Bugtraq

• Thread Index

• CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability
  • From: CORE Security Technologies Advisories
• [SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability
  • From: s . leberre
• Home FTP Server 'MKD' Command Directory Traversal Vulnerability
  • From: zhangmc
• [security bulletin] HPSBMA02456 SSRT090188 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code
  • From: security-alert
• Secunia Research: Gimp PSD Image Parsing Integer Overflow Vulnerability
  • From: Secunia Research
• Metasploit Framework 3.3 Released
  • From: HD Moore
• [SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness
  • From: Giuseppe Iuculano
• Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability
  • From: karakorsankara
• [security bulletin] HPSBUX02451 SSRT090137 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
  • From: security-alert
• [ MDVSA-2009:158-2 ] pango
  • From: security
• Re: DoS vulnerability in Internet Explorer
  • From: MustLive
• [SECURITY] [DSA-1934-1] New apache2 packages fix several issues
  • From: Stefan Fritsch
• [ MDVSA-2009:158-1 ] pango
  • From: security
• Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation
  • From: contact . fingers
• Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability
  • From: zhangmc
• [DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities
  • From: DSecRG
• [ MDVSA-2009:300 ] apache-conf
  • From: security
• [ MDVSA-2009:299 ] xine-lib
  • From: security
• [ MDVSA-2009:297 ] ffmpeg
  • From: security
• [ MDVSA-2009:298 ] xine-lib
  • From: security
• [USN-859-1] OpenJDK vulnerabilities
  • From: Kees Cook
• [ MDVSA-2009:296 ] gimp
  • From: security
• XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability
  • From: zhangmc
• rPSA-2009-0142-2 httpd mod_ssl
  • From: rPath Update Announcements
• rPSA-2009-0145-1 samba samba-client samba-server samba-swat
  • From: rPath Update Announcements
• rPSA-2009-0144-1 apr-util
  • From: rPath Update Announcements
• rPSA-2009-0143-1 util-linux util-linux-extras
  • From: rPath Update Announcements
• rPSA-2009-0142-1 httpd mod_ssl
  • From: rPath Update Announcements
• Re: WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
  • From: golunski
• RE: Exploit writing tutorials
  • From: Peter Van Eeckhoutte
• [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
  • From: ctu-no-reply
• Panda Security Software Local Privilege Escalation
  • From: Maxim A. Kulakov
• WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
  • From: golunski
• VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities
  • From: VUPEN Security Research
• [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
  • From: ctu-no-reply
• [USN-853-2] Firefox and Xulrunner regression
  • From: Jamie Strandboge
• Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability
  • From: advisory
• Exploit writing tutorials
  • From: Peter Van Eeckhoutte
• Re: XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
  • From: Protek Research Lab
• Re: New vulnerability in Xerox Fiery Webtools
  • From: laurent . hermelin
• [USN-858-1] OpenLDAP vulnerability
  • From: Marc Deslauriers
• Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability
  • From: Secunia Research
• Novell eDirectory 8.8 SP5 Denial of Service
  • From: advisory
• iDefense Security Advisory 11.10.09: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 11.10.09: Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability
  • From: iDefense Labs
• ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability
  • From: ZDI Disclosures
• ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability
  • From: ZDI Disclosures
• TPTI-09-07: Microsoft Windows License Logging Service Heap Corruption Vulnerability
  • From: dvlabs
• XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
  • From: zhangmc
• [SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting
  • From: Steffen Joeris
• [security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
  • From: security-alert
• Atheros Driver Reserved Frame Vulnerability
  • From: Laurent Butti
• Marvell Driver Multiple Information Element Overflows
  • From: Laurent Butti
• [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News
  • From: Andrew Horton
• [USN-857-1] Qt vulnerabilities
  • From: Marc Deslauriers
• [USN-856-1] CUPS vulnerability
  • From: Marc Deslauriers
• Re: FRHACK01 DVDs
  • From: Jerome Athias
• Re: Re: DoS vulnerability in Internet Explorer
  • From: notdisclosed
• Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Re: DoS vulnerability in Internet Explorer
  • From: r . st
• DoS vulnerability in Internet Explorer
  • From: MustLive
• ToutVirtual VirtualIQ Multiple Vulnerabilities
  • From: Claudio Criscione
• FRHACK01 DVDs
  • From: Jerome Athias
• [SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password
  • From: Mark Thomas
• [ MDVSA-2009:295 ] apache
  • From: security
• [SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities
  • From: Steffen Joeris
• [ GLSA 200911-01 ] Horde: Multiple vulnerabilities
  • From: Alex Legler
• Php 5.3.0 pdflib extension open_basedir bypass
  • From: r3d . w0rm
• [SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
  • From: dann frazier
• [ MDVSA-2009:294 ] firefox
  • From: security
• Using Blended Browser Threats involving Chrome to steal files on your computer
  • From: Inferno
• [SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities
  • From: dann frazier
• CORE-2009-0912: Blender .blend Project Arbitrary Command Execution
  • From: CORE Security Technologies Advisories
• [SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities
  • From: dann frazier
• [USN-854-1] GD library vulnerabilities
  • From: Marc Deslauriers
• [USN-855-1] libhtml-parser-perl vulnerability
  • From: Marc Deslauriers
• ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability
  • From: ZDI Disclosures
• [security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code
  • From: security-alert
• [Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report
  • From: Bkis
• CONFidence 2.0 schedule online - last time to register
  • From: Andrzej Targosz
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Pavel Kankovsky
• ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
  • From: ZDI Disclosures
• ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
