Bugtraq
[Prev Page][Next Page]
- [ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities
- [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code
- [SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities
- Exjune Guestbook v2 Remote Database Disclosure Exploit
- Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit
- [ GLSA 200904-11 ] Tor: Multiple vulnerabilities
- Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability
- AdaptBB 1.0 Beta Multiple Remote Vulnerabilities
- From: Salvatore "drosophila" Fresta
- FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability
- From: noreply-secresearch@xxxxxxxxxxxx
- OpenVAS now beyond 10000 Network Vulnerability Tests
- net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
- OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploit
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances
- From: Cisco Systems Product Security Incident Response Team
- SASPCMS Multiple Vulnerabilities
- Adgregate ShopAd widget validation is vulnerable to replay attack
- Re: [Aria-Security.com] vBulletin multiple XSS
- [USN-755-1] Kerberos vulnerabilities
- rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
- From: rPath Update Announcements
- [SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities
- Re: Adgregate ShopAd widget validation is vulnerable to replay attack
- [SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities
- [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability
- Re: Adgregate ShopAd widget validation is vulnerable to replay attack
- [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
- [USN-754-1] ClamAV vulnerabilities
- MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]
- LayerOne 2009 - Registration Open, Initial Speakers Announced
- From: LayerOne Call For Papers
- MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]
- [USN-752-1] Linux kernel vulnerabilities
- POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
- OSSTMM 3 Sample Released
- [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path
- TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
- [USN-753-1] PostgreSQL vulnerability
- [security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
- Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow
- [ GLSA 200904-08 ] OpenSSL: Denial of Service
- [ GLSA 200904-07 ] Xpdf: Untrusted search path
- ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability
- TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow
- [security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [SECURITY] [DSA 1763-1] New openssl packages fix denial of service
- [ GLSA 200904-05 ] ntp: Certificate validation error
- Amaya 11.1 XHTML Parser Buffer Overflow
- [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow
- [Aria-Security.com] vBulletin multiple XSS
- From: dontcontactorspamme
- [ GLSA 200904-04 ] WeeChat: Denial of Service
- VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
- From: VMware Security Team
- [ MDVSA-2009:087 ] openssl
- Joomla Component com_bookjoomlas SQL Injection Vulnerability
- From: Salvatore "drosophila" Fresta
- [ MDVSA-2009:086 ] gstreamer-plugins
- [ GLSA 200904-01 ] Openfire: Multiple vulnerabilities
- AST-2009-003: SIP responses expose valid usernames
- From: Asterisk Security Team
- Family Connections 1.8.2 Blind SQL Injection (Correct Version)
- From: Salvatore "drosophila" Fresta
- Cyber Warfare Conference: Agenda
- [ GLSA 200904-03 ] Gnumeric: Untrusted search path
- [ GLSA 200904-02 ] GLib: Execution of arbitrary code
- Family Connections <= 1.8.2 - Remote Shell Upload Exploit
- From: Salvatore "drosophila" Fresta
- IBM DB2
- rPSA-2009-0057-1 m2crypto openssl openssl-scripts
- From: rPath Update Announcements
- Family Connections 1.8.2 Arbitrary File Upload
- From: Salvatore "drosophila" Fresta
- glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
- Autodesk IDrop ActiveX Control Heap Corruption Vulnerability
- [SECURITY] [DSA 1761-1] New moodle packages fix file disclosure
- [ MDVSA-2009:085 ] gstreamer0.10-plugins-base
- [TZO-07-2009] F-PROT ZIP Method evasion
- [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)
- [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass
- ContentKeeper - Remote command execution and privilege escalation
- [SECURITY] [DSA 1762-1] New icu packages fix cross site scripting
- Q2 Solutions ConnX - SQL Injection Vulnerability
- Asbru Web Content Management Vulnerabilities
- Remote access vulnerability using File Thingie v2.5.4
- Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3
- OSCommerce Session Fixation Vulnerability
- From: laurent . desaulniers
- [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities
- EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
- OpenX 2.6.4 multiple vulnerabilities
- Re: Microsoft Internet Explorer 8 - Anti Spoofing is a Myth
- Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities
- [ MDVSA-2009:083 ] mozilla-thunderbird
- [SecNiche Whitepaper] Evading Web XSS Filters with Microsoft Word - WAPT Perspective
- Massive exploitation of instant messaging applications proved feasible
- Microsoft Internet Explorer 8 - Anti Spoofing is a Myth
- [ MDVSA-2009:084 ] firefox
- VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
- From: VMware Security team
- [security bulletin] HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access
- Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities
- CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server
- From: CORE Security Technologies Advisories
- [DSECRG-09-030] PrecisionID Datamatrix ActiveX control - Arbitrary File overwriting
- [DSECRG-09-016] SAP SAPDB Multiple XSS
- [security bulletin] HPSBMA02416 SSRT090008 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities
- webEdition 6.0.0.4 Local File Inclusion
- From: Salvatore "drosophila" Fresta
- [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities
- Cisco ASA5520 Web VPN Host Header XSS
- Re: [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
- aspWebCalendar Free Edition bug
- Re: Family Connections 1.8.1 Multiple Remote Vulnerabilities
- [SECURITY] [DSA 1760-1] New openswan packages fix denial of service
- [SECURITY] [DSA 1759-1] New strongswan packages fix denial of service
- [USN-750-1] OpenSSL vulnerability
- [ECHO_ADV_108$2009] JobHut <= 1.2 (pk) Remote Sql Injection Vulnerability
- Zabbix Multiple Frontend CSRF (Password reset & command execution)
- ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability
- [SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure
- [ GLSA 200903-41 ] gedit: Untrusted search path
- Community CMS 0.5 Multiple SQL Injection Vulnerabilities
- From: Salvatore "drosophila" Fresta
- [USN-749-1] libsndfile vulnerability
- DeepSec 2009 - Call for Papers is open
- [ MDVSA-2009:082 ] krb5
- Family Connections 1.8.1 Multiple Remote Vulnerabilities
- From: Salvatore "drosophila" Fresta
- Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3
- CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec
- [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection
- [USN-745-1] Firefox and Xulrunner vulnerabilities
- [ GLSA 200903-40 ] Analog: Denial of Service
- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow
- [ MDVSA-2009:081 ] libsoup
- glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit
- [tool release] Watcher v1.0.0 - passive Web-app security testing and compliance auditing
- [SECURITY] [DSA 1756-1] New xulrunner packages fix multiple vulnerabilities
- Novell Netstorage Multiple Vulnerabilities
- iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability
- Moodle: Sensitive File Disclosure
- Aurora Nutritive Analysis Module Multiple XSS
- [USN-748-1] OpenJDK vulnerabilities
- [ MDVSA-2009:080 ] glib2.0
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability
- [USN-747-1] ICU vulnerability
- [USN-746-1] xine-lib vulnerability
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability
- ICAP adaptation: missing data flow control to client side
- [Bkis-05-2009] PowerCHM Stack-based Buffer Overflow
- [ GLSA 200903-39 ] pam_krb5: Privilege escalation
- CFP RAID 2009
- [SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation
- Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- From: Vladimir '3APA3A' Dubrovin
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1745-2] New lcms packages fix regression
- Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- [ GLSA 200903-38 ] Squid: Multiple Denial of Service vulnerabilities
- iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
- [SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable
- [security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege
- ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability
- [security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent)
- [ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code
- [ GLSA 200903-36 ] MLDonkey: Information disclosure
- [ GLSA 200903-35 ] Muttprint: Insecure temporary file usage
