Bugtraq

• Thread Index

---

• [SECURITY] [DSA 2483-1] strongswan security update
  • From: Yves-Alexis Perez
• OpenSSL 1.0.1 Buffer Overflow Vulnerability
  • From: chenz9187
• [security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code
  • From: security-alert
• [ MDVSA-2012:086 ] acpid
  • From: security
• script-fu buffer overflow in GIMP 2.6
  • From: Joseph Sheridan
• [security bulletin] HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
  • From: security-alert
• things you can do with downloads
  • From: Michal Zalewski
• Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• FreeBSD Security Advisory FreeBSD-SA-12:02.crypt
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-12:01.openssl
  • From: FreeBSD Security Advisories
• 2 Buffer Overflows in Wireless Manager Sony VAIO
  • From: advisory
• Re: Progress Webspeed exploit for all releases
  • From: Eelko Neven
• AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
  • From: Asterisk Security Team
• AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
  • From: Asterisk Security Team
• Mapserver for Windows (MS4W) Remote Code Execution
  • From: bruk0ut . sec
• [ MDVSA-2012:085 ] tomcat5
  • From: security
• [SECURITY] [DSA 2480-2] request-tracker3.8 regression update
  • From: Florian Weimer
• DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass
  • From: ddivulnalert
• [ MDVSA-2012:084 ] ncpfs
  • From: security
• [ MDVSA-2012:083 ] util-linux
  • From: security
• [ MDVSA-2012:082 ] pidgin
  • From: security
• [SE-2011-01] Security of SAT TV set-to-boxes and DVB chipsets (details released)
  • From: Security Explorations
• WinRadius Server Denial Of Service Vulnerability
  • From: demonalex
• Tftpd32 DNS Server Denial Of Service Vulnerability
  • From: demonalex
• Kingcopes AthCon 2012 Slides & Notes
  • From: HI-TECH .
• CFP: Hacktivity 2012, October 12-13, Budapest, Hungary
  • From: Attila Bartfai
• GreHack 2012 - Call For Papers (Grenoble, France)
  • From: Fabien DUCHENE
• [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability
  • From: Stefan Bodewig
• Multiple vulnerabilities in LogAnalyzer
  • From: Filippo Cavallarin
• Multiple vulnerabilities in Pligg CMS
  • From: advisory
• Multiple XSS in pragmaMx
  • From: advisory
• [SECURITY] [DSA 2480-1] request-tracker3.8 security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2012:081 ] firefox
  • From: security
• [SECURITY] [DSA 2479-1] libxml2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 2478-1] sudo security update
  • From: Moritz Muehlenhoff
• [ MDVSA-2012:080 ] wireshark
  • From: security
• IPv6 security: New IETF I-Ds, slideware and videos for recent presentations, trainings, etc...
  • From: Fernando Gont
• ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities
  • From: Security_Alert
• Tftpd32 DHCP Server Denial Of Service Vulnerability
  • From: demonalex
• DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012
  • From: Major Malfunction
• [Announcement] CHMag's Issue 28, May 2012 Released
  • From: abhijeet
• [SECURITY] [DSA 2477-1] sympa security update
  • From: Florian Weimer
• PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
  • From: admin
• Acuity CMS 2.6.x <= Arbitrary File Upload
  • From: YGN Ethical Hacker Group
• Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
  • From: YGN Ethical Hacker Group
• [SECURITY] [DSA 2476-1] pidgin-otr security update
  • From: Jonathan Wiltshire
• Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)
  • From: Call for papers
• [ MDVSA-2012:079 ] sudo
  • From: security
• New Open Source Web Application Vulnerability Scanner Available
  • From: webvulscan
• SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149
  • From: SEC Consult Vulnerability Lab
• H2HC Brazil 9th Edition - Call for Papers
  • From: Rodrigo Rubira Branco \(BSDaemon\)
• Re: [oss-security] CVE Request: Planeshift buffer overflow
  • From: Kurt Seifried
• Re: [oss-security] CVE Request: Planeshift buffer overflow
  • From: Kurt Seifried
• [SECURITY] [DSA 2475-1] openssl security update
  • From: Raphael Geissert
• [security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized
  • From: security-alert
• Re: [oss-security] CVE Request: Planeshift buffer overflow
  • From: Kurt Seifried
• [SECURITY] [DSA 2474-1] ikiwiki security update
  • From: Raphael Geissert
• DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
  • From: ddivulnalert
• [security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of
  • From: security-alert
• [security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial
  • From: security-alert
• [ MDVSA-2012:078 ] imagemagick
  • From: security
• [ MDVSA-2012:077 ] imagemagick
  • From: security
• [SECURITY] [DSA 2473-1] openoffice.org security update
  • From: Florian Weimer
• FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability
  • From: demonalex
• [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
  • From: Timo Warns
• The story of the Linux kernel 3.x...
