ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-128 August 3, 2012 - -- CVE ID: CVE-2011-3671 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:

ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) http://www.zerodayinitiative.com/advisories/ZDI-12-129 August 3, 2012 - -- CVE ID: CVE-2012-0159 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -

ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-131 August 3, 2012 - -- CVE ID: CVE-2012-0162 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-132 August 3, 2012 - -- CVE ID: CVE-2012-2175 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-133 August 3, 2012 - -- CVE ID: CVE-2012-0229 - -- CVSS: 10,

ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-134 August 3, 2012 - -- CVE ID: CVE-2012-2176 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:

ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-135 August 3, 2012 - -- CVE ID: CVE-2012-0661 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected

[ MDVSA-2012:123 ] libreoffice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:123 http://www.mandriva.com/security/

[SECURITY] [DSA 2521-1] libxml2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2521-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff August 04, 2012

[ MDVSA-2012:124 ] openoffice.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:124 http://www.mandriva.com/security/

[security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03405705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03405705 Version: 1 HPSBMU02798

Joomla com_package - SQL Injection Vulnerability

Title: == Joomla com_package - SQL Injection Vulnerability Date: = 2012-07-08 References: === http://www.vulnerability-lab.com/get_content.php?id=652 VL-ID: = 652 Common Vulnerability Scoring System: 8.3 Introduction: =

[SECURITY] [DSA 2522-1] fckeditor security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2522-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez August 05, 2012

[SECURITY] [DSA 2519-2] isc-dhcp regression

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2519-2 secur...@debian.org http://www.debian.org/security/Nico Golde August 4, 2012

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution tested against: Microsoft Windows Vista sp2 Microsoft Windows Server 2003 r2 sp2 Mozilla Firefox 14.0.1 download url:

iAuto Mobile Application 2012 - Multiple Web Vulnerabilities

Title: == iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Date: = 2012-07-11 References: === http://www.vulnerability-lab.com/get_content.php?id=658 VL-ID: = 658 Common Vulnerability Scoring System: 3.5 Introduction:

Inout Mobile Webmail APP - Multiple Web Vulnerabilities

Title: == Inout Mobile Webmail APP - Multiple Web Vulnerabilities Date: = 2012-06-08 References: === http://www.vulnerability-lab.com/get_content.php?id=609 VL-ID: = 609 Common Vulnerability Scoring System: 3.5 Abstract: =

[ MDVSA-2012:125 ] wireshark

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:125 http://www.mandriva.com/security/

BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability

Title: == BeneficialBank Business v4.13.1 - Auth Bypass Vulnerability Date: = 2012-07-09 References: === http://www.vulnerability-lab.com/get_content.php?id=654 VL-ID: = 654 Common Vulnerability Scoring System: 8.5 Abstract:

[CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities

###Title###: Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities ###Affected Software###: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list

[CVE-2012-3872] Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities

###Title###: Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities ###Affected Software###: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234

[CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability

###Title###: Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability ###Affected Software###: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list

[CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities

###Title###: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities ###Affected Software###: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234

Dir2web3 Mutiple Vulnerabilities

Title: == Dir2web3 Multiple Vulnerabilities Date: = 05/08/2012 Author: === Daniel Correa (http://www.sinfocol.org/) Vulnerable software: Dir2web v3.0 (http://www.dir2web.it/) CVE: CVE-2012-4069 CVE-2012-4070 Details: There are two vulnerabilities