Bugtraq
[Prev Page][Next Page]
- ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability
- ZDI-11-071: Adobe Reader BMP RLE_8 Decompression Remote Code Execution Vulnerability
- ZDI-11-065: Adobe Reader Controlled memset Remote Code Execution Vulnerability
- ZDI-11-070: Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability
- ZDI-11-069: Adobe Acrobat Reader U3D Texture psd RLE Decompression Remote Code Execution Vulnerability
- ZDI-11-068: Adobe Acrobat Reader U3D Texture bmp RLE Decompression Remote Code Execution Vulnerability
- CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution
- From: Rodrigo Rubira Branco (BSDaemon)
- ZDI-11-067: Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code Execution Vulnerability
- [ MDVSA-2011:024 ] krb5
- ZDI-11-066: Adobe Acrobat Reader U3D Texture .iff RLE Decompression Remote Code Execution Vulnerability
- MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
- iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library
- DC4420 - London DEFCON - February meet - Tuesday 22nd February 2011
- MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]
- ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability
- [security bulletin] HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF)
- HTB22818: Stored XSS vulnerability in WebAsyst Shop-Script
- ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability
- rPSA-2011-0010-1 kernel
- From: rPath Update Announcements
- ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability
- ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability
- ZDI-11-046: IBM Lotus Domino Calendar Request Attachment Name Parsing Remote Code Execution Vulnerability
- ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability
- ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability
- ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability
- ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability
- ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability
- HTB22812: XSRF (CSRF) in UMI.CMS
- ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability
- ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability
- [USN-1059-1] Dovecot vulnerabilities
- Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial of Service
- From: Digit Security Research
- HTB22813: XSS vulnerability in UMI.CMS
- [ MDVSA-2011:023 ] proftpd
- ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability
- Re: Microsoft Terminal Services vulnerable to MITM-attacks.
- [security bulletin] HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access
- HTB22817: XSS vulnerability in WebAsyst Shop-Script
- ESA-2011-004: EMC Replication Manager remote code execution vulnerability
- VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
- From: VMware Security Team
- ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability
- ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability
- ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability
- R7-0039: Accellion File Transfer Appliance Multiple Vulnerabilities
- HTB22819: XSS vulnerability in WebAsyst Shop-Script
- ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
- HTB22814: XSS vulnerability in ViArt Shop
- ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
- ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
- ZDI-11-049: IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability
- R7-0038: Check Point Endpoint Security Server Information Disclosure
- HTB22815: XSS vulnerability in ViArt Shop
- ZDI-11-047: IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability
- HTB22816: XSS vulnerability in ViArt Shop
- HTB22811: XSS vulnerability in UMI.CMS
- ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability
- ZDI-11-041: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability
- ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
- ZDI-11-043: Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
- Re: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure
- [ MDVSA-2011:021 ] postgresql
- [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
- Troopers11 - Security Conference in Germany
- [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
- [SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat
- Re: [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability
- [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
- Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure
- [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
- Re: TinyWebGallery: XSS + Directory Traversal
- TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)
- From: Trustwave Advisories
- [SECURITY] [DSA-2157-1] PostgreSQL security update
- [USN-1057-1] Linux kernel vulnerabilities
- [USN-1058-1] PostgreSQL vulnerability
- ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability
- (TAD-2011-001) Vulnerability in HTC Peep: Twitter Credentials Disclosure
- [ MDVSA-2011:020 ] pango
- WOOT '11 Call for Papers
- Majordomo2 - Directory Traversal (SMTP/HTTP)
- HTB22806: SQL Injection in ReOS
- HTB22810: SQL Injection in ReOS
- HTB22802: XSS in Podcast Generator
- HTB22807: SQL Injection in ReOS