  • From: pi3
• CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0
  • From: Rob Weir
• CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
  • From: Rob Weir
• CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
  • From: Rob Weir
• Re: Trigerring Java code from a SVG image
  • From: Nicolas Grégoire
• [SECURITY] [DSA 2472-1] gridengine security update
  • From: Florian Weimer
• Apple Quicktime Memory Corruption (CVE-2012-0671)
  • From: Rodrigo Rubira Branco \(BSDaemon\)
• APPLE-SA-2012-05-15-1 QuickTime 7.7.2
  • From: Apple Product Security
• Liferay 6.1 json webservices are subject to cross-site request forgery attacks
  • From: Jelmer Kuperus
• [ MDVSA-2012:075 ] ffmpeg
  • From: security
• Liferay 6.1 can be compromised without having an account on the portal
  • From: Jelmer Kuperus
• Guests can view names and emailadresses of all Liferay users in liferay 6.1
  • From: Jelmer Kuperus
• Multiple xss issues in Liferay
  • From: Jelmer Kuperus
• APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003
  • From: Apple Product Security
• APPLE-SA-2012-05-14-1 Flashback Removal Security Update
  • From: Apple Product Security
• NETGEAR Exposure of Sensitive Information - Security Advisory - SOS-12-005
  • From: Lists
• ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
  • From: Stefan Kanthak
• Trigerring Java code from a SVG image
  • From: Nicolas Grégoire
• Re: rssh security announcement
  • From: Derek Martin
• [ MDVSA-2012:076 ] ffmpeg
  • From: security
• [ MDVSA-2012:074 ] ffmpeg
  • From: security
• [ MDVSA-2012:073 ] openssl
  • From: security
• [SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA-2471-1] ffmpeg security update
  • From: Moritz Muehlenhoff
• Liferay users can assign themselves to organizations, leading to possible privilege escalation
  • From: Jelmer Kuperus
• Universal Reader Filename Denial Of Service Vulnerability
  • From: demonalex
• [SECURITY] [DSA 2670-1] wordpress security update
  • From: Yves-Alexis Perez
• b2ePMS 1.0 Authentication Bypass Vulnerability
  • From: pereira
• t2'12: Call for Papers 2012 (Helsinki / Finland)
  • From: Tomi Tuominen
• Cross-Site Scripting (XSS) in Pivotx
  • From: advisory
• Multiple vulnerabilities in OrangeHRM
  • From: advisory
• CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities
  • From: CORE Security Technologies Advisories
• ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities
  • From: Security_Alert
• Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability
  • From: nospam
• [SECURITY] [DSA 2469-1] linux-2.6 security update
  • From: dann frazier
• [ MDVSA-2012:072 ] roundcubemail
  • From: security
• [ MDVSA-2012:071 ] php
  • From: security
• Re: Drupal 7.14 <= Full Path Disclosure Vulnerability
  • From: pereira
• [ MDVSA-2012:068-1 ] php
  • From: security
• Drupal 7.14 <= Full Path Disclosure Vulnerability (Update)
  • From: pereira
• Drupal 7.14 <= Full Path Disclosure Vulnerability
  • From: pereira
• APPLE-SA-2012-05-09-2 Safari 5.1.7
  • From: Apple Product Security
• APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002
  • From: Apple Product Security
• [SECURITY] [DSA 2468-1] libjakarta-poi-java security update
  • From: Florian Weimer
• [SECURITY] [DSA 2422-2] file regression fix
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 2467-1] mahara security update
  • From: Thijs Kinkhorst
• Re: rssh security announcement
  • From: Derek Martin
• [SECURITY] [DSA 2466-1] rails security update
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 2465-1] php5 security update
  • From: Thijs Kinkhorst
• Adobe Shockwave Player Remote Code Execution (CVE-2012-2031)
  • From: Rodrigo Rubira Branco \(BSDaemon\)
• Adobe Shockwave Player Remote Code Execution (CVE-2012-2030)
