Bugtraq

• Date Index

---

• [SECURITY] [DSA 2313-1] iceweasel security update, Moritz Muehlenhoff
• DeepSec 2011 Conference - Final Schedule Published, DeepSec Conference
• [SECURITY] [DSA 2312-1] iceape security update, Moritz Muehlenhoff
• Arbitrary memory corruption in NCSS 07.1.21, Luigi Auriemma
• Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities, sschurtz
• Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities, YGN Ethical Hacker Group
• [ MDVSA-2011:138 ] wireshark, security
• [security bulletin] HPSBUX02707 SSRT100626 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
• [ MDVSA-2011:136 ] openssl, security
• Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2011:137 ] openssl, security
• Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities, Cisco Systems Product Security Incident Response Team
• iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability, labs-no-reply
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability, labs-no-reply
• iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability, labs-no-reply
• Integer overflow in Sterling Trader 7.0.2, Luigi Auriemma
• Vulnerabilities in EViews 7.2, Luigi Auriemma
• Multiple vulnerabilities in Traq, advisory
• Vulnerabilities in PcVue 10 (SCADA), Luigi Auriemma
• VUPEN Security Research - Novell GroupWise "RRULE" Remote Buffer Overflow Vulnerability, VUPEN Security Research
• FreeBSD Security Advisory FreeBSD-SA-11:05.unix, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:04.compress, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-11:03.bind, FreeBSD Security Advisories
• VUPEN Security Research - Novell GroupWise "integerList" Remote Buffer Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Novell GroupWise "BYWEEKNO" Remote Memory Corruption Vulnerability, VUPEN Security Research
• VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability, VUPEN Security Research
• Barracuda Backup v2.0 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• European Security Services GPS v1.0 - Multiple Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• [SECURITY] [DSA 2311-1] openjdk-6 security update, Florian Weimer
• iDefense Security Advisory 09.26.11: Novell GroupWise iCal TZNAME Heap Overflow Vulnerability, labs-no-reply
• Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow, Secunia Research
• Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability, Secunia Research
• NGS00109 Patch Notification: ImpressPages CMS Remote code execution, Research@NGSSecure
• openEngine 2.0 'id' Blind SQL Injection vulnerability, sschurtz
• [security bulletin] HPSBUX02702 SSRT100606 rev.4 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
• Vulnerability found in Flynax Classifieds products, Nasel Pentest
• [SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication, Mark Thomas
• [CVE-2011-3645] Multiple vulnerability in Newgen's Omnidocs, sohil_garg
• AdaptCMS 2.0.1 Multiple security vulnerabilities, sschurtz
• Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability, YGN Ethical Hacker Group
• Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability, sschurtz
• PunBB 1.3.6 bug, Amir
  • Re: PunBB 1.3.6 bug, Henri Salo
• Hackito Ergo Sum 2012 dates, Philippe Langlois
• TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server, Trustwave Advisories
• TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation, Trustwave Advisories
• Security issue is_a function in PHP 5.3.7+, cipri
• XSS Vulnerabilities in TWiki < 5.1.0, Netsparker Advisories
• TLS/SSL Compatibility Report 2011, Thierry Zoller
• secureURL.php design flaws, Boldizsar Bencsath
• [SECURITY] [DSA 2310-1] linux-2.6 security update, dann frazier
• Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA), Luigi Auriemma
• [ MDVSA-2011:135 ] iproute2, security
• [security bulletin] HPSBOV02497 SSRT090245 rev.4 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• IPv6 security presentation at Hack.lu 2011, Fernando Gont
• Trusteer Rapport and anti-keylogging, mu-b
• Multiple vulnerabilities in Help Desk Software, advisory
• NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux, Research@NGSSecure
  • Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux, Tavis Ormandy
• Advisory: Dolphin Browser HD Cross-Application Scripting, Roee Hay
• Advisory: Opera Mobile Cache Poisoning XAS, Roee Hay
• NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF - SOS-11-011, Lists