  • From: ZDI Disclosures
• ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
  • From: ZDI Disclosures
• ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
  • From: ZDI Disclosures
• AST-2009-008: SIP responses expose valid usernames
  • From: Asterisk Security Team
• AST-2009-009: Cross-site AJAX request vulnerability
  • From: Asterisk Security Team
• [SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities
  • From: Thijs Kinkhorst
• Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox
  • From: Context IS - Disclosure
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Gabor Gombas
• Re: /proc filesystem allows bypassing directory permissions on
  • From: psz
• VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities
  • From: VUPEN Security Research
• Bractus SunTrack Multiple XSS
  • From: Bugs NotHugs
• Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow
  • From: Secunia Research
• [security bulletin] HPSBUX02355 SSRT080023 rev.2 - HP-UX Using libc, Remote Denial of Service (DoS)
  • From: security-alert
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Gabor Gombas
• Re: /proc filesystem allows bypassing directory permissions on
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Pavel Machek
• Re: Cherokee Web Server 0.5.4 Denial Of Service
  • From: daniel . crowley
• New vulnerability in Xerox Fiery Webtools
  • From: Bernardo Luis
• [ MDVSA-2009:293 ] squidGuard
  • From: security
• QuahogCon Call for Papers
  • From: info
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Gabor Gombas
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Martin Rex
• [ MDVSA-2009:292 ] wireshark
  • From: security
• ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
  • From: ZDI Disclosures
• Fwd: {Lostmon´s Group} Re: Wowd search client multiple variable xss (solution)
  • From: Lostmon lords
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Dan Yefimov
• [USN-850-3] poppler vulnerabilities
  • From: Marc Deslauriers
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Gabor Gombas
• NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow
  • From: NSO Research
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Pavel Machek
• [SECURITY] [DSA 1925-1] New proftpd-dfsg packages fix SSL certificate verification weakness
  • From: Steffen Joeris
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Martin Rex
• Re: {PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability
  • From: Vladimir '3APA3A' Dubrovin
• [USN-853-1] Firefox and Xulrunner vulnerabilities
  • From: Jamie Strandboge
• [SECURITY] [DSA 1924-1] New mahara packages fix several vulnerabilities
  • From: Steffen Joeris
• ACROS Security: HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1)
  • From: ACROS Lists
• Reminder for DeepSec 2009 Conference
  • From: DeepSec Conference - Announcement
• Re: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities
  • From: schwartz
• {PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability
  • From: Protek Research Lab
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Marco Verschuur
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Marco Verschuur
• {PRL} My Remote File Server Privilege Escalation
  • From: Protek Research Lab
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Jim Paris
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Marco Verschuur
• CVE-2009-1979 (Oracle RDBMS)
  • From: Dennis Yurichev
• Windows Media Player Plugin: Local File Detection Vulnerability
  • From: renard-volant
• PSAtr v1.2 Sql Injection
  • From: info
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Jim Paris
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Pavel Machek
• CubeCart 4 Session Management Bypass
  • From: Bogdan Calin
• [ MDVSA-2009:291 ] jetty5
  • From: security
• com_jumi / jumi 2.0.5 for joomla 1.5 backdoored
  • From: Jan van Niekerk
• [SECURITY] [DSA 1923-1] New libhtml-parser-perl packages fix denial of service
  • From: Nico Golde
• SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008
  • From: Lists
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• 2wire Remote Denial of Service
  • From: Pedro Joaquin
• Re: /proc filesystem allows bypassing directory permissions on
  • From: Martin Rex
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Glynn Clements
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: CaT
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• [ MDVSA-2009:290 ] firefox
  • From: security
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Vincent Zweije
• Hijacking Opera's Native Page using malicious RSS payloads
  • From: Inferno
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Fwd: Wowd search client multiple variable xss
  • From: Lostmon lords
• iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability
  • From: iDefense Labs
• [SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability
  • From: ZDI Disclosures
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: CaT
• Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation
  • From: Tavis Ormandy
• [G-SEC 48-2009] F-SECURE - Generic PDF detection bypass
  • From: Thierry Zoller
• VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues
  • From: VMware Security Team
• [G-SEC 49-2009] McAfee generic PDF detection bypass
  • From: Thierry Zoller
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Ivan Jager
• [oCERT-2009-015] KDE multiple issues
  • From: Andrea Barisani
• Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability
  • From: Secunia Research
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• [SECURITY] [DSA 1921-1] New expat packages fix denial of service
  • From: Giuseppe Iuculano
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Derek Martin
• [ MDVSA-2009:289 ] kernel
  • From: security
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Marco Verschuur
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Matthew Dempsky
• [G-SEC 47-2009] Symantec generic PDF detection bypass
  • From: Thierry Zoller
• Mariposa Botnet C&C decryption plugin for wireshark
  • From: megumi1990
• PHP168 v6.0 rc
  • From: info
• Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point
  • From: Robbie Gill
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Marco Verschuur
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Tony Finch
