NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2012-04

Most recent messages
233 messages sorted by: [ author ] [ thread ] [ subject ]

Starting: Wed Apr 04 2012 - 08:38:11 CDT
Ending: Mon Apr 30 2012 - 12:43:40 CDT

Landshop v0.9.2 - Multiple Web Vulnerabilities Research (Fri Mar 30 2012 - 18:52:58 CDT)
VMSA-2012-0006 VMware ESXi and ESX address several security issues VMware Security Team (Fri Mar 30 2012 - 19:51:16 CDT)
[SECURITY] [DSA 2445-1] typo3-src security update Florian Weimer (Sat Mar 31 2012 - 06:12:27 CDT)
[SECURITY] [DSA 2442-2] openarena regression Florian Weimer (Sat Mar 31 2012 - 06:43:12 CDT)
SQL injection in Wordpress plugin Buddypress ivan_terkinyahoo.com (Sat Mar 31 2012 - 12:27:57 CDT)
[SECURITY] [DSA 2398-2] curl regression Florian Weimer (Sat Mar 31 2012 - 14:38:57 CDT)
IPv6 stable privacy addresses Fernando Gont (Sat Mar 31 2012 - 16:34:39 CDT)
Hackito 2012 Crypto Challenge Jonathan Brossard (Sat Mar 31 2012 - 21:59:46 CDT)
[ MDVSA-2012:046 ] libpng securitymandriva.com (Mon Apr 02 2012 - 03:19:00 CDT)
[ MDVSA-2012:047 ] freeradius securitymandriva.com (Mon Apr 02 2012 - 04:28:00 CDT)
[ MDVSA-2012:048 ] mutt securitymandriva.com (Mon Apr 02 2012 - 09:45:00 CDT)
[ MDVSA-2012:049 ] nagios securitymandriva.com (Mon Apr 02 2012 - 10:36:00 CDT)
[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection security-alerthp.com (Mon Apr 02 2012 - 12:17:27 CDT)
[ MDVSA-2012:050 ] phpmyadmin securitymandriva.com (Tue Apr 03 2012 - 04:42:00 CDT)
[security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS) security-alerthp.com (Tue Apr 03 2012 - 08:20:52 CDT)
[ MDVSA-2012:051 ] libvorbis securitymandriva.com (Tue Apr 03 2012 - 09:06:01 CDT)
[ MDVSA-2012:052 ] libvorbis securitymandriva.com (Tue Apr 03 2012 - 09:30:00 CDT)
[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research (Tue Apr 03 2012 - 13:06:03 CDT)
Arbor Networks Peakflow SP web interface XSS b.salehaol.com (Tue Apr 03 2012 - 14:27:33 CDT)
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 Apple Product Security (Tue Apr 03 2012 - 15:30:03 CDT)
Multiple vulnerabilities in osCmax advisoryhtbridge.com (Wed Apr 04 2012 - 06:37:44 CDT)
'e-ticketing' SQL Injection (CVE-2012-1673) Mark Stanislav (Wed Apr 04 2012 - 09:15:16 CDT)
'phpPaleo' Local File Inclusion (CVE-2012-1671) Mark Stanislav (Wed Apr 04 2012 - 09:12:01 CDT)
[DCA-2011-0016] - Tufin SecureTrack Cross Site Script Crash (Wed Apr 04 2012 - 06:55:11 CDT)
'Hotel Booking Portal' SQL Injection (CVE-2012-1672) Mark Stanislav (Wed Apr 04 2012 - 09:16:23 CDT)
[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS) security-alerthp.com (Wed Apr 04 2012 - 07:39:43 CDT)
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Systems Product Security Incident Response Team (Wed Apr 04 2012 - 11:08:11 CDT)
[ MDVSA-2012:053 ] ocsinventory securitymandriva.com (Wed Apr 04 2012 - 11:14:00 CDT)
[SE-2012-01] Security vulnerabilities in Java SE Security Explorations (Mon Apr 02 2012 - 11:36:55 CDT)
Sourcefire Defense Center - multiple vulnerabilities. Filip Palian (Wed Apr 04 2012 - 12:55:07 CDT)
[SECURITY] [DSA 2446-1] libpng security update Moritz Muehlenhoff (Wed Apr 04 2012 - 14:13:41 CDT)
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Research (Sat Mar 31 2012 - 22:41:48 CDT)
ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Research (Sat Mar 31 2012 - 22:43:35 CDT)