- [USN-744-1] LittleCMS vulnerabilities
- [USN-743-1] Ghostscript vulnerabilities
- [ MDVSA-2009:079 ] postgresql
- CORE-2009-0122: HP OpenView Buffer Overflows
- From: CORE Security Technologies Advisories
- [ MDVSA-2009:078 ] evolution-data-server
- [SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution
- FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities
- [ MDVSA-2009:077 ] pam
- [SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
- Rittal CMC-TC Processing Unit II multiple vulnerabilities
- From: Henri Lindberg - Smilehouse Oy
- ExpressionEngine Persistent Cross-Site Scripting
- [SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities
- [ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code
- [oCERT-2009-003] LittleCMS integer errors
- Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)
- [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution
- [SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution
- [SECURITY] [DSA 1746-1] New ghostscript packages fix arbitrary code execution
- [security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution
- LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)
- [ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities
- [USN-741-1] Thunderbird vulnerabilities
- [ MDVSA-2009:060-1 ] nfs-utils
- Slides from uCon Security Conference 2009 available online
- From: uCon Security Conference
- rPSA-2009-0050-1 ghostscript
- From: rPath Update Announcements
- [USN-742-1] JasPer vulnerabilities
- Command Execution in Hannon Hill Cascade Server
- [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities
- [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS)
- From: ISecAuditors Security Advisories
- CDex v1.70b2 (.ogg) local buffer overflow exploit poc
- [SECURITY] [DSA 1744-1] New weechat packages fix denial of service
- Re: iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
- [USN-740-1] NSS vulnerability
- Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5
- Sitecore .NET 5.3.x - web service information disclosure
- From: security . assurance
- iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
- [ GLSA 200903-31 ] libcdaudio: User-assisted execution of arbitrary code
- [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability
- DEFCON London DC4420 March meeting - Thursday 19th March
- [USN-739-1] Amarok vulnerabilities
- [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability
- [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability
- [USN-737-1] libsoup vulnerability
- [ GLSA 200903-30 ] Opera: Multiple vulnerabilities
- [ GLSA 200903-29 ] BlueZ: Arbitrary code execution
- [USN-735-1] GStreamer Base Plugins vulnerability
- PHPRunner SQL Injection
- [SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution
- HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration
- [USN-736-1] GStreamer Good Plugins vulnerabilities
- CPANEL File Manager XSS Vulnerability
- [USN-738-1] GLib vulnerability
- [USN-733-1] evolution-data-server vulnerability
- [USN-734-1] FFmpeg vulnerabilities
- [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36
- reporting CVE
- From: rahimeh . khodadadi
- NGENUITY-2009-005 OpenCart Order By Blind SQL Injection
- [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow
- [SECURITY] [DSA 1742-1] New libsnd packages fix arbitrary code execution
- [ MDVSA-2009:076 ] avahi
- rosoft media player local BOF exploit multi tagets
- From: maroc-anti-connexion
- [ GLSA 200903-28 ] libpng: Multiple vulnerabilities
- [SECURITY] [DSA 1741-1] New psi packages fix denial of service
- [SECURITY] [DSA 1740-1] New yaws packages fix denial of service
- Infopop UBB.Threads Admin Credentials via SQL Injection
- [SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure
- [ MDVSA-2009:075 ] firefox
- [Positive Technologies SA:2009-20] A.CMS Multiple Vulnerabilities
- [Positive Technologies SA:2009-14] BLOG CMS Cross-Site Scripting vulnerability
- [Positive Technologies SA:2009-15] Living CMS Cross-Site Scripting vulnerability
- GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit
- rPSA-2009-0045-1 glib
- From: rPath Update Announcements
- Re: TikiWiki 2.2 XSS Vulnerability in URI
- rPSA-2009-0046-1 libpng
- From: rPath Update Announcements
- Apple iTunes DAAP Messages Handling Denial of Service Vulnerability
- From: secresearch@xxxxxxxxxxxx
- rPSA-2009-0041-1 dhclient dhcp libdhcp4client
- From: rPath Update Announcements
- rPSA-2009-0040-1 tshark wireshark
- From: rPath Update Announcements
