Bugtraq
[Prev Page][Next Page]
- [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities
- CakeCMS XSRF Vulnerability
- Link Logger syslogd resource overwhelm DoS
- SugarCRM 5.2.0e Remote Code Execution
- [TZO-30-2009] Kaspersky and the silent patch that wasn't (PDF evasion, forced full disclosure)
- [TZO-37-2009] Apple Safari <v4 Remote code execution
- [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09
- [SECURITY] [DSA 1815-1] New libtorrent-rasterbar packages fix denial of service
- [TZO-36-2009] Apple Safari & Quicktime Denial of Service
- [TZO-33-2009] Frisk F-prot evasion (TAR)
- [TZO-32-2009] Norman generic bypass (RAR)
- [TZO-31-2009] Ikarus multiple generic evasions (CAB,ZIP,RAR)
- [USN-779-1] Firefox and Xulrunner vulnerabilities
- Serena Dimensions CM has insufficient default privileges
- From: roland . gruber . extern
- Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability
- [USN-787-1] Apache vulnerabilities
- VUPEN Security - Adobe Acrobat and Reader JBIG2 Filter Heap Overflow Vulnerability
- From: VUPEN Security Research
- VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability
- From: VUPEN Security Research
- iDefense Security Advisory 06.11.09: Adobe Reader and Acrobat FlateDecode Integer Overflow Vulnerability
- iDefense Security Advisory 06.11.09: Microsoft Windows 2000 Print Spooler Remote Stack Buffer Overflow Vulnerability
- iDefense Security Advisory 06.11.09: Microsoft Excel SST Record Integer Overflow Vulnerability
- ModSecurity (Core Rules) HTTP Parameter Pollution Filter Bypass Vulnerability
- FortiGuard Advisory: Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability
- From: noreply-secresearch@xxxxxxxxxxxx
- iDefense Security Advisory 06.11.09: Multiple Vendor WebKit Error Handling Use After Free Vulnerability
- iDefense Security Advisory 06.11.09: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability
- MULTIPLE SQL INJECTION VULNERABILITIES --Splog <= v-1.2 Beta-->
- (Post Form login var 'username') BLIND SQLi exploit--Open Biller 0.1-->
- ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability
- F5 FirePass Cross-Site Scripting vulnerability
- [USN-786-1] apr-util vulnerabilities
- ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
- Apple Safari cross-domain XML theft vulnerability
- Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow
- ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability
- ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability
- Secunia Research: Microsoft PowerPoint Freelance Layout Parsing Vulnerability
- ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability
- [ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services
- ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability
- XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit
- From: vinodsharma . mimit
- ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability
- FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability
- From: noreply-secresearch@xxxxxxxxxxxx
- ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
- FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability
- From: noreply-secresearch@xxxxxxxxxxxx
- [security bulletin] HPSBUX02435 SSRT090059 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
- [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability
- FreeBSD Security Advisory FreeBSD-SA-09:09.pipe
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-09:10.ipv6
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-09:11.ntpd
- From: FreeBSD Security Advisories
- [USN-775-2] Quagga regression
- catching up on several recently fixed bugs of note
- CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass
- From: CORE Security Technologies Advisories
- CORE-2009-0521 - DX Studio Player Firefox plug-in command injection
- From: CORE Security Technologies Advisories
- Re: XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3
- CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept
- Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability
- Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability
- Re: XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3
- New paper - Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions
- [USN-785-1] ipsec-tools vulnerabilities
- (Post Form var 'username') BLIND SQLi exploit --S-CMS <= v-2.0 Beta3-->
- MULTIPLE SQL INJECTION VULNERABILITIES --S-CMS <= v-2.0 Beta3-->
- MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES --S-CMS <= v-2.0 Beta3-->
- [security bulletin] HPSBMA02430 SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS)
- TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow
- XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3
- Apple Safari local file theft vulnerability
- ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability
- ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability
- ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
- ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability
- [USN-784-1] ImageMagick vulnerability
- [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
- New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks
- [USN-783-1] eCryptfs vulnerability
- Rasterbar libtorrent arbitrary file overwrite vulnerability
- [ MDVSA-2009:132 ] libsndfile
- [ MDVSA-2009:131 ] apr-util