• [security bulletin] HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code, security-alert
• VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability, VUPEN Security Research
• Cisco TelePresence Multiple Vulnerabilities - SOS-11-010, Lists
• [SECURITY] [DSA 2305-1] vsftpd security update, Nico Golde
• [ MDVSA-2011:130-1 ] apache, security
• [ MDVSA-2011:134-1 ] rsyslog, security
• [ MDVSA-2011:132-1 ] pidgin, security
• [ MDVSA-2011:133-1 ] mozilla, security
• [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan), Alexandr Polyakov
• [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan), Alexandr Polyakov
• CFP for first independent international Security Conference in Russia - ZeroNights (by Defcon-Russia), Alexandr Polyakov
• [Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation, Onapsis Research Labs
• [Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting, Onapsis Research Labs
• [Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service, Onapsis Research Labs
• Microsoft's Binary Planting Clean-Up Mission, ACROS Security Lists
  • RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, Thor \(Hammer of God\)
    • RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, ACROS Security Lists
      • Message not available
      • RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, ACROS Security Lists
      • RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, Thor \(Hammer of God\)
      • RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, ACROS Security Lists
      • Message not available
      • RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, ACROS Security Lists
      • Message not available
      • Message not available
      • Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission, Jeffrey Walton
• XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke, Nicolas Grégoire
• Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit, nospam
• CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus, CORE Security Technologies Advisories
• Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities, Cisco Systems Product Security Incident Response Team
• ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products, Security_Alert
• Invitation to Register and Participate in the Entretiens Jacques Cartier (EJC) Colloquium on IT Security, Cyber Forensics and Combating Cybercrime, Serguei A. Mokhov \(on behalf of EJC2011SecForensics-11\)
• VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability, VUPEN Security Research
• VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability, VUPEN Security Research
• Multiple vulnerabilities in SiT! Support Incident Tracker, advisory
• Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal, Irene Abezgauz
• Colasoft Capsa7.2.1 Malformed SNMP Packet Denial of Service, vuln
• [SECURITY] [DSA 2309-1] openssl security update, Raphael Geissert
• iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability, labs-no-reply
• iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability, labs-no-reply
• iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability, labs-no-reply
  • <Possible follow-ups>
  • iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability, labs-no-reply
• Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal, Irene Abezgauz
• [security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification, security-alert
• Vulnerabilities in trading and SCADA softwares, Luigi Auriemma
  • <Possible follow-ups>
  • Re: Vulnerabilities in trading and SCADA softwares, fergal . cassidy
    • Re: Vulnerabilities in trading and SCADA softwares, Jeffrey Walton
• XSS vulnerability in FortiMail Messaging Security Appliance, sschurtz
• Advisory for MS11-035 / ZDI-11-167, Luigi Auriemma
• [SECURITY] [DSA 2308-1] mantis security update, Moritz Muehlenhoff
• ESA-2011-018: Domain administration privilege enforcement bypass in EMC Avamar, Security_Alert
• Multiple XSS vulnerabilities in CMS Papoo Light Version, sschurtz
• [NTMS 2012] Call for Papers, Istanbul- Turkey, 7 - 10 May 2012, mbadra
• [Announcement] ClubHack Magazine - Call for Articles, abhijeet
• [SECURITY] [DSA 2304-1] squid3 security update, Nico Golde
• [SECURITY] [DSA 2307-1] chromium-browser security update, Giuseppe Iuculano
• [SECURITY] [DSA 2306-1] ffmpeg security update, Giuseppe Iuculano
• [SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression, dann frazier
• APPLE-SA-2011-09-09-1 Security Update 2011-005, Apple Product Security
