz Muehlenhoff (Jan 09)
Moritz Naumann
XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Moritz Naumann (Jan 29)
muztapha
Charybdis: Improper assumptions in the server handshake code may lead to a remote crash muztapha (Jan 01)
n1s0o
Adobe Reader XI versions are vulnerable to a heap overflow n1s0o (Jan 29)
Nico Golde
[SECURITY] [DSA 2597-1] rails security update Nico Golde (Jan 07)
[SECURITY] [DSA 2600-1] cups security update Nico Golde (Jan 07)
NSO Research
NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/) NSO Research (Jan 17)
NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/) NSO Research (Jan 17)
Paolo Perego
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Paolo Perego (Jan 16)
psiinon
OWASP Zed Attack Proxy 2.0.0 psiinon (Jan 31)
rgilbert
Re: [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities rgilbert (Jan 16)
Re: [CVE-ID REQUEST] vBulletin - Multiple Open Redirects rgilbert (Jan 16)
roberto
Unauthenticated remote access to D-Link DCS cameras roberto (Jan 29)
Rustein, Fara Denise (LATCO - Buenos Aires)
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability Rustein, Fara Denise (LATCO - Buenos Aires) (Jan 15)
SBV Research
OrangeHRM 2.7.1 Vacancy Name Persistent XSS SBV Research (Jan 10)
SEC Consult Vulnerability Lab
SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products SEC Consult Vulnerability Lab (Jan 24)
SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability SEC Consult Vulnerability Lab (Jan 22)
SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability SEC Consult Vulnerability Lab (Jan 22)
Secunia Research
Secunia Research: Oracle Outside In Technology Paradox Database Handling Denial of Service Secunia Research (Jan 17)
Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow Secunia Research (Jan 17)
security
[ MDVSA-2013:001 ] gnupg security (Jan 02)
[ MDVSA-2013:002 ] firefox security (Jan 09)
[ MDVSA-2013:005 ] perl security (Jan 29)
[ MDVSA-2013:004 ] tomcat5 security (Jan 10)
[ MDVSA-2013:003 ] rootcerts security (Jan 09)
Security Alert
ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability Security Alert (Jan 08)
ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability Security Alert (Jan 29)
ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities Security Alert (Jan 21)
security_alert
Re: EMC Avamar: World writable cache files security_alert (Jan 21)
security-alert
[security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code security-alert (Jan 23)
[security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) security-alert (Jan 11)
[security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Jan 07)
[security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access security-alert (Jan 08)
[security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS) security-alert (Jan 31)
Security Explorations
[SE-2012-01] An issue with new Java SE 7 security features Security Explorations (Jan 29)
[SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code Security Explorations (Jan 11)
Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable Security Explorations (Jan 22)
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable Security Explorations (Jan 21)
Shakacon
ShakaCon 2013 - Call for Papers Shakacon (Jan 02)
Slackware Security Team
[slackware-security] freetype (SSA:2013-015-01) Slackware Security Team (Jan 16)
[slackware-security] mysql (SSA:2013-022-01) Slackware Security Team (Jan 23)
[slackware-security] mozilla-thunderbird (SSA:2013-009-02) Slackware Security Team (Jan 10)
[slackware-security] mozilla-firefox (SSA:2013-009-01) Slackware Security Team (Jan 10)
[slackware-security] seamonkey (SSA:2013-009-03) Slackware Security Team (Jan 10)
Stefan Kanthak
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069 Stefan Kanthak (Jan 21)
stephan . rickauer
CVE-2013-0805 / CSNC-2013-001 stephan . rickauer (Jan 24)
Thijs Kinkhorst
[SECURITY] [DSA 2613-1] rails security update Thijs Kinkhorst (Jan 30)
[SECURITY] [DSA 2605-1] asterisk security update Thijs Kinkhorst (Jan 14)
[SECURITY] [DSA 2599-1] nss security update Thijs Kinkhorst (Jan 07)
[SECURITY] [DSA 2605-2] asterisk regression update Thijs Kinkhorst (Jan 21)
[SECURITY] [DSA 2606-1] proftpd-dfsg security update Thijs Kinkhorst (Jan 14)
[SECURITY] [DSA 2604-1] rails security update Thijs Kinkhorst (Jan 09)
Timo Juhani Lindfors
Aastra IP Telephone encrypted .tuz configuration file leakage Timo Juhani Lindfors (Jan 03)
todb
CFP: InfoSec Southwest 2013 todb (Jan 07)
Vulnerability Lab
Kohana Framework v2.3.3 - Directory Traversal Vulnerability Vulnerability Lab (Jan 29)
Wordpress Valums Uploader - File Upload Vulnerability Vulnerability Lab (Jan 22)
nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities Vulnerability Lab (Jan 29)
Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Vulnerability Lab (Jan 29)
Walter Belgers
CFP Observe. Hack. Make. Walter Belgers (Jan 31)
Williams, James K
CA20121220-01: Security Notice for CA IdentityMinder [updated] Williams, James K (Jan 21)
YGN Ethical Hacker Group
Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling YGN Ethical Hacker Group (Jan 01)
TomatoCart 1.x | Unrestricted File Creation YGN Ethical Hacker Group (Jan 04)
CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Jan 01)
CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jan 01)
Yves-Alexis Perez
[SECURITY] [DSA 2611-1] movabletype-opensource security update Yves-Alexis Perez (Jan 22)
[SECURITY] [DSA 2610-1] ganglia security update Yves-Alexis Perez (Jan 22)