Bugtraq: by date

159 messages starting Mar 01 13 and ending Mar 28 13
Date index | Thread index | Author index

Friday, 01 March

ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability Security Alert
[SECURITY] [DSA 2635-1] cfingerd security update Salvatore Bonaccorso

Monday, 04 March

[SECURITY] [DSA 2636-1] xen security update Moritz Muehlenhoff
[SECURITY] [DSA 2636-2] xen regression update Moritz Muehlenhoff
[slackware-security] httpd (SSA:2013-062-01) Slackware Security Team
[SE-2012-01] One more attack affecting Oracle's Java SE 7u15 Security Explorations
rpi-update tmpfile vulnerability Technion
CVE-2013-1413 stephan . rickauer
[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability Frédéric Basse
Proofpoint Protection Server Session Persistence BugsNotHugs
Remote command execution for Ruby Gem ftpd-0.2.1 larry0
Remote system freeze thanks to Kaspersky Internet Security 2013 Marc Heuse

Tuesday, 05 March

[IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting Inshell Security
[SECURITY] [DSA 2637-1] apache2 security update Stefan Fritsch
APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Apple Product Security
[SECURITY] [DSA 2638-1] openafs security update Moritz Muehlenhoff
WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS) alej andr0
[PT-2013-17] Arbitrary Files Reading in mnoGoSearch noreply
RE: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053) Vulnerability Mailbox

Wednesday, 06 March

[SECURITY] [DSA 2639-1] php5 security update Thijs Kinkhorst
[ MDVSA-2013:017 ] libxml2 security
Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header tytusromekiatomek
Samsung TV DoS (possible overflow) via SOAPACTION tytusromekiatomek
Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header tytusromekiatomek
Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc tytusromekiatomek
SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2 tytusromekiatomek
Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header tytusromekiatomek
Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption. tytusromekiatomek
Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header tytusromekiatomek
Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND tytusromekiatomek
Re: Kingcopes AthCon 2012 Slides & Notes --> Video online king cope
Re: rpi-update tmpfile vulnerability larry0
OS Command Injection in CosCms advisory
Multiple XSS vulnerabilities in Events Manager WordPress plugin advisory
[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples Mark Thomas
Verax NMS Authenication Bypass (CVE-2013-1350) Just Bugs
Verax NMS Password Replay Attack (CVE-2013-1351) Just Bugs
Verax NMS Hardcoded Private Key (CVE-2013-1352) Just Bugs
Verax NMS Password Disclosure (CVE-2013-1631) Just Bugs
[ MDVSA-2013:018 ] openssl security

Thursday, 07 March

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion ddivulnalert
[security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS) security-alert
[slackware-security] sudo (SSA:2013-065-01) Slackware Security Team
[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data security-alert
[ MDVSA-2013:019 ] gnutls security
[security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of Information security-alert
Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6 advisory
Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6 advisory
Re: Oracle Auto Service Request /tmp file clobbering vulnerability larry0
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried

Friday, 08 March

[ MDVSA-2013:020 ] wireshark security
[ MDVSA-2013:021 ] java-1.6.0-openjdk security
SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1) SEC Consult Vulnerability Lab
SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2) SEC Consult Vulnerability Lab

Saturday, 09 March

Stored XSS in Terillion Reviews Wordpress Plugin nauty . me04
[SECURITY] [DSA 2642-1] sudo security update Michael Gilbert
[slackware-security] mozilla-thunderbird (SSA:2013-068-02) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2013-068-01) Slackware Security Team
[SECURITY] [DSA 2641-1] perl security update Salvatore Bonaccorso
Recon 2013 Call For Papers - June 21-23, 2013 - Montreal, Quebec cfp2013 () recon cx

Monday, 11 March

OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability larry0
[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics ISecAuditors Security Advisories
Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 Chris John Riley
Host tracking in IPv6 (SI6 Networks' IPv6 toolkit v1.3.3) Fernando Gont
SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum SEC Consult Vulnerability Lab
AthCon 2013 Rev. Challenge 2013 info
Results of a XSLT fuzzing effort Nicolas Grégoire
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Amos Jeffries
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Amos Jeffries

Tuesday, 12 March

Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 contact

Wednesday, 13 March

Announcing ChronIC - a wearable Sub-GHz RF hacking tool Adam Laurie
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried
TagScanner v5.1 - Stack Buffer Overflow Vulnerability Vulnerability Lab
[SECURITY] [DSA 2643-1] puppet security update Yves-Alexis Perez
Open-Xchange Security Advisory 2013-03-13 Martin Braun
SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow SEC Consult Vulnerability Lab
[ MDVSA-2013:022 ] openssh security
[CVE-2013-1814] Apache Rave exposes User over API Matt Franklin
[ MDVSA-2013:023 ] coreutils security
Cisco Video Surveillance Operations Manager Multiple vulnerabilities b . saleh
Re: [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability Frédéric BASSE
[ MDVSA-2013:024 ] firefox security

