Bugtraq

• Thread Index

• AWCM v2.2 Auth Bypass Vulnerabilities
  • From: eidelweiss
• nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November
  • From: nullcon
• Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
  • From: Cisco Systems Product Security Incident Response Team
• SQL injection in IceBB
  • From: advisory
• Information disclosure in IceBB
  • From: advisory
• SQL injection in CompactCMS
  • From: advisory
• Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
  • From: Florent Daigniere
• SQL Injection in CLANSPHERE
  • From: advisory
• XSS in CLANSPHERE
  • From: advisory
• Path disclosure in CLANSPHERE
  • From: advisory
• BBcode XSS in CLANSPHERE
  • From: advisory
• Path disclosure in IceBB
  • From: advisory
• Information disclosure in IceBB
  • From: advisory
• [ MDVSA-2010:232 ] cups
  • From: security
• [ MDVSA-2010:237 ] perl-CGI
  • From: security
• [ MDVSA-2010:233 ] cups
  • From: security
• [ MDVSA-2010:236 ] freetype2
  • From: security
• [ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities
  • From: Tobias Heinlein
• Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer
  • From: Amit Klein
• LFI and XSS vulnerability in openEngine
  • From: SecPod Research
• [ MDVSA-2010:234 ] cups
  • From: security
• [security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
  • From: security-alert
• [ MDVSA-2010:235 ] freetype2
  • From: security
• VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components
  • From: VMware Security team
• Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability
  • From: YGN Ethical Hacker Group
• Packet Storm - New Site
  • From: bugtraq
• Saved XSS vulnerability in Internet Explorer
  • From: MustLive
• Re: D-Link DIR-300 authentication bypass
  • From: asmo
• TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera
  • From: Trustwave Advisories
• vBulletin 4.0.8 - Persistent XSS via Profile Customization
  • From: advisories
• [SECURITY] [DSA 2038-3] New pidgin packages fix regression
  • From: Thijs Kinkhorst
• [ MDVSA-2010:230 ] poppler
  • From: security
• [ MDVSA-2010:231 ] poppler
  • From: security
• [TEHTRI-Security] CVE-2010-1752: Update your MacOSX
  • From: Laurent OUDOT at TEHTRI-Security
• [ MDVSA-2010:228 ] xpdf
  • From: security
• [ MDVSA-2010:229 ] kdegraphics
  • From: security
• Re: D-Link DIR-300 authentication bypass
  • From: mfardiles
• [ MDVSA-2010:227 ] proftpd
  • From: security
• [USN-1016-1] libxml2 vulnerability
  • From: Jamie Strandboge
• [HITB-Announce] HITB Magazine #5 Call for Articles
  • From: Hafez Kamal
• iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability
  • From: labs-no-reply
• FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs
  • From: FreeBSD Security Advisories
• Additional information on the Microsoft Office 2010 binary planting bugs
  • From: ACROS Security Lists
• CORE-2010-1018 - Landesk OS command injection
  • From: CORE Security Technologies Advisories
• [USN-1017-1] MySQL vulnerabilities
  • From: Marc Deslauriers
• Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability
  • From: Secunia Research
• Apple Directory Services Memory Corruption - CVE-2010-1840
  • From: Rodrigo Branco
• Vulnerability in Google AJAX Search
  • From: MustLive
• Re: Kernel 0-day
  • From: James Lay
• eBlog 1.7 Multiple SQL Injection Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• [ MDVSA-2010:226 ] dhcp
  • From: security
• Babylon Cross-Application Scripting Code Execution
  • From: Roee Hay
• [USN-1015-1] libvpx vulnerability
  • From: Jamie Strandboge
• ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010
  • From: ACROS Security Lists
• ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010
  • From: ACROS Security Lists
• Kernel 0-day
  • From: Dan Rosenberg
• iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability
  • From: labs-no-reply
• [ MDVSA-2010:225-1 ] libmbfl
  • From: security
• [ MDVSA-2010:224 ] php
  • From: security
• ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010
  • From: ACROS Security Lists
• [ MDVSA-2010:225 ] libmbfl
  • From: security
• Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability
  • From: Secunia Research
• Re: D-Link DIR-300 authentication bypass
  • From: Karol Celiński
• Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability
  • From: Secunia Research
• [ MDVSA-2010:222 ] mysql
  • From: security
• [ MDVSA-2010:223 ] mysql
  • From: security
• [USN-1008-4] libvirt regression
  • From: Jamie Strandboge
• [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
  • From: CORE Security Technologies Advisories
• IBM OmniFind - several vulnerabilities
  • From: Fatih Kilic
• JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability
  • From: Salvatore Fresta aka Drosophila
• D-Link DIR-300 authentication bypass
  • From: Karol Celiński
• Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP
  • From: Philippe Langlois
• Re: Seo Panel 2.1.0 - Critical File Disclosure
  • From: Zach C
• DIMVA 2011 Call for Workshops Proposals
  • From: Lorenzo Cavallaro
• [ MDVSA-2010:155-1 ] mysql
  • From: security
• Malware Collections and Feed Exchange
  • From: Rodrigo Rubira Branco (BSDaemon)
• Seo Panel 2.1.0 - Critical File Disclosure
  • From: advisories
• Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978
  • From: Rodrigo Branco
• some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)
  • From: Michal Zalewski
• Vulnerabilities in PHPShop
  • From: MustLive
• CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment
  • From: Konrad Rieck
• [ MDVSA-2010:221 ] openoffice.org
  • From: security
• nSense-2010-003: Cisco Unified Communications Manager
  • From: Henri Lindberg
• ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player
  • From: ACROS Security Lists
• Wargame Qualifications - Win a car !!!