- HTB22808: Local File Inclusion in ReOS
- HTB22800: Path disclosure in Podcast Generator
- HTB22801: Local File Inclusion in Podcast Generator
- HTB22809: SQL Injection in ReOS
- Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints
- From: Cisco Systems Product Security Incident Response Team
- [USN-1055-1] OpenJDK vulnerabilities
- [USN-1054-1] Linux kernel vulnerabilities
- fix for Nvidia CUDA drivers security breach
- Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities
- From: CORE Security Technologies Advisories
- TinyWebGallery: XSS + Directory Traversal
- Aruba Mobility Controller - multiple advisories: DoS and authentication bypass
- HTB22805: Path disclosure in Redaxscript
- HTB22803: Path disclosure in Razor CMS
- HTB22799: Path disclosure in Pluck CMS
- HTB22798: Path disclosure in Pluck CMS
- HTB22804: SQL Injection in Redaxscript
- Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability
- From: YGN Ethical Hacker Group
- [USN-1053-1] Subversion vulnerabilities
- [security bulletin] HPSBMA02627 SSRT090246 rev.1 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code
- ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability
- ZDI-11-036: IBM DB2 db2dasrrm receiveDASMessage Remote Code Execution Vulnerability
- ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability
- ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability
- [SECURITY] [DSA 2153-1] linux-2.6 security update
- [SECURITY] [DSA-2154-1] exim4 security update
- [SECURITY] [DSA 2155-1] freetype security update
- [HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb
- [SECURITY] [DSA-2156-1] pcscd security update
- [SECURITY] [DSA-2154-2] exim4 regression fix
- CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue
- VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection
- TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
- TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service
- TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
- FreeBSD local denial of service - forced reboot
- [SECURITY] [DSA 2152-1] hplip security update
- CA20101231-01: Security Notice for CA ARCserve D2D (updated)
- HTB22793: XSRF (CSRF) in KaiBB
- [USN-1052-1] OpenJDK vulnerability
- HTB22796: Path disclousure in DBHcms
- HTB22797: Path disclousure in BLOG:CMS
- OpenOffice.org Multiple Memory Corruption Vulnerabilities
- Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212)
- From: StenoPlasma @ www.ExploitDevelopment.com
- [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities
- Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Huawei HG default WEP/WPA generator
- Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability
- From: YGN Ethical Hacker Group
- IETF RFC on "the implementation of the TCP urgent mechanism"
- [ MDVSA-2011:019 ] libuser
- Re: Remote Code Execution in ICQ 7
- PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm
- VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)
- From: VUPEN Security Research
- ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.
- Microsoft IIS 6 parsing directory x.asp Vulnerability
- HTB22795: Path disclosure in Hycus CMS
- [USN-1051-1] HPLIP vulnerability
- [security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS)
- [DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss
- [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection
- [DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED)
- syslog-ng wrong file permission vulnerability
- [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow
- [security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code
- [DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal
- HTB22787: Path disclousure in Pligg CMS
- [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method
- HTB22789: Path disclousure in Pivotx
- [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files
- [DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods
- HTB22790: XSS in Pivotx
- HTB22792: XSS in Pixelpost
- HTB22788: XSS in Pivotx
- HTB22791: File Content Disclosure in Pixelpost
- [DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method
- HTB22794: Path disclousure in Pixelpost
- [CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean
- [USN-1048-1] Tomcat vulnerability
- phpcms V9 BLind SQL Injection Vulnerability
- ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability
- [USN-1047-1] AWStats vulnerability
- [SECURITY] [DSA 2150-1] request-tracker3.6 security update
- [ MDVSA-2011:018 ] sudo
- [ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities
- [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities
- [ MDVSA-2011:017 ] tetex
- [ MDVSA-2011:016 ] t1lib
- [ MDVSA-2011:014 ] ccid
- NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability
- IETF RFC on Port Randomization
- [ MDVSA-2011:015 ] pcsc-lite
- Code execution in Microsoft Fax Cover Page Editor
- London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL
- [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry
- From: Laurent OUDOT at TEHTRI-Security
- [security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS)
