Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

382 messages starting Apr 15 12 and ending Apr 24 12
Date index | Thread index | Author index

_

Re: Most Linux distributions don't use tmpfs nor encrypt swap by default _ (Apr 15)

アドリアンヘンドリック

Re(3): An April Fools' Day Android Payload アドリアンヘンドリック (Apr 02)
Re(2): An April Fools' Day Android Payload アドリアンヘンドリック (Apr 02)

Aaron T. Myers

[CVE-2012-1574] Apache Hadoop user impersonation vulnerability Aaron T. Myers (Apr 06)

Abhijeet Patil

[Announcement] CHMag's Issue 27, April 2012 Released Abhijeet Patil (Apr 18)

ACROS Security Lists

ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting ACROS Security Lists (Apr 11)

adam

Re: Windows XP denial of service 0day found in CTF exercise adam (Apr 17)

Adam Behnke

Hacking AutoUpdate by Injecting Fake Updates Adam Behnke (Apr 03)
Erronous post concerning Backtrack 5 R2 0day Adam Behnke (Apr 12)
Backtrack 5 R2 priv escalation 0day found in CTF exercise Adam Behnke (Apr 11)
Hacking WolframAlpha Adam Behnke (Apr 24)
SQL Injection through HTTP Headers Adam Behnke (Apr 04)
Windows XP denial of service 0day found in CTF exercise Adam Behnke (Apr 16)

Adam Zabrocki

Apache 2.2.xx 0day exploit Adam Zabrocki (Apr 02)

Akita Software Security

.NET Framework EncoderParameter integer overflow vulnerability Akita Software Security (Apr 23)

Alex Buie

Re: phpMyBible 0.5.1 Mutiple XSS Alex Buie (Apr 23)
Re: Fwd: Vulnerability research and exploit writing Alex Buie (Apr 25)

Almaz

March 2012 mini Threat Intelligence report Almaz (Apr 01)

Andrew Farmer

Re: Re(2): An April Fools' Day Android Payload Andrew Farmer (Apr 02)

Asterisk Security Team

AST-2012-004: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team (Apr 23)
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver Asterisk Security Team (Apr 23)
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver Asterisk Security Team (Apr 23)

Benjamin Kreuter

Re: incorrect integer conversions in OpenSSL can result in memory corruption. Benjamin Kreuter (Apr 19)

Benji

Re: Vulnerability in Gentoo hardened Benji (Apr 25)
Re: Vulnerability in Gentoo hardened Benji (Apr 25)
Re: Vulnerability in Gentoo hardened Benji (Apr 25)
Re: Erronous post concerning Backtrack 5 R2 0day Benji (Apr 12)
Re: Vulnerability in Gentoo hardened Benji (Apr 25)
Re: Compromised VPN provider out there? Benji (Apr 10)

BMF

Re: phpMyBible 0.5.1 Mutiple XSS BMF (Apr 22)
Re: phpMyBible 0.5.1 Mutiple XSS BMF (Apr 22)

Bob McConnell

Re: We're now paying up to $20, 000 for web vulns in our services Bob McConnell (Apr 27)

Carlo Di Dato

LibreOffice 3.5.2.2 - memory corruption with a specific .rtf file Carlo Di Dato (Apr 18)
SumatraPDF v2.0.1 chm and mobi files memory corruption Carlo Di Dato (Apr 23)
BeyondCHM 1.1 Buffer Overflow Carlo Di Dato (Apr 24)
Mobipocket Reader version 6.2 Build 608 Buffer Overflow Carlo Di Dato (Apr 23)

Carl "Thomas" Guething

Re: mac trojan Carl "Thomas" Guething (Apr 06)

cfp

Ruxcon 2012 Call For Papers cfp (Apr 19)

Champ Clark III

Sagan 0.2.1 [Security Event/Log Analyzer] Released. Champ Clark III (Apr 05)

Charles Morris

Re: Hacking AutoUpdate by Injecting Fake Updates Charles Morris (Apr 03)
Re: We're now paying up to $20, 000 for web vulns in our services Charles Morris (Apr 24)

Charlie Derr

Re: [funsec] mac trojan Charlie Derr (Apr 06)
Re: We're now paying up to $20, 000 for web vulns in our services Charlie Derr (Apr 27)

Christian Sciberras

Re: DoS vulnerability in WordPress Christian Sciberras (Apr 20)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Systems Product Security Incident Response Team (Apr 04)

coderman

Re: (no subject) coderman (Apr 25)

