Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
159 messages
starting Mar 13 13 and
ending Mar 15 13
Date index |
Thread index |
Author index
Adam Laurie
Announcing ChronIC - a wearable Sub-GHz RF hacking tool Adam Laurie (Mar 13)
advisory
McAfee Virtual Technician ActiveX Control Insecure Method advisory (Mar 27)
OS Command Injection in CosCms advisory (Mar 06)
Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6 advisory (Mar 07)
Multiple XSS vulnerabilities in Events Manager WordPress plugin advisory (Mar 06)
Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6 advisory (Mar 07)
Path Traversal in AWS XMS advisory (Mar 27)
alej andr0
WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS) alej andr0 (Mar 05)
Amos Jeffries
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Amos Jeffries (Mar 11)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Amos Jeffries (Mar 11)
Apple Product Security
APPLE-SA-2013-03-19-1 iOS 6.1.3 Apple Product Security (Mar 20)
APPLE-SA-2013-03-14-2 Safari 6.0.3 Apple Product Security (Mar 15)
APPLE-SA-2013-03-19-2 Apple TV 5.2.1 Apple Product Security (Mar 20)
APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Apple Product Security (Mar 05)
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 Apple Product Security (Mar 15)
asemailing
Workshop Proposal/Paper Submission Deadlines asemailing (Mar 28)
Asterisk Security Team
AST-2013-003: Username disclosure in SIP channel driver Asterisk Security Team (Mar 28)
AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header Asterisk Security Team (Mar 28)
AST-2013-002: Denial of Service in HTTP server Asterisk Security Team (Mar 28)
bhadresh . k . patel
SynConnect PMS SQL Injection Vulnerability bhadresh . k . patel (Mar 26)
b . saleh
Cisco Video Surveillance Operations Manager Multiple vulnerabilities b . saleh (Mar 13)
BugsNotHugs
Proofpoint Protection Server Session Persistence BugsNotHugs (Mar 04)
cfp2013 () recon cx
Recon 2013 Call For Papers - June 21-23, 2013 - Montreal, Quebec cfp2013 () recon cx (Mar 09)
Chris John Riley
Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 Chris John Riley (Mar 11)
chris . joughin
Re: SQLi found in Kodak Insite chris . joughin (Mar 14)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Protocol Translation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue Cisco Systems Product Security Incident Response Team (Mar 18)
Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 27)
come2waraxe
[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 come2waraxe (Mar 20)
[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 come2waraxe (Mar 22)
contact
Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 contact (Mar 12)
ddivulnalert
DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal ddivulnalert (Mar 15)
DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion ddivulnalert (Mar 07)
Fernando Gont
Host tracking in IPv6 (SI6 Networks' IPv6 toolkit v1.3.3) Fernando Gont (Mar 11)
Florian Weimer
[SECURITY] [DSA 2653-1] icinga security update Florian Weimer (Mar 27)
Frédéric BASSE
Re: [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability Frédéric BASSE (Mar 13)
[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability Frédéric Basse (Mar 04)
hip
WordPress podPress Plugin XSS in SWF hip (Mar 28)
info
NOPcon 2013 - Call for paper - Istanbul , Turkey info (Mar 18)
AthCon 2013 Rev. Challenge 2013 info (Mar 11)
Inshell Security
[IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation Inshell Security (Mar 20)
[IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting Inshell Security (Mar 05)
ISecAuditors Security Advisories
[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics ISecAuditors Security Advisories (Mar 11)
Jeffrey Walton
Re: Report OWASP WAF Naxsi bypass Vulnerability Jeffrey Walton (Mar 27)
Just Bugs
Verax NMS Password Replay Attack (CVE-2013-1351) Just Bugs (Mar 06)
Verax NMS Authenication Bypass (CVE-2013-1350) Just Bugs (Mar 06)
Verax NMS Password Disclosure (CVE-2013-1631) Just Bugs (Mar 06)
Verax NMS Hardcoded Private Key (CVE-2013-1352) Just Bugs (Mar 06)
king cope
Re: Kingcopes AthCon 2012 Slides & Notes --> Video online king cope (Mar 06)
Kotas, Kevin J