- [security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification
- SQL Injection in Pixie
- SQL Injection in Pixie
- DotNetNuke Remote Code Execution vulnerability
- [USN-1046-1] Sudo vulnerability
- [SECURITY] [DSA 2149-1] Security update for dbus
- [security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
- [USN-1045-1] FUSE vulnerability
- [ MDVSA-2011:013 ] hplip
- [USN-1045-2] util-linux update
- Simploo CMS Community Edition - Remote PHP Code Execution Issue
- [USN-1044-1] D-Bus vulnerability
- AST-2011-001: Stack buffer overflow in SIP channel driver
- From: Asterisk Security Team
- [SECURITY] [DSA 2148-1] Security update for tor
- [ MDVSA-2011:012 ] mysql
- 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
- Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code)
- [ MDVSA-2011:010 ] xfig
- [ GLSA 201101-05 ] OpenAFS: Arbitrary code execution
- [ GLSA 201101-07 ] Prewikka: password disclosure
- [SECURITY] [DSA 2144-1] Security update for wireshark
- [SECURITY] [DSA 2145-1] Security update for libsmi
- [ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code
- [SECURITY] [DSA 2147-1] Security update for pimd
- [ GLSA 201101-04 ] aria2: Directory traversal
- [ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow
- [SECURITY] [DSA 2146-1] Security update for mydms
- [ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error
- [ MDVSA-2011:011 ] opensc
- [ MDVSA-2011:009 ] gif2png
- [ MDVSA-2011:008 ] perl-CGI
- Remote Code Execution in ICQ 7
- [ MDVSA-2011:006 ] subversion
- [ MDVSA-2011:006 ] subversion
- [ MDVSA-2011:007 ] wireshark
- [SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
- From: YGN Ethical Hacker Group
- [security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
- [ MDVSA-2011:005 ] evince
- [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
- Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
- [USN-1042-2] PHP5 regression
- [security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code
- CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland
- [USN-1043-1] Little CMS vulnerability
- [SECURITY] [DSA-2141-4] New lighttpd packages fix regression
- [security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure
- From: Onapsis Research Labs
- iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability
- [Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart
- From: Onapsis Research Labs
- Call for Papers: DIMVA 2011 - Extended Deadline Jan 21
- [USN-1042-1] PHP vulnerabilities
- SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1
- [USN-1009-2] GNU C Library vulnerability
- 2011 Rocky Mountain Information Security Conference Call for Papers
- [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
- [security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code
- [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC
- ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products
- From: ACROS Security Lists
- [security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- XSRF (CSRF) in whCMS
- XSRF (CSRF) in Cambio
- XSS vulnerability in diafan.CMS
- XSRF (CSRF) in diafan.CMS
- XSS vulnerability in VaM Shop
- XSS vulnerability in VaM Shop
- XSS vulnerability in VaM Shop
- XSRF (CSRF) in Energine
- Path disclosure in Energine
- Stored XSS vulnerability in diafan.CMS
- XSRF (CSRF) in VaM Shop
- SQL injection vulnerability in Energine
- [ MDVSA-2011:004 ] php-phar
- NewvCommon.ocx ActiveX Remote Code Execution Vulnerability
- NewvCommon.ocx ActiveX Insecure Method Vulnerability
- NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute
- www.eVuln.com : "fold" and "site" SQL Injections in WikLink
- [ MDVSA-2011:003 ] MHonArc
- Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service
- From: Digit Security Research
- [ MDVSA-2011:002 ] wireshark
- Web Hacking & Database Hijack Online Challenge
- CUDA drivers/Linux security hole
- [USN-1038-1] dpkg vulnerability
- call for participation
- From: chpardhasaradhisarma
- McAfee Commandline Updater
- Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
- From: YGN Ethical Hacker Group
- GNU libc/regcomp(3) Multiple Vulnerabilities
- [USN-1040-1] Django vulnerabilities
- [USN-1039-1] AppArmor update
- [USN-1037-1] ifupdown update
- [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal
- XSS vulnerability in PHP MicroCMS
- SQL Injection in phpMySport
- SQL Injection in phpMySport
- XSS vulnerability in WonderCMS
- Authentication bypass in phpMySport
- XSRF (CSRF) in PHP MicroCMS
- SQL Injection in Phenotype CMS
- SQL Injection in phpMySport
- Path disclousure in phpMySport
- [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
- [SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
- [SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
- [SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
- Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference
- From: Kyprianos Vasilopoulos
- [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code
- Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
- From: YGN Ethical Hacker Group
- Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section
- From: Walikar Riyaz Ahemed Dawalmalik
- Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section
- From: Walikar Riyaz Ahemed Dawalmalik
- BlogEngine.NET 1.6 Multiple Vulnerabilities
- [ MDVSA-2011:000 ] phpmyadmin
- Getting root, the hard way
- [USN-1035-1] Evince vulnerabilities
- www.eVuln.com : "id" SQL Injection in WikLink
- VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
- From: VMware Security Team
- Plunging Through the Palo Alto Networks Firewall
- [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss
- From: Ewerson Guimarães (Crash) - Dclabs
- Mathematica8 on Linux /tmp/MathLink vulnerability
- [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration
- Geeklog 1.7.1 <= Cross Site Scripting Vulnerability
- From: YGN Ethical Hacker Group
- www.eVuln.com : SQL Injection in WikLink
- Announcing cross_fuzz, a potential 0-day in circulation, and more
- CA20101231-01: Security Notice for CA ARCserve D2D
- [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities
- HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc
- [ MDVSA-2010:260 ] libxml2
- Path disclousure in Nibbleblog
- Path disclosure in LightNEasy
- CSRF (Cross-Site Request Forgery) in Open blog
- Path disclousure in ocPortal
- LFI in LightNEasy
- Path disclousure in OpenCart
- SQL Injection in LightNEasy
- Information disclosure in LightNEasy
- CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc
- SQL Injection in LightNEasy
- OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS
- [SECURITY] [DSA 2138-1] Security update for wordpress
- Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc
- Pre Jobo .NET "Password" SQL Injection Vulnerability
- Fedora 14 - Format string attack in allegro-tools package
- Path disclosure in KaiBB
- SQL injection in KaiBB
- SQL injection in KaiBB
- [security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access
- BBcode XSS in KaiBB
- [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10
- YEKTAWEB CMS XSS Vulnerability
- HotWeb Rentals "PageId" SQL Injection Vulnerability
- [ MDVSA-2010:251-1 ] firefox
- Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability
- Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc
- Re: XSS vulnerability in ImpressCMS
- Security Advisory - FlexVision Listener Vulnerability
- From: Victor Ribeiro Hora
- Re: [IMF 2011] 2nd Call - Deadline Extended - Addenunm
- Multiple Vulnerabilities in OpenClassifieds 1.7.0.3
- [IMF 2011] 2nd Call - Deadline Extended
- Pligg XSS and SQL Injection
- [ MDVSA-2010:259 ] pidgin
- [ MDVSA-2010:251-2 ] firefox
- Django admin list filter data extraction / leakage
- [SECURITY] [DSA 2137-1] Security update for libxml2
- MyBB 1.6 <= SQL Injection Vulnerability
- From: YGN Ethical Hacker Group
- [waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0
- Asan Portal (IdehPardaz) Multiple Vulnerabilities
- Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability
- [security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code
- Sigma Portal Denial of Service Vulnerability
- www.eVuln.com : HTTP Response Splitting in Social Share
- [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities
- VSR Advisories: Citrix Access Gateway Command Injection Vulnerability
- VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
- From: VMware Security Team
- [SECURITY] [DSA-2136-1] New tor packages fix potential code execution
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04
- Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability
- Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows
- [ MDVSA-2010:258 ] mozilla-thunderbird
- SQL injection in Hycus CMS
- XSS vulnerability in Injader CMS
- Re: OpenBSD CARP Hash Vulnerability
- SQL injection in Injader CMS
- LFI in Hycus CMS
- SQL injection in Hycus CMS
- [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34
- SQL injection in Hycus CMS
- PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing)
- [security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code
- www.eVuln.com : Authentication Bypass by SQL Injection in Social Share
- XSS vulnerability in ImpressCMS
- nSense-2010-004: Sybase Afaria
- Path disclosure in HTML-EDIT CMS
- XSS vulnerability in Injader CMS
- Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows
- XSS in HTML-EDIT CMS
- Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability
- Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability
- XSS vulnerability in Habari
- nSense-2010-005: Winamp
- Path disclosure in Habari
- SQL Injection in HTML-EDIT CMS
- SQL injection in Injader CMS
- XSS vulnerability in Habari
- Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow
- Path disclosure in GetSimple CMS
- SQL injection in Hycus CMS
- OpenBSD CARP Hash Vulnerability
- Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow
- Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability
- www.eVuln.com : "postid" SQL Injection in Social Share
- Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004
- Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability
- Default SSL Keys in Multiple Routers
- Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability
- MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2134-1] Upcoming changes in advisory format
- Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277
- Apple Quicktime Memory Corruption - CVE-2010-3801
- [USN-1033-1] Eucalyptus vulnerability
- [ GLSA 201012-01 ] Chromium: Multiple vulnerabilities
- Re: XSS vulnerability in Expression CMS
- From: security curmudgeon
- Re: XSS vulnerability in Lantern CMS
- From: security curmudgeon
- Making Security Suck Less
- [ MDVSA-2010:257 ] kernel
- Re: D-Link DIR-300 authentication bypass
- Alt-N WebAdmin Source Code Disclosure
- www.eVuln.com : "link" and "linkdescription" XSS in Social Share
- www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share
- cross site scripting vulnerability in BLOG:CMS
- XSS vulnerability in BLOG:CMS
- PR10-06: Cross-domain redirect on PGP Universal Web Messenger
- 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)
- 'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333)
- Stored Cross Site Scripting vulnerability in BEdita
- XSRF (CSRF) in BLOG:CMS
- Updated online binary planting exposure test continues operation
- From: ACROS Security Lists
- XSRF (CSRF) in BEdita
- XSS vulnerability in BEdita
- XSS vulnerability in BLOG:CMS
- RE: [Full-disclosure] OpenBSD Paradox
- [security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning
- Call for Paper @ Swiss Cyber Storm 3
- www.eVuln.com : "error" Non-persistent XSS in slickMsg
- VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206)
- From: VUPEN Security Research
- [security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access
- VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199)
- From: VUPEN Security Research
- Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project
- [ MDVSA-2010:256 ] git
- VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201)
- From: VUPEN Security Research
- [security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS)
- VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200)
- From: VUPEN Security Research
- [security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code
- Re: D-Link DIR-300 authentication bypass
- VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041)
- From: VUPEN Security Research
- [security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS)
- [security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure
- Re: OpenBSD Paradox
- OpenBSD Paradox
- Re: OpenBSD's IPSEC is Backdoored
- [ MDVSA-2010:255 ] php-intl
- [ MDVSA-2010:254 ] php
- www.eVuln.com : BBCode CSS XSS in slickMsg
- Re: hidden admin user on every HP MSA2000 G3
- www.eVuln.com : "post" - Non-persistent XSS in slickMsg
- OpenBSD's IPSEC is Backdoored
- [USN-1024-2] OpenJDK regression
- Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root
- From: Kryptos Logic Secure
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
- [security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access
- Re: [Full-disclosure] minor browser UI nitpicking
- Microsoft Internet Explorer Denial of Service Vulnerability
- ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
- From: ACROS Security Lists
- minor browser UI nitpicking
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability
- OSSTMM 3 Now Available!
- www.eVuln.com : "post" - Non-persistent XSS in slickMsg
- From: www.eVuln.com Advisories
- Re: [Full-disclosure] Linux kernel exploit
- Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- Re: [Full-disclosure] Linux kernel exploit
- RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: Thor (Hammer of God)
- Re: RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: StenoPlasma @ www.ExploitDevelopment.com
- Re: hidden admin user on every HP MSA2000 G3
- Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalatePrivileges and Login as Cached Domain Admin Accounts(2010-M$-002)
- USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb
- [ MDVSA-2010:253 ] bind
- Honggfuzz
- VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31)
- From: VUPEN Security Research
- VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30)
- From: VUPEN Security Research
- VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005)
- From: VUPEN Security Research
- VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003)
- From: VUPEN Security Research
- VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004)
- From: VUPEN Security Research
- [ MDVSA-2010:252 ] perl-CGI-Simple
- [SECURITY] [DSA-2133-1] New collectd packages fix denial of service
- Re: [Full-disclosure] Linux kernel exploit
- From: dan . j . rosenberg
- Re: Linux kernel exploit
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: Thor (Hammer of God)
- www.eVuln.com : "url" BBCode XSS in slickMsg
- hidden admin user on every HP MSA2000 G3
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- [CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service
- From: Core Security Technologies Advisories
- RE: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: StenoPlasma @ ExploitDevelopment
- Call for Papers -- BADGERS 2011
- Re: Linux kernel exploit
- iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability
- iwconfig and recent patches?