• [slackware-security] httpd (SSA:2011-252-01), Slackware Security Team
• [ MDVSA-2011:134 ] rsyslog, security
• CVE-2011-2731: Spring Security privilege escalation when using RunAsManager, s2-security
• CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities, s2-security
• CVE-2011-2732: Spring Security header injection vulnerability, s2-security
• CVE-2011-2730: Spring Framework Information Disclosure, s2-security
• Disassembling .NET Client Challenge, Ivan Buetler
• 28C3: CFP for 28th Chaos Communication Congress, fukami
• [security bulletin] HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 2303-1] linux-2.6 security update, dann frazier
• [security bulletin] HPSBUX02702 SSRT100606 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS), security-alert
• Multiple XSS vulnerabilities in LightNEasy 3.2.4, sschurtz
• [SECURITY] [DSA 2302-1] bcfg2 security update, Nico Golde
• [ MDVSA-2011:133 ] mozilla, security
• OWASP AppSec USA 2011 - Two Weeks Away, Adam Baso
• Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• XSS in Zikula, advisory
• Embarcadero ER/Studio XE2 Server Portal Tom Sawyer's Default GET Extension Factory ActiveX Control Remote Code Execution, nospam
• Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin, supernothing
• [slackware-security] mozilla-thunderbird (SSA:2011-249-02), Slackware Security Team
• [slackware-security] seamonkey (SSA:2011-249-03), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2011-249-01), Slackware Security Team
• Windows server 2008 R1 local DoS, Aliz 'Randomdude'
• openvas 2.x race condition, Bugs NotHugs
• [ MDVSA-2011:132 ] pidgin, security
• [SECURITY] [DSA 2301-1] rails security update, Luciano Bello
• [SECURITY] [DSA 2300-2] nss security update, Thijs Kinkhorst
• [SECURITY] [DSA 2298-2] apache2 regression fix, Stefan Fritsch
• [Announcement] ClubHack Mag Issue 20- September 2011 Released, abhijeet
• Multiple vulnerabilities in MantisBT, advisory
• [ MDVSA-2011:131 ] libxml, security
• [ MDVSA-2011:130 ] apache, security
• t2′11 Challenge to be released 2011-09-10 10:00 EEST, Tomi Tuominen
• Extended submission deadline for: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)!, Call for papers
• Pranian Group e107 Cross Site Scripting Vulnerabilities, ehsan_hp200
• TTW (ricetta.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Abarkam (detail.php?input) Remote SQL injection Vulnerability, ehsan_hp200
• MaiNick (ricetta.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• WSTAFF Remote SQL injection Vulnerability, ehsan_hp200
• BvCom (dettaglio.php?idnews) Remote SQL injection Vulnerability, ehsan_hp200
• Editel (news-dettaglio.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• [ MDVSA-2011:129 ] mozilla, security
• ZDI-11-279: (0day) Witness Systems eQuality Unify Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability, ZDI Disclosures
• XSS Ebuddy (responsible disclosure), Rener Silva
• Manifattura Web (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Loop (ricetta.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Virtualismi (prodotto.php?id) Cross Site Scripting Vulnerabilities, ehsan_hp200
• Vulnerabilities in BroadWin WebAccess Client 1.0.0.10, Luigi Auriemma
• [PT-2011-19] SQL injection vulnerability in Help Request System, noreply
• ph5gruppo (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• ITTWeb Remote SQL injection Vulnerability, ehsan_hp200
• KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow, liuqx
• PMCMA: Post Memory Corruption Memory Analysis, Jonathan Brossard
• Studio Linea (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability, ehsan_hp200
• Fulci (prodotto.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)], Dan Luedtke
  • <Possible follow-ups>
  • Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)], Fernando Gont
    • Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)], Dan Luedtke
    • Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)], Marc Heuse
      • Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)], Fernando Gont
• More on IPv6 RA-Guard evasion (IPv6 security), Fernando Gont
• Sana Net (viewpages.php?id) Remote SQL injection Vulnerability, ehsan_hp200
• Secunia Research: InduSoft ISSymbol ActiveX Control Buffer Overflow Vulnerabilities, Secunia Research
• [security bulletin] HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability, ZDI Disclosures

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2011-09