  • From: Ivan Buetler
• Angel LMS Exploit
  • From: Wesley Kerfoot
• Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
  • From: YGN Ethical Hacker Group
• [FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability
  • From: xpzhang
• Common consumer routers password disclosure
  • From: danieljcrteixeira
• [USN-1014-1] Pidgin vulnerabilities
  • From: Marc Deslauriers
• [USN-1013-1] FreeType vulnerabilities
  • From: Marc Deslauriers
• [USN-1012-1] CUPS vulnerability
  • From: Marc Deslauriers
• Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
  • From: Arturo 'Buanzo' Busleiman
• [ MDVSA-2010:220 ] pam
  • From: security
• BBcode XSS in eoCMS
  • From: advisory
• LFI in eoCMS
  • From: advisory
• SQL injection in eoCMS
  • From: advisory
• Path disclosure in eoCMS
  • From: advisory
• LFI in eoCMS
  • From: advisory
• XSS in Textpattern CMS
  • From: advisory
• SQL injection in MiniBB
  • From: advisory
• Reset admin password in SweetRice CMS
  • From: advisory
• XSS in SweetRice CMS
  • From: advisory
• Shell create & command execution in JAF CMS
  • From: advisory
• RFI in JAF CMS
  • From: advisory
• SQL injection in SweetRice CMS
  • From: advisory
• BBcode XSS in MiniBB
  • From: advisory
• Adsoft Remote Sql Injection Vulnerability
  • From: md . r00t . defacer
• Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
  • From: Max Kanat-Alexander
• Zen Cart 1.3.9h Local File Inclusion Vulnerability
  • From: Salvatore Fresta aka Drosophila
• Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
  • From: neza0x
• CVE-2010-3863: Apache Shiro information disclosure vulnerability
  • From: Les Hazlewood
• [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access
  • From: Onapsis Research Labs
• [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation
  • From: Onapsis Research Labs
• [ MDVSA-2010:202-1 ] krb5
  • From: security
• [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution
  • From: Onapsis Research Labs
• XSS vulnerability in Kandidat CMS
  • From: advisory
• XSS vulnerability in MemHT Portal
  • From: advisory
• XSS vulnerability in Kandidat CMS
  • From: advisory
• XSS vulnerability in MemHT Portal
  • From: advisory
• XSS vulnerability in Kandidat CMS
  • From: advisory
• Stored XSS vulnerability in Webmedia Explorer
  • From: advisory
• Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal
  • From: advisory
• Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability
  • From: Nick Freeman
• [SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
  • From: Florian Weimer
• [SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
  • From: Florian Weimer
• Call for Papers: The International Conference on Cyber Conflict, Estonia
  • From: k g
• Call for Papers -YSTS V - Security Conference, Brazil
  • From: Luiz Eduardo
• Joomla 1.5.21 | Potential SQL Injection Flaws
  • From: YGN Ethical Hacker Group
• 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)
  • From: Mark Stanislav
• XSS and SQL Injection vulnerabilities in CMS WebManager-Pro
  • From: MustLive
• [ MDVSA-2010:217 ] dovecot
  • From: security
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089
  • From: Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087
  • From: Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088
  • From: Rodrigo Branco
• cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977
  • From: Rodrigo Branco
• [ MDVSA-2010:219 ] mozilla-thunderbird
  • From: security
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086
  • From: Rodrigo Branco
• [ MDVSA-2010:218 ] php
  • From: security
• [ MDVSA-2010:216 ] python
  • From: security
• [ MDVSA-2010:215 ] python
  • From: security
• [ MDVSA-2010:214 ] kernel
  • From: security
• [security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF)
  • From: security-alert
• Audacity <= 1.3 Beta Multiple Local Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability
  • From: Salvatore Fresta aka Drosophila
• [security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download
  • From: security-alert
• [DEMO] Sample videos about IDS/IPS evasions...