CorryL

WordPress BruteForce Script CorryL (Apr 29)

Cristina Pascual

Last Mile, April 20 || CfP: SECURWARE 2012 || August 19-24, 2012 - Rome, Italy Cristina Pascual (Apr 12)

Dan Rosenberg

An April Fools' Day Android Payload Dan Rosenberg (Apr 01)
Re: An April Fools' Day Android Payload Dan Rosenberg (Apr 02)

Dave

Re: PenTest Market is for FREE Now Dave (Apr 06)
Re: new law proposal on EU against hacking tools and practices Dave (Apr 09)
Re: www.LEORAT.com is scam Dave (Apr 03)
Re: www.LEORAT.com is scam Dave (Apr 02)
Re: www.LEORAT.com is scam Dave (Apr 02)

David3 Gonnella

Re: Vulnerability in Backtrack David3 Gonnella (Apr 24)
Re: Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities David3 Gonnella (Apr 16)

ddivulnalert

DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal ddivulnalert (Apr 27)
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal ddivulnalert (Apr 27)

Dennis

Re: mac trojan Dennis (Apr 05)

Disposable

Re: Vulnerability in Backtrack Disposable (Apr 25)

Dobbins, Roland

Re: Attacking Critical Internet Infrastructure Dobbins, Roland (Apr 22)

Douglas Huff

Re: incorrect integer conversions in OpenSSL can result in memory corruption. Douglas Huff (Apr 20)

Elazar Broad

Re: Fwd: Vulnerability research and exploit writing Elazar Broad (Apr 24)
Re: Windows XP denial of service 0day found in CTF exercise Elazar Broad (Apr 17)

fabrice

Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. fabrice (Apr 07)

Fatherlaptop

Drop box Fatherlaptop (Apr 06)

Feighen Oosterbroek

Re: Most Linux distributions don't use tmpfs nor encrypt swap by default Feighen Oosterbroek (Apr 13)

Ferenc Kovacs

Fwd: Vulnerability research and exploit writing Ferenc Kovacs (Apr 24)

Fermín J . Serna

CVE-2012-0769, the case of the perfect info leak Fermín J . Serna (Apr 09)

Fernando Gont

IPv6 host scanning in IPv6 Fernando Gont (Apr 20)
Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012 Fernando Gont (Apr 14)
New IETF I-D: Security Implications of IPv6 on IPv4 networks Fernando Gont (Apr 24)

Filip Palian

Sourcefire Defense Center - multiple vulnerabilities. Filip Palian (Apr 04)

fireball9

Attacking Critical Internet Infrastructure fireball9 (Apr 22)

Florent Daigniere

[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7 Florent Daigniere (Apr 05)

Florian Weimer

[SECURITY] [DSA 2459-1] quagga security update Florian Weimer (Apr 25)

Gabriel S. Craciun

Re: Full-Disclosure Digest, Vol 86, Issue 34 Gabriel S. Craciun (Apr 26)

Gage Bystrom

Re: keeping data safe offline Gage Bystrom (Apr 10)
Re: Vulnerability in Backtrack Gage Bystrom (Apr 24)
Re: Vulnerability in Backtrack Gage Bystrom (Apr 24)
Re: Working to get more people to check if their infected with DNS Changer Gage Bystrom (Apr 04)
Re: nullsec-bypass-aslr.pdf - ASLR / ASLR bypass techniques Gage Bystrom (Apr 15)

Georgi Guninski

Re: Vulnerability in Gentoo hardened Georgi Guninski (Apr 25)
So, so you think you can tell April 1 joke from a 0day? Georgi Guninski (Apr 01)
Re: We're now paying up to $20, 000 for web vulns in our services Georgi Guninski (Apr 25)
Re: Vulnerability in Gentoo hardened Georgi Guninski (Apr 25)

Grandma Eubanks

Re: Most Linux distributions don't use tmpfs nor encrypt swap by default Grandma Eubanks (Apr 12)

Hafez Kamal

[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) Hafez Kamal (Apr 23)

Henri Salo

Re: PenTest is one year old now Henri Salo (Apr 20)

HI-TECH .