DirectAdmin v1.403 - Cross Site Scripting Vulnerability Research (Sun Apr 01 2012 - 23:21:02 CDT)
[SECURITY] [DSA 2447-1] tiff security update Moritz Muehlenhoff (Wed Apr 04 2012 - 15:00:29 CDT)
Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario (Wed Apr 04 2012 - 15:49:08 CDT)
Re: Arbor Networks Peakflow SP web interface XSS Jose Nazario (Wed Apr 04 2012 - 16:56:14 CDT)
[ MDVSA-2012:054 ] libtiff securitymandriva.com (Thu Apr 05 2012 - 03:16:00 CDT)
[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7 Florent Daigniere (Thu Apr 05 2012 - 05:11:34 CDT)
Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite nospamgmail.it (Thu Apr 05 2012 - 07:18:46 CDT)
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite nospamgmail.it (Thu Apr 05 2012 - 07:19:54 CDT)
vBulletin 4.1.10 Sql Injection Vulnerabilitiy Amiririst.ir (Wed Apr 04 2012 - 10:50:34 CDT)
Sony Bravia Remote Denial of Service - CVE-2012-2210 gab.mnunesgmail.com (Thu Apr 05 2012 - 07:03:46 CDT)
Wordpress taggator plugin Sql Injection Vulnerabilities Amiririst.ir (Thu Apr 05 2012 - 08:10:12 CDT)
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0 come2waraxeyahoo.com (Thu Apr 05 2012 - 11:59:40 CDT)
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4 come2waraxeyahoo.com (Thu Apr 05 2012 - 12:00:36 CDT)
[security bulletin] HPSBUX02757 SSRT100779 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alerthp.com (Thu Apr 05 2012 - 12:32:33 CDT)
[security bulletin] HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS) security-alerthp.com (Thu Apr 05 2012 - 12:32:53 CDT)
[security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alerthp.com (Thu Apr 05 2012 - 12:33:21 CDT)
PHPNuke Module's Name Download SQL Injection Vulnerabilities CrAzY_CrAcKeRphx1-ss-2-lb.cnet.com (Thu Apr 05 2012 - 14:58:58 CDT)
[CVE-2012-1574] Apache Hadoop user impersonation vulnerability Aaron T. Myers (Thu Apr 05 2012 - 21:35:35 CDT)
[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1 come2waraxeyahoo.com (Fri Apr 06 2012 - 09:02:03 CDT)
[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin come2waraxeyahoo.com (Fri Apr 06 2012 - 09:02:50 CDT)
CitrusDB 2.4.1 - LFI/SQLi Vulnerability blaszczakmgmail.com (Sat Apr 07 2012 - 11:00:12 CDT)
[Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities Research (Sat Apr 07 2012 - 19:49:35 CDT)
idev Game Site CMS v1.0 - Multiple Web Vulnerabilites Research (Sat Apr 07 2012 - 19:51:05 CDT)
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Research (Sat Apr 07 2012 - 22:04:37 CDT)
CsForum v0.8 - Cross Site Scripting Vulnerability Research (Sat Apr 07 2012 - 22:07:33 CDT)
[Suspected Spam] Astaro Command Center v2.x - Multiple Web Vulnerabilities Research (Sat Apr 07 2012 - 22:09:24 CDT)
[Suspected Spam] Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Research (Sat Apr 07 2012 - 22:10:37 CDT)
OWASP ZAP 1.4.0 released psiinon (Sun Apr 08 2012 - 09:24:35 CDT)
Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue Secunia Research (Mon Apr 09 2012 - 02:30:02 CDT)
CVE-2012-0769, the case of the perfect info leak Fermín J. Serna (Mon Apr 09 2012 - 09:39:17 CDT)
Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities Secunia Research (Mon Apr 09 2012 - 02:32:50 CDT)
[SECURITY] [DSA 2448-1] inspircd security update Jonathan Wiltshire (Mon Apr 09 2012 - 21:34:43 CDT)
Matterdaddy Market v1.1 - SQL Injection Vulnerabilities Research (Tue Apr 10 2012 - 12:00:28 CDT)
GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Research (Tue Apr 10 2012 - 12:02:53 CDT)
[security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus security-alerthp.com (Tue Apr 10 2012 - 15:17:01 CDT)
[ MDVSA-2012:055 ] samba securitymandriva.com (Wed Apr 11 2012 - 07:23:00 CDT)
Android information leak sumanjgmail.com (Wed Apr 11 2012 - 00:26:30 CDT)
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress advisoryhtbridge.com (Wed Apr 11 2012 - 04:58:05 CDT)
Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed! infosysaid.com (Wed Apr 11 2012 - 08:15:46 CDT)
Backtrack 5 R2 priv escalation 0day found in CTF exercise Adam Behnke (Wed Apr 11 2012 - 09:49:48 CDT)
TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command Shatter (Wed Apr 11 2012 - 14:30:04 CDT)
[ MDVSA-2012:056 ] rpm securitymandriva.com (Thu Apr 12 2012 - 03:25:00 CDT)
Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Research (Wed Apr 11 2012 - 23:52:14 CDT)
[Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Research (Wed Apr 11 2012 - 23:50:04 CDT)
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0 come2waraxeyahoo.com (Thu Apr 12 2012 - 09:32:45 CDT)
TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Trustwave Advisories (Wed Apr 11 2012 - 19:20:57 CDT)
[ MDVSA-2012:057 ] freetype2 securitymandriva.com (Thu Apr 12 2012 - 09:05:01 CDT)
online newspaper university"newsdesc.php" SQL Injection Vulnerabilities CrAzY_CrAcKeRphx1-ss-2-lb.cnet.com (Wed Apr 11 2012 - 16:29:14 CDT)
[SECURITY] [DSA 2449-1] sqlalchemy security update Nico Golde (Thu Apr 12 2012 - 00:17:23 CDT)
Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Research (Thu Apr 12 2012 - 00:17:45 CDT)
[SE-2012-01] Security weakness in Apple Quicktime Java extensions Security Explorations (Thu Apr 12 2012 - 11:24:04 CDT)
[SECURITY] [DSA 2450-1] samba security update Thijs Kinkhorst (Thu Apr 12 2012 - 15:29:01 CDT)
APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 Apple Product Security (Thu Apr 12 2012 - 15:39:31 CDT)
Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise InterN0T Advisories (Thu Apr 12 2012 - 15:40:56 CDT)
Erronous post concerning Backtrack 5 R2 0day Adam Behnke (Thu Apr 12 2012 - 15:51:59 CDT)
VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security Team (Thu Apr 12 2012 - 19:05:33 CDT)
[SECURITY] [DSA 2451-1] puppet security update Nico Golde (Thu Apr 12 2012 - 23:52:10 CDT)
[ MDVSA-2012:058 ] curl securitymandriva.com (Fri Apr 13 2012 - 08:01:01 CDT)
Re: Erronous post concerning Backtrack 5 R2 0day Jamie Riden (Fri Apr 13 2012 - 11:05:31 CDT)
ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Research (Fri Apr 13 2012 - 11:54:22 CDT)
APPLE-SA-2012-04-13-1 Flashback malware removal tool Apple Product Security (Fri Apr 13 2012 - 22:21:04 CDT)
[Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability Research (Fri Apr 13 2012 - 23:27:05 CDT)
Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012 Fernando Gont (Sat Apr 14 2012 - 07:36:24 CDT)
Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities CrAzY_CrAcKeRphx1-ss-2-lb.cnet.com (Sat Apr 14 2012 - 08:22:57 CDT)
Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul.szabosydney.edu.au (Sat Apr 14 2012 - 17:28:34 CDT)
Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Research (Sat Apr 14 2012 - 22:16:24 CDT)
[Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Research (Sat Apr 14 2012 - 22:22:19 CDT)