  • From: Nelson Brito
• [security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download
  • From: security-alert
• H2HC 2010 - Final Speakers List Available
  • From: Rodrigo Rubira Branco (BSDaemon)
• [security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF)
  • From: security-alert
• [security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF)
  • From: security-alert
• [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download
  • From: security-alert
• Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow
  • From: Secunia Research
• Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability
  • From: Secunia Research
• Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability
  • From: Secunia Research
• [USN-1011-3] Xulrunner vulnerability
  • From: Jamie Strandboge
• [USN-1011-2] Thunderbird vulnerability
  • From: Jamie Strandboge
• nSense-2010-002: Teamspeak 2 Windows client
  • From: Henri Lindberg
• [ MDVSA-2010:213 ] xulrunner
  • From: security
• Re: Secunia PSI Insecure Library Loading Vulnerability
  • From: Jakob Balle
• [USN-1011-1] Firefox vulnerability
  • From: Jamie Strandboge
• XSS in NinkoBB
  • From: advisory
• XSS vulnerability in BlogBird platform
  • From: advisory
• Re: Nessus Client Insecure Library Loading Vulnerability
  • From: Renaud Deraison
• rPSA-2010-0074-1 ImageMagick
  • From: rPath Update Announcements
• rPSA-2010-0071-1 automake
  • From: rPath Update Announcements
• Path disclosure in MyBB
  • From: advisory
• "Back with another one of those block rockin' beats"
  • From: Henri Lindberg
• MyCart 2.0 Multiple Remote Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• Secunia PSI Insecure Library Loading Vulnerability
  • From: apa-iutcert
• [security bulletin] HPSBMA02533 SSRT080049 rev.1 - HP LoadRunner Web Tours 9.10 Remote Denial of Service
  • From: security-alert
• [security bulletin] HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Arbitrary Code
  • From: security-alert
• CVE-2010-3700: Spring Security bypass of security constraints
  • From: s2-security
• [security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access
  • From: security-alert
• [security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access
  • From: security-alert
• USBsploit 0.4b - added: Auto[run|play] USB infection & PDF
  • From: xpo xpo
• Information disclosure in BloofoxCMS
  • From: advisory
• Information disclosure in BloofoxCMS
  • From: advisory
• Breaking The SetDllDirectory Protection Against Binary Planting
  • From: ACROS Security Lists
• XSS vulnerability in Zomplog
  • From: advisory
• WinMerge Insecure Library Loading Vulnerability
  • From: apa-iutcert
• SQL injection in DBHcms
  • From: advisory
• [security bulletin] HPSBMI02580 SSRT100254 rev.1 - Palm webOS, Code execution vulnerability in Palm webOS service API
  • From: security-alert
• XSS vulnerability in Zomplog
  • From: advisory
• AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• rPSA-2010-0070-1 cpio tar
  • From: rPath Update Announcements
• Stored XSS vulnerability in Zomplog
  • From: advisory
• Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability
  • From: DSecRG
• [security bulletin] HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access
  • From: security-alert
• XSS vulnerability in BlogBird platform
  • From: advisory
• Authentication bypass in phpLiterAdmin
  • From: advisory
• LFI in DZCP
  • From: advisory
• rPSA-2010-0073-1 lftp
  • From: rPath Update Announcements
• SQL injection in Energine
  • From: advisory
• rPSA-2010-0075-1 sudo
  • From: rPath Update Announcements
• Orbit Downloader Insecure Library Loading Vulnerability
  • From: apa-iutcert
• LFI in Novaboard
  • From: advisory
• Nessus Client Insecure Library Loading Vulnerability
  • From: apa-iutcert
• XSRF (CSRF) in Zomplog
  • From: advisory
• [DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting
  • From: DSecRG
• Internet Download Manager Insecure Library Loading Vulnerability
  • From: apa-iutcert
• rPSA-2010-0072-1 curl
  • From: rPath Update Announcements
• FlipAlbum Vista Pro Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability
  • From: Secunia Research
• SQL injection in BloofoxCMS registration plugin
  • From: advisory
• ACDSee Photo Manager Insecure Library Loading Vulnerability
  • From: apa-iutcert
• RE: [vonage.com #25400427] RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting
  • From: Mitja Kolsek
• RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  • From: Thor (Hammer of God)
• RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  • From: Jann Horn
• [security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF)
  • From: security-alert
• RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting
  • From: Michael Wojcik
• [security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF).
  • From: security-alert
• [security bulletin] HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download
  • From: security-alert
• RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  • From: Thor (Hammer of God)
• Re: IPv6 security myths
  • From: Fernando Gont
• Re: Web challenges from RootedCON'2010 CTF - Contest -> Solutions and Write-ups
  • From: Roman Medina-Heigl Hernandez
• [security bulletin] HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS)
  • From: security-alert
• RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  • From: ACROS Security Lists
• [security bulletin] HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code
  • From: security-alert
• [USN-959-2] PAM vulnerability
  • From: Kees Cook
• How Visual Studio Makes Your Applications Vulnerable to Binary Planting
  • From: ACROS Security Lists
• Aardvark Topsite XSS vulnerability
  • From: Yam Mesicka
• [USN-1009-1] GNU C Library vulnerabilities
  • From: Kees Cook
• Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
  • From: robi
• Vulnerabilities in W-Agora
  • From: MustLive
• The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
  • From: Tavis Ormandy
• [ MDVSA-2010:211 ] mozilla-thunderbird
  • From: security
• IPv6 security myths
  • From: Fernando Gont
• [ MDVSA-2010:210 ] firefox
  • From: security
• [ MDVSA-2010:212 ] glibc
  • From: security
• [USN-1008-3] libvirt update
  • From: Jamie Strandboge
• [SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
  • From: Florian Weimer
• [ MDVSA-2010:209 ] libsmi
  • From: security
• [security bulletin] HPSBMA02593 SSRT100237 rev.1 - HP Virtual Connect Enterprise Manager (VCEM) for Windows, Remote Arbitrary File Download
  • From: security-alert
• [USN-1008-2] Virtinst update
  • From: Jamie Strandboge
• [USN-1008-1] libvirt vulnerabilities
  • From: Jamie Strandboge
• Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Mike Duncan
• [security bulletin] HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS)
  • From: security-alert
• Java Multiple Issues
  • From: Early Warning
• [security bulletin] HPSBMA02591 SSRT100299 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Privilege Escalation
  • From: security-alert
• SEC Consult SA-20101021-0 :: Multiple critical vulnerabilities in Sawmill log analysis software
  • From: Johannes Greil
• Pecio CMS XSS Vulnerability
  • From: SecPod Research
• Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Roberto Suggi Liverani
• [SecurityArchitect-009]: Microsoft Windows Mobile Double Free Vulnerability
  • From: karakorsankara
• [ MDVSA-2010:208 ] pidgin
  • From: security
• Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Early Warning
• [security bulletin] HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Modification
  • From: security-alert
• Micro CMS Persistent XSS Vulnerability.