Last public release HI-TECH . (Apr 03)

imipak

FW: (no subject) imipak (Apr 25)

InterN0T Advisories

Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise InterN0T Advisories (Apr 12)
DoS vulnerability in MustLive InterN0T Advisories (Apr 15)
Re: Brute Force vulnerability in WordPress InterN0T Advisories (Apr 04)
Re: DoS vulnerabilities in Firefox, Internet Explorer and Opera InterN0T Advisories (Apr 30)

Jacopo Cappellato

[CVE-2012-1621] Apache OFBiz information disclosure vulnerability Jacopo Cappellato (Apr 16)
[CVE-2012-1622] Apache OFBiz information disclosure vulnerability Jacopo Cappellato (Apr 16)

James Condron

Re: Vulnerability in Backtrack James Condron (Apr 25)
Re: Fwd: Vulnerability research and exploit writing James Condron (Apr 25)

Jason Hellenthal

Re: phpMyBible 0.5.1 Mutiple XSS Jason Hellenthal (Apr 23)
Re: Thor's Private Key Jason Hellenthal (Apr 09)
Re: HTC IQRD Android Permission Leakage (CVE-2012-2217) Jason Hellenthal (Apr 22)

Javier Reoyo

Re: DoS vulnerability in WordPress Javier Reoyo (Apr 17)

jc

RuggedCom - Backdoor Accounts in my SCADA network? You don't say... jc (Apr 24)

Jeff Kell

Re: STEP Security Jeff Kell (Apr 01)

Jeffrey Walton

Re: HTC IQRD Android Permission Leakage (CVE-2012-2217) Jeffrey Walton (Apr 21)
Re: incorrect integer conversions in OpenSSL can result in memory corruption. Jeffrey Walton (Apr 21)
Re: incorrect integer conversions in OpenSSL can result in memory corruption. Jeffrey Walton (Apr 21)
Re: phpMyBible 0.5.1 Mutiple XSS Jeffrey Walton (Apr 22)
Re: mac trojan Jeffrey Walton (Apr 05)

Jerome Athias

Opcodes Database Revival Jerome Athias (Apr 24)
Re: [New tool] - Exploit Pack - Web Security Jerome Athias (Apr 24)
XSS in UMP-Sarkozy mailer system Jerome Athias (Apr 30)
MoroccoTel Box Default Open Telnet Password Jerome Athias (Apr 25)
CWEs translation Jerome Athias (Apr 30)

Jim Harrison

Re: We're now paying up to $20, 000 for web vulns in our services Jim Harrison (Apr 25)
Re: We're now paying up to $20, 000 for web vulns in our services Jim Harrison (Apr 24)
Re: We're now paying up to $20, 000 for web vulns in our services Jim Harrison (Apr 26)

John Cartwright

List Charter John Cartwright (Apr 10)

John Jacobs

Re: PenTest Market is for FREE Now John Jacobs (Apr 06)

Jonathan Wiltshire

[SECURITY] [DSA 2448-1] inspircd security update Jonathan Wiltshire (Apr 10)

Jon Dowland

Re: Most Linux distributions don't use tmpfs nor encrypt swap by default Jon Dowland (Apr 19)

J. Oquendo

STEP Security J. Oquendo (Apr 01)

Jose Miguel Esparza

[Tool] New release of peepdf (PDF analysis) Jose Miguel Esparza (Apr 02)

Joxean Koret

Oracle TNS Poison vulnerability is actually a 0day with no patch available Joxean Koret (Apr 26)
The history of a -probably- 13 years old Oracle bug: TNS Poison Joxean Koret (Apr 18)

Justin C. Klein Keane

Re: Windows XP denial of service 0day found in CTF exercise Justin C. Klein Keane (Apr 17)

klondike

Vulnerability in Gentoo hardened klondike (Apr 24)
XSS parameter injection in the search field of http://chicasdetorbe.com klondike (Apr 20)
FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. klondike (Apr 07)

Krzysztof Marczyk

10 Ways to Enhance Your Career in Information Security Krzysztof Marczyk (Apr 18)
PenTest Market is for FREE Now Krzysztof Marczyk (Apr 06)
PenTest is one year old now Krzysztof Marczyk (Apr 20)

Kurt Seifried

Re: DoS vulnerability in WordPress Kurt Seifried (Apr 17)