  • From: Rodrigo Rubira Branco \(BSDaemon\)
• Adobe Shockwave Player Remote Code Execution (CVE-2012-2029)
  • From: Rodrigo Rubira Branco \(BSDaemon\)
• [security bulletin] HPSBMU02775 SSRT100853 rev.2 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation
  • From: security-alert
• [SECURITY] [DSA 2464-2] icedove regression update
  • From: Florian Weimer
• Re: rssh security announcement
  • From: Derek Martin
• Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
  • From: security
• rssh security announcement
  • From: Derek Martin
• [security bulletin] HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation
  • From: security-alert
• Re: [Full-disclosure] Ubuntu, Linux Mint, and the Guest Account
  • From: Marc Deslauriers
• Ubuntu, Linux Mint, and the Guest Account
  • From: Jeffrey Walton
• Fwd: [cryptography] Apple Legacy filevault barn door...
  • From: Jeffrey Walton
• APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update
  • From: Apple Product Security
• VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break
  • From: ds . adv . pub
• Format Factory v2.95 - Buffer Overflow Vulnerabilities
  • From: Research
• [SECURITY] [DSA 2459-2] quagga security update
  • From: Florian Weimer
• [ MDVSA-2012:070 ] samba
  • From: security
• [ MDVSA-2012:069 ] cifs-utils
  • From: security
• Format Factory v2.95 - Buffer Overflow Vulnerabilities
  • From: Research
• [SECURITY] [DSA 2462-2] imagemagick regression update
  • From: Moritz Muehlenhoff
• VMware Backdoor Response Uninitialized Memory Potential VM Break
  • From: ds . adv . pub
• Re: DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass
  • From: brian . radovich
• [waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 "ja_purity" template
  • From: come2waraxe
• [waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page
  • From: come2waraxe
• SQL Injection and other issues in Micro Technology Services, Inc. Lynx
  • From: bede
• Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901)
  • From: Roee Hay
• LACSEC 2012 Agenda (May 6-11, 2012, Quito, Ecuador)
  • From: Fernando Gont
• Firefox security bug (proxy-bypass) in current Tor BBs
  • From: oLhrrBHQeTr0EmbKwBXa
• Fortinet FortiWeb Web Application Firewall Policy Bypass
  • From: Geffrey Velasquez
• FreeBSD Security Advisory FreeBSD-SA-12:01.openssl
  • From: FreeBSD Security Advisories
• VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues
  • From: VMware Security Team
• [SECURITY] [DSA 2464-1] icedove security update
  • From: Moritz Muehlenhoff
• Local File Inclusion in PluXml
  • From: advisory
• [SECURITY] [DSA 2463-1] samba security update
  • From: Moritz Muehlenhoff
• [CVE-2012-1002] OpenConf <= 4.11 (author/edit.php) Blind SQL Injection Vulnerability
  • From: n0b0d13s
• [security bulletin] HPSBMU02772 SSRT100603 rev.1 - HP System Health Application and Command Line Utilities for Linux, Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMU02771 SSRT100558 rev.1 - HP SNMP Agents for Linux, Remote Cross Site Scripting (XSS), URL Redirection
  • From: security-alert
• [security bulletin] HPSBMU02770 SSRT100848 rev.1 - HP Insight Management Agents for Windows Server, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), URL Redirection, Unauthorized Modification, Denial of Service (DoS)
  • From: security-alert
• LAN Messenger v1.2.28 - Denial of Service Vulnerability
  • From: Research
• Re: Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities
  • From: g
• [ MDVSA-2012:067 ] samba
  • From: security
• Corrections about Squid/McAfee URL Filtering Bypass
  • From: Gabriel Menezes Nunes
• Call for Paper: 3rd Workshop on Security and Privacy in Social Networks
  • From: asemailing

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2012-05