Bugtraq

• Date Index

---

• [SECURITY] [DSA 2399-2] php5 regression fix, Thijs Kinkhorst
• [SECURITY] [DSA 2399-1] php5 security update, Thijs Kinkhorst
• VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console, VMware Security Team
• [security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege, security-alert
• [security bulletin] HPSBUX02697 SSRT100591 rev.2 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access, security-alert
• [SECURITY] [DSA 2398-1] curl security update, Moritz Muehlenhoff
• ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability, ZDI Disclosures
• Advisory: sudo 1.8 Format String Vulnerability, joernchen of Phenoelit
• [ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities, Alex Legler
• [ GLSA 201201-18 ] bip: Multiple vulnerabilities, Alex Legler
• Multiple vulnerabilities in postfixadmin, Filippo Cavallarin
• Mibew messenger multiple XSS, Filippo Cavallarin
• [ MDVSA-2012:011 ] openssl, security
• [SECURITY] [DSA 2397-1] icu security update, Moritz Muehlenhoff
• FAA US Academy (AFS) - Auth Bypass Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• eBank IT Online Banking - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• [ GLSA 201201-17 ] Chromium: Multiple vulnerabilities, Tim Sammut
• [ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass, Alex Legler
• [SECURITY] [DSA 2396-1] qemu-kvm security update, Moritz Muehlenhoff
• [SECURITY] [DSA 2395-1] wireshark security update, Moritz Muehlenhoff
• AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS, Thomas Quinot
• [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon, Hafez Kamal
• [ GLSA 201201-15 ] ktsuss: Privilege escalation, Sean Amoss
• [SECURITY] [DSA 2394-1] libxml2 security update, Luciano Bello
• ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision, Security_Alert
• ESA-2012-005: EMC NetWorker buffer overflow vulnerability, Security_Alert
• Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability, ZDI Disclosures
• NX Web Companion Spoofing Arbitrary Code Execution Vulnerability, otr
• [SECURITY] [DSA-2393-1] bip security update, dann frazier
• D-Link DIR-601 TFTP Directory Traversal Vulnerability, robkraus
• CSRF (Cross-Site Request Forgery) in DClassifieds, advisory
• Multiple vulnerabilities in OSclass, advisory
  • <Possible follow-ups>
  • Multiple vulnerabilities in OSClass, Filippo Cavallarin
• NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation, Research@NGSSecure
• NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM, Research@NGSSecure
• [security bulletin] HPSBUX02729 SSRT100687 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02719 SSRT100658 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, security-alert
• [security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
• TWSL2012-002: Multiple Vulnerabilities in WordPress, Trustwave Advisories
• Only 7 Days Left: SANS AppSec 2012 CFP, SANS AppSec CFP
• NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption, Research@NGSSecure
• [ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities, Sean Amoss
• [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities, Sean Amoss
• Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability, n0b0d13s
• [ GLSA 201201-12 ] Tor: Multiple vulnerabilities, Sean Amoss
• SQL injection in Bigware shop software, rwenzel
• [SECURITY] [DSA 2392-1] openssl security update, Florian Weimer
• [SECURITY] [DSA 2301-2] rails regression, Florian Weimer
• DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass, ddivulnalert
• [Suspected Spam] Bart`s CMS - SQL Injection Vulnerability, research@xxxxxxxxxxxxxxxxxxxxx
• AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload, pavel
• [SECURITY] [DSA 2391-1] phpmyadmin security update, Thijs Kinkhorst
• ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [ GLSA 201201-04 ] Logsurfer: Arbitrary code execution, Sean Amoss
• [ MDVSA-2012:010 ] cacti, security
• DC4420 - London DEFCON - 24 January 2012, Major Malfunction
• InfoSec Southwest 2012 Open Registration, I\)ruid
• [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities, research@xxxxxxxxxxxxxxxxxxxxx
• Webcalendar 1.2.4 'location' XSS, tom
• appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability, n0b0d13s
• Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow, Stefan Esser
• Microsoft Anti-XSS Library Bypass (MS12-007), adic
• [security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information, security-alert
• Xpra memory disclosure, Antoine Martin
• Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS, InterN0T Advisories
• Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2012:009 ] perl, security
• [ MDVSA-2012:008 ] perl, security
• XSS in OneOrZero AIMS, advisory
• Reflection Scan: an Off-Path Attack on TCP, Jan Wrobel
• ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability., Security_Alert
• pwgen: non-uniform distribution of passwords, Solar Designer
  • Re: pwgen: non-uniform distribution of passwords, Solar Designer
    • Message not available
      • Re: pwgen: non-uniform distribution of passwords, Solar Designer
      • Re: pwgen: non-uniform distribution of passwords, Solar Designer
• [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service, Mark Thomas
• [SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure, Mark Thomas
• [ MDVSA-2012:007 ] openssl, security
• [ MDVSA-2012:006 ] openssl, security
• [ MDVSA-2012:005 ] libxml2, security
• [Announcement] ClubHack Mag - Call for Articles, abhijeet
• (CFP) LACSEC 2012: 7th Network Security Event for Latin America and the Caribbean, Fernando Gont
• Beehive Forum 101 Multiple XSS vulnerabilities, sschurtz
• phpVideoPro Multiple XSS vulnerabilities, sschurtz
• Family Connections 2.7.2 Multiple XSS, tom
• First-hop security in IPv6, Fernando Gont
• [Announcement] ClubHack Mag Issue 24-Jan 2012 Released, abhijeet