- [SECURITY] [DSA 1813-1] New evolution-data-server packages fix several vulnerabilities
- [DSECRG-09-015] SAP GUI 6.4 Buffer Overflow vulnerability
- [ MDVSA-2009:131-1 ] apr-util
- ('dest') Blind (SQLi) EXPLOIT --Kjtechforce mailman Beta-1 -->
- [ MDVSA-2009:130 ] gstreamer0.10-plugins-good
- [security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access
- SQL INJECTION VULNERABILITY--Kjtechforce mailman Beta-1-->
- Re: [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability-fixed
- Re: [Full-disclosure] Cross Site Scripting in PHP Nuke 8.0 Version
- Re: Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
- EC2ND 2009 CFP - 5th European Conference on Computer Network Defence
- Reminder: DeepSec 2009 Call for Papers is open
- LightOpenCMS 0.1 pre-alpha Remote SQL Injection
- From: Salvatore "drosophila" Fresta
- [ISecAuditors Security Advisories] Joomla! 1.5.10 JA_Purity Multiple Persistent XSS
- From: ISecAuditors Security Advisories
- [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication
- [ MDVSA-2009:129 ] file
- [Security] XM Easy Personal FTP Server Multiple DoS vulnerabilities
- Re: Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities
- Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
- From: Christopher Schultz
- Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities
- [SECURITY] [DSA 1812-1] New apr-util packages fix several vulnerabilities
- [ MDVSA-2009:128 ] libmodplug
- SQL INJECTION VULNERABILITY--LightOpen CMS Devel 0.1-->
- [InterN0T] Flatnux 2009-03-27 - XSS Vulnerabilities + More
- [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities
- [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability
- [InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability
- [InterN0T] moziloCMS 1.11.1 - XSS Vulnerability
- [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure
- OCS Inventory NG 1.02 - Directory Traversal
- [ MDVSA-2009:127 ] gaim
- [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
- [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector
- [USN-780-1] CUPS vulnerability
- Re: TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities
- [USN-781-1] Pidgin vulnerabilities
- [USN-781-2] Gaim vulnerabilities
- Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption
- [SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure
- CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
- From: CORE Security Technologies Advisories
- TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities
- [SECURITY] [DSA 1810-1] New cups/cupsys packages fix denial of service
- TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability
- ZDI-09-030: Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
- ZDI-09-029: Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability
- ZDI-09-028: Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability
- ZDI-09-027: Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability
- ZDI-09-026: Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
- ZDI-09-025: Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability
- [security bulletin] HPSBUX02429 SSRT090058 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
- MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES -- Online Grades & Attendance <= v-3.2.6 -->
- [SECURITY] [DSA 1809-1] New Linux 2.6.26 packages fix several vulnerabilities
- [ MDVSA-2009:126 ] eggdrop
- Secunia Research: Apple QuickTime MS ADPCM Encoding Buffer Overflow
- ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities
- From: VUPEN Security Research
- Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability
- (Post Form --> 'cc') Blind (SQLi) EXPLOIT --Online Grades & Attendance <= v-3.2.6-->
- Re: Re: (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
- The father of all bombs - another webdav fiasco
- Re: (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
- [USN-778-1] cron vulnerability
- Zemana Antilogger 1.9.2 DoS attack
- ZDI-09-024: Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability
- ACSAC 2009 submissions due June 8 and June 10 (extended)
- [SECURITY] [DSA 1808-1] New drupal6 packages fix insufficient input sanitising
- Re: MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->
- FRHACK 2009 Final Call For Papers extended
- MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->
- CFP 26C3 / 26th Chaos Communication Congress
- ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability
- OCS Inventory NG 1.02 - Multiple SQL Injections
- (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
- [ MDVSA-2009:124 ] apache
- [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution
- FIREFOX URL space character SPOOF
- ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc
- [ MDVSA-2009:125 ] wireshark
- Linksys WAG54G2 Web Management Console Local Arbitrary Shell Command Injection Vulnerability
- Whitepaper
- Re: [InterN0T] Achievo 1.3.4 - XSS Vulnerability
- SonicWALL SSL-VPN Appliance Format String Vulnerability
- VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
- From: VMware Security team
- Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
- Re: Re: [InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
- (whitepaper) Microsoft WPAD Technology Weaknesses [PTResearch Team]
- Re: PHP Nuke v.8.0 (referer) SQL Injection
- [TZO-28-2009] - Avira Antivir generic RAR,CAB,ZIP
- Novell Groupwise fails to properly sanitize emails.