  • From: SecPod Research
• [ MDVSA-2010:207 ] glibc
  • From: security
• [USN-998-1] Thunderbird vulnerabilities
  • From: Jamie Strandboge
• [USN-997-1] Firefox and Xulrunner vulnerabilities
  • From: Jamie Strandboge
• Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities
  • From: SecPod Research
• [USN-1007-1] NSS vulnerabilities
  • From: Jamie Strandboge
• Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Michal Zalewski
• Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Michal Zalewski
• Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Mike Duncan
• [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
  • From: CORE Security Technologies Advisories
• Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Dan Kaminsky
• Re: VSR Advisories: Linux RDS Protocol Local Privilege Escalation
  • From: Dan Rosenberg
• XSS vulnerability in sNews
  • From: advisory
• XSS vulnerability in sNews
  • From: advisory
• [SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities
  • From: Florian Weimer
• SQL Injection in 4site CMS
  • From: advisory
• Path disclosure in Tribiq CMS
  • From: advisory
• SQL injection in DeluxeBB
  • From: advisory
• VSR Advisories: Linux RDS Protocol Local Privilege Escalation
  • From: VSR Advisories
• Re: Insecure SMS authorization scheme at LiqPAY micro-payments of PrivatBank (Ukraine)
  • From: MustLive
• The GNU C library dynamic linker expands $ORIGIN in setuid library search path
  • From: Tavis Ormandy
• [USN-1006-1] WebKit vulnerabilities
  • From: Marc Deslauriers
• [USN-1005-1] poppler vulnerabilities
  • From: Marc Deslauriers
• Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
  • From: Roberto Suggi Liverani
• Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: paul . szabo
• H2HC Cancun - Registrations are open
  • From: Rodrigo Rubira Branco (BSDaemon)
• Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: paul . szabo
• Antivirus detection after malware execution
  • From: jason
• Xilisoft Video Converter Ultimate Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Holoo Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Sahar Money Manager Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Brilliant Accounting System (59) Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Rafe 7 Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Accounting Pro 2003 Insecure Library Loading Vulnerability
  • From: apa-iutcert
• Secunia Research: RealPlayer QCP Sample Chunk Parsing Buffer Overflow
  • From: Secunia Research
• rPSA-2010-0066-1 samba samba-client samba-server samba-swat
  • From: rPath Update Announcements
• rPSA-2010-0065-1 krb5 krb5-server krb5-services krb5-workstation
  • From: rPath Update Announcements
• rPSA-2010-0064-1 libtiff
  • From: rPath Update Announcements
• rPSA-2010-0063-1 perl
  • From: rPath Update Announcements
• Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1
  • From: Paul Lesniewski
• rPSA-2010-0060-1 httpd mod_ssl
  • From: rPath Update Announcements
• rPSA-2010-0059-1 kernel
  • From: rPath Update Announcements
• rPSA-2010-0058-1 bzip2 bzip2-extras
  • From: rPath Update Announcements
• Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: an
• Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: Riyaz Walikar
• Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1
  • From: Moritz Naumann
• [USN-1004-1] Django vulnerability
  • From: Jamie Strandboge
• H2HC 2009 Videos Available!
  • From: Rodrigo Rubira Branco (BSDaemon)
• RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: paul . szabo
• [ MDVSA-2010:205 ] freeciv
  • From: security
• RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: Thor (Hammer of God)
• RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: paul . szabo
• [ MDVSA-2010:204 ] avahi
  • From: security
• VUPEN Security Research - Microsoft Office Word LVL Structure Heap Overflow Vulnerability (CVE-2010-3220)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Merge Cell Record Invalid Pointer Vulnerability (CVE-2010-3237)
  • From: VUPEN Security Research
• [security bulletin] HPSBGN02589 SSRT100296 rev.1 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation
  • From: security-alert
• VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability (CVE-2010-2748)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Uninitialized Pointer Vulnerability (CVE-2010-2747)
  • From: VUPEN Security Research
• CORE-2010-0517 - Microsoft Office HtmlDlgHelper class memory corruption
  • From: CORE Security Technologies Advisories
• VUPEN Security Research - Microsoft Office Excel Out-of-Bounds Memory Write Vulnerability (CVE-2010-3241)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Negative Future Function Vulnerability (CVE-2010-3238)
  • From: VUPEN Security Research
• Shmoocon 2011 Call for Papers
  • From: Bruce Potter
• VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability (CVE-2010-3215)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Short Sign Memory Corruption Vulnerability (CVE-2010-3221)
  • From: VUPEN Security Research
• VUPEN Security Research - Oracle Products HTTP Request Remote Buffer Overflow Vulnerability (CVE-2010-2390)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability (CVE-2010-3242)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Formula Record Buffer Overflow Vulnerability (CVE-2010-3231)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Extra PtgExtraArray Parsing Vulnerability (CVE-2010-3239)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing Vulnerability (CVE-2010-3219)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Record Array Indexing Vulnerability (CVE-2010-3236)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Formula Record Dangling Pointer Vulnerability (CVE-2010-3235)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Heap Overflow Vulnerability (CVE-2010-3218)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Formula Substream Memory Corruption (CVE-2010-3234)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel RealTimeData Array Indexing Vulnerability (CVE-2010-3240)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750)
  • From: VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer Vulnerability (CVE-2010-3216)
  • From: VUPEN Security Research
• R7-0037: SAP BusinessObjects Axis2 Default Admin Password
  • From: HD Moore
• [security bulletin] HPSBPI02398 SSRT080166 rev.6 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
  • From: security-alert
• USBsploit 0.3b
  • From: xpo xpo
• [security bulletin] HPSBMA02590 SSRT100182 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Arbitrary File Download
  • From: security-alert
• Re: ubuntu 10.04 xterm heap overflow,can it be exploit ?