• [SECURITY] [DSA 2389-1] linux-2.6 security update, dann frazier
• [SECURITY] [DSA 2390-1] openssl security update, Florian Weimer
• [SECURITY] [DSA 2388-1] t1lib security update, Yves-Alexis Perez
• ATutor 2.0.3 Multiple XSS vulnerabilities, sschurtz
• BoltWire 3.4.16 Multiple XSS vulnerabilities, sschurtz
• PHP 5.3.8 Multiple vulnerabilities, cxib
• [security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code, security-alert
• ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389, Henri Salo
• ZDI-12-016 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities, ZDI Disclosures
• ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution, ZDI Disclosures
• [ MDVSA-2012:004 ] t1lib, security
• SafeSEH+SEHOP all-at-once bypass explotation method principles, geinblues
• Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation, Fernando Gont
• AthCon 2012 CFP is now OPEN!, Christian Papathanasiou
• Office arbitrary ClickOnce application execution vulnerability, Akita Software Security
• GreenBrowser iframe content Double Free Vulnerability, vuln
• [security bulletin] HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 2386-1] openttd security update, Luk Claes
• [SECURITY] [DSA 2387-1] simplesamlphp security update, Thijs Kinkhorst
• Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability, Secunia Research
• Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities, Secunia Research
• [PT-2011-04] Cross-Site Scripting in Kayako Support Suite, noreply
• [PT-2011-03] Information disclosure in Kayako Support Suite, noreply
  • <Possible follow-ups>
  • [PT-2011-03] Information disclosure in Kayako Support Suite, noreply
• Multiple XSS in KnowledgeTree Community Edition, advisory
  • Re: Multiple XSS in KnowledgeTree Community Edition, Henri Salo
    • Re: Multiple XSS in KnowledgeTree Community Edition, advisory
• [PT-2011-02] PHP code Injection in Kayako Support Suite, noreply
• [PT-2011-01] Cross-Site Scripting in Kayako Support Suite, noreply
• VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01), VUPEN Security Research
• Multiple Cross-Site-Scripting vulnerabilities in x3cms, security
• [SECURITY] [DSA 2385-1] pdns security update, Florian Weimer
• ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2012:003 ] apache, security
• Is Your Online Bank Vulnerable To Currency Rounding Attacks?, ACROS Security Lists
• p0f3 release candidate, Michal Zalewski
  • Re: p0f3 release candidate, Michal Zalewski
• Simple Mail Server - SMTP Authentication Bypass Vulnerability, demonalex
  • Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability, Peter Conrad
• DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785), ddivulnalert
• [SECURITY] [DSA 2384-1] cacti security update, luk
• [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files, security-alert
• [security bulletin] HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default, security-alert
• [SECURITY] [DSA 2383-1] super security update, Moritz Muehlenhoff
• [ GLSA 201201-03 ] Chromium, V8: Multiple vulnerabilities, Tim Sammut
• [SECURITY] [DSA 2382-1] ecryptfs-utils security update, Jonathan Wiltshire
• IpTools - Rcmd Remote Overflow Vulnerability, demonalex
• IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability, demonalex
• [SECURITY] [DSA 2381-1] squid3 security update, Florian Weimer
• [ GLSA 201201-02 ] MySQL: Multiple vulnerabilities, Tim Sammut
• ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities, ZDI Disclosures
• SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities, security
• VertrigoServ 2.25 Cross-Site-Scripting vulnerability, security
• VLC media player v1.1.11 (.amr) Local Crash PoC, hapsec
• Ggb Guestbook - XSS Vulnerabilities, demonalex
• SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2, SEC Consult Vulnerability Lab
• NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability, Research@NGSSecure
• NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS, Research@NGSSecure
• HServer webserver - Directory Traversal Vulnerability, demonalex
• Revised IETF I-D: Advice on IPv6 RA-Guard Implementation, Fernando Gont
• [ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities, Tim Sammut
• [SECURITY] [DSA 2380-1] foomatic-filters security update, Florian Weimer
• [SECURITY] [DSA 2379-1] krb5 security update, Florian Weimer
• Open Redirection Vulnerability in Orchard 1.3.9, Netsparker Advisories
• Multiple vulnerabilities in ImpressCMS, advisory
• Google Chrome HTTPS Address Bar Spoofing, ACROS Security Lists
• TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System, Trustwave Advisories
• InfoSec Southwest 2012 CFP First-round Speaker Selections, I\)ruid
• [SECURITY] [DSA 2378-1] ffmpeg security update, Moritz Muehlenhoff
• Re: PHP Booking Calendar 10e XSS, Henri Salo
• SQL Injection Vulnerability in OpenEMR 4.1.0, Netsparker Advisories
• [SE-2011-01] Security vulnerabilities in a digital satellite TV platform, Security Explorations
  • Message not available
    • Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform, Security Explorations
  • Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform, Security Explorations
• [RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator, RedTeam Pentesting GmbH
• mavili guestbook - SQL Injection and XSS Vulnerabilities, demonalex
• Tinyguestbook XSS, tom
  • Re: Tinyguestbook XSS, Henri Salo
• OpenKM 5.1.7 OS Command Execution (XSRF based), Cyrill Brunschwiler
• OpenKM 5.1.7 Privilege Escalation, Cyrill Brunschwiler
  • <Possible follow-ups>
  • Re: OpenKM 5.1.7 Privilege Escalation, pavila
• BigACE CMS - XSS Vulnerabilities, demonalex
• [ MDVSA-2012:002 ] t1lib, security
• [ MDVSA-2012:001 ] fcgi, security
• [SECURITY] [DSA 2377-1] cyrus-imapd-2.2 security update, Nico Golde
• [ MDVSA-2011:198 ] phpmyadmin, security
• [SECURITY] [DSA 2376-2] ipmitool security update, Thijs Kinkhorst

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2012-01