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Vincent Zweije
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: CaT
• {PRL} Rising Antivirus 2009 Privilege Escalation
  • From: Protek Research Lab
• Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
  • From: adam
• {PRL} Rising Firewall 2009 Privilege Escalation
  • From: Protek Research Lab
• Rising Multiple Products Local Privilege Escalation Vulnerability
  • From: ss_contacts
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Matthew Dempsky
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Glynn Clements
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Kinzel, David
• AST-2009-007: ACL not respected on SIP INVITE
  • From: Asterisk Security Team
• Cherokee Web Server 0.5.4 Denial Of Service
  • From: usman
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Isara Beaumont
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Ansgar Wiechers
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Joel Maslak
• [SECURITY] [DSA-1920-1] New nginx packages fix denial of service
  • From: Stefan Fritsch
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Klaus Lichtenwalder
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Tamber Penketh
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Tony Finch
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Stephen Harris
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Casper . Dik
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: nomail
• [DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
  • From: DSecRG
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• [ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
  • From: Alex Legler
• [SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities
  • From: Thijs Kinkhorst
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Kankovsky
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Jetty 6.x and 7.x Multiple Vulnerabilities
  • From: ascii
• squidGuard 1.3 & 1.4 : buffer overflow
  • From: majinboo
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Anton Ivanov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Anton Ivanov
• SharePoint 2007 ASP.NET Source Code Disclosure
  • From: Daniel Martin
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Anton Ivanov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Kankovsky
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Anton Ivanov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Derek Martin
• RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit
  • From: nospam
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Daryl Tester
• Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
  • From: karakorsankara
• [SECURITY] [DSA 1917-1] New mimetex packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• [SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness
  • From: Giuseppe Iuculano
• [SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution
  • From: Steffen Joeris
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: psz
• [ MDVSA-2009:288 ] proftpd
  • From: security
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Arturo 'Buanzo' Busleiman
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• Re: /proc filesystem allows bypassing directory permissions on Linux
  • From: Dan Yefimov
• /proc filesystem allows bypassing directory permissions on Linux
  • From: Pavel Machek
• [SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
  • From: dann frazier
• HP Quality Centre Weak password Obfuscation
  • From: jason
• RE: [Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting
  • From: Hubbard, Dan
• [USN-850-2] poppler regression
  • From: Marc Deslauriers
• [SECURITY] [DSA 1914-1] New mapserver packages fix serveral vulnerabilities
  • From: Nico Golde
• [security bulletin] HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access
  • From: security-alert
• [ GLSA 200910-02 ] Pidgin: Multiple vulnerabilities
  • From: Tobias Heinlein
• {PRL} Pegasus Mail client BoF
  • From: Protek Research Lab
• {PRL} Eureka Mail client BoF
  • From: Protek Research Lab
• Avast! Multiple Vulnerabilities
  • From: ss_contacts
• [ MDVSA-2009:287 ] xpdf
  • From: security
• Everfocus EDR1600 remote authentication bypass
  • From: Andrea Fabrizi
• Call for Papers: Conference on Cyber Conflict, Estonia
  • From: k g
• Corsaire White Paper: Attacking Magstripe Gift Cards
  • From: Adrian P.
• [oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation
  • From: Will Drewry
• TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities
  • From: Davide Canali
• [USN-851-1] Elinks vulnerabilities
  • From: Jamie Strandboge
• Anonymous Remote Arbitrary Code Execution in Alien Arena 7.30
  • From: jason
• [waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1
  • From: come2waraxe
• [ MDVSA-2009:286 ] ocaml-camlimages
  • From: security
• [USN-850-1] poppler vulnerabilities
  • From: Marc Deslauriers
• [ GLSA 200910-01 ] Wget: Certificate validation error
  • From: Alex Legler
• turbodiff v1.01 beta released
  • From: Nicolas A. Economou
• [ MDVSA-2009:285 ] php
  • From: security
• NSOADV-2009-003: Websense Email Security Cross Site Scripting
  • From: NSO Research
• NSOADV-2009-002: Websense Email Security Web Administrator DoS
  • From: NSO Research
• [ MDVSA-2009:281 ] cups
  • From: security
• [ MDVSA-2009:284 ] gd
  • From: security
• [ MDVSA-2009:280 ] cups
  • From: security
• South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges
  • From: nospam
• EMC RepliStor Server (rep_serv.exe) 6.3.1.3 remote denial of service
  • From: nospam
• [ MDVSA-2009:282 ] cups
  • From: security
• [CVE-2009-1479] Boxalino - Directory Traversal Vulnerability
  • From: Axel Neumann
• Overland Guardian OS CLI command line bug - let you get uid 0 shell
  • From: trompele
• [ MDVSA-2009:283 ] cups
  • From: security
• phpcms 2008 Remote File Disclosure Vulnerability
  • From: info
• 3Com OfficeConnect Firewall/Router multiple remote Vulnerabilities
  • From: Andrea Fabrizi
• McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords
  • From: foo
• Vulnerability in Zoiper softphone version 2.22 - Denial Of Service
  • From: Inj3ct0r.com
• In-depth research on the recent PDF zero-day exploit (CVE-2009-3459)
  • From: cocoruder
• Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce.