Passwords^12 : Call for Presentations Per Thorsheim (Sun Apr 15 2012 - 08:09:08 CDT)
[CVE-2012-1621] Apache OFBiz information disclosure vulnerability Jacopo Cappellato (Sun Apr 15 2012 - 08:33:25 CDT)
[CVE-2012-1622] Apache OFBiz information disclosure vulnerability Jacopo Cappellato (Sun Apr 15 2012 - 08:34:02 CDT)
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Sun Apr 15 2012 - 11:34:10 CDT)
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Sun Apr 15 2012 - 11:39:16 CDT)
[SECURITY] [DSA 2452-1] apache2 security update Stefan Fritsch (Sun Apr 15 2012 - 16:46:54 CDT)
[SECURITY] [DSA 2453-1] gajim security update Nico Golde (Mon Apr 16 2012 - 00:23:39 CDT)
[ MDVSA-2012:059 ] python-sqlalchemy securitymandriva.com (Mon Apr 16 2012 - 07:59:01 CDT)
ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting ACROS Security Lists (Mon Apr 16 2012 - 03:24:57 CDT)
Squid URL Filtering Bypass Gabriel Menezes Nunes (Mon Apr 16 2012 - 17:11:33 CDT)
McAfee Web Gateway URL Filtering Bypass Gabriel Menezes Nunes (Mon Apr 16 2012 - 17:12:14 CDT)
ClubHack Magazine's April 2012 Issue is released. v.hirvegmail.com (Tue Apr 17 2012 - 04:00:51 CDT)
Fwd: PHP Gift Registry 1.5.5 SQL Injection Thomas Richards (Mon Apr 16 2012 - 11:54:43 CDT)
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability Vikram Dhillon (Mon Apr 16 2012 - 13:54:00 CDT)
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability paul.szabosydney.edu.au (Mon Apr 16 2012 - 15:51:20 CDT)
[security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alerthp.com (Tue Apr 17 2012 - 08:19:48 CDT)
[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alerthp.com (Tue Apr 17 2012 - 09:41:52 CDT)
[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification security-alerthp.com (Tue Apr 17 2012 - 09:41:58 CDT)
[security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS) security-alerthp.com (Tue Apr 17 2012 - 09:42:02 CDT)
Re: Wordpress advanced-text-widget Plugin Vulnerabilities Henri Salo (Tue Apr 17 2012 - 02:03:26 CDT)
Re: Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Henri Salo (Tue Apr 17 2012 - 02:21:05 CDT)
Re: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Henri Salo (Tue Apr 17 2012 - 02:25:35 CDT)
DokuWiki Ver.2012/01/25 CSRF Add User Exploit irancrashgmail.com (Tue Apr 17 2012 - 02:49:11 CDT)
VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172) VUPEN Security Research (Tue Apr 17 2012 - 11:05:34 CDT)
Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group (Tue Apr 17 2012 - 11:32:39 CDT)
[ MDVSA-2012:032-1 ] mozilla securitymandriva.com (Tue Apr 17 2012 - 13:07:01 CDT)
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Tobias Glemser (Wed Apr 18 2012 - 02:15:54 CDT)
Multiple XSS vulnerabilities in XOOPS advisoryhtbridge.com (Wed Apr 18 2012 - 06:52:22 CDT)
[security bulletin] HPSBMU02766 SSRT100624 rev.1 - HP Onboard Administrator (OA), Remote Denial of Service (DoS) security-alerthp.com (Wed Apr 18 2012 - 07:59:03 CDT)
Multiple vulnerabilities in Newscoop advisoryhtbridge.com (Wed Apr 18 2012 - 06:53:40 CDT)
Re: Squid URL Filtering Bypass Richard Barrett (Wed Apr 18 2012 - 12:46:09 CDT)
Re: Squid URL Filtering Bypass Gabriel Menezes Nunes (Wed Apr 18 2012 - 13:57:48 CDT)
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities Security_Alertemc.com (Wed Apr 18 2012 - 15:34:39 CDT)
The history of a -probably- 13 years old Oracle bug: TNS Poison Joxean Koret (Wed Apr 18 2012 - 16:03:00 CDT)
Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9 LpSolitgmail.com (Wed Apr 18 2012 - 17:36:23 CDT)
[SECURITY] [DSA 2453-2] gajim regression Nico Golde (Wed Apr 18 2012 - 19:35:37 CDT)
Ruxcon 2012 Call For Papers cfpruxcon.org.au (Thu Apr 19 2012 - 00:04:06 CDT)
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773) VUPEN Security Research (Thu Apr 19 2012 - 03:33:17 CDT)
[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64) Ange Albertini (Thu Apr 19 2012 - 10:22:36 CDT)
Re: Squid URL Filtering Bypass Mario Vilas (Thu Apr 19 2012 - 12:02:52 CDT)
[ MDVSA-2012:060 ] openssl securitymandriva.com (Thu Apr 19 2012 - 12:55:01 CDT)
Vulnerabilities in Samsung TV (remote controller protocol) Luigi Auriemma (Thu Apr 19 2012 - 12:43:10 CDT)
[SECURITY] [DSA 2454-1] openssl security update Raphael Geissert (Thu Apr 19 2012 - 16:21:20 CDT)
[security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege security-alerthp.com (Thu Apr 19 2012 - 19:56:57 CDT)
DC4420 - London DEFCON - April meet - Tuesday April 24th 2012 Major Malfunction (Fri Apr 20 2012 - 06:34:55 CDT)
RE: Squid URL Filtering Bypass Jim Harrison (Thu Apr 19 2012 - 15:04:49 CDT)
Incomplete protection of Oracle Database locked accounts (CVE-2012-0510) Shatter (Thu Apr 19 2012 - 15:40:37 CDT)
OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Esteban Martinez Fayo (Thu Apr 19 2012 - 15:50:53 CDT)
Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511) Shatter (Thu Apr 19 2012 - 15:55:32 CDT)
Specially crafted Json service request allows full control over a Liferay portal instance Jelmer Kuperus (Thu Apr 19 2012 - 15:57:36 CDT)
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512) Shatter (Thu Apr 19 2012 - 15:58:36 CDT)
Liferay 6.1 can be compromised in its default configuration Jelmer Kuperus (Thu Apr 19 2012 - 15:59:12 CDT)
SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525) Shatter (Thu Apr 19 2012 - 16:03:51 CDT)
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526) Shatter (Thu Apr 19 2012 - 16:05:28 CDT)
HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527) Shatter (Thu Apr 19 2012 - 16:09:02 CDT)
Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528) Shatter (Thu Apr 19 2012 - 16:10:29 CDT)
OCIPasswordChange API leaks information of password hash (CVE-2012-0511) Shatter (Thu Apr 19 2012 - 16:13:06 CDT)
Specially crafted webdav request allows reading of local files on liferay 6.0.x Jelmer Kuperus (Thu Apr 19 2012 - 16:22:00 CDT)
IPv6 host scanning in IPv6 Fernando Gont (Fri Apr 20 2012 - 02:01:06 CDT)
[security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities security-alerthp.com (Fri Apr 20 2012 - 04:09:20 CDT)
XSS in Kaseya version 6.2.0.0 web interface bedefoofus.net (Fri Apr 20 2012 - 10:57:09 CDT)
[SECURITY] [DSA 2455-1] typo3-src security update Nico Golde (Fri Apr 20 2012 - 13:05:19 CDT)
Re: Squid URL Filtering Bypass Amos Jeffries (Fri Apr 20 2012 - 17:52:18 CDT)
Re: McAfee Web Gateway URL Filtering Bypass Vikram Dhillon (Sat Apr 21 2012 - 07:40:09 CDT)
Re: Squid URL Filtering Bypass Gabriel Menezes Nunes (Sat Apr 21 2012 - 09:09:14 CDT)
[ MDVSA-2012:061 ] raptor securitymandriva.com (Sat Apr 21 2012 - 09:42:00 CDT)
[ MDVSA-2012:062 ] openoffice.org securitymandriva.com (Sat Apr 21 2012 - 09:50:00 CDT)
[ MDVSA-2012:063 ] libreoffice securitymandriva.com (Sat Apr 21 2012 - 10:03:00 CDT)