- [InterN0T] Achievo 1.3.4 - XSS Vulnerability
- CORE-2009-0401 - StoneTrip S3DPlayers remote command injection
- From: CORE Security Technologies Advisories
- Re: Insufficient Authentication vulnerability in Acer notebooks
- Re[2]: [TZO-27-2009] Firefox Denial of Service (Keygen)
- [TZO-27-2009] Firefox Denial of Service (Keygen)
- Re: Insufficient Authentication vulnerability in Acer notebooks
- Re: [InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
- Call For Papers – ACM CCS 2009 Workshops
- From: Christopher Kruegel
- ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability
- Re: [TZO-27-2009] Firefox Denial of Service (Keygen)
- rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server
- From: rPath Update Announcements
- [Bkis-09-2009] XSS vulnerability in 'Monitor_Bandwidth' - PRTG Traffic Grapher
- rPSA-2009-0095-1 tshark wireshark
- From: rPath Update Announcements
- ecshop 2.6.2
- Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts
- rPSA-2009-0092-1 ntp ntp-utils
- From: rPath Update Announcements
- MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->
- New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln
- [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
- [ MDVSA-2009:123 ] opensc
- Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- From: Vladimir '3APA3A' Dubrovin
- Re: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- [ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code
- Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- [security bulletin] HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
- Vanilla v.1.1.7 Cross-Site Scripting
- PHP Nuke v.8.0 (referer) SQL Injection
- Re: Backdoor in com_rsgallery2 gallery extension for joomla
- W3af ninja training class in NYC
- From: Michelangelo Sidagni
- [IMF 2009] 3rd Call - Deadline Extended
- Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- [ GLSA 200905-08 ] NTP: Remote execution of arbitrary code
- SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability
- SEC Consult SA-20090525-3 :: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
- COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit
- SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability
- [ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities
- SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability
- Backdoor in com_rsgallery2 gallery extension for joomla
- SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability
- Multiple vulnerabilities in several ATEN IP KVM Switches
- [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
- Arcade Trade Script XSS
- PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs
- Hardening OSX against CVE-2008-5353
- [ GLSA 200905-05 ] FreeType: Multiple vulnerabilities
- Secunia Research: Sun Solaris "sadmind" Buffer Overflow Vulnerability
- MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component 'Boy Scout Advancement' <= v-0.3 (com_bsadv)-->
- [ MDVSA-2009:122 ] squirrelmail
- [SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
- Re: FUD Forum < 2.7.1 PHP code injection vurnelability
- [ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities
- [ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code
- [InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
- [ GLSA 200905-03 ] IPSec Tools: Denial of Service
- [ GLSA 200905-06 ] acpid: Denial of Service
- Secunia Research: Sun Solaris "sadmind" Integer Overflow Vulnerability
- MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
- ChinaGames (CGAgent.dll) ActiveX Remote Code Execution Exploit
- [oCERT-2009-006] Android improper package verification when using shared uids
- [SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities
- [TZO-25-2009] Panda generic evasion (TAR)
- [TZO-24-2009] Panda generic evasion (CAB)
- LxBlog
- [ MDVSA-2009:121 ] lcms
- Serena Dimensions CM Desktop Client does not validate the server SSL certificate
- From: roland . gruber . extern
- [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix
- Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
- From: VUPEN Security Research
- DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
- [ MDVSA-2009:120 ] openssl
- MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->
- Novell GroupWise Web Access Multiple XSS
- DDIVRT-2009-25 IPsession SQL Injection Vulnerability
- iDefense Security Advisory 05.20.09: IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability
- (GET vars 'x' & 'y') ADMIN FUNCTION EXECUTION--Jorp v-1.3.05.09-->
- [security bulletin] HPSBPI02398 SSRT080166 rev.3 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- CORE-2009-0109 - Multiple XSS in Sun Communications Express
- From: CORE Security Technologies Advisories
- Re: [security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access
- Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
- [USN-777-1] Ntp vulnerabilities
- DMXReady Registration Manager Arbitrary File Upload Vulnerability
- Re: Insufficient Authentication vulnerability in Acer notebooks
- Shakacon Security Conference - Trainers and Speakers Finalized
- [SECURITY] [DSA 1804-1] New ipsec-tools packages fix denial of service
- [SECURITY] [DSA 1803-1] New nsd packages fix denial of service
- Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2009:119 ] kernel
- Re: Insufficient Authentication vulnerability in Asus notebook
- RE: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Acer notebooks
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Spreadsheet Buffer Overflow Vulnerabilities
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Buffer Overflow Vulnerability
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Integer Overflow Vulnerability
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities
- [SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities
- MULTIPLE REMOTE VULNERABILITIES --my-Gesuad 0.9.14-->
- MULTIPLE REMOTE VULNERABILITIES --my-colex 1.4.2-->
- [security bulletin] HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software (RGS) Sender Running Easy Login, Remote Unauthorized Access
- [security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access
- Fwd: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
- rPSA-2009-0084-1 kernel
- From: rPath Update Announcements
- WinAppDbg module v1.1 is out!
- From: Mario Alejandro Vilas Jerez
- [TKADV2009-006] libsndfile/Winamp VOC Processing Heap Buffer Overflow
- NetDecision TFTP Server 4.2 TFTP Directory Traversal
- BugCON '09 has swine influenza!!
- [ MDVSA-2009:113 ] cyrus-sasl
- ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
- PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)
- Conference on Cyber Warfare: registration open!
- [ MDVSA-2009:114 ] ipsec-tools
- rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server
- From: rPath Update Announcements
- [ MDVSA-2009:115 ] phpMyAdmin
- ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability
- [ MDVSA-2009:116 ] gnutls
- [TZO-22-2009] Bitdefender generic evasion of heuristics (for PDF)
- [ MDVSA-2009:118 ] kernel
- [TZO-23-2009] Avira antivir generic evasion of heuristics (for PDF)
- [SECURITY] [DSA 1802-1] New squirrelmail packages fix several vulnerabilities
- [security bulletin] HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
- INSECURE COOKIE HANDLING VULNERABILITIES --Dog Pedigree Online Database v1.0.1-Beta-->
- (GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->
- Namad Cms Remote File Download
- [ MDVSA-2009:117 ] ntp
- Re: POC & exploit for Apache mod_rewrite off-by-one
- HTTP Parameter Pollution
- [SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities
- eggdrop/windrop remote crash vulnerability
- RE: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- RE: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
- MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->
- Re: Insufficient Authentication vulnerability in Asus notebook
- MULTIPLE SQL INJECTION VULNERABILITIES --Shutter v-0.1.1-->
- Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- RE: Insufficient Authentication vulnerability in Asus notebook
- iDefense Security Advisory 05.14.09: Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: Insufficient Authentication vulnerability in Asus notebook
- [security bulletin] HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
- Re: Insufficient Authentication vulnerability in Asus notebook
- Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
- Insufficient Authentication vulnerability in Asus notebook
- [ MDVSA-2009:112 ] ipsec-tools
- (GET var 'member') BLIND SQL INJECTION EXPLOIT --FAMILY CONNECTIONS <= v1.9 -->
- Pinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory traversal vulnerability poc
- maxcms2.0 creat new admin exploit
- [USN-776-2] KVM regression
- Re: FormMail 1.92 Multiple Vulnerabilities
- Re: The security tools list, new version with more than 200 new tools!