- [SECURITY] [DSA-2130-1] New BIND packages fix denial of service
- [security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: Thor (Hammer of God)
- Exim security issue in historical release
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: Thor (Hammer of God)
- TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities
- From: Trustwave Advisories
- [USN-1032-1] Exim vulnerability
- Re: Re: [Full-disclosure] Linux kernel exploit
- iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- [SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities
- LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD
- RE: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- [SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution
- ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability
- ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities
- PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
- www.eVuln.com : Non-persistent XSS in slickMsg
- [ MDVSA-2010:251 ] firefox
- [USN-1031-1] ClamAV vulnerabilities
- Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: StenoPlasma @ www.ExploitDevelopment.com
- [USN-1020-1] Thunderbird vulnerabilities
- [USN-1019-1] Firefox and Xulrunner vulnerabilities
- www.eVuln.com : Non-persistent XSS in BizDir
- Re: [Full-disclosure] Linux kernel exploit
- CA20101209-01: Security Notice for CA XOsoft
- Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774)
- Cross Site Scripting vulnerability in Diferior
- XSS vulnerability in Diferior
- Re: [Full-disclosure] Linux kernel exploit
- [USN-1030-1] Kerberos vulnerabilities
- RE: [Full-disclosure] Linux kernel exploit
- XSRF (CSRF) in CMScout
- [ MDVSA-2010:250 ] perl-CGI-Simple
- Follow-up on HTTP Parameter Pollution
- www.eVuln.com : Non-persistent XSS in WWWThreads (perl version)
- Re: [Full-disclosure] Linux kernel exploit
- From: niklas|brueckenschlaeger
- [security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
- Google Website Optimizer security issue reportedly fixed
- [USN-1029-1] OpenSSL vulnerabilities
- [security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS)
- iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability
- Re: [Full-disclosure] Linux kernel exploit
- Re: [Full-disclosure] Linux kernel exploit
- Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability
- Re: [Full-disclosure] Linux kernel exploit
- From: Cal Leeming [Simplicity Media Ltd]
- Linux kernel exploit
- [USN-1028-1] ImageMagick vulnerability
- www.eVuln.com : HTTP Response Splitting in WWWThreads (php version)
- [USN-1027-1] Quagga vulnerabilities
- [USN-1026-1] Python Paste vulnerability
- [security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code
- [ MDVSA-2010:249 ] clamav
- LFI in Exponent CMS
- Re: [Full-disclosure] Linux kernel exploit
- Multiple XSS in Solarwinds Orion NPM 10.1
- LFI in Exponent CMS
- Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser
- From: Kryptos Logic Secure
- [ MDVSA-2010:248 ] openssl
- XSS vulnerability in Zimplit CMS
- XSS vulnerability in Zimplit CMS
- www.eVuln.com : XSS vulnerability in WWWThreads (php version)
- VMSA-2010-0019 VMware ESX third party updates for Service Console
- From: VMware Security Team
- Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)
- From: Christopher Kruegel
- rPSA-2010-0076-1 gnupg
- From: rPath Update Announcements
- DIMVA 2011 Call for Workshops Proposals
- [www.eVuln.com] SQL Injection vulnerability in Alguest
- 'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330)
- OWASP Zed Attack Proxy version 1.1.0
- [ MDVSA-2010:247 ] kernel
- Vulnerabilities in Register Plus Redux for WordPress
- Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001)
- From: StenoPlasma @ ExploitDevelopment
- [security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [eVuln.com] Cookie authentication bypass in Alguest
- [eVuln.com] PHP Code Execution in Alguest
- VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues
- From: VMware Security team
- New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)"
- Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001)
- NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration
- [SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution
- [SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness
- [USN-1025-1] Bind vulnerabilities
- Vulnerabilities in Fabrica Engine
- Re: D-Link DIR-300 authentication bypass
- [eVuln.com] Multiple XSS in Alguest
- Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow
- Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt
- [ MDVSA-2010:245 ] krb5
- [ MDVSA-2010:246 ] krb5
- CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net
- From: CORE Security Technologies Advisories
- MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
- [USN-1024-1] OpenJDK vulnerability
- VMSA-2010-0017 VMware ESX third party update for Service Console kernel
- From: VMware Security Team
- [SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues
- Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
- [eVuln.com] Multiple SQL injections in Wernhart Guestbook
- [eVuln.com] Multiple XSS inj in Wernhart Guestbook
- [ MDVSA-2010:244 ] phpmyadmin
- 'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313)
- [CVE-2010-3449] Apache Archiva CSRF Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-10:10.openssl
- From: FreeBSD Security Advisories
- [ MDVSA-2010:243 ] libxml2
- n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface
- Vulnerabilities in Joomla
- [ MDVSA-2010:242 ] wireshark
- [SECURITY] [DSA-2127-1] New wireshark packages fix denial of service
- SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X
- Google Desktop Insecure Library Loading Vulnerability
- AOL Instant Messenger Insecure Library Loading Vulnerability
- jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
- From: underground stockholm
- XSS vulnerability in Frog CMS
- XSRF (CSRF) in Wolf CMS
- Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(
- [eVuln.com] URL XSS in Easy Banner Free
- [eVuln.com] SQL injection Auth Bypass in Easy Banner Free
- Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)
- [Suspected Spam]Vulnerabilities in Register Plus for WordPress
- NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)
- Re: [DCA-00015] YOPS Web Server Remote Command Execution
- CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp
- XSS vulnerability in Wolf CMS
- XSS vulnerability in Frog CMS
- [USN-1022-1] APR-util vulnerability
- [eVuln.com] SQL injections in FreeTicket
- XSS vulnerability in Frog CMS
- [USN-1021-1] Apache vulnerabilities
- XSRF (CSRF) in Frog CMS
- TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
- From: Advisories Toucan-System
- XSS vulnerability in Wolf CMS
- XSS vulnerability in Wolf CMS
- [security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized
- [ MDVSA-2010:241 ] gnucash
- [ MDVSA-2010:240 ] mono
- Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability
- [eVuln.com] email XSS in SimpLISTic
- [eVuln.com] Multiple XSS in MCG GuestBook
- Mozilla Firefox 3.6.12 Denial of Service Vulnerability
- The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness
- From: ACROS Security Lists
- [SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow
- Juniper VPN client rdesktop clickhack
- ZyXEL P-660R-T1 V2 XSS
- [eVuln.com] sitename XSS in Hot Links Lite
- Microsoft Visual Studio vulnerability
- ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162
- [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
- NGS00015 Patch Notification: ImageIO Memory Corruption
- [eVuln.com] url XSS in Hot Links Lite
- [eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version)
- H2HC Cancun - Free Entrance!
- From: Rodrigo Rubira Branco (BSDaemon)
- 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)
- Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability
- vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization
- New vulnerabilities in CMS SiteLogic
- [USN-1018-1] OpenSSL vulnerability
- [ MDVSA-2010:239 ] php
- [eVuln.com] URL and Title XSS in AxsLinks
- VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245)
- From: VUPEN Security Research
- Re: Kernel 0-day
- [eVuln.com] Cookie Auth Bypass in Hot Links SQL
- Re: Saved XSS vulnerability in Internet Explorer
- Re: D-Link DIR-300 authentication bypass
- RE: Saved XSS vulnerability in Internet Explorer
- Vtiger CRM 5.2.0 Multiple Vulnerabilities
- Re: Saved XSS vulnerability in Internet Explorer
- H2CSO (Hackers to CSO) debate second edition - Free Live Streaming
- From: Rodrigo Rubira Branco (BSDaemon)
- VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246)
- From: VUPEN Security Research
- XSS in CompactCMS
- [HITB-Announce] HITB2011AMS -- Call For Papers now Open
- XSS in CompactCMS
- Multiple vulnerabilities in chCounter <= 3.1.3
- Re: Kernel 0-day
- [ MDVSA-2010:238 ] openssl
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]