- [ GLSA 200903-27 ] ProFTPD: Multiple vulnerabilities
- rPSA-2009-0042-1 curl
- From: rPath Update Announcements
- [oCERT-2008-015] glib and glib-predecessor heap overflows
- [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service
- [security bulletin] HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access
- Re: Sun Java System Communications Express [HTML Injection]
- [ MDVSA-2009:074 ] libneon0.27
- flv2mpeg4: Malformed parameters Denial of Service
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash
- Trellis Desk v1.0 XSS Vulnerability
- [ GLSA 200903-26 ] TMSNC: Execution of arbitrary code
- [ GLSA 200903-25 ] Courier Authentication Library: SQL Injection vulnerability
- [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities
- POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability
- [ MDVSA-2009:073 ] sarg
- [ MDVSA-2009:072 ] perl-MDK-Common
- TikiWiki 2.2 XSS Vulnerability in URI
- TOORCAMP 2009 CALL FOR PARTICIPATION
- Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash
- [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
- [security bulletin] HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
- [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting
- [ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilities
- [ GLSA 200903-24 ] Shadow: Privilege escalation
- Sun Java System Communications Express [HTML Injection]
- [SECURITY] [DSA 1735-1] New znc packages fix privilege escalation
- [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability
- From: ISecAuditors Security Advisories
- [ MDVSA-2009:071 ] kernel
- [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities
- AST-2009-002: Remote Crash Vulnerability in SIP channel driver
- From: Asterisk Security Team
- [USN-732-1] dash vulnerability
- [USN-731-1] Apache vulnerabilities
- Addonics NAS Adapter Post-Auth DoS
- Paper: Socket Capable Browser Plugins Result In Transparent Proxy Abuse
- [ MDVSA-2009:070 ] openoffice.org
- Multiple Vulnerabilities in iAntiVirus
- [ GLSA 200903-22 ] Ganglia: Execution of arbitrary code
- SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability
- Aryanic HighCMS and HighPortal multiple Vulnerabilities
- SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability
- SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability
- FINAL: Call for Papers on Cyber Warfare
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)
- From: Core Security Technologies Advisories
- [ GLSA 200903-21 ] cURL: Arbitrary file access
- Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system
- Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability
- DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability
- DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability
- [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities
- [ GLSA 200903-19 ] Xerces-C++: Denial of Service
- [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbitrary code
- [ GLSA 200903-16 ] Epiphany: Untrusted search path
- [ GLSA 200903-15 ] git: Multiple vulnerabilties
- [ GLSA 200903-14 ] BIND: Incorrect signature verification
- [ GLSA 200903-13 ] MPFR: Denial of Service
- [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code
- [ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code
- Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability
- Re: Zabbix 1.6.2 Frontend Multiple Vulnerabilities
- Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system
- [ GLSA 200903-10 ] Irrlicht: User-assisted execution of arbitrary code
- phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)
- From: Salvatore "drosophila" Fresta
- [ GLSA 200903-09 ] OpenTTD: Execution of arbitrary code
- [ GLSA 200903-08 ] gEDA: Insecure temporary file creation
- [ GLSA 200903-07 ] Samba: Data disclosure
- [ GLSA 200903-06 ] nfs-utils: Access restriction bypass
- [ GLSA 200903-05 ] PDFjam: Multiple vulnerabilities
- [ MDVSA-2009:068-1 ] poppler
- [ MDVSA-2009:069 ] curl
- [ GLSA 200903-04 ] DevIL: User-assisted execution of arbitrary code
- [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code
- [ GLSA 200903-02 ] ZNC: Privilege escalation
- nForum 1.5 Multiple SQL Injection
- From: Salvatore "drosophila" Fresta
- [ GLSA 200903-01 ] Vinagre: User-assisted execution of arbitrary code
- [ MDVSA-2009:068 ] poppler
- [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability
- WarVOX 1.0.0 Released
- [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application
- DEFCON CTF Submissions are in, DC-16 video online!