  • From: dickey
• [security bulletin] HPSBUX02351 SSRT080058 rev.5 - HP-UX Running BIND, Remote DNS Cache Poisoning
  • From: security-alert
• [ MDVSA-2010:203 ] automake
  • From: security
• RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  • From: Thor (Hammer of God)
• [ MDVSA-2010:201 ] freetype2
  • From: security
• Directory Traversal Vulnerability in Robo-FTP
  • From: advisory
• Re: XSS in Oracle default fcgi-bin/echo
  • From: paul . szabo
• [ MDVSA-2010:202 ] krb5
  • From: security
• XSRF (CSRF) in Lara
  • From: advisory
• XSS vulnerability in Ronny CMS
  • From: advisory
• Directory Traversal Vulnerability in AnyConnect
  • From: advisory
• XSS vulnerability in PluXml
  • From: advisory
• XSS vulnerability in PluXml
  • From: advisory
• [ MDVSA-2010:200 ] wireshark
  • From: security
• XSS vulnerability in PluXml
  • From: advisory
• Directory Traversal Vulnerability in FreshFTP
  • From: advisory
• XSS vulnerability in Ronny CMS
  • From: advisory
• XSS vulnerability in PluXml
  • From: advisory
• Re: ubuntu 10.04 xterm heap overflow,can it be exploit ?
  • From: Dan Rosenberg
• XSS vulnerability in Ronny CMS
  • From: advisory
• Secunia Research: Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability
  • From: Secunia Research
• Secunia Research: Microsoft Excel Extra Out of Boundary Record Vulnerability
  • From: Secunia Research
• IBWAS'10 CfTraining - Deadline Approaching
  • From: Carlos Serrão
• [SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331
  • From: Rodrigo Branco
• [SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation
  • From: Florian Weimer
• Secunia Research: Microsoft Excel Record Parsing Integer Overflow Vulnerability
  • From: Secunia Research
• Secunia Research: Microsoft Excel Ghost Record Type Parsing Vulnerability
  • From: Secunia Research
• DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509)
  • From: ddivulnalert
• ubuntu 10.04 xterm heap overflow,can it be exploit ?
  • From: watercloud watercloud
• Collabtive Multiple Vulnerabilities
  • From: Advisory
• [ MDVSA-2010:199 ] subversion
  • From: security
• [ MDVSA-2010:199 ] subversion
  • From: security
• [CORE-2010-0624] MS OpenType CFF Parsing Vulnerability
  • From: Core Security Technologies Advisories
• Re: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities
  • From: joomextensions
• [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
  • From: Florian Weimer
• Vulnerabilities in AltConstructor
  • From: MustLive
• JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• [SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass
  • From: Nico Golde
• Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability
  • From: YGN Ethical Hacker Group
• [WARNING] A fake version of T50!!!
  • From: Nelson Brito
• [TOOL RELEASE] Exploit Next Generation SQL Fingerprint v.
  • From: Nelson Brito
• Re: Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664
  • From: gopherit
• OverLook Cross-site Scripting Vulnerability
  • From: advisory
• FIrefox: Bug 602181 – password exposed in memory cache
  • From: Sim IJskes
• XSS vulnerability in Expression CMS
  • From: advisory
• XSS vulnerability in Expression CMS
  • From: advisory
• XSS vulnerability in Lantern CMS
  • From: advisory
• XSS vulnerability in Lantern CMS
  • From: advisory
• [ MDVSA-2010:198 ] kernel
  • From: security
• XSS in Oracle default fcgi-bin/echo
  • From: paul . szabo
• Directory Traversal Vulnerability in FTP Voyager
  • From: advisory
• LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component
  • From: Delf Tonder
• Directory Traversal Vulnerability in FilterFTP
  • From: advisory
• [USN-1002-2] PostgreSQL vulnerability
  • From: Marc Deslauriers
• IBWAS'10 CfP - Deadline Extension
  • From: Carlos Serrão
• [USN-1002-1] PostgreSQL vulnerability
  • From: Marc Deslauriers
• [USN-1003-1] OpenSSL vulnerabilities
  • From: Marc Deslauriers
• Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability
  • From: Felipe M. Aragon
• HP Data Protector Manager v6.11 / NULL Pointer Dereference Remote Denial of Service Vulnerabilities
  • From: Pepelux
• Adobe Reader 9.3.4 Multiple Memory Corruption - Security Advisory - SOS-10-003
  • From: Sense of Security
• ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator
  • From: Security_Alert
• (CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability
  • From: CORE Security Technologies Advisories
• ZDI-10-192: Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-193: Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [USN-999-1] Kerberos vulnerability
  • From: Kees Cook
• [USN-1001-1] LVM2 vulnerability
  • From: Marc Deslauriers
• [ MDVSA-2010:197 ] postgresql
  • From: security
• [ GLSA 201010-01 ] Libpng: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• [Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1
  • From: Moritz Naumann
• MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling
  • From: Tom Yu
• [security bulletin] HPSBTU02496 SSRT090245 rev.1 - HP Tru64 UNIX Running NTP, Denial of Service (DoS)
  • From: security-alert
• Vulnerabilities in CMS WebManager-Pro
  • From: MustLive
• XSS vulnerability in Elxis CMS polls module
  • From: advisory
• [ MDVSA-2010:196 ] dovecot
  • From: security
• XSS vulnerability in Elxis CMS (contacts)
  • From: advisory
• XSS vulnerability in Elxis CMS
  • From: advisory
• [SECURITY] [DSA-2116-1] New freetype packages integer overflow
  • From: Stefan Fritsch
• XSS vulnerability in Docebo Announcements
  • From: advisory
• SQL injection vulnerability in Elxis CMS
  • From: advisory
• [IMF 2011] Call for Papers
  • From: Oliver Goebel
• [SECURITY] [DSA-2117-1] New apr-util packages fix denial of service
  • From: Stefan Fritsch
• OWASP ZAP
  • From: psiinon
• [ MDVSA-2010:195 ] libesmtp
  • From: security
• [ MDVSA-2010:193 ] qt-creator
  • From: security
• [STANKOINFORMZASCHITA-10-02] ITS SCADA Authorization bypass
  • From: info
• [ MDVSA-2010:194 ] git
  • From: security
• [ MDVSA-2010:192 ] apr-util
  • From: security
• NetWin Surgemail XSS vulnerability
  • From: kerem . kocaer
• Another new technique to bypass SEHOP. ( no 'xor pop pop ret' )
  • From: geinblues
• ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability
  • From: ZDI Disclosures
• [ MDVSA-2010:191 ] mailman
  • From: security
• Multiple vulnerabilities in WordPress 2 and 3