Thursday, 14 March

Re: SQLi found in Kodak Insite chris . joughin
[slackware-security] perl (SSA:2013-072-01) Slackware Security Team
[slackware-security] seamonkey (SSA:2013-072-02) Slackware Security Team
[ MDVSA-2013:025 ] pidgin security
[SECURITY] [DSA 2644-1] wireshark security update Moritz Muehlenhoff
[SECURITY] [DSA 2640-1] zoneminder security update Salvatore Bonaccorso

Friday, 15 March

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 Apple Product Security
APPLE-SA-2013-03-14-2 Safari 6.0.3 Apple Product Security
[SECURITY] [DSA 2645-1] inetutils security update Yves-Alexis Perez
Curl Ruby Gem Remote command execution Larry0
MiniMagic ruby gem remote code execution Larry0
DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal ddivulnalert
Skype Click to Call Update Service local privilege escalation Oliver-Tobias Ripka
[SECURITY] [DSA 2647-1] firebird2.1 security update Moritz Muehlenhoff
[SECURITY] [DSA 2648-1] firebird2.5 security update Moritz Muehlenhoff
n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection security
n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection security
n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability security
n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access security

Monday, 18 March

[SECURITY] [DSA 2646-1] typo3-src security update Yves-Alexis Perez
[SECURITY] [DSA 2649-1] lighttpd security update Yves-Alexis Perez
[SECURITY] [DSA 2650-1] libvirt-bin security update Yves-Alexis Perez
[slackware-security] ruby (SSA:2013-075-01) Slackware Security Team
Remote command execution in fastreader ruby gem larry0
[SECURITY] [DSA 2650-2] libvirt regression update Yves-Alexis Perez
[SE-2012-01] The "allowed behavior" in Java SE 7 (Issue 54) Security Explorations
[ MDVSA-2013:026 ] sudo security
[ MDVSA-2013:027 ] clamav security
[ MDVSA-2013:028 ] nagios security
NGS00440 Patch Notification: Windows USB RNDIS driver kernel pool overflow NCC Group Research
Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue Cisco Systems Product Security Incident Response Team
NOPcon 2013 - Call for paper - Istanbul , Turkey info

Tuesday, 19 March

Remote command execution in Ruby Gem Command Wrap Larry0
VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) VUPEN Security Research
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) VUPEN Security Research

Wednesday, 20 March

CA20130319-01: Security Notice for SiteMinder products using SAML Kotas, Kevin J
[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 come2waraxe
Re: VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) Thomas D.
APPLE-SA-2013-03-19-1 iOS 6.1.3 Apple Product Security
APPLE-SA-2013-03-19-2 Apple TV 5.2.1 Apple Product Security
[IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation Inshell Security

Thursday, 21 March

[SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1 Salvatore Bonaccorso
[SECURITY] [DSA 2651-1] smokeping security update Salvatore Bonaccorso

Friday, 22 March

[SE-2011-01] PoC code for digital SAT TV research released Security Explorations
[security bulletin] HPSBUX02856 SSRT101104 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure security-alert
[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 come2waraxe
DC4420 - London DEFCON - March meet - Tuesday 26th March 2013 Major Malfunction

Monday, 25 March

[slackware-security] php (SSA:2013-081-01) Slackware Security Team

Tuesday, 26 March

[security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF) security-alert
[SECURITY] [DSA 2652-1] libxml2 security update Michael Gilbert
Report OWASP WAF Naxsi bypass Vulnerability safe3q
SynConnect PMS SQL Injection Vulnerability bhadresh . k . patel
ESA-2013-016: EMC Smarts Network Configuration Manager Security Alert
[security bulletin] HPSBOV02852 SSRT101108 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert

Wednesday, 27 March

[security bulletin] HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[SECURITY] [DSA 2653-1] icinga security update Florian Weimer
Re: Report OWASP WAF Naxsi bypass Vulnerability Jeffrey Walton
[slackware-security] dhcp (SSA:2013-086-02) Slackware Security Team
[slackware-security] bind (SSA:2013-086-01) Slackware Security Team
Path Traversal in AWS XMS advisory
McAfee Virtual Technician ActiveX Control Insecure Method advisory
[security bulletin] HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information security-alert
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Protocol Translation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability Security Alert

Thursday, 28 March

WordPress podPress Plugin XSS in SWF hip
AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header Asterisk Security Team
AST-2013-002: Denial of Service in HTTP server Asterisk Security Team
AST-2013-003: Username disclosure in SIP channel driver Asterisk Security Team
Workshop Proposal/Paper Submission Deadlines asemailing
[SECURITY] [DSA 2655-1] rails security update Moritz Muehlenhoff

Previous period

Next period