- [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability
- Re: iDefense COMRaider, ActiveX controls, and browser configuration
- From: Vladimir '3APA3A' Dubrovin
- Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass)
- From: Salvatore "drosophila" Fresta
- [USN-730-1] libpng vulnerabilities
- [ MDVSA-2009:067 ] libsndfile
- [USN-728-3] Firefox vulnerabilities
- Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities
- From: Roberto Muñoz Fernandez
- [USN-728-2] Firefox vulnerabilities
- [USN-728-1] Firefox and Xulrunner vulnerabilities
- [USN-729-1] Python Crypto vulnerability
- SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7)
- [ MDVSA-2009:066 ] php
- [ MDVSA-2009:065 ] php4
- iDefense COMRaider, ActiveX controls, and browser configuration
- ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability
- libc:fts_*():multiple vendors, Denial-of-service
- Re: djbdns misformats some long response packets; patch and example attack
- CelerBB 0.0.2 Multiple Vulnerabilities
- From: Salvatore "drosophila" Fresta
- Re: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability
- Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [USN-726-2] curl regression
- [USN-727-2] NetworkManager vulnerability
- [ MDVSA-2009:064 ] imap
- NovaBoard <= 1.0.1 / XSS Vulnerability
- [USN-726-1] curl vulnerability
- [USN-727-1] network-manager-applet vulnerabilities
- BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)
- From: Salvatore "drosophila" Fresta
- Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability
- [SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities
- Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability
- Zabbix 1.6.2 Frontend Multiple Vulnerabilities
- WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)
- From: Salvatore "drosophila" Fresta
- [ MDVSA-2009:063 ] eog
- [SECURITY] [DSA 1732-1] New squid3 packages fix denial of service
- [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability
- Blogsa <= 1.0 Beta 3 XSS Vulnerability
- RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability
- From: Salvatore "drosophila" Fresta
- Re: Re: Local vulnerability in suexec + FastCGI + PHP configurations
- [ MDVSA-2009:062 ] shadow-utils
- [SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
- [ISecAuditors Security Advisories] eXtplorer Remote Code Execution
- From: ISecAuditors Security Advisories
- rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
- From: rPath Update Announcements
- [SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities
- Announcing Cap'r Mak'r
- [security bulletin] HPSBUX02401 SSRT090005 rev.3 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- [CFP] FRHACK 2nd Call For Papers
- EZ-Blog Beta 1 Multiple SQL Injection
- From: Salvatore "drosophila" Fresta
- BlogMan 0.45 Multiple Vulnerabilities
- From: Salvatore "drosophila" Fresta
- YEKTA WEB Academic Web Tools CMS Multiple XSS
- [SECURITY] [DSA 1719-2] New GNUTLS packages fix regression
- Weekly Web Hacking Incidents update for Feb 25th
- Re: Nokia N95-8 browser denial of service
- Afian Document Manager Local File Inclusion
- Re: djbdns misformats some long response packets; patch and example attack
- POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Vulnerability
- On the implementation of TCP urgent data (IETF Internet Draft)
- [SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service
- HTC Touch vCard over IP Denial of Service PoC Code
- From: Mobile Security Lab
- Hex Workshop <= v6 (.hex) File Local Code
- Drupal Local File Inclusion Vulnerability (Windows)
- [ MDVSA-2009:058 ] wireshark
- djbdns misformats some long response packets; patch and example attack
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- Re: BitDefender Internet Security XSS
- VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed
- From: VMware Security team
- Re: New site about security conferences : www.security-briefings.com
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- ANNOUNCE: RFIDIOt-0.1x release - February 2009
- [ MDVSA-2009:056 ] net-snmp
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- BitDefender Internet Security XSS
- [ MDVSA-2009:056 ] net-snmp
- [ MDVSA-2009:026-1 ] phpMyAdmin
- [ MDVSA-2009:048-2 ] epiphany
- [ MDVSA-2009:057 ] valgrind
- [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability
- [security bulletin] HPSBGN02410 SSRT080135 rev.1 - HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Digital Security Research Group