  • From: MustLive
• Re: XSRF (CSRF) in Zimplit
  • From: security curmudgeon
• [STANKOINFORMZASCHITA-10-01] NetbiterŽ webSCADA multiple vulnerabilities
  • From: info
• THOTCON 0x2 - Call For Papers is Open -> 10.01.10
  • From: THOTCON Announce
• Re: XSS vulnerability in Pluck
  • From: security curmudgeon
• [ MDVSA-2010:190 ] libtiff
  • From: security
• ZDI-10-183: IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-181: IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
  • From: ZDI Disclosures
• ZDI-10-184: IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [security bulletin] HPSBMA02558 SSRT100158 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
  • From: security-alert
• ZDI-10-180: IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-187: IBM TSM FastBack Server _DAS_ReadBlockReply Remote Denial of Service Vulnerability
  • From: ZDI Disclosures
• ZDI-10-185: IBM TSM FastBack Server _Eventlog Format String Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities
  • From: ZDI Disclosures
• ZDI-10-179: IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [SECURITY] [DSA-2115-1] New moodle packages fix several vulnerabilities
  • From: Florian Weimer
• VMSA-2010-0015 VMware ESX third party updates for Service Console
  • From: VMware Security team
• [ GLSA 201009-09 ] fence: Multiple symlink vulnerabilites
  • From: Stefan Behte
• [USN-992-1] Avahi vulnerabilities
  • From: Marc Deslauriers
• [Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service
  • From: Onapsis Research Labs
• XSS vulnerability in Pluck
  • From: advisory
• [security bulletin] HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege Escalation
  • From: security-alert
• [USN-993-1] libgdiplus vulnerability
  • From: Marc Deslauriers
• Re: XSS vulnerability in Auto CMS
  • From: security curmudgeon
• XSRF (CSRF) in Zimplit
  • From: advisory
• [USN-995-1] libMikMod vulnerabilities
  • From: Marc Deslauriers
• [USN-994-1] libHX vulnerability
  • From: Marc Deslauriers
• XSS vulnerability in GetSimple CMS
  • From: advisory
• [USN-996-1] Mako vulnerability
  • From: Marc Deslauriers
• Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
  • From: Yam Mesicka
• Re: XSS vulnerability in CompuCMS
  • From: security curmudgeon
• [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference
  • From: Andrea Barisani
• XSS in Horde IMP <=4.3.7, fetchmailprefs.php
  • From: Moritz Naumann
• SQL injection vulnerability in Entrans
  • From: advisory
• SQL injection vulnerability in Entrans
  • From: advisory
• XSS vulnerability in Entrans
  • From: advisory
• SQL injection vulnerability in e107
  • From: advisory
• [SECURITY] [DSA-2114-1] New git-core packages fix regression
  • From: Stefan Fritsch
• Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453
  • From: Rodrigo Branco
• Exploit Next Generation(R) Example Codes
  • From: Nelson Brito
• Vulnerabilities in CMS MYsite
  • From: MustLive
• [ MDVSA-2010:189-1 ] pcsc-lite
  • From: security
• [ MDVSA-2010:189 ] pcsc-lite
  • From: security
• Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
  • From: security
• VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues
  • From: VMware Security team
• TWSL2010-005: FreePBX recordings interface allows remote code execution
  • From: Trustwave Advisories
• Re: Netscape Web Browser (CSS) Cross Domain Vulnerability
  • From: Michal Zalewski
• Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
  • From: phara0h
• Netscape Web Browser (CSS) Cross Domain Vulnerability
  • From: info
• [security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection
  • From: security-alert
• [ MDVSA-2010:187 ] squid
  • From: security
• [ MDVSA-2010:188 ] kernel
  • From: security
• [security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure
  • From: security-alert
• Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
  • From: info
• [security bulletin] HPSBMA02585 SSRT100256 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection
  • From: security-alert
• [ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483
  • From: ISecAuditors Security Advisories
• ESA-2010-017: RSA, The Security Division of EMC, announces a security update for RSA Authentication Agent 7.0 for Web, which addresses a potential directory traversal vulnerability
  • From: Security_Alert
• CONFidence 2.0 2010 - Call for Papers - 29-30.11.2010 Prague
  • From: Andrzej Targosz
• [ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability
  • From: adv
• TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• [ GLSA 201009-07 ] libxml2: Denial of Service
  • From: Stefan Behte
• Cisco Security Advisory: Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS SSL VPN Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• [ GLSA 201009-08 ] python-updater: Untrusted search path
  • From: Stefan Behte
• [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0
  • From: ISecAuditors Security Advisories
• [ISecAuditors Security Advisories] Insecure Direct Object Reference in tuenti.com allow to read of any message user
  • From: ISecAuditors Security Advisories
• CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability
  • From: sk
• [USN-990-1] OpenSSL vulnerability
  • From: Marc Deslauriers
• [USN-990-2] Apache vulnerability
  • From: Marc Deslauriers
• Exploit Next Generation® Methodology
  • From: Nelson Brito
• [ MDVSA-2010:186 ] phpmyadmin
  • From: security
• Security Contact Allianz IT-Infrastructure - Germany
  • From: Stefan Bauer
• [USN-989-1] PHP vulnerabilities
  • From: Marc Deslauriers
• Battle.net Mobile Authenticator MITM Vulnerability
  • From: yawninglol
• [ MDVSA-2010:185 ] bzip2
  • From: security
• [USN-986-3] dpkg vulnerability
  • From: Jamie Strandboge
• Binary Planting Attack Vectors - There's more than one way to skin a cat... or plant a binary, for that matter
  • From: ACROS Security Lists
• Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
  • From: Stefan Kanthak
• FreeBSD Security Advisory FreeBSD-SA-10:08.bzip2
  • From: FreeBSD Security Advisories
• n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760
  • From: security
• n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server
  • From: security
• n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760
  • From: security
• Vulnerabilities in IB Promotion Advanced Business Web Suite