CA20130319-01: Security Notice for SiteMinder products using SAML Kotas, Kevin J (Mar 20)
Kurt Seifried
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried (Mar 13)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried (Mar 07)
Larry0
MiniMagic ruby gem remote code execution Larry0 (Mar 15)
Re: rpi-update tmpfile vulnerability larry0 (Mar 06)
OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability larry0 (Mar 11)
Remote command execution in Ruby Gem Command Wrap Larry0 (Mar 19)
Re: Oracle Auto Service Request /tmp file clobbering vulnerability larry0 (Mar 07)
Curl Ruby Gem Remote command execution Larry0 (Mar 15)
Remote command execution for Ruby Gem ftpd-0.2.1 larry0 (Mar 04)
Remote command execution in fastreader ruby gem larry0 (Mar 18)
Major Malfunction
DC4420 - London DEFCON - March meet - Tuesday 26th March 2013 Major Malfunction (Mar 22)
Marc Heuse
Remote system freeze thanks to Kaspersky Internet Security 2013 Marc Heuse (Mar 04)
Mark Thomas
[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples Mark Thomas (Mar 06)
Martin Braun
Open-Xchange Security Advisory 2013-03-13 Martin Braun (Mar 13)
Matt Franklin
[CVE-2013-1814] Apache Rave exposes User over API Matt Franklin (Mar 13)
Michael Gilbert
[SECURITY] [DSA 2642-1] sudo security update Michael Gilbert (Mar 09)
[SECURITY] [DSA 2652-1] libxml2 security update Michael Gilbert (Mar 26)
Moritz Muehlenhoff
[SECURITY] [DSA 2648-1] firebird2.5 security update Moritz Muehlenhoff (Mar 15)
[SECURITY] [DSA 2647-1] firebird2.1 security update Moritz Muehlenhoff (Mar 15)
[SECURITY] [DSA 2644-1] wireshark security update Moritz Muehlenhoff (Mar 14)
[SECURITY] [DSA 2655-1] rails security update Moritz Muehlenhoff (Mar 28)
[SECURITY] [DSA 2636-2] xen regression update Moritz Muehlenhoff (Mar 04)
[SECURITY] [DSA 2638-1] openafs security update Moritz Muehlenhoff (Mar 05)
[SECURITY] [DSA 2636-1] xen security update Moritz Muehlenhoff (Mar 04)
nauty . me04
Stored XSS in Terillion Reviews Wordpress Plugin nauty . me04 (Mar 09)
NCC Group Research
NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow NCC Group Research (Mar 18)
Nicolas Grégoire
Results of a XSLT fuzzing effort Nicolas Grégoire (Mar 11)
noreply
[PT-2013-17] Arbitrary Files Reading in mnoGoSearch noreply (Mar 05)
Oliver-Tobias Ripka
Skype Click to Call Update Service local privilege escalation Oliver-Tobias Ripka (Mar 15)
safe3q
Report OWASP WAF Naxsi bypass Vulnerability safe3q (Mar 26)
Salvatore Bonaccorso
[SECURITY] [DSA 2635-1] cfingerd security update Salvatore Bonaccorso (Mar 01)
[SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1 Salvatore Bonaccorso (Mar 21)
[SECURITY] [DSA 2640-1] zoneminder security update Salvatore Bonaccorso (Mar 14)
[SECURITY] [DSA 2651-1] smokeping security update Salvatore Bonaccorso (Mar 21)
[SECURITY] [DSA 2641-1] perl security update Salvatore Bonaccorso (Mar 09)
SEC Consult Vulnerability Lab
SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow SEC Consult Vulnerability Lab (Mar 13)
SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2) SEC Consult Vulnerability Lab (Mar 08)
SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1) SEC Consult Vulnerability Lab (Mar 08)
SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum SEC Consult Vulnerability Lab (Mar 11)
security
n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection security (Mar 15)
[ MDVSA-2013:021 ] java-1.6.0-openjdk security (Mar 08)
n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access security (Mar 15)
[ MDVSA-2013:024 ] firefox security (Mar 13)
[ MDVSA-2013:018 ] openssl security (Mar 06)
[ MDVSA-2013:020 ] wireshark security (Mar 08)
[ MDVSA-2013:028 ] nagios security (Mar 18)
n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection security (Mar 15)
[ MDVSA-2013:022 ] openssh security (Mar 13)
[ MDVSA-2013:023 ] coreutils security (Mar 13)
[ MDVSA-2013:027 ] clamav security (Mar 18)
[ MDVSA-2013:025 ] pidgin security (Mar 14)
[ MDVSA-2013:026 ] sudo security (Mar 18)
[ MDVSA-2013:017 ] libxml2 security (Mar 06)
n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability security (Mar 15)
[ MDVSA-2013:019 ] gnutls security (Mar 07)
Security Alert
ESA-2013-016: EMC Smarts Network Configuration Manager Security Alert (Mar 26)
ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability Security Alert (Mar 01)
ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability Security Alert (Mar 27)
security-alert
[security bulletin] HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information security-alert (Mar 27)
[security bulletin] HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Mar 27)
[security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS) security-alert (Mar 07)
[security bulletin] HPSBUX02856 SSRT101104 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure security-alert (Mar 22)
[security bulletin] HPSBOV02852 SSRT101108 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert (Mar 26)
[security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF) security-alert (Mar 26)
[security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of Information security-alert (Mar 07)
[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data security-alert (Mar 07)
Security Explorations
[SE-2011-01] PoC code for digital SAT TV research released Security Explorations (Mar 22)
[SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54) Security Explorations (Mar 18)
[SE-2012-01] One more attack affecting Oracle's Java SE 7u15 Security Explorations (Mar 04)
Slackware Security Team
[slackware-security] seamonkey (SSA:2013-072-02) Slackware Security Team (Mar 14)
[slackware-security] mozilla-thunderbird (SSA:2013-068-02) Slackware Security Team (Mar 09)
[slackware-security] ruby (SSA:2013-075-01) Slackware Security Team (Mar 18)
[slackware-security] sudo (SSA:2013-065-01) Slackware Security Team (Mar 07)
[slackware-security] mozilla-firefox (SSA:2013-068-01) Slackware Security Team (Mar 09)
[slackware-security] httpd (SSA:2013-062-01) Slackware Security Team (Mar 04)
[slackware-security] dhcp (SSA:2013-086-02) Slackware Security Team (Mar 27)
[slackware-security] perl (SSA:2013-072-01) Slackware Security Team (Mar 14)
[slackware-security] php (SSA:2013-081-01) Slackware Security Team (Mar 25)
[slackware-security] bind (SSA:2013-086-01) Slackware Security Team (Mar 27)
Stefan Fritsch
[SECURITY] [DSA 2637-1] apache2 security update Stefan Fritsch (Mar 05)
stephan . rickauer
CVE-2013-1413 stephan . rickauer (Mar 04)
Technion
rpi-update tmpfile vulnerability Technion (Mar 04)
Thijs Kinkhorst
[SECURITY] [DSA 2639-1] php5 security update Thijs Kinkhorst (Mar 06)
Thomas D.
Re: VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) Thomas D. (Mar 20)
tytusromekiatomek
Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption. tytusromekiatomek (Mar 06)
Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header tytusromekiatomek (Mar 06)
Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND tytusromekiatomek (Mar 06)
Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header tytusromekiatomek (Mar 06)
Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header tytusromekiatomek (Mar 06)
Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header tytusromekiatomek (Mar 06)
Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc tytusromekiatomek (Mar 06)
Samsung TV DoS (possible overflow) via SOAPACTION tytusromekiatomek (Mar 06)
SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2 tytusromekiatomek (Mar 06)
Vulnerability Lab
TagScanner v5.1 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Mar 13)
Vulnerability Mailbox
RE: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053) Vulnerability Mailbox (Mar 05)
VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) VUPEN Security Research (Mar 19)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) VUPEN Security Research (Mar 19)
VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) VUPEN Security Research (Mar 19)
Yves-Alexis Perez
[SECURITY] [DSA 2650-2] libvirt regression update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2649-1] lighttpd security update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2643-1] puppet security update Yves-Alexis Perez (Mar 13)
[SECURITY] [DSA 2650-1] libvirt-bin security update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2646-1] typo3-src security update Yves-Alexis Perez (Mar 18)
[SECURITY] [DSA 2645-1] inetutils security update Yves-Alexis Perez (Mar 15)