- [USN-724-1] Squid vulnerability
- [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
- Golabi CMS Remote File Inclusion Vulnerability
- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
- Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability
- From: security . assurance
- [SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service
- [ MDVSA-2009:055 ] audacity
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows
- Secunia Research: SHOUTcast DNAS Relay Server Buffer Overflow
- [DSECRG-09-008] JOnAS(4.10.3) - Linked XSS Vulnerability
- From: Digital Security Research Group
- Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability
- Re: HP Quality Center vulnerability
- [BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1
- [security bulletin] HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS)
- pPIM Multiple Vulnerabilities
- From: Justin C. Klein Keane
- Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow
- [ MDVSA-2009:054 ] nagios
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [ MDVSA-2009:053 ] squirrelmail
- [ MDVSA-2009:052 ] php-smarty
- iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability
- [ MDVSA-2009:047-1 ] vim
- [ MDVSA-2009:047-1 ] vim
- [ MDVSA-2009:048-1 ] epiphany
- VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27
- From: VMware Security team
- [ MDVSA-2009:049-1 ] pycrypto
- [ GLSA 200902-06 ] GNU Emacs, XEmacs: Multiple vulnerabilities
- [ MDVSA-2009:051 ] libpng
- [ GLSA 200902-05 ] KTorrent: Multiple vulnerabilitites
- [ MDVSA-2009:050-1 ] python-pycrypto
- [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
- HP Quality Center vulnerability
- gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection
- From: Salvatore "drosophila" Fresta
- XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
- gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection
- From: Salvatore "drosophila" Fresta
- gigCalendar Joomla Component 1.0 SQL Injection
- From: Salvatore "drosophila" Fresta
- [ MDVSA-2009:050 ] python-pycrypto
- [ MDVSA-2009:049 ] pycrypto
- [ MDVSA-2009:048 ] epiphany
- [ MDVSA-2009:045 ] php
- [ MDVSA-2009:047 ] vim
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- PHCDownload 1.1.0 Vulnerabilities
- Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [ MDVSA-2009:044 ] firefox
- [ MDVSA-2009:046 ] dia
- [ MDVSA-2009:043 ] gnumeric
- Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- From: security curmudgeon
- [ MDVA-2009:027 ] kernel
- Re: Apache directory traversal on shared hosting environment.
- Re: Apache directory traversal on shared hosting environment.
- Re: SEPKILL /im SMC.EXE /f
- Apache directory traversal on shared hosting environment.
- Weekly Web Hacking Incidents update for Feb 19th
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
- [USN-723-1] Git vulnerabilities
- [ MDVSA-2009:042 ] samba
- RE: hello bug in windows live messenger
- DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability
- Re: LFI in Drupal CMS
- Re: SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei
- From: organiser@xxxxxxxxxx
- [USN-722-1] sudo vulnerability
- [USN-721-1] fglrx-installer vulnerability
- [ MDVSA-2009:041 ] jhead
- [security bulletin] HPSBMA02406 SSRT080100 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Unauthorized Access to Data
- Re: RFI Bug
- [ MDVSA-2009:040 ] dia
- FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd
- From: FreeBSD Security Advisories
- [ MDVSA-2009:039 ] gedit
- [ MDVSA-2009:038 ] blender
- RFI Bug
- [ MDVSA-2009:037 ] bind
- [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0
- [UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues
- From: Ubuntu Privacy Remix Team
- [SECURITY] [DSA 1725-1] New websvn packages fix information leak
- Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux)
- [security bulletin] HPSBPI02398 SSRT080166 rev.2 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- Re: SEP(Symantec) Bug
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian
- RainbowCrack 1.3 is released, the new generation of time-memory tradeoff hash cracker
- Re: Local vulnerability in suexec + FastCGI + PHP configurations
- ACM CCS '09: Call for Workshop Proposals
- From: Christopher Kruegel
- RE: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- RE: SEP(Symantec) Bug
- SEPKILL /im SMC.EXE /f
- Cross-site scripting in Samizdat 0.6.1