phpMyBible 0.5.1 Mutiple XSS Thomas Richards (Sun Apr 22 2012 - 10:08:13 CDT)
[Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability Research (Sun Apr 22 2012 - 19:12:11 CDT)
[Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Research (Sun Apr 22 2012 - 19:13:54 CDT)
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability Research (Sun Apr 22 2012 - 19:15:20 CDT)
[Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability Research (Sun Apr 22 2012 - 19:17:03 CDT)
XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Netsparker Advisories (Mon Apr 23 2012 - 05:14:45 CDT)
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) Hafez Kamal (Mon Apr 23 2012 - 09:19:03 CDT)
HTC IQRD Android Permission Leakage (CVE-2012-2217) VSR Advisories (Sat Apr 21 2012 - 20:16:48 CDT)
.NET Framework EncoderParameter integer overflow vulnerability Akita Software Security (Mon Apr 23 2012 - 10:11:52 CDT)
ChurchCMS 0.0.1 'admin.php' Multiple SQLi Thomas Richards (Mon Apr 23 2012 - 12:11:33 CDT)
AST-2012-004: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team (Mon Apr 23 2012 - 13:25:22 CDT)
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver Asterisk Security Team (Mon Apr 23 2012 - 13:25:29 CDT)
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver Asterisk Security Team (Mon Apr 23 2012 - 13:25:34 CDT)
WebCalendar <= 1.2.4 Two Security Vulnerabilities n0b0d13sgmail.com (Mon Apr 23 2012 - 14:02:26 CDT)
FYI: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Mon Apr 23 2012 - 14:05:43 CDT)
Re: phpMyBible 0.5.1 Mutiple XSS Lostmongmail.com (Mon Apr 23 2012 - 14:07:53 CDT)
[ MDVSA-2012:064 ] openssl0.9.8 securitymandriva.com (Tue Apr 24 2012 - 09:03:01 CDT)
RuggedCom - Backdoor Accounts in my SCADA network? You don't say... jc (Mon Apr 23 2012 - 15:25:30 CDT)
[security bulletin] HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS) security-alerthp.com (Mon Apr 23 2012 - 17:57:14 CDT)
New IETF I-D: Security Implications of IPv6 on IPv4 networks Fernando Gont (Tue Apr 24 2012 - 05:22:26 CDT)
RE: McAfee Web Gateway URL Filtering Bypass Jim Harrison (Tue Apr 24 2012 - 09:16:28 CDT)
PHP Ticket System Beta 1 'p' SQL Injection Thomas Richards (Tue Apr 24 2012 - 11:00:22 CDT)
[SECURITY] [DSA 2456-1] dropbear security update Moritz Muehlenhoff (Tue Apr 24 2012 - 15:18:59 CDT)
[SECURITY] [DSA 2457-1] iceweasel security update Moritz Muehlenhoff (Tue Apr 24 2012 - 15:35:21 CDT)
[SECURITY] [DSA 2548-1] iceape security update Moritz Muehlenhoff (Tue Apr 24 2012 - 15:56:27 CDT)
[SECURITY] [DSA 2454-2] openssl incomplete fix Raphael Geissert (Tue Apr 24 2012 - 21:03:10 CDT)
linux privileged and arbitrary chdir() (fixed at 5.4 cifs release) Jesús Olmos (Wed Apr 25 2012 - 04:55:20 CDT)
Multiple vulnerabilities in Piwigo advisoryhtbridge.com (Wed Apr 25 2012 - 05:38:08 CDT)
[SECURITY] [DSA 2460-1] asterisk security update Moritz Muehlenhoff (Wed Apr 25 2012 - 11:06:40 CDT)
RE: We're now paying up to $20,000 for web vulns in our services Jim Harrison (Tue Apr 24 2012 - 09:07:17 CDT)
Re: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Tue Apr 24 2012 - 10:13:01 CDT)
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Charles Morris (Tue Apr 24 2012 - 10:28:29 CDT)
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Michal Zalewski (Tue Apr 24 2012 - 10:44:10 CDT)
ToorCamp 2012: The American Hacker Camp h1karitoorcon.org (Wed Apr 25 2012 - 15:16:13 CDT)