  • From: adam
• [SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection
  • From: Giuseppe Iuculano
• CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections
  • From: Dragos Ruiu
• VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities
  • From: VUPEN Security Research
• VMSA-2009-0014 VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
  • From: VMware Security Team
• WASC Announcement: 2008 Web Application Security Statistics Published
  • From: announcements
• DWebPro allow an invader to execute any program at server side
  • From: rafa . de . sousa
• [SECURITY] [DSA 1912-1] New camlimages fix arbitrary code execution
  • From: Steffen Joeris
• n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution
  • From: security
• NSFOCUS SA2009-03 : Windows Kernel Malformed PE File Remote DoS Vulnerability
  • From: NSFOCUS Security Team
• NSFOCUS SA2009-02 : IBM DB2 JDBC Applet Server Remote DoS Vulnerability
  • From: NSFOCUS Security Team
• NSFOCUS SA2009-01 : UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability
  • From: NSFOCUS Security Team
• Re: Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit
  • From: support
• [USN-849-1] libsndfile vulnerabilities
  • From: Jamie Strandboge
• [ MDVSA-2009:279 ] ocaml-mysql
  • From: security
• Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
  • From: Andrea Fabrizi
• [SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure escaping
  • From: Steffen Joeris
• [SECURITY] [DSA 1910-1] New mysql-ocaml packages provide secure escaping
  • From: Steffen Joeris
• [SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping
  • From: Steffen Joeris
• [ MDVSA-2009:278 ] compiz-fusion-plugins-main
  • From: security
• [USN-848-1] Zope vulnerabilities
  • From: Marc Deslauriers
• Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• DEFCON London - DC4420 October 2009 Meet - This Thursday 15th
  • From: Major Malfunction
• [ MDVSA-2009:277 ] samba
  • From: security
• Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow
  • From: Secunia Research
• [AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS
  • From: Michele Orru
• [SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities
  • From: Nico Golde
• [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities
  • From: Michele Orru
• Windows Media Audio Voice remote code execution
  • From: Ivan Fratric
• Windows GDI+ TIFF memory corruption
  • From: Ivan Fratric
• iDefense Security Advisory 10.13.09: Microsoft Office Drawing Format Shape Properties Memory Corruption Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 10.13.09: Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability
  • From: iDefense Labs
• ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
  • From: ZDI Disclosures
• ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
  • From: ZDI Disclosures
• ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
  • From: ZDI Disclosures
• iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability
  • From: iDefense Labs
• ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability
  • From: ZDI Disclosures
• ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
  • From: ZDI Disclosures
• iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability
  • From: iDefense Labs
• [ MDVSA-2009:276 ] python-django
  • From: security
• [BONSAI] XSS in Achievo - Customized XSS payload included
  • From: Bonsai - Information Security
• [BONSAI] SQL Injection in Achievo
  • From: Bonsai - Information Security
• [ MDVSA-2009:274 ] phpmyadmin
  • From: security
• [G-SEC 46-2009] Computer Associates multiple products arbritary code execution
  • From: Thierry Zoller
• [SECURITY] [DSA 1907-1] New kvm packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• Palm Pre WebOS version <= 1.1 Floating Point Exception
  • From: PalmPreHacker
• Quick Heal Local Privilege Escalation Vulnerability
  • From: ss_contacts
• [ MDVSA-2009:273 ] strongswan
  • From: security
• [ MDVSA-2009:272 ] libmikmod
  • From: security
• [ MDVSA-2009:270 ] wireshark
  • From: security
• [ MDVSA-2009:271 ] libnasl
  • From: security
• [ MDVSA-2009:269 ] mono
  • From: security
• [ MDVSA-2009:268 ] mono
  • From: security
• DEDECMS v5.1 Sql Injection Vulnerability
  • From: info
• [ MDVSA-2009:275 ] python-django
  • From: security
• [SECURITY] [DSA 1906-1] End-of-life announcement for clamav in stable and oldstable
  • From: Steffen Joeris
• [SECURITY] [DSA 1905-1] New python-django packages fix denial of service
  • From: Nico Golde
• [ MDVSA-2009:267 ] xmlsec1
  • From: security
• Re: Re: Remote buffer overflow in httpdx
  • From: pankaj208
• [ MDVSA-2009:266 ] awstats
  • From: security
• [SECURITY] [DSA 1895-2] New opensaml2 and shibboleth-sp2 packages fix regression
  • From: Florian Weimer
• [ MDVSA-2009:264 ] gd
  • From: security
• [ MDVSA-2009:265 ] egroupware
  • From: security
• [ MDVSA-2009:263 ] sympa
  • From: security
• Re: Remote buffer overflow in httpdx
  • From: dr_ide
• [ MDVSA-2009:262 ] netpbm
  • From: security
• Docebo Multiple SQL-Injection Vulnerabilities
  • From: Andrea Fabrizi
• [ MDVSA-2009:260 ] imagemagick
  • From: security
• [USN-847-2] devscripts vulnerability
  • From: Jamie Strandboge
• [SECURITY] [DSA 1904-1] New wget packages fix SSL certificate verification weakness
  • From: Giuseppe Iuculano
• CA20091008-01: Security Notice for CA Anti-Virus Engine
  • From: Williams, James K
• [USN-847-1] Devscripts vulnerability
  • From: Jamie Strandboge
• [ MDVSA-2009:261 ] graphicsmagick
  • From: security
• QuickCart Multiple vlunerabilities
  • From: Paweł Łaskarzewski
• [USN-846-1] ICU vulnerability
  • From: Jamie Strandboge
• vBulletin - Multiple Versions - Cross Site Script Redirection