- Re: SEP(Symantec) Bug
- Security Assessment of the Transmission Control Protocol (TCP)
- [security bulletin] HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Nokia N95 browser "setAttributeNode" method crash
- Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- Re: RE: SEP(Symantec) Bug
- [ GLSA 200902-04 ] xterm: User-assisted arbitrary commands execution
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [ GLSA 200902-02 ] OpenSSL: Certificate validation error
- [ GLSA 200902-03 ] Valgrind: Untrusted search path
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [USN-720-1] PHP vulnerabilities
- [USN-719-1] pam-krb5 vulnerabilities
- [ MDVSA-2009:036 ] python
- RE: SEP(Symantec) Bug
- Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- Re: LFI in Drupal CMS
- SEP(Symantec) Bug
- Full Path Disclosure In Photolibrary 1.009(Update)
- [SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- From: Edward Bjarte Fjellskål
- BackTrack 4 Beta Released
- Re: pam-krb5 security advisory (3.12 and earlier)
- pam-krb5 security advisory (3.12 and earlier)
- [SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)
- Web Hacking Incidents update for Feb 10th (Links corrected)
- [security bulletin] HPSBMA02331 SSRT080000 rev.3 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges
- [USN-717-2] Firefox vulnerabilities
- Full Path Disclosure In Photolibrary 1.009
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Local vulnerability in suexec + FastCGI + PHP configurations
- [USN-717-3] Firefox vulnerabilities
- [ MDVSA-2009:035 ] gstreamer0.10-plugins-good
- Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- ProFTPd with mod_mysql Authentication Bypass Exploit
- [USN-717-1] Firefox and Xulrunner vulnerabilities
- ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
- ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption
- [SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Nokia Phoenix Service Software 2008.04.007.32837 overflow POC
- Re: PHP filesystem attack vectors
- [Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]
- Web Hacking Incidents update for Feb 10th
- Craft Silicon Banking@Home SQL Injection
- From: Francesco Bianchino
- Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [ MDVSA-2009:034 ] squid
- [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
- [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
- Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)
- Re: Nokia N95-8 JPG crash
- From: Dmitry Yu. Bolkhovityanov
- London DEFCON DC4420 - February 2009 Meet - Thursday 12th
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- ZeroShell <= 1.0beta11 Remote Code Execution
- 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass
- Nokia N95-8 JPG crash
- Trend micro - IWSVA/IWSS - Authorization module password leak
- LFI in Drupal CMS
- rooting your own phone: android security
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- Re: [Full-disclosure] PHP filesystem attack vectors
- PHP filesystem attack vectors
- [BMSA-2009-02] XML injection in PyBlosxom
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- From: Roman Medina-Heigl Hernandez
- [SECURITY] [DSA 1718-1] New boinc packages fix validation bypass
- [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding
- [ GLSA 200902-01 ] sudo: Privilege escalation
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities
- CamFrog Password Disclosure Vulnerability
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities
- Vulnerable: Ilch CMS
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- [security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS)
- [security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities
- From: noreply-secresearch@xxxxxxxxxxxx
- [security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- Speaking line up confirmed! uCon Security Conference 2009 - Recife, Brazil
- From: uCon Security Conference
- Re: Nokia N95-8 browser denial of service
- dBpowerAMP Audio Player local buffer overflow exploit
- From: maroc-anti-connexion
- C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities
- Nokia N95-8 browser denial of service
- Re: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
- [SECURITY] [DSA 1717-1] New devil packages fix buffer overflow
- [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability
- Cisco IOS XSS/CSRF Vulnerability
- [Tool] sqlmap 0.6.4 released
- From: Bernardo Damele A. G.
- Re: DMXReady Blog Manager (SQL/XSS)
- Microsoft SDL meets CWE/SANS Top25
- flatnux Flatnux-2009-01-27 Remote File Include
- StreamDown v6.4.3 Local Buffer Overflow PoC
- LCPlayer (.qt file) EOP change PoC (app crash)
- metabbs 0.11 Change admin password vulnerability
- phpslash <= 0.8.1.1 Remote Code Execution Exploit
- rgboard v4 (07.07.27) Multiple Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal
- From: vulnerabilityresearch
- QIP 2005 Denial of Service Vulnerability
- [ MDVSA-2009:033 ] sudo
- [security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- Squid Proxy Cache Denial of Service in request handling
- Euphonics Audio Player v1.0 (.pls) Local BOF POC
- CORE-2008-1009 - VNC Multiple Integer Overflows
- From: CORE Security Technologies Advisories
- Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter)
- Call for papers and trainers - note extended deadline - SeacureIT 2009
- Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- [security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access
- Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit
- NaviCopa webserver 3.01 Multiple Vulnerabilities
- SMF 1.1.7 Persistent XSS (requires permision to edit censor)
- Web Hacking Incidents update for Feb 3rd
- Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2
- Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC
- ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
- [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation
- [ MDVSA-2009:032 ] kernel
- Secunia Research: Free Download Manager Remote Control Server Buffer Overflow
- Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows
- [ MDVSA-2009:031 ] avahi
- BruCON call for papers
- [SECURITY] [DSA 1716-1] New vnc4 packages fix remote code execution
- VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages
- From: VMware Security Team
- Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC
- PR08-23: XSS on Novell GroupWise WebAccess
- From: ProCheckUp Research
- PR08-22: Persistent XSS on Novell GroupWise WebAccess
- From: ProCheckUp Research
- PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks
- From: ProCheckUp Research
- [USN-716-1] MoinMoin vulnerabilities
- ANNOUNCE - RFIDIOt 0.1w released - January 2009
- [USN-715-1] Linux kernel vulnerabilities
- [OPENX-SA-2009-001] OpenX 2.4.10 and 2.6.4 fix multiple vulnerabilities
- Re[2]: Internet explorer 7.0 stack overflow
- From: Vladimir '3APA3A' Dubrovin
- CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities
- Bugs Online v2.14 Sql Injection
- Re: XSS vulnerabilty in ASP.Net [with details]
- PerlSoft Guestbook v1.7b Bruteforcer + RCE!
- [SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service
- rPSA-2009-0021-1 sudo
- From: rPath Update Announcements
- Motorola Wimax Modem CPEi300 Multiple Vulnerabilities
- Oracle Application Server 10g Cross Site Scripting Vulnerability
- Re: Secunia Research: OpenX Multiple Vulnerabilities
- Re: Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.
- Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)
- [SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising
- Re: Internet explorer 7.0 stack overflow
- [security bulletin] HPSBMP02404 SSRT090014 rev.1 - MPE/iX Running BIND/iX, Remote DNS Cache Poisoning
- dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit
- [security bulletin] HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
- [SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution
- [SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution
- [TKADV2009-004] FFmpeg Type Conversion Vulnerability
- [SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution
- Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.
- CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities
- From: Core Security Technologies Advisories
- Re: DoS attacks on MIME-capable software via complex MIME emails
- Internet explorer 7.0 stack overflow
- Web Hacking Incidents update for Jan 28th
- CONFidence 2009, Final CfP
- [USN-713-1] openjdk-6 vulnerabilities
- Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass
- From: Salvatore "drosophila" Fresta
- Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability
- From: Salvatore "drosophila" Fresta
- [ MDVSA-2009:030 ] amarok
- Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability
- From: Salvatore "drosophila" Fresta
- CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities
- Total video player 1.3.7 local buffer overflow universal exploit
- From: maroc-anti-connexion
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]