[SECURITY] [DSA 2459-1] quagga security update Florian Weimer (Thu Apr 26 2012 - 00:56:28 CDT)
Oracle TNS Poison vulnerability is actually a 0day with no patch available Joxean Koret (Thu Apr 26 2012 - 02:13:25 CDT)
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison laurenz.albewien.gv.at (Thu Apr 26 2012 - 07:35:57 CDT)
PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities Thomas Richards (Thu Apr 26 2012 - 09:45:19 CDT)
[security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default security-alerthp.com (Thu Apr 26 2012 - 12:07:16 CDT)
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal ddivulnalertddifrontline.com (Thu Apr 26 2012 - 12:39:56 CDT)
DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal ddivulnalertddifrontline.com (Thu Apr 26 2012 - 12:44:52 CDT)
[ MDVSA-2012:066 ] mozilla securitymandriva.com (Fri Apr 27 2012 - 06:40:00 CDT)
[security bulletin] HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware security-alerthp.com (Thu Apr 26 2012 - 15:41:49 CDT)
[SECURITY] [DSA 2461-1] spip security update Moritz Muehlenhoff (Thu Apr 26 2012 - 15:41:19 CDT)
DIY CMS v1.0 Poll - Multiple Web Vulnerabilities Research (Thu Apr 26 2012 - 16:29:16 CDT)
DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities Research (Thu Apr 26 2012 - 16:30:50 CDT)
Car Portal CMS v3.0 - Multiple Web Vulnerabilities Research (Thu Apr 26 2012 - 16:33:09 CDT)
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research (Thu Apr 26 2012 - 16:50:41 CDT)
VMSA-2012-0008 VMware ESX updates to ESX Service Console VMware Security Team (Fri Apr 27 2012 - 00:32:47 CDT)
[ MDVSA-2012:065 ] php securitymandriva.com (Fri Apr 27 2012 - 05:18:01 CDT)
NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI ResearchNGSSecure (Mon Apr 30 2012 - 04:43:07 CDT)
[SECURITY] [DSA 2462-1] imagemagick security update Moritz Muehlenhoff (Sun Apr 29 2012 - 07:01:38 CDT)
PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities ariosrandygmail.com (Sat Apr 28 2012 - 00:48:05 CDT)
Opial CMS v2.0 - Multiple Web Vulnerabilities Research (Sat Apr 28 2012 - 22:49:20 CDT)
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Research (Sat Apr 28 2012 - 22:51:10 CDT)
OWASP 2012 Online Competition with Hacking-Lab Ivan Buetler (Sun Apr 29 2012 - 14:15:04 CDT)
Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities Amiririst.ir (Mon Apr 30 2012 - 01:08:13 CDT)
Pritlog v0.821 CMS - Multiple Web Vulnerabilities Research (Mon Apr 30 2012 - 02:36:49 CDT)
NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow ResearchNGSSecure (Mon Apr 30 2012 - 04:29:32 CDT)
NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI ResearchNGSSecure (Mon Apr 30 2012 - 04:55:28 CDT)
NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM ResearchNGSSecure (Mon Apr 30 2012 - 05:06:11 CDT)
NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI ResearchNGSSecure (Mon Apr 30 2012 - 05:12:19 CDT)
NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation ResearchNGSSecure (Mon Apr 30 2012 - 05:24:13 CDT)
NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM ResearchNGSSecure (Mon Apr 30 2012 - 05:33:51 CDT)
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability nospamgmail.it (Mon Apr 30 2012 - 08:17:50 CDT)

Last message date: Mon Apr 30 2012 - 12:43:40 CDT
Archived on: Mon Apr 30 2012 - 12:43:40 CDT

233 messages sorted by: [ author ] [ thread ] [ subject ]