  • From: MustLive
• [SECURITY] [DSA-2106-2] New xulrunner packages fix regression
  • From: Stefan Fritsch
• [SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow
  • From: Stefan Fritsch
• [USN-986-2] ClamAV vulnerability
  • From: Jamie Strandboge
• [SECURITY] [DSA 2111-1] New squid3 packages fix denial of service
  • From: Steffen Joeris
• [SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities
  • From: Steffen Joeris
• SQL injection vulnerability in e107
  • From: advisory
• [USN-986-1] bzip2 vulnerability
  • From: Jamie Strandboge
• [security bulletin] HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
  • From: security-alert
• SQL injection vulnerability in e107
  • From: advisory
• Searching for DropBox security contact
  • From: Rebecca Menessec
• [USN-975-2] Firefox and Xulrunner regression
  • From: Jamie Strandboge
• [security bulletin] HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
  • From: security-alert
• [USN-978-2] Thunderbird regression
  • From: Jamie Strandboge
• [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues
  • From: dann frazier
• [ MDVSA-2010:184 ] samba
  • From: security
• [oCERT-2010-003] Free Simple CMS path sanitization errors
  • From: Andrea Barisani
• [SECURITY] [DSA-2109-1] New samba packages fix buffer overflow
  • From: Stefan Fritsch
• [security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)
  • From: security-alert
• MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities
  • From: marian . ventuneac
• MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities
  • From: marian . ventuneac
• [ MDVSA-2010:183 ] socat
  • From: security
• ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• XSRF (CSRF) in SantaFox
  • From: advisory
• XSS vulnerability in SantaFox search module
  • From: advisory
• XSS (cross site scripting) vulnerability in Serendipity
  • From: advisory
• [Suspected Spam]Directory Traversal in Axigen v7.4.1 running on Windows
  • From: Bogdan Calin
• XSS vulnerability in AChecker
  • From: advisory
• XSS vulnerability in ATutor
  • From: advisory
• XSS vulnerability in AContent
  • From: advisory
• XSS vulnerability in AContent
  • From: advisory
• XSS vulnerability in Atutor edit content folder
  • From: advisory
• XSS vulnerability in AContent search
  • From: advisory
• [FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS)
  • From: Lyndon Nerenberg
• New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1"
  • From: Amit Klein
• Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability
  • From: Secunia Research
• [ MDVSA-2010:182 ] kdegraphics
  • From: security
• ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability
  • From: ZDI Disclosures
• [FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)
  • From: Lyndon Nerenberg
• [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS)
  • From: Lyndon Nerenberg
• [FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS)
  • From: Lyndon Nerenberg
• ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [USN-987-1] Samba vulnerability
  • From: Marc Deslauriers
• [security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information
  • From: security-alert
• rPSA-2010-0056-1 httpd mod_ssl
  • From: rPath Update Announcements
• ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• [ MDVSA-2010:181 ] ntop
  • From: security
• Web challenges from RootedCON'2010 CTF - Contest
  • From: Roman Medina-Heigl Hernandez
• [SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
  • From: Sébastien Delafond
• [DCA-00016 - Nokia E72 Keyboard Password bypass]
  • From: Ewerson Guimarães (Crash) - Dclabs
• CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability
  • From: Aditya K Sood
• ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability
  • From: ZDI Disclosures
• MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities
  • From: marian . ventuneac
• [ MDVSA-2010:178 ] ocsinventory
  • From: security
• [ MDVSA-2010:177 ] tomcat5
  • From: security
• [ MDVSA-2010:174 ] quagga
  • From: security
• Adobe LiveCycle ES DLL Hijacking Exploit (.dll)
  • From: admin
• [ MDVSA-2010:176 ] tomcat5
  • From: security
• H2HC 2010 Sao Paulo - Capture the Flag
  • From: Rodrigo Rubira Branco (BSDaemon)
• Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities
  • From: Secunia Research
• MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities
  • From: marian . ventuneac
• Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service
  • From: yangdn
• MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability
  • From: marian . ventuneac
• [ MDVSA-2010:180 ] rpm
  • From: security
• [ MDVSA-2010:179 ] libglpng
  • From: security
• [ MDVSA-2010:175 ] sudo
  • From: security
• MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability
  • From: marian . ventuneac
• [SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities
  • From: Thijs Kinkhorst
• International Hacking Conference "POC2001" Call for Paper
  • From: pocadm
• [DCA-00015] YOPS Web Server Remote Command Execution
  • From: Rodrigo Escobar
• PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)
  • From: YGN Ethical Hacker Group
• Re: Binary Planting Goes "EXE"
  • From: Christian Sciberras
• Internet Download Accelerator 5.8 Remote Buffer Overflow
  • From: g1xsystem
• Medium security flaw in Apache Traffic Server
  • From: Tim Brown
• Re: Binary Planting Goes "EXE"
  • From: Stefan Kanthak
• [ MDVSA-2010:172 ] kernel
  • From: security
• Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)
  • From: YGN Ethical Hacker Group
• [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: etax 2010 failure to validate remote ssl certificate properly
  • From: dave b
• [USN-978-1] Thunderbird vulnerabilities
  • From: Jamie Strandboge
• [USN-975-1] Firefox and Xulrunner vulnerabilities
  • From: Jamie Strandboge
• [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
  • From: security-alert
• Binary Planting Goes "EXE"
  • From: ACROS Security Lists
• SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3
  • From: Bogdan Calin
• [security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local
  • From: security-alert
• ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1)
  • From: ACROS Security Lists
• Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability.