- Re: FormMail 1.92 Multiple Vulnerabilities
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint Notes Container Heap Corruption Vulnerability
- [ MDVSA-2009:110 ] squirrelmail
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint Build List Memory Corruption Vulnerability
- [ MDVSA-2009:111-1 ] firefox
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint Integer Overflow Vulnerability
- [ MDVSA-2009:111 ] firefox
- [USN-776-1] KVM vulnerabilities
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow
- [USN-775-1] Quagga vulnerability
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Heap Corruption Vulnerability
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability
- Re: The security tools list, new version with more than 200 new tools!
- ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability
- ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability
- Re: The security tools list, new version with more than 200 new tools!
- Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows
- User options changer (SQLi) EXPLOIT --Bigace CMS -stable release- 2.5-->
- CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities [Updated]
- Re: Five days left to find the oldest data loss incident
- Sun IDM Arbitrary Commands Execution Vulnerability
- Re: Insufficient Authentication vulnerability in Acer notebooks
- FormMail 1.92 Multiple Vulnerabilities
- Re: Universal XSS in all Google Services
- Re: Insufficient Authentication vulnerability in Acer notebooks
- The security tools list, new version with more than 200 new tools!
- Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
- Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit
- Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities
- Security Advisory: Banks in Australia
- Re: Insufficient Authentication vulnerability in Acer notebooks
- xcon2009 is coming
- [SECURITY] [DSA 1799-1] New qemu packages fix several vulnerabilities
- [security bulletin] HPSBMA02348 SSRT080033 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [security bulletin] HPSBMA02349 SSRT080043 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data
- Re: Five days left to find the oldest data loss incident
- (POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->
- [oCERT-2009-004] AjaxTerm session id collision
- [USN-774-1] MoinMoin vulnerability
- Re: TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit
- Five days left to find the oldest data loss incident
- Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing
- RE: Insufficient Authentication vulnerability in Acer notebooks
- From: David Sánchez Martín
- [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability
- [ MDVSA-2009:109 ] quagga
- Insufficient Authentication vulnerability in Acer notebooks
- [SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
- TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit
- [TZO-21-2009] Fprot CAB bypass / evasion
- Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions
- [TZO-20-2009] AVG ZIP evasion / bypass
- [SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
- speaker Bill Blunden on Rootkits...
- Universal XSS in all Google Services
- Vpopmail/QmailAdmin User's Quota Multiple Integer Overflows
- From: Jacobo Avariento Gimeno
- BLIND SQL INJECTION exploit (GET var 'AlbumID')--RTWebalbum 1.0.462-->
- [security bulletin] HPSBUX02366 SSRT080120 rev.2 - HPUX Running useradd(1M), Local Unauthorized Access
- Claroline v.1.8.11 Cross-Site Scripting
- Re: [WEB SECURITY] [TOOL] moth - vulnerable web application vmware
- [TOOL] moth - vulnerable web application vmware
- [SECURITY] [DSA 1796-1] New libwmf packages fix denial of service
- [USN-773-1] Pango vulnerability
- [USN-772-1] MPFR vulnerability
- [USN-771-1] libmodplug vulnerabilities
- [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
- [ MDVSA-2009:108 ] zsh
- SQL INJECTION VULNERABILITIES--ST-Gallery version 0.1 alpha-->
- [ MDVSA-2009:107 ] acpid
- [SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution
- Update: [TZO-15-2009] Aladdin eSafe generic bypass - Forced release
- Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass
- [SECURITY] [DSA 1794-1] New Linux 2.6.18 packages fix several vulnerabilities
- EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
- Persistent XSS in Kayako Support Suite
- [SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities
- [SECURITY] [DSA 1792-1] New drupal6 packages fix multiple vulnerabilities
- [SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting
- [ MDVSA-2009:106 ] libwmf
- New Browser Security Paper: Why Silent Updates Boost Security
- [security bulletin] HPSBMA02419 SSRT090060 rev.1 - Insight Control Suite For Linux (ICE-LX) Multiple Remote Vulnerabilities In Nagios
- [SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities
- BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3-->
- MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->
- [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability
- From: Digital Security Research Group [DSecRG]
- [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component
- From: RedTeam Pentesting GmbH
- CONFidence 2009 trainings
- [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies
- From: Digital Security Research Group [DSecRG]
- [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View
- From: RedTeam Pentesting GmbH
- [USN-770-1] ClamAV vulnerability
- [RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader
- From: RedTeam Pentesting GmbH
- [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content
- From: RedTeam Pentesting GmbH
- [SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
- [SECURITY] [DSA 1787-1] New quagga packages fix denial of service
- LayerOne 2009 - Final Announcement
- From: LayerOne Call For Papers
- [security bulletin] HPSBMA02374 SSRT080046 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
- [security bulletin] HPSBMA02425 SSRT080091 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->
- [USN-769-1] libwmf vulnerability
- [ MDVSA-2009:105 ] memcached
- Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow
- [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks
- Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows
- “Cross-Site Scripting” vulnerability in MyBB 1.4.5
- Call for Papers Hack.lu 2009
- [SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities
- Coppermine Photo Gallery 1.4.21 Cross-Site Scripting
- [ GLSA 200905-01 ] Asterisk: Multiple vulnerabilities
- [SECURITY] [DSA 1786-1] New acpid packages fix denial of service
- about inactive account hijacking
- [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)
- [SECURITY] [DSA 1785-1] New wireshark packages fix several vulnerabilities
- Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit
- CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities
- New WebApp security paper: Anti-fraud Image Solutions
- BH USA CFP closing next Tuesday
- multiple vendor - PF NULL pointer dereference
- USER OPTIONS CHANGER EXPLOIT --MiniTwitter v0.2-Beta+->
- BLIND SQL INJECTION--Leap CMS 0.1.4-->
- Addonics NAS Adapter FTP Remote Denial of Service
- Re: Security tools list: First Version
- MULTIPLE SQL INJECTION VULNERABILITIES --MiniTwitter v0.2-Beta-->
- Durzosploit v0.1 alpha
- [ MDVSA-2009:102 ] apache
- [SECURITY] [DSA 1784-1] New freetype packages fix arbitrary code execution
- [ MDVSA-2009:104 ] udev
- [ MDVSA-2009:103 ] udev
- Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit
- MULTIPLE REMOTE VULNERABILITIES--Leap CMS 0.1.4-->
- Re: ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability
- Security tools list: First Version
- [TZO-17-2009]Trendmicro multiple bypass/evasions
- Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions
- [security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [TZO-16-2009] Nod32 CAB bypass/evasion
- ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability
- SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->
- iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability
- Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit
- Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
- From: SEC Consult Research
- [SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities
- [SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution
- Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
- [ MDVSA-2009:101 ] xpdf
- [ MDVA-2009:057 ] usermode
- [SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution
- Re: security tools list
- [SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution
- iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability
- [USN-765-1] Firefox and Xulrunner vulnerabilities
- [USN-766-1] acpid vulnerability
- MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->
- one shot remote root for linux?
- RE: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
- [USN-761-2] PHP vulnerabilities
- [USN-767-1] FreeType vulnerability
- Re: Formshield Captcha - Older Version vulnerable to replay attacks
- [security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access
- Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow
- security tools list
- [ MDVSA-2009:099 ] openafs
- Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypass
- Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass
- [ MDVSA-2009:098 ] krb5
- [security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [ MDVSA-2009:096-1 ] printer-drivers
- DDIVRT-2009-24 Precidia Ether232 Memory Corruption
- [SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities
- [TZO-14-2009] Comodo Antivirus RAR evasion
- SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
- [TZO-15-2009] Aladdin eSafe generic bypass - Forced release
- Remote iodinetd DoS vulnerability on Debian Lenny
- [TZO-13-2009] Avira Antivir generic CAB evasion / bypass
- MataChat Cross-Site Scripting Vulnerabilities
- T2'09: Call for Papers 2009 (Helsinki / Finland)
- [ MDVSA-2009:097 ] clamav
- [ MDVSA-2009:097 ] clamav
- Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication
- [ MDVSA-2009:096 ] printer-drivers
- MSL-2009-001 - Samsung Missing Provisioning Authentication
- From: Mobile Security Lab
- [ MDVSA-2009:095 ] ghostscript
- Juniper Advisory
- REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30-->
- Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities
- From: Salvatore "drosophila" Fresta
- RE: Cisco ASA5520 Web VPN Host Header XSS
- From: Mark-David McLaughlin (marmclau)
- Formshield Captcha - Older Version vulnerable to replay attacks
- CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
- WOOT'09 call for papers
- [ GLSA 200904-20 ] CUPS: Multiple vulnerabilities
- FOWLCMS 1.1--Multiple Remote Vulnerabilities-->
- Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP
- Re: [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities
- [USN-764-1] Firefox and Xulrunner vulnerabilities
- Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP
- From: Vladimir '3APA3A' Dubrovin
- [ MDVSA-2009:094 ] mysql
- [SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting
- FreeBSD Security Advisory FreeBSD-SA-09:08.openssl
- From: FreeBSD Security Advisories
- Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities
- [Tool] sqlmap 0.7rc1 released
- From: Bernardo Damele A. G.
- [ MDVSA-2009:093 ] mpg123
- FreeBSD Security Advisory FreeBSD-SA-09:07.libc
- From: FreeBSD Security Advisories
- [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities
- [TZO-12-2009] SUN / Oracle JVM Remote code execution
- SAP Cfolders Multiple Stored XSS Vulnerabilies
- From: Digital Security Research Group [DSecRG]
- SAP Cfolders Multiple Linked XSS Vulnerabilities
- From: Digital Security Research Group [DSecRG]
- CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator
- From: CORE Security Technologies Advisories
- Python winappdbg module v1.0 is out!
- From: Mario Alejandro Vilas Jerez
- MixedCMS 1.0--Multiple Remote Vulnerabilities-->
- Re: Trend Micro OfficeScan Client - DOS
- Re: Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)
- [SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalation
- Trend Micro OfficeScan Client - DOS
- [SECURITY] [DSA 1777-1] New git-core packages fix privilege escalation
- CVE-2009-0991 PoC
- [USN-763-1] xine-lib vulnerabilities
- [USN-762-1] APT vulnerabilities
- [USN-761-1] PHP vulnerabilities
- Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)
- [security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access
- Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details)
- [security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges
- Windows Update (re-)installs outdated Flash ActiveX on Windows XP
- Creasito e-commerce content manager Authentication Bypass
- From: Salvatore "drosophila" Fresta
- Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->
- WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit-->
- Sungard Banner System XSS
- Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities
- From: Salvatore "drosophila" Fresta
- Linksys WRT54GC - Admin Password Change (POC)
- Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007
- CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION
- [SECURITY] [DSA 1775-1] New php-json-ext packages fix denial of service
- [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
- [ GLSA 200904-18 ] udev: Multiple vulnerabilities
- [ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code
- Malleo 1.2.3 Local File Inclusion Vulnerability
- From: Salvatore "drosophila" Fresta
- CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)-->
- CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES-->
- CLAN TIGER CMS--(module custompage.php) BLIND SQL INJECTION-->
- [ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code
- rPSA-2009-0059-1 poppler
- From: rPath Update Announcements
- Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow
- Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability
- [TZO-11-2009] Fortinet bypass / evasion (Limited details)
- [TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details)
- rPSA-2009-0060-1 ghostscript
- From: rPath Update Announcements
- [ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code
- rPSA-2009-0064-1 icu
- From: rPath Update Announcements
- [SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting
- Tiny Blogr 1.0.0 rc4 Authentication Bypass
- From: Salvatore "drosophila" Fresta
- [IMF 2009] 2nd Call for Papers - Submission Open
- [USN-760-1] CUPS vulnerability
- rPSA-2009-0063-1 udev
- From: rPath Update Announcements
- rPSA-2009-0061-1 cups
- From: rPath Update Announcements
- [TZO-09-2009] Avast bypass / evasion (Limited details)
- [TZO-08-2009] Bitdefender generic bypass/evasion
- [SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution
- rPSA-2009-0062-1 tshark wireshark
- From: rPath Update Announcements
- [USN-759-1] poppler vulnerabilities
- ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service
- Miniweb Buffer Overflow
- Miniweb server Multiple Vulnerabilities
- [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities
- [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt
- [DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities
- skpd: A tool to dump processes to executable ELF files
- iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability
- iDefense Security Advisory 04.15.09: IBM AIX muxatmd Buffer Overflow Vulnerability
- [SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilities
- DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues
- webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--
- SQL Injection in package DBMS_AQADM_SYS
- [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation
- Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit
- Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow
- Phorum < 5.2.10 Cross-Site Scripting/Request Forgery
- Unprivileged DB users can see APEX password hashes
- SQL Injection in package DBMS_AQIN
- SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure Vulnerability
- [USN-758-1] udev vulnerabilities
- XSS with mod_perl perl_status utility
- Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
- HITBSecConf2009 - Malaysia: Call for Papers
- SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming
- Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow
- Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow
- [USN-757-1] Ghostscript vulnerabilities
- Zervit Webserver Buffer Overflow
- Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method
- Microsoft Office Excel Remote Memory Corruption Vulnerability
- From: noreply-secresearch@xxxxxxxxxxxx
- [ GLSA 200904-14 ] F-PROT Antivirus: Denial of Service
- ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability
- [ GLSA 200904-13 ] Ventrilo: Denial of Service
- iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability
- [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities
- MonGoose 2.4 Directory Traversal Vulnerability
- Re: OSCommerce Session Fixation Vulnerability
- BugCON '09, Mexico: Call For Papers
- Re: [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure
- Re: PHP-Revista Multiple vulnerabilities
- [ MDVSA-2009:092 ] ntp
- [USN-756-1] ClamAV vulnerability
- OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)
- [Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities
- [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting
- Re: Critical SQL Injection PHPNuke <= 7.8 - Your_Account module
- Hacker Space Fest 2009 CFP: Call For Paper
- From: Philippe Mailinglist
- [ MDVSA-2009:091 ] mod_perl
- Re: In Response to Bid 34130 Invalid
- ftpdmin v. 0.96 RNFR remote buffer overflow exploit
- HP Deskjet 6800 XSS in Web Interface
- In Response to Bid 34130 Invalid
- [BMSA 2009-04] Remote DoS in Internet Explorer
- [SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution
- Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3
- Opening Intranets to attack by using Internet Explorer [paper]
- VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
- From: VMware Security Team
- Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities
- From: Salvatore "drosophila" Fresta
- [ GLSA 200904-12 ] Wicd: Information disclosure
- [ MDVSA-2009:090 ] php
- [SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation
- [DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download
- [SECURITY] [DSA 1768-1] New openafs packages potential code execution
- Summer Camp Garrotxa 2009 event
- From: Gerardo García Peña
- Loggix Project 9.4.5 Blind SQL Injection
- From: Salvatore "drosophila" Fresta
- [ MDVSA-2009:089 ] opensc
- PHP 5.2.9 curl safe_mode & open_basedir bypass
- [DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow
- PHP-agenda <= 2.2.5 Remote File Overwriting
- From: Salvatore "drosophila" Fresta
- Bid 34130 Invalid
- Reminder: RAID 2009 CFP
- [ MDVSA-2009:088 ] wireshark
- [security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data
- Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow
- [ GLSA 200904-10 ] Avahi: Denial of Service
- [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service
- IBM BladeCenter Advanced Management Module Multiple vulnerabilities
- From: Henri Lindberg - Smilehouse Oy
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