Laurelai

Re: Vulnerability in Gentoo hardened Laurelai (Apr 25)
Re: phpMyBible 0.5.1 Mutiple XSS Laurelai (Apr 22)
Re: Vulnerability in Gentoo hardened Laurelai (Apr 25)
Re: Vulnerability in Gentoo hardened Laurelai (Apr 25)
Re: phpMyBible 0.5.1 Mutiple XSS Laurelai (Apr 22)
Re: Vulnerability in Gentoo hardened Laurelai (Apr 25)
Re: Vulnerability in Gentoo hardened Laurelai (Apr 25)
Re: Vulnerability in Gentoo hardened Laurelai (Apr 25)

Levent Kayan

nullsec-bypass-aslr.pdf - ASLR / ASLR bypass techniques Levent Kayan (Apr 15)

Lincoln Anderson

Re: Hacking WolframAlpha Lincoln Anderson (Apr 25)

luks

Weak password reset token & code exec in ownCloud 3.0.0 luks (Apr 20)

Major Malfunction

DC4420 - London DEFCON - April meet - Tuesday April 24th 2012 Major Malfunction (Apr 20)

Manu

PHP Denial of Service - Memory leak in getimagesize(). Manu (Apr 29)

Marcio B. Jr.

Re: We're now paying up to $20, 000 for web vulns in our services Marcio B. Jr. (Apr 27)

Mario Vilas

Re: [New tool] - Exploit Pack - Web Security Mario Vilas (Apr 24)
Re: [New tool] - Exploit Pack - Web Security Mario Vilas (Apr 26)

Mark J Cox

OpenSSL Security Advisory Mark J Cox (Apr 24)

Mark Krenz

Re: Most Linux distributions don't use tmpfs nor encrypt swap by default Mark Krenz (Apr 13)
Most Linux distributions don't use tmpfs nor encrypt swap by default Mark Krenz (Apr 12)
Re: Most Linux distributions don't use tmpfs nor encrypt swap by default Mark Krenz (Apr 17)

Mark Stanislav

'Hotel Booking Portal' SQL Injection (CVE-2012-1672) Mark Stanislav (Apr 04)
'phpPaleo' Local File Inclusion (CVE-2012-1671) Mark Stanislav (Apr 04)
'e-ticketing' SQL Injection (CVE-2012-1673) Mark Stanislav (Apr 04)

Martin Allert

Re: phpMyBible 0.5.1 Mutiple XSS Martin Allert (Apr 26)

Memory Vandal

Re: Windows XP denial of service 0day found in CTF exercise Memory Vandal (Apr 17)
Re: Windows XP denial of service 0day found in CTF exercise Memory Vandal (Apr 17)
Re: STEP Security Memory Vandal (Apr 01)

Mezgani Ali via LinkedIn

Invitation to connect on LinkedIn Mezgani Ali via LinkedIn (Apr 13)

mgogoulos

[Tool] Introducing plown: security scanner for Plone CMS mgogoulos (Apr 24)

Michael Wood

Re: FW: (no subject) Michael Wood (Apr 25)

Michal Zalewski

Re: We're now paying up to $20, 000 for web vulns in our services Michal Zalewski (Apr 24)
Re: Fwd: Vulnerability research and exploit writing Michal Zalewski (Apr 24)
Re: We're now paying up to $20, 000 for web vulns in our services Michal Zalewski (Apr 24)
FYI: We're now paying up to $20, 000 for web vulns in our services Michal Zalewski (Apr 23)

Michele Orru

Re: [New tool] - Exploit Pack - Web Security Michele Orru (Apr 26)
Re: [New tool] - Exploit Pack - Web Security Michele Orru (Apr 24)

Mihamina Rakotomandimby

Re: Windows XP denial of service 0day found in CTF exercise Mihamina Rakotomandimby (Apr 17)

Milan Berger

Re: Vulnerability in Gentoo hardened Milan Berger (Apr 24)

Moritz Muehlenhoff

[SECURITY] [DSA 2447-1] tiff security update Moritz Muehlenhoff (Apr 04)
[SECURITY] [DSA 2462-1] imagemagick security update Moritz Muehlenhoff (Apr 29)
[SECURITY] [DSA 2457-1] iceweasel security update Moritz Muehlenhoff (Apr 24)
[SECURITY] [DSA 2456-1] dropbear security update Moritz Muehlenhoff (Apr 24)
[SECURITY] [DSA 2461-1] spip security update Moritz Muehlenhoff (Apr 26)
[SECURITY] [DSA 2460-1] asterisk security update Moritz Muehlenhoff (Apr 25)
[SECURITY] [DSA 2548-1] iceape security update Moritz Muehlenhoff (Apr 24)
[SECURITY] [DSA 2446-1] libpng security update Moritz Muehlenhoff (Apr 04)

murtuja bharmal

nullcon Delhi 2012 Call for Paper/Call for Event murtuja bharmal (Apr 28)

MustLive

IA, CSRF and FPD vulnerabilities in Organizer for WordPress MustLive (Apr 26)
Re: DoS vulnerability in WordPress MustLive (Apr 20)
Re: Brute Force vulnerability in WordPress MustLive (Apr 04)
DoS vulnerabilities in Firefox, Internet Explorer and Opera MustLive (Apr 30)
DoS vulnerability in WordPress MustLive (Apr 15)
XSS and FPD vulnerabilities in Organizer for WordPress MustLive (Apr 22)
XSS, CSRF and AFU vulnerabilities in Organizer for WordPress MustLive (Apr 25)

Nahuel Grisolia

Dolibarr ERP & CRM OS Command Injection Nahuel Grisolia (Apr 06)

Netsparker Advisories

XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Netsparker Advisories (Apr 23)

Nick FitzGerald

Re: STEP Security Nick FitzGerald (Apr 01)

Nico Golde

[SECURITY] [DSA 2455-1] typo3-src security update Nico Golde (Apr 20)
[SECURITY] [DSA 2453-2] gajim regression Nico Golde (Apr 19)
[SECURITY] [DSA 2453-1] gajim security update Nico Golde (Apr 16)
[SECURITY] [DSA 2451-1] puppet security update Nico Golde (Apr 13)
[SECURITY] [DSA 2449-1] sqlalchemy security update Nico Golde (Apr 12)

Nicolas Waisman

Hack Cup 2012 Nicolas Waisman (Apr 18)

Nikhil Mittal

Teensy USB HID (and Kautilya) for Penetration Testers - Part 2 - Basics of Arduino and Hello World Nikhil Mittal (Apr 09)
Teensy USB HID (and Kautilya) for Penetration Testers Nikhil Mittal (Apr 04)

nix

Re: Compromised VPN provider out there? nix (Apr 09)

noreply () exploitpack com

[New tool] - Exploit Pack - Web Security noreply () exploitpack com (Apr 24)

Patrick Klos

hi Patrick Klos (Apr 13)

paul . szabo

Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo (Apr 14)
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul . szabo (Apr 16)

Pedro Martelletto

Re: Most Linux distributions don't use tmpfs nor encrypt swap by default Pedro Martelletto (Apr 16)

Pete Herzog

Mind Control Security Awareness Pete Herzog (Apr 03)

psy

new law proposal on EU against hacking tools and practices psy (Apr 09)
CIntruder v0.2 released psy (Apr 26)
CIntruder v0.1 psy (Apr 09)

QUAKER DOOMER

winAUTOPWN v3.0 Released QUAKER DOOMER (Apr 17)

R00T_ATI

Re: WordPress BruteForce Script R00T_ATI (Apr 29)

Ramon de C Valle

Re: We're now paying up to $20, 000 for web vulns in our services Ramon de C Valle (Apr 24)

Ramon Driessen

(no subject) Ramon Driessen (Apr 25)

rancor

Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. rancor (Apr 07)

RandallM

mac trojan RandallM (Apr 05)

Rand Flieger

Patrick Belcher Rand Flieger (Apr 12)

Raphael Geissert

[SECURITY] [DSA 2454-1] openssl security update Raphael Geissert (Apr 20)
[SECURITY] [DSA 2454-2] openssl incomplete fix Raphael Geissert (Apr 25)

Research

China Pujia Government - Blind SQL Injection Vulnerability Research (Apr 29)
EmbryoCore CMS v1.03 - Multiple Web Vulnerabilities Research (Apr 15)
CRUNCH TV SHOW - Live Stream & Security Videos Research (Apr 12)
Astaro Command Center v2.x - Multiple Web Vulnerabilities Research (Apr 03)
Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Research (Apr 23)
US UF Services EDU Health - File Include Vulnerability Research (Apr 08)
CsForum v0.8 - Cross Site Scripting Vulnerability Research (Apr 08)
Pritlog v0.821 CMS - Multiple Web Vulnerabilities Research (Apr 30)
Opial CMS v2.0 - Multiple Web Vulnerabilities Research (Apr 29)
K-Meleon Browser v1.5.4 - Denial of Service Vulnerability Research (Apr 15)
IPhone TreasonSMS - HTML Inject & File Include Vulnerability Research (Apr 23)
Car Portal CMS v3.0 - Multiple Web Vulnerabilities Research (Apr 27)
Microsoft MSDN - Persistent Web Service Vulnerability Research (Apr 09)
GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Research (Apr 10)
China Pujiang Government - Blind SQL Injection Vulnerability Research (Apr 29)
Croogo v1.3.4 CMS - Multiple Web Vulnerabilities Research (Apr 29)
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research (Apr 27)
National Center EDU Research - SQL Injection Vulnerability Research (Apr 10)
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Research (Apr 08)
HITB2011KUL - Skype Vulnerabilities 0Day Exploitation PART 1 Research (Apr 01)
idev Game Site CMS v1.0 - Multiple Web Vulnerabilites Research (Apr 08)
ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Research (Apr 01)
Astaro Command Center v2.x - Multiple Web Vulnerabilities Research (Apr 08)
Microsoft Service - Persistent Web Vulnerabilities Research (Apr 15)
DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Research (Apr 12)
Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Research (Apr 12)
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Research (Apr 01)
Oracle Service Applications - SQL Injection Vulnerabilities Research (Apr 12)
Microsoft AFKAR Website Service - Cross Site Vulnerabilities Research (Apr 15)
ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Research (Apr 15)
Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Research (Apr 15)
Microsoft MSN Hotmail - Password Reset & Setup Vulnerability Research (Apr 26)
Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Research (Apr 12)
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability Research (Apr 23)
DirectAdmin v1.403 - Cross Site Scripting Vulnerability Research (Apr 02)
AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities Research (Apr 08)
EmbryoCore CMS v1.03 - Multiple Web Vulnerabilities Research (Apr 15)
BulletProof FTP Client 2010 - Buffer Overflow Vulnerability Research (Apr 02)
National Center EDU Research - SQL Injection Vulnerability Research (Apr 11)
DIY CMS v1.0 Poll - Multiple Web Vulnerabilities Research (Apr 27)
Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Research (Apr 08)
Matterdaddy Market v1.1 - SQL Injection Vulnerabilities Research (Apr 10)
Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Research (Apr 15)
Chengdu Bureau of Commerce - SQL Injection Vulnerability Research (Apr 23)
Cross Site Scripting - Exploitation & Penetration Strings Research (Apr 24)
SmartJobBoard v3.4 b5140 - Multiple Web Vulnerabilites Research (Apr 03)
DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities Research (Apr 27)
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research (Apr 29)
Swedish Army Web Database - SQL Injection Vulnerability Research (Apr 01)

Robert Kim App and Facebook Marketing

Re: [Announcement] CHMag's Issue 27, April 2012 Released Robert Kim App and Facebook Marketing (Apr 19)

Romain Bourdy

Re: Windows XP denial of service 0day found in CTF exercise Romain Bourdy (Apr 17)

Roman Medina-Heigl Hernandez

Re: Amongst data breaches and misc 'leakage', not necessarily digital, DEFCON CTF continues at DEFCON XX Roman Medina-Heigl Hernandez (Apr 13)

runlvl

[New Tool] - Exploit Pack - Web Security runlvl (Apr 23)
[Exploit Pack] - Web Security -Webinar Live demo! runlvl (Apr 26)
[New tool] - Exploit Pack - Web Security runlvl (Apr 23)
[Spanish] - Exploit Pack - Web Security Framework runlvl (Apr 13)

Ryan Dewhurst

Re: Erronous post concerning Backtrack 5 R2 0day Ryan Dewhurst (Apr 13)

Sanguinarious Rose

Re: www.LEORAT.com is scam Sanguinarious Rose (Apr 02)
Re: Brute Force vulnerability in WordPress Sanguinarious Rose (Apr 04)

sd

Re: incorrect integer conversions in OpenSSL can result in memory corruption. sd (Apr 24)

Sebastian Rakowski

Re: www.LEORAT.com is scam Sebastian Rakowski (Apr 03)
Re: www.LEORAT.com is scam Sebastian Rakowski (Apr 04)

SEC Consult Vulnerability Lab

SEC Consult whitepaper :: The Source Is A Lie SEC Consult Vulnerability Lab (Apr 17)

Secunia Research

Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue Secunia Research (Apr 09)
Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities Secunia Research (Apr 09)

security

[ MDVSA-2012:061 ] raptor security (Apr 21)
[ MDVSA-2012:048 ] mutt security (Apr 02)
[ MDVSA-2012:065 ] php security (Apr 27)
[ MDVSA-2012:049 ] nagios security (Apr 02)
[ MDVSA-2012:046 ] libpng security (Apr 02)
[ MDVSA-2012:047 ] freeradius security (Apr 02)
[ MDVSA-2012:054 ] libtiff security (Apr 05)
[ MDVSA-2012:066 ] mozilla security (Apr 27)
[ MDVSA-2012:064 ] openssl0.9.8 security (Apr 24)
[ MDVSA-2012:050 ] phpmyadmin security (Apr 03)
[ MDVSA-2012:032-1 ] mozilla security (Apr 17)
[ MDVSA-2012:058 ] curl security (Apr 13)
[ MDVSA-2012:055 ] samba security (Apr 11)
[ MDVSA-2012:063 ] libreoffice security (Apr 21)
[ MDVSA-2012:062 ] openoffice.org security (Apr 21)
[ MDVSA-2012:053 ] ocsinventory security (Apr 04)
[ MDVSA-2012:052 ] libvorbis security (Apr 03)
[ MDVSA-2012:060 ] openssl security (Apr 19)
[ MDVSA-2012:051 ] libvorbis security (Apr 03)
[ MDVSA-2012:057 ] freetype2 security (Apr 12)
[ MDVSA-2012:056 ] rpm security (Apr 12)
[ MDVSA-2012:059 ] python-sqlalchemy security (Apr 16)

Security Explorations

[SE-2012-01] Security weakness in Apple Quicktime Java extensions Security Explorations (Apr 12)
[SE-2012-01] Security vulnerabilities in Java SE Security Explorations (Apr 03)

security-news

[Security-news] SA-CONTRIB-2012-061 - Gigya - Social optimization - Cross Site Scripting (XSS) security-news (Apr 18)
Re: [Security-news] SA-CONTRIB-2012-063 - RealName - Cross Site Scripting (XSS) security-news (Apr 25)
[Security-news] SA-CONTRIB-2012-057 - Printer, email and PDF versions - Cross Site Scripting (XSS) security-news (Apr 04)
[Security-news] SA-CONTRIB-2012-062 - Creative Commons - Cross Site Scripting (XSS) security-news (Apr 25)
[Security-news] SA-CONTRIB-2012-066 - Spaces and Spaces OG - Access Bypass security-news (Apr 25)
[Security-news] SA-CONTRIB-2012-064 - Ubercart - Multiple vulnerabilities security-news (Apr 25)
[Security-news] SA-CONTRIB-2012-060 - Commerce Reorder - Cross Site Request Forgery security-news (Apr 18)
[Security-news] SA-CONTRIB-2012-067 - Linkit - Access bypass security-news (Apr 25)
[Security-news] SA-CONTRIB-2012-058 - Fivestar - Input Validation security-news (Apr 11)
[Security-news] SA-CONTRIB-2012-059 - Autosave - Cross Site Scripting security-news (Apr 11)
[Security-news] SA-CONTRIB-2012-063 - RealName - Cross Site Scripting (XSS) security-news (Apr 25)
[Security-news] SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability security-news (Apr 04)
[Security-news] SA-CONTRIB-2012-065 - Sitedoc - Information disclosure security-news (Apr 25)

Sergio Arcos

Re: Vulnerability in Backtrack Sergio Arcos (Apr 24)

Shakacon

Shakacon CFP - Extended Deadline: April 13, 2012 Shakacon (Apr 06)

Shatter

HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527) Shatter (Apr 19)
OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Shatter (Apr 19)
Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511) Shatter (Apr 19)
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526) Shatter (Apr 19)
TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command Shatter (Apr 11)
Incomplete protection of Oracle Database locked accounts (CVE-2012-0510) Shatter (Apr 19)
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512) Shatter (Apr 19)
SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525) Shatter (Apr 19)
Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528) Shatter (Apr 19)

smith joseph

www.LEORAT.com is scam smith joseph (Apr 02)

Stefan Fritsch

[SECURITY] [DSA 2452-1] apache2 security update Stefan Fritsch (Apr 16)

Steve

44Con London 2012 CFP - September 5th - 7th Steve (Apr 10)

Tavis Ormandy

incorrect integer conversions in OpenSSL can result in memory corruption. Tavis Ormandy (Apr 19)