  • From: advisories
• WASC Announcement: Announcing the Web Application Security Scanner Evaluation Criteria v1
  • From: announcements
• FreeBSD 7.2 VFS/devfs race condition exploit
  • From: Przemyslaw Frasunek
• FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit
  • From: Przemyslaw Frasunek
• [ MDVSA-2009:217-2 ] mozilla-thunderbird
  • From: security
• [ MDVSA-2009:217-1 ] mozilla-thunderbird
  • From: security
• [USN-845-1] Pan vulnerability
  • From: Marc Deslauriers
• [USN-844-1] mimeTeX vulnerabilities
  • From: Marc Deslauriers
• BMW 'inventory.php"<= SQL Injection Vulnerability
  • From: Dazz . band
• Remote buffer overflow in httpdx
  • From: pankaj208
• [ MDVSA-2009:259 ] snort
  • From: security
• DreamPoll 3.1 Vulnerabilities
  • From: mark
• iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability
  • From: iDefense Labs
• [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities
  • From: DSecRG
• [SECURITY] [DSA 1903-1] New graphicsmagick packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• [DSECRG-09-017] SAP GUI vsflexGrid ActiveX - Buffer Overflow vulnerability
  • From: DSecRG
• [ MDVSA-2009:258 ] openssl
  • From: security
• [security bulletin] HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS)
  • From: security-alert
• BulletProof FTP Client Buffer Overflow (SEH)
  • From: rafa . de . sousa
• Remote File Inclusion In AIOCP
  • From: hadikiamarsi
• {PRL} XLPD 3.0 Remote DoS
  • From: Protek Research Lab
• Re: FRHACK01 Slides are online
  • From: Jerome Athias
• [ MDVSA-2009:256 ] dbus
  • From: security
• [ MDVSA-2009:257 ] qemu
  • From: security
• [USN-843-1] BackupPC vulnerability
  • From: Marc Deslauriers
• CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application
  • From: CORE Security Technologies Advisories
• Dopewars 1.5.12 Server Denial of Service
  • From: dougtko
• [USN-842-1] Wget vulnerability
  • From: Marc Deslauriers
• [Advisory]PBBoard <=2.0.2 Full Path Disclosure
  • From: admin
• [Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic
  • From: admin
• Re: WinRAR v3.80 - ZIP Filename Spoofing
  • From: chris . levny
• AlleyCode SEH overflow POC&#8207;&#8207;
  • From: rafa . de . sousa
• Re: Cross-Site Scripting vulnerability in eCaptcha
  • From: code
• FRHACK01 Slides are online
  • From: Jerome Athias
• [USN-841-1] GLib vulnerability
  • From: Kees Cook
• CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace
  • From: SpringSource Security Team
• [SECURITY] [DSA 1902-1] New elinks packages fix arbitrary code execution
  • From: Moritz Muehlenhoff
• CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list
  • From: SpringSource Security Team
• [oCERT-2009-014] Android denial-of-service issues
  • From: Andrea Barisani
• [SECURITY] [DSA 1901-1] New mediawiki1.7 packages fix several vulnerabilities
  • From: Giuseppe Iuculano
• Palm Pre WebOS <=1.1 Remote File Access Vulnerability
  • From: PalmPreHacker
• CORE-2009-0812-Hyperic HQ Multiple XSS
  • From: CORE Security Technologies Advisories
• [security bulletin] HPSBUX02421 SSRT090047 rev.2 - HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-09:14.devfs
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-09:13.pipe
  • From: FreeBSD Security Advisories
• [ MDVSA-2009:255 ] perl-DBD-Pg
  • From: security
• [SECURITY] [DSA 1899-1] New strongswan packages fix denial of service
  • From: Florian Weimer
• [SECURITY] [DSA 1900-1] New PostgreSQL packages fix various problems
  • From: Florian Weimer
• [SECURITY] [DSA 1898-1] New openswan packages fix denial of service
  • From: Florian Weimer
• Re: VMSA-2009-0013 VMware Fusion resolves two security issues
  • From: mu-b
• VMSA-2009-0013 VMware Fusion resolves two security issues
  • From: VMware Security team
• AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit
  • From: nospam
• google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (IE)
  • From: nospam
• [USN-840-1] OpenOffice.org vulnerabilities
  • From: Jamie Strandboge
• [USN-839-1] Samba vulnerabilities
  • From: Marc Deslauriers
• Rooted CON 2010 - CFP
  • From: Roman Medina-Heigl Hernandez
• [ MDVSA-2009:254 ] graphviz
  • From: security
• ZDI-09-067: Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability
  • From: ZDI Disclosures
• [ MDVSA-2009:253 ] backuppc
  • From: security
• {PRL} Cerberus FTP server 3.0.6 Pre-Auth DoS
  • From: Protek Research Lab
• {PRL} Novell Edirectory 8.8 SP5 XSS
  • From: Protek Research Lab
• THOTCON 0x1 - Call For Papers is Open -> October 1, 2009
  • From: THOTCON Announce
• [ MDVSA-2009:178 ] perl-IO-Socket-SSL
  • From: security
• [ MDVSA-2009:177 ] postgresql
  • From: security
• [ MDVSA-2009:176 ] postgresql
  • From: security
• C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness
  • From: Eyal Udassin
• MD5 hash extension attack breaks API authentication of Flickr and others
  • From: Juliano Rizzo
• FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution
  • From: Giuseppe Fuggiano
• Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges
  • From: nospam
• Re: iphone email client does not validate ssl certificates
  • From: Steve Shockley
• WinRAR v3.80 - ZIP Filename Spoofing
  • From: chr1x
• Cross-Site Scripting vulnerability in eCaptcha
  • From: MustLive
• [security bulletin] HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access
  • From: security-alert
• Multiple Vulnerabilities
  • From: Jerome Athias
• [SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution
  • From: Florian Weimer
• Vulnerabilities in E107
  • From: MustLive
• [DSECRG-09-043] SAP GUI 7.1 Insecure Method
  • From: Alexandr Polyakov
• [ MDVSA-2009:249 ] newt
  • From: security
• [MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure
  • From: David Vieira-Kurz
