Bugtraq

• Thread Index

• ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
  • From: zdi-disclosures
• Classifieds Caffe (index.php cat_id) Remote SQL Injection
  • From: sys-project
• Re: PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability
  • From: contact
• iDefense Security Advisory 04.15.08: Oracle Application Express Privilege Escalation Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 04.09.08: IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 04.09.08: IBM DB2 Universal Database Administration Server File Creation Vulnerability
  • From: iDefense Labs
• Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• CA DSM gui_cm_ctrls ActiveX Control Vulnerability
  • From: Williams, James K
• Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]
  • From: ak
• [INFIGO-2008-04-08]: ICQ 6 remote buffer overflow vulnerability
  • From: infocus
• Oracle - SQL Injection Vulnerability in SDO_UTIL [DB05]
  • From: ak
• Oracle - SQL Injection in package SDO_IDX [DB07]
  • From: ak
• BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)
  • From: admin
• VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
  • From: VMware Security team
• Carbon Communities forum Multiple Vulnerabilities.
  • From: admin
• Oracle - SQL Injection in package SDO_GEOM [DB06]
  • From: ak
• [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability
  • From: security
• DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT )
  • From: securfrog
• remote file include
  • From: win32 . exe
• iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability
  • From: iDefense Labs
• remote file include
  • From: win32 . exe
• Koobi Pro 6.25 poll Remote SQL Injection Vulnerability
  • From: Sabun
• WordPress 2.5 - Salt cracking vulnerability
  • From: J. Carlos Nieto
• Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities
  • From: sys-project
• [SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service
  • From: Steve Kemp
• [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability
  • From: security
• Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows
  • From: Luigi Auriemma
• BosNews 2002-2006 Remote add user admin
  • From: houssamix
• clamav: Endless loop / hang with crafter arj, CVE-2008-1387
  • From: Hanno Böck
• BosNews v4.0 Remote add user admin
  • From: houssamix
• [ MDVSA-2008:085 ] - Updated python packages fix arbitrary code execution vulnerability
  • From: security
• Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability
  • From: Morgan ARMAND
• [ GLSA 200804-13 ] Asterisk: Multiple vulnerabilities
  • From: Robert Buchholz
• [ GLSA 200804-15 ] libpng: Execution of arbitrary code
  • From: Robert Buchholz
• KwsPHP (Upload) Remote Code Execution Exploit
  • From: ajax
• [ GLSA 200804-14 ] Opera: Multiple vulnerabilities
  • From: Robert Buchholz
• Troopers08 Security Conference, April 23/24 (Munich/Germany)
  • From: Enno Rey
• [USN-601-1] Squid vulnerability
  • From: Jamie Strandboge
• Fones Clinic Mart SQL
  • From: turkish-warriorr
• S21SEC-043-en:Cezanne SW Blind SQL Injection
  • From: S21sec labs
• S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required)
  • From: S21sec labs
• S21SEC-041-en:Cezanne SW Cross-Site Scripting
  • From: S21sec labs
• Secunia Research: Internet Explorer Data Stream Handling Vulnerability
  • From: Secunia Research
• Secunia Research: Autonomy Keyview Applix Graphics Parsing Vulnerabilities
  • From: Secunia Research
• Secunia Research: activePDF DocConverter Applix Graphics Parsing Vulnerabilities
  • From: Secunia Research
• Secunia Research: Symantec Mail Security Applix Graphics Parsing Vulnerabilities
  • From: Secunia Research
• Secunia Research: Autonomy Keyview EML Reader Buffer Overflows
  • From: Secunia Research
• Secunia Research: HP OpenView Network Node Manager OpenView5.exe Directory Traversal
  • From: Secunia Research
• Secunia Research: Lotus Notes EML Reader Buffer Overflows
  • From: Secunia Research
• Secunia Research: Autonomy Keyview Folio Flat File Parsing Buffer Overflows
  • From: Secunia Research
• Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows
  • From: Secunia Research
• DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2
  • From: Sebastien gioria
• Secunia Research: Lotus Notes Applix Graphics Parsing Vulnerabilities
  • From: Secunia Research
• Secunia Research: Symantec Mail Security Folio Flat File Parsing Buffer Overflows
  • From: Secunia Research
• Secunia Research: Adobe Flash Player "Declare Function (V7)" Heap Overflow
  • From: Secunia Research
• Secunia Research: Lotus Notes htmsr.dll Buffer Overflows
  • From: Secunia Research
• OneSecurityDay 2008 - Web application auditing challenge
  • From: bugtraq
• Secunia Research: activePDF DocConverter Folio Flat File Parsing Buffer Overflows
  • From: Secunia Research
• Secunia Research: Lotus Notes kvdocve.dll Path Processing Buffer Overflow
  • From: Secunia Research
• project announcement - oCERT - Open Source CERT
  • From: Andrea Barisani
• [oCERT-2008-003] libpng zero-length chunks incorrect handling
  • From: Andrea Barisani
• DEF CON 16 Retro Announcement! Back to Bang!
  • From: The Dark Tangent
• [ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability
  • From: security
• Re: WoltLab(R) Community Framework WCF 1.0.6
  • From: marc . deroche
• DEF CON 16 Retro Announcement! Back to Bang!
  • From: The Dark Tangent
• IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows
  • From: Justin Ferguson
• Trillian 3.1.9.0 DTD File Buffer Overflow
  • From: david130490
• Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53
  • From: Luigi Auriemma
• [ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation
  • From: Robert Buchholz
• [ GLSA 200804-12 ] gnome-screensaver: Privilege escalation
  • From: Raphael Marichez
• WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities
  • From: ascii
• [USN-600-1] rsync vulnerability
  • From: Kees Cook
• iDefense Security Advisory 04.09.08: EMC DiskXtender Authentication Bypass Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 04.09.08: EMC DiskXtender MediaStor Format String Vulnerