Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

192 messages starting Feb 01 12 and ending Feb 29 12
Date index | Thread index | Author index

• [Announce] Apache HTTP Server 2.2.22 Released William A. Rowe Jr. (Feb 01)
• 802.1X password exploit on many HTC Android devices Bret Jordan (Feb 01)
• Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14 LpSolit (Feb 01)
• Multiple vulnerabilities in OpenEMR advisory (Feb 01)
• ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability Security_Alert (Feb 01)
• XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge) andsarmiento (Feb 01)
• [ MDVSA-2012:012 ] apache security (Feb 02)
• APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 Apple Product Security (Feb 02)
• Call For Paper asemailing (Feb 02)
• Fwd: RA-Guard: Advice on the implementation (feedback requested) Fernando Gont (Feb 02)
• [CAL-2012-0004] opera array integer overflow Code Audit Labs (Feb 02)
• [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code security-alert (Feb 02)
• GLSA (Gentoo Linux Security Advisory) publication changes Alex Legler (Feb 02)
• [security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code security-alert (Feb 03)
• [SECURITY] [DSA 2401-1] tomcat6 security update Moritz Muehlenhoff (Feb 03)
• [SECURITY] [DSA 2400-1] iceweasel security update Moritz Muehlenhoff (Feb 03)
• [SECURITY] [DSA 2402-1] iceape security update Moritz Muehlenhoff (Feb 03)
• [SECURITY] [DSA 2403-1] php5 security update Thijs Kinkhorst (Feb 03)
• RFC 6528 on Defending against Sequence Number Attacks Fernando Gont (Feb 03)
• ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability Security_Alert (Feb 03)
• [ MDVSA-2012:013 ] mozilla security (Feb 03)
• [SECURITY] [DSA 2384-2] cacti regression Luk Claes (Feb 06)
• [SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update Florian Weimer (Feb 06)
• [SECURITY] [DSA 2405-1] apache2 security update Stefan Fritsch (Feb 06)
• Mathopd - Directory Traversal Vulnerability Mateusz Goik (Feb 06)
• [ MDVSA-2012:014 ] glpi security (Feb 07)
• [SECURITY] [DSA 2403-2] php5 security update Thijs Kinkhorst (Feb 07)
• SimpleGroupware 0.742 Cross-Site-Scripting vulnerability security (Feb 07)
• DEF CON 20 Capture the Flag Announcement The Dark Tangent (Feb 07)
• CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly Colm O hEigeartaigh (Feb 07)
• SQL Injection Vulnerability in Batavi 1.1.2 Netsparker Advisories (Feb 07)
• [security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information security-alert (Feb 07)
• eFronts Community++ v3.6.10 - Cross Site Vulnerability research () vulnerability-lab com (Feb 07)
• Unauthenticated remote code execution on D-Link ShareCenter products roberto . paleari (Feb 08)
• [security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass security-alert (Feb 08)
• Cyberoam Central Console v2.00.2 - File Include Vulnerability research () vulnerability-lab com (Feb 08)
• Multiple vulnerabilities in ZENphoto advisory (Feb 08)
• [security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information security-alert (Feb 08)
• ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-025 : EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution ZDI Disclosures (Feb 08)
• ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities ZDI Disclosures (Feb 08)
• ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
• ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
• [SECURITY] [DSA 2407-1] cvs security update Florian Weimer (Feb 09)
• [ MDVSA-2012:015 ] wireshark security (Feb 09)
• [SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability Leonardo Uribe (Feb 09)
• [Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 09)
• Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities research () vulnerability-lab com (Feb 10)
  • <Possible follow-ups>
  • Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities regis (Feb 27)
• OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 10)
• Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities research () vulnerability-lab com (Feb 10)
• Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 10)
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 10)
• [ MDVSA-2012:016 ] glpi security (Feb 10)
• [slackware-security] vsftpd (SSA:2012-041-05) Slackware Security Team (Feb 13)
• [slackware-security] glibc (SSA:2012-041-03) Slackware Security Team (Feb 13)
• [slackware-security] proftpd (SSA:2012-041-04) Slackware Security Team (Feb 13)