• Local privilege escalation vulnerability in Trustport security software
  • From: ss_contacts
• [USN-838-1] Dovecot vulnerabilities
  • From: Marc Deslauriers
• Re: iphone email client does not validate ssl certificates
  • From: Pavel Machek
• Re: Regular Expression Denial of Service
  • From: hackerwebzine
• [SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution
  • From: Nico Golde
• (edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods
  • From: Alexandr Polyakov
• [MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure
  • From: David Vieira-Kurz
• [ MDVSA-2009:248 ] php
  • From: security
• [ MDVSA-2009:247 ] php
  • From: security
• Multiple Vulnerabilities
  • From: Dr_IDE
• [ MDVSA-2009:246 ] php
  • From: security
• [ GLSA 200909-20 ] cURL: Certificate validation error
  • From: Alex Legler
• Cisco ACE XML Gateway <= 6.0 Internal IP disclosure
  • From: nitrØus
• COMPENG 2010 - Extended Submission Deadline
  • From: Federico Maggi
• [SECURITY] [DSA 1895-1] New xmltooling packages fix potential code execution
  • From: Florian Weimer
• Call for Participation - ACM Conference on Computer and Communications Security (CCS)
  • From: Christopher Kruegel
• Cross-Site Scripting vulnerability in E107
  • From: MustLive
• Engeman - SQL Injection Vulnerability (vendor url erratum)
  • From: crashbrz
• [SECURITY] [DSA 1894-1] New newt packages fix arbitrary code execution
  • From: Steffen Joeris
• Black Hat DC Call for Papers is now OPEN
  • From: Jeff Moss
• [USN-837-1] Newt vulnerability
  • From: Marc Deslauriers
• [ MDVSA-2009:245 ] glib2.0
  • From: security
• [ MDVSA-2009:243-1 ] freetype2
  • From: security
• ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability
  • From: ZDI Disclosures
• Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• cour supreme 'index.php' SQL Injection & Local File Include Vulnerability
  • From: CrAzY_CrAcKeR
• [SECURITY] [DSA 1892-1] New dovecot packages fix arbitrary code execution
  • From: Steffen Joeris
• Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [ MDVSA-2009:244 ] xfig
  • From: security
• Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 1893-1] New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution
  • From: Steffen Joeris
• Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.
  • From: contact . fingers
• Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [USN-836-1] WebKit vulnerabilities
  • From: Marc Deslauriers
• nginx - low risk webdav destination bug
  • From: Kingcope
• [DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities
  • From: research
• [ MDVSA-2009:243 ] freetype2
  • From: security
• Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Mailing lists at Core Security Technologies
• [ MDVSA-2009:242-1 ] dovecot
  • From: security
• [ MDVSA-2009:242 ] dovecot
  • From: security
• [security bulletin] HPSBUX02457 SSRT090174 rev.1 - HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access
  • From: security-alert
• [ MDVSA-2009:241 ] squid
  • From: security
• [ MDVSA-2009:240 ] apache
  • From: security
• [ MDVSA-2009:239 ] openssl
  • From: security
• [SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution
  • From: Steffen Joeris
• [MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues
  • From: david
• ToorCon 11 Preliminary Lineup Announced!
  • From: h1kari
• [security bulletin] HPSBGN02441 SSRT090082 rev.1 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access
  • From: security-alert
• [ MDVSA-2009:238 ] openssl
  • From: security
• [Suspected Spam][USN-835-1] neon vulnerabilities
  • From: Kees Cook
• [ MDVSA-2009:237 ] openssl
  • From: security
• [USN-834-1] PostgreSQL vulnerabilities
  • From: Jamie Strandboge
• [scip_Advisory 4020] Check Point Connectra R62 Login Script Injection Vulnerability
  • From: Stefan Friedli
• [ MDVSA-2009:236 ] firefox
  • From: security
• [UPRSN] Ubuntu Privacy Remix 9.04r2 fixes security issues
  • From: Ubuntu Privacy Remix Team
• [SECURITY] [DSA 1890-1] New wxwidgets packages fix arbitrary code execution
  • From: Steffen Joeris
• Mambo 4.6.3 arbitrary file upload
  • From: Paweł Łaskarzewski
• rubrique 'rubrique.php' SQL Injection Vulnerability
  • From: CrAzY_CrAcKeR
• Dawaween V 1.03 <<----SQL Injection Exploit
  • From: Dazz . band
• [ GLSA 200909-19 ] Dnsmasq: Multiple vulnerabilities
  • From: Alex Legler
• Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
  • From: Marc Heuse
• [ GLSA 200909-18 ] nginx: Remote execution of arbitrary code
  • From: Alex Legler
• Advisory 01/2009: Horde_Form_Type_image Arbitrary File Overwrite Vulnerability
  • From: Stefan Esser
• [security bulletin] HPSBST02459 SSRT080134 rev.2 - HP StorageWorks Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders, Denial of Service (DoS)
  • From: security-alert
• [USN-833-1] KDE-Libs vulnerability
  • From: Jamie Strandboge
• Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs)
  • From: Adrian P
• Peiter "Mudge" Zatko petition to be named U.S. Cybersecurity Chief
  • From: The Sp3ctacle
• Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: John Morrison
• SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities
  • From: Stefan Streichsbier
• Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX stack overflow exploit
  • From: Sebastian Wolfgarten
• Re: nginx internal DNS cache poisoning
  • From: Maxim Dounin
• nginx internal DNS cache poisoning
  • From: Matthew Dempsky
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Aras "Russ" Memisyazici
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Larry Seltzer
• Re: 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• [USN-832-1] FreeRADIUS vulnerability
  • From: Marc Deslauriers
• Re: 3rd party patch for XP for MS09-048?