Terrence

Re: Windows XP denial of service 0day found in CTF exercise Terrence (Apr 17)
Re: phpMyBible 0.5.1 Mutiple XSS Terrence (Apr 23)

Thijs Kinkhorst

[SECURITY] [DSA 2450-1] samba security update Thijs Kinkhorst (Apr 12)

Thomas Richards

phpMyBible 0.5.1 Mutiple XSS Thomas Richards (Apr 22)
Re: PHP Gift Registry 1.5.5 SQL Injection Thomas Richards (Apr 16)

Thor (Hammer of God)

Re: phpMyBible 0.5.1 Mutiple XSS Thor (Hammer of God) (Apr 22)
Re: www.LEORAT.com is scam Thor (Hammer of God) (Apr 02)
Thor's Private Key Thor (Hammer of God) (Apr 08)
Re: phpMyBible 0.5.1 Mutiple XSS Thor (Hammer of God) (Apr 22)
Re: Vulnerability in Gentoo hardened Thor (Hammer of God) (Apr 24)
Re: Thor's Private Key Thor (Hammer of God) (Apr 08)

Travis Biehn

Re: new law proposal on EU against hacking tools and practices Travis Biehn (Apr 09)
Re: CIntruder v0.1 Travis Biehn (Apr 09)

Trustwave Advisories

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Trustwave Advisories (Apr 11)

Urlan

Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise Urlan (Apr 12)
Re: Vulnerability in Backtrack Urlan (Apr 24)

Valdis . Kletnieks

Re: Working to get more people to check if their infected with DNS Changer Valdis . Kletnieks (Apr 04)
Re: Vulnerability in Gentoo hardened Valdis . Kletnieks (Apr 24)
Re: new law proposal on EU against hacking tools and practices Valdis . Kletnieks (Apr 09)
Re: phpMyBible 0.5.1 Mutiple XSS Valdis . Kletnieks (Apr 22)
Re: Windows XP denial of service 0day found in CTF exercise Valdis . Kletnieks (Apr 17)
Re: DoS vulnerabilities in Firefox, Internet Explorer and Opera Valdis . Kletnieks (Apr 30)
Re: new law proposal on EU against hacking tools and practices Valdis . Kletnieks (Apr 09)
Re: www.LEORAT.com is scam Valdis . Kletnieks (Apr 02)
Re: new law proposal on EU against hacking tools and practices Valdis . Kletnieks (Apr 09)

Vikram Dhillon

Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability Vikram Dhillon (Apr 17)

VMware Security Team

VMSA-2012-0008 VMware ESX updates to ESX Service Console VMware Security Team (Apr 26)
VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security Team (Apr 12)

VSR Advisories

HTC IQRD Android Permission Leakage (CVE-2012-2217) VSR Advisories (Apr 21)

Vulcan DDtek

Amongst data breaches and misc 'leakage', not necessarily digital, DEFCON CTF continues at DEFCON XX Vulcan DDtek (Apr 01)

Walied Assar

Microsoft Incremental Linker Integer Overflow Walied Assar (Apr 24)

YGN Ethical Hacker Group

FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 16)
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 16)
Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group (Apr 17)

yuange

FW: iis bug yuange (Apr 01)
Re: iis bug yuange (Apr 01)

Zach C.

Re: incorrect integer conversions in OpenSSL can result in memory corruption. Zach C. (Apr 21)

ZDI Disclosures

ZDI-12-056 : Mozilla Firefox nsSVGValue Out-of-Bounds Access Remote Code Execution Vulnerability ZDI Disclosures (Apr 09)
ZDI-12-059 : Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures (Apr 09)
ZDI-12-055 : Webkit.org Webkit copyNonAttributeProperties Remote Code Execution Vulnerability ZDI Disclosures (Apr 09)
ZDI-12-057 : (Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution Vulnerability ZDI Disclosures (Apr 09)
ZDI-12-058 : Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability ZDI Disclosures (Apr 09)
ZDI-12-060 : Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability ZDI Disclosures (Apr 09)

Zerial.

[ZEM560] Vulnerability on Fingerprint & Proximity Access Controller Zerial. (Apr 03)

ZeroDay.JP

An April Fools' Day Android Payload ZeroDay.JP (Apr 02)

Григорий Братислава

Vulnerability in Backtrack Григорий Братислава (Apr 24)

Previous period

Next period