• [slackware-security] httpd (SSA:2012-041-01) Slackware Security Team (Feb 13)
• [slackware-security] php (SSA:2012-041-02) Slackware Security Team (Feb 13)
• OWASP AppSec USA 2011 Video & Slides Posted adam (Feb 13)
• Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability research () vulnerability-lab com (Feb 13)
• [Suspected Spam] eFront Community++ v3.6.10 - SQL Injection Vulnerability research () vulnerability-lab com (Feb 13)
• sqlinjection bug in nova cms rezahmail (Feb 13)
  • Re: sqlinjection bug in nova cms Henri Salo (Feb 16)
• [ MDVSA-2012:017 ] firefox security (Feb 13)
• [ MDVSA-2012:018 ] mozilla-thunderbird security (Feb 13)
• [Announcement] ClubHack Mag - Call for Articles abhijeet (Feb 13)
• [SECURITY] [DSA 2408-1] php5 security update Moritz Muehlenhoff (Feb 13)
• [ MDVSA-2012:019 ] apr security (Feb 14)
• [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability Code Audit Labs (Feb 15)
• [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow Code Audit Labs (Feb 15)
• FreePBX Remote Exploit dougw (Feb 15)
• [ MDVSA-2012:020 ] phpldapadmin security (Feb 15)
• Multiple vulnerabilities in 11in1 advisory (Feb 15)
• Multiple vulnerabilities in LEPTON advisory (Feb 15)
• [SECURITY] [DSA 2409-1] devscripts security update Raphael Geissert (Feb 15)
• TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution noreply (Feb 15)
• Cisco Security Advisory: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Feb 16)
• [SECURITY] [DSA 2410-1] libpng security update Moritz Muehlenhoff (Feb 16)
• 2012 Honeynet Project Security Workshop Guillaume Arcas (Feb 16)
• [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip Timo Warns (Feb 16)
• Hackito Ergo sum // HES2012 Final CFP // Call for Hackers Jonathan Brossard (Feb 16)
• Pandora FMS v4.0.1 - Local File Include Vulnerability + VD Session research () vulnerability-lab com (Feb 17)
• [Spam] Skype v5.6.59.x - Memory Corruption Vulnerability research () vulnerability-lab com (Feb 17)
• 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) Kousuke Ebihara (Feb 17)
  • <Possible follow-ups>
  • Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977) Rodrigo Rubira Branco (BSDaemon) (Feb 17)
• [security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alert (Feb 17)
• IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains Fernando Gont (Feb 17)
• PHP 5.2.x Remote Code Execution Vulnerability Worawit Wang (Feb 17)
• Puppet Dashboard insecure by default Schweiss, Chip (Feb 17)
• [ MDVSA-2012:021 ] java-1.6.0-openjdk security (Feb 17)
• Downloads Folder: A Binary Planting Minefield ACROS Security Lists (Feb 20)
• WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability sschurtz (Feb 20)
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated] YGN Ethical Hacker Group (Feb 20)
• [SECURITY] [DSA 2411-1] mumble security update Florian Weimer (Feb 20)
• [SECURITY] [DSA 2412-1] libvorbis security update Moritz Muehlenhoff (Feb 20)
• SEC Consult SA-20120220-1 :: Multiple Vulnerabilities in ELBA5 SEC Consult Vulnerability Lab (Feb 20)
• SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional SEC Consult Vulnerability Lab (Feb 20)
• SQL Injection Vulnerabilities in TestLink jnatal (Feb 20)
• DC4420 - London DEFCON - February meet - Tuesday February 21st 2012 Major Malfunction (Feb 20)
• OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Feb 20)
  • Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Feb 21)
• Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Feb 20)
  • Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Feb 21)
• [SECURITY] [DSA 2413-1] libarchive security update Luk Claes (Feb 21)
• Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab (Feb 21)
  • Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab (Feb 21)
• F*EX <= 20100208 Cross Site Scripting Vulnerabilities muuratsalo experimental hack lab (Feb 21)
• F*EX 20111129-2 Cross Site Scripting Vulnerability muuratsalo experimental hack lab (Feb 21)
• IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements Fernando Gont (Feb 21)
• Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability demonalex (Feb 21)
• [SECURITY] [DSA 2414-1] fex security update Nico Golde (Feb 22)
• [SECURITY] [DSA 2415-1] libmodplug security update Nico Golde (Feb 22)
• Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines Simon McVittie (Feb 22)
• [ MDVSA-2012:022 ] libpng security (Feb 22)
• Multiple XSS in Chyrp advisory (Feb 22)
• [ MDVSA-2012:023 ] libxml2 security (Feb 22)
• Mobile Mp3 Search Engine HTTP Response Splitting CorryL (Feb 24)
• ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-034 : Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-035 : Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-036 : Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution ZDI Disclosures (Feb 24)
• TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability ZDI Disclosures (Feb 24)
• [SECURITY] [DSA 2417-1] libxml2 security update Nico Golde (Feb 24)
• NGS00120 Patch Notification: BlackBerry PlayBook Samba Remote Code Execution Research@NGSSecure (Feb 24)
• YVS Image Gallery Sql injection CorryL (Feb 24)
  • Case YVS Image Gallery Henri Salo (Feb 27)
    • Message not available
      • Re: [oss-security] Case YVS Image Gallery Henri Salo (Feb 28)
• Security advisory for Bugzilla 4.2 and 4.0.5 LpSolit (Feb 24)
• Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities Cisco Systems Product Security Incident Response Team (Feb 24)
• CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability demonalex (Feb 24)
• [SECURITY] [DSA 2416-1] notmuch security update Thijs Kinkhorst (Feb 24)
• [ MDVSA-2012:022 ] mozilla security (Feb 24)
• [security bulletin] HPSBUX02737 SSRT100747 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) security-alert (Feb 24)
• [security bulletin] HPSBMU02739 SSRT100280 rev.2 - HP Data Protector Storage Media Operations (SMO), Remote Execution of Arbitrary Code security-alert (Feb 24)
• [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification Onapsis Research Labs (Feb 24)
• [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure Onapsis Research Labs (Feb 24)
• PHP Gift Registry 1.5.5 SQL Injection Thomas Richards (Feb 24)
• Dropbear SSH server use-after-free vulnerability Danny Fullerton (Feb 24)
• TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform Trustwave Advisories (Feb 27)
• Kongreg8 1.7.3 Mutiple XSS Thomas Richards (Feb 27)
• Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps Felipe M. Aragon (Feb 27)
• NGS00237 Patch Notification: Samba Andx request Remote Code Execution Research@NGSSecure (Feb 27)
• [SECURITY] [DSA 2414-2] fex regression Nico Golde (Feb 27)
• pidgin OTR information leakage Dimitris Glynos (Feb 27)
  • Re: pidgin OTR information leakage Jann Horn (Feb 27)
    • Re: [Full-disclosure] pidgin OTR information leakage Michele Orru (Feb 27)
      • Re: [Full-disclosure] pidgin OTR information leakage Rich Pieri (Feb 27)
      • Re: [Full-disclosure] pidgin OTR information leakage Jeffrey Walton (Feb 28)
      • Message not available
      • Re: [Full-disclosure] pidgin OTR information leakage Dimitris Glynos (Feb 28)
      • Re: [Full-disclosure] pidgin OTR information leakage Dimitris Glynos (Feb 28)
• DeepSec "Sector v6" - Call for Papers DeepSec Conference (Feb 27)
• FrameJammer DOM based XSS mkey (Feb 27)
• [ MDVSA-2012:023 ] libvpx security (Feb 27)
• Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability research () vulnerability-lab com (Feb 27)
• OSQA CMS v3b - Multiple Persistent Vulnerabilities research () vulnerability-lab com (Feb 27)
• Wolf CMS v0.7.5 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 27)
• [SECURITY] [DSA 2418-1] postgresql-8.4 security update Moritz Muehlenhoff (Feb 27)
• Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec cfp2012 (Feb 27)
• [SECURITY] [DSA 2419-1] puppet security update Florian Weimer (Feb 27)
• [ MDVSA-2012:022-1 ] mozilla security (Feb 28)
• [ MDVSA-2012:023-1 ] libvpx security (Feb 28)
• Reliable Windows 7 Exploitation: A Case Study Ivan Fratric (Feb 28)
• ImgPals Photo Host Version 1.0 Admin Account Disactivation CorryL (Feb 28)
• [ MDVSA-2012:025 ] samba security (Feb 28)
• [SECURITY] [DSA 2420-1] openjdk-6 security update Florian Weimer (Feb 28)
• Multiple XSS in Dotclear advisory (Feb 29)
• [ MDVSA-2012:026 ] postgresql security (Feb 29)
• [ MDVSA-2012:027 ] postgresql8.3 security (Feb 29)
• Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Feb 29)
• Cisco Security Advisory: Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities Cisco Systems Product Security Incident Response Team (Feb 29)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team (Feb 29)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection Cisco Systems Product Security Incident Response Team (Feb 29)
• Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (Feb 29)
• [SECURITY] [DSA 2421-1] moodle security update Moritz Muehlenhoff (Feb 29)
• [SECURITY] [DSA 2422-1] file security update Florian Weimer (Feb 29)

Previous period

Next period