  • From: Rob Thompson
• [SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence parsing
  • From: Moritz Muehlenhoff
• Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Thor (Hammer of God)
• Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793)
  • From: Julien TINNES
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Larry Seltzer
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Thor (Hammer of God)
• Re: 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Re: 3rd party patch for XP for MS09-048?
  • From: Tom Grace
• Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more
  • From: Inferno
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Thor (Hammer of God)
• ANNOUNCE: RFIDIOt release - v0.z - 16th September, 2009
  • From: Adam Laurie
• RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
  • From: Thor (Hammer of God)
• [security bulletin] HPSBUX02458 SSRT090104 rev.1 - HP-UX Running bootpd, Remote Denial of Service (DoS)
  • From: security-alert
• Re: Re: 3rd party patch for XP for MS09-048?
  • From: Elizabeth . a . greene
• Re: 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Re: 3rd party patch for XP for MS09-048?
  • From: Matt Riddell
• Re: 3rd party patch for XP for MS09-048?
  • From: Jeffrey Walton
• Re: Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
  • From: Tom Neaves
• [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
  • From: Moritz Muehlenhoff
• Re: 3rd party patch for XP for MS09-048?
  • From: Eric C. Lukens
• Re: 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Re: 3rd party patch for XP for MS09-048?
  • From: Susan Bradley
• Re: 3rd party patch for XP for MS09-048?
  • From: Eric Kimminau
• Re: 3rd party patch for XP for MS09-048?
  • From: Jeffrey Walton
• Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
  • From: Yossi Yakubov
• 3rd party patch for XP for MS09-048?
  • From: Aras "Russ" Memisyazici
• [ MDVSA-2009:234 ] silc-toolkit
  • From: security
• [SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting
  • From: Steffen Joeris
• [ MDVSA-2009:235 ] silc-toolkit
  • From: security
• [ MDVSA-2009:234-1 ] silc-toolkit
  • From: security
• Local privilege escalation vulnerability in Protector Plus Antivirus (Proland Software)
  • From: ss_contacts
• [ MDVSA-2009:233 ] kernel
  • From: security
• [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow
  • From: Tobias Klein
• [USN-830-1] OpenSSL vulnerability
  • From: Marc Deslauriers
• [USN-831-1] OpenEXR vulnerabilities
  • From: Marc Deslauriers
• [SECURITY] [DSA 1886-1] New iceweasel packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
  • From: Nico Golde
• [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability
  • From: adv
• [SECURITY] [DSA 1883-2] New nagios2 packages fix regression
  • From: Steffen Joeris
• Re: Regular Expression Denial of Service
  • From: Pavel Kankovsky
• [ GLSA 200909-17 ] ZNC: Directory traversal
  • From: Tobias Heinlein
• [ GLSA 200909-16 ] Wireshark: Denial of Service
  • From: Tobias Heinlein
• Re: Regular Expression Denial of Service
  • From: Pavel Kankovsky
• Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference
  • From: Przemyslaw Frasunek
• War FTP Daemon Remote Denial Of Service Vulnerability
  • From: Jarle Aase
• [ GLSA 200909-15 ] Lynx: Arbitrary command execution
  • From: Alex Legler
• [ GLSA 200909-14 ] Horde: Multiple vulnerabilities
  • From: Alex Legler
• [ GLSA 200909-13 ] irssi: Execution of arbitrary code
  • From: Alex Legler
• [ GLSA 200909-12 ] HTMLDOC: User-assisted execution of arbitrary code
  • From: Alex Legler
• nullcon Goa 2010 Call For Papers
  • From: nullcon nullcon
• vBulletin 3.8.2 Denial of Service Exploit
  • From: snip3r ir4Q
• Re: Re[2]: Regular Expression Denial of Service
  • From: Jeffrey Walton
• Re: Regular Expression Denial of Service
  • From: Gadi Evron
• [ MDVSA-2009:232 ] libsamplerate
  • From: security
• [ MDVSA-2009:197-2 ] nss
  • From: security
• Re[2]: Regular Expression Denial of Service
  • From: Thierry Zoller
• [ MDVSA-2009:228 ] libneon
  • From: security
• ShmooCon 2010 CFP
  • From: Bruce Potter
• [ MDVSA-2009:231 ] htmldoc
  • From: security
• iphone email client does not validate ssl certificates
  • From: Bill Borskey
• Re: Regular Expression Denial of Service
  • From: Gadi Evron
• [ MDVSA-2009:230 ] pidgin
  • From: security
• Regular Expression Denial of Service
  • From: Alex Roichman
• Siemens Gigaset SE361 Wlan - Remote Reboot
  • From: crashbrz
• [ MDVSA-2009:229 ] cyrus-imapd
  • From: security
• [SECURITY] [DSA 1878-2] New devscripts packages fix regressions
  • From: Florian Weimer
• [USN-829-1] Qt vulnerability
  • From: Jamie Strandboge
• ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
  • From: ZDI Disclosures
• ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability
  • From: ZDI Disclosures
• ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability
  • From: ZDI Disclosures
• [USN-821-1] Firefox and Xulrunner vulnerabilities
  • From: Jamie Strandboge
• T-HTB Manager Mutiple Blind SQL Injection
  • From: Salvatore Fresta aka Drosophila
• [ MDVSA-2009:226 ] freeradius
  • From: security
• SecurityTubeCon CFP, Venue: Cyberspace!