  • From: Fyodor
• [SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution
  • From: Sebastien Delafond
• ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.
  • From: Security_Alert
• [USN-985-1] mountall vulnerability
  • From: Kees Cook
• ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSAŽ Access Manager Agent when working with RSAŽ Adaptive Authentication.
  • From: Security_Alert
• ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSAŽ Access Manager Server under certain conditions.
  • From: Security_Alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
  • From: Cisco Systems Product Security Incident Response Team
• [ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities
  • From: Tobias Heinlein
• etax 2010 failure to validate remote ssl certificate properly
  • From: dave b
• [ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities
  • From: Stefan Behte
• [security bulletin] HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS)
  • From: security-alert
• [USN-984-1] LFTP vulnerability
  • From: Marc Deslauriers
• Call for Participation - GameSec 2010 - Berlin, Germany
  • From: Albert Levi
• Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability
  • From: sattler
• [SECURITY] [DSA 2098-2] New typo3-src packages fix regression
  • From: Thijs Kinkhorst
• [ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code
  • From: Stefan Behte
• Recent developments in FireWire Attacks
  • From: Freddie Witherden
• [SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• Re: etax 2010 failure to validate remote ssl certificate properly
  • From: dave b
• Security problems in Zenphoto version 1.3
  • From: Bogdan Calin
• Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
  • From: YGN Ethical Hacker Group
• [ MDVSA-2010:171 ] lvm2
  • From: security
• The Zed Attack Proxy (ZAP) version 1.0.0
  • From: psiinon
• [SECURITY] [DSA-2103-1] New smbind packages fix sql injection
  • From: Giuseppe Iuculano
• [ GLSA 201009-03 ] sudo: Privilege Escalation
  • From: Alex Legler
• H2HC São Paulo - Capture the Captcha
  • From: Rodrigo Rubira Branco (BSDaemon)
• XSS in Horde Application Framework <=3.3.8, icon_browser.php
  • From: Moritz Naumann
• Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil
  • From: Rodrigo Rubira Branco (BSDaemon)
• [USN-983-1] Sudo vulnerability
  • From: Jamie Strandboge
• nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
  • From: nikhil_uitrgpv
• [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf
  • From: Laurent OUDOT at TEHTRI-Security
• Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability
  • From: sattler
• [SECURITY] [DSA-2104-1] New quagga packages fix denial of service
  • From: Florian Weimer
• Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities
  • From: sattler
• chillyCMS Multiple Vulnerabilities
  • From: admin
• Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL)
  • From: YGN Ethical Hacker Group
• Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
  • From: steve . povolny
• VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
  • From: VUPEN Security Research
• [ MDVSA-2010:170 ] wget
  • From: security
• nullcon Goa dwitiya (2.0) Call For Papers
  • From: nullcon
• [ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code
  • From: Alex Legler
• [security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code
  • From: security-alert
• Rooted CON 2011 - Call for Papers
  • From: Román Ramírez
• [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
  • From: Sebastien Delafond
• Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll)
  • From: YGN Ethical Hacker Group
• [ MDVSA-2010:168 ] openssl
  • From: security
• [ MDVSA-2010:169 ] mozilla-thunderbird
  • From: security
• [USN-982-1] Wget vulnerability
  • From: Marc Deslauriers
• Vulnerabilities in CMS WebManager-Pro
  • From: MustLive
• {PRL} Novell Netware OpenSSH Remote Stack Overflow
  • From: Francis Provencher
• XSS vulnerability in ArtGK CMS
  • From: advisory
• XSS vulnerability in Rumba CMS tags
  • From: advisory
• XSS vulnerability in ArtGK CMS forum
  • From: advisory
• Online Binary Planting Exposure Test
  • From: ACROS Lists
• Tortoise SVN DLL Hijacking Vulnerability
  • From: nikhil_uitrgpv
• XSS vulnerability in Rumba CMS
  • From: advisory
• VMSA-2010-0013 VMware ESX third party updates for Service Console
  • From: VMware Security Team
• XSS vulnerability in Amiro.CMS FAQ
  • From: advisory
• VMSA-2010-0013
  • From: VMware Security Team
• [ MDVSA-2010:167 ] perl-libwww-perl
  • From: security
• [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities
  • From: Moritz Muehlenhoff