  • From: Vivek Ramachandran
• [SECURITY] [DSA 1883-1] New nagios2 packages fix several cross-site scriptings
  • From: Steffen Joeris
• Re: Multiple RDP Connections BSOD DOS
  • From: Tim Medin
• Nullam Blog Multiple Remote Vulnerabilities
  • From: Salvatore Fresta aka Drosophila
• RE: Re: Multiple RDP Connections BSOD DOS
  • From: Earnhart, Benjamin J
• Re: Multiple RDP Connections BSOD DOS
  • From: John Menerick
• Re: Re: Multiple RDP Connections BSOD DOS
  • From: nobody
• RE: MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago
  • From: Jim Duncan
• Re: Multiple RDP Connections BSOD DOS
  • From: Elvedin Trnjanin
• [ MDVSA-2009:226 ] aria2
  • From: security
• CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
  • From: CORE Security Technologies Advisories
• SMB SRV2.SYS Denial of Service PoC
  • From: igottabug
• [SECURITY] [DSA 1882-1] New xapian-omega packages fix cross-site scripting
  • From: Nico Golde
• [ GLSA 200909-11 ] GCC-XML: Insecure temporary file usage
  • From: Alex Legler
• [ GLSA 200909-10 ] LMBench: Insecure temporary file usage
  • From: Alex Legler
• Re: MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago
  • From: bob
• [ GLSA 200909-09 ] Screenie: Insecure temporary file usage
  • From: Alex Legler
• [ GLSA 200909-08 ] C* music player: Insecure temporary file usage
  • From: Alex Legler
• [ GLSA 200909-07 ] TkMan: Insecure temporary file usage
  • From: Alex Legler
• Re: DoS vulnerability in Google Chrome
  • From: MustLive
• [ GLSA 200909-06 ] aMule: Parameter injection
  • From: Alex Legler
• [ GLSA 200909-05 ] Openswan: Denial of Service
  • From: Alex Legler
• 4f: The File Format Fuzzing Framework
  • From: Krakow Labs
• [ GLSA 200909-04 ] Clam AntiVirus: Multiple vulnerabilities
  • From: Alex Legler
• [ GLSA 200909-03 ] Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
  • From: Alex Legler
• TCP/IP Orphaned Connections Vulnerability
  • From: Fabian Yamaguchi
• SeacureIT Preview Conference 2009
  • From: Stefano Zanero
• Multiple RDP Connections BSOD DOS
  • From: Tim Medin
• [Advisory] ChartDirector Critical File Access
  • From: DokFLeed
• Open Beta - New Free AV Software
  • From: Alfred Huger
• [USN-828-1] PAM vulnerability
  • From: Kees Cook
• ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
  • From: ZDI Disclosures
• MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago
  • From: Juha-Matti Laurio
• Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD
  • From: Reversemode
• [ MDVSA-2009:225 ] qt4
  • From: security
• Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
  • From: Thierry Zoller
• [oCERT-2009-013] yTNEF/Evolution TNEF attachment decoder input sanitization errors
  • From: Andrea Barisani
• [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation
  • From: Marc Ruef
• Novell eDirectory 8.8 SP5 Dhost Http Server DoS
  • From: karakorsankara
• Various Orion application application server example pages are vulnerable to XSS.
  • From: info
• [SECURITY] [DSA 1881-1] New cyrus-imapd packages fix arbitrary code execution
  • From: Nico Golde
• VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.
  • From: VMware Security team
• Secunia Research: VMWare VMnc Codec Mismatched Dimensions Buffer Overflow
  • From: Secunia Research
• [ GLSA 200909-02 ] libvorbis: User-assisted execution of arbitrary code
  • From: Alex Legler
• [ GLSA 200909-01 ] Linux-PAM: Privilege escalation
  • From: Alex Legler
• yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities
  • From: Akita Software Security
• Re: [TZO-08-2009] Bitdefender generic bypass/evasion
  • From: noloader
• Re: FRHACK OS v1 alpha1 released
  • From: Jerome Athias
• [SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution
  • From: Nico Golde
• AST-2009-006: IAX2 Call Number Resource Exhaustion
  • From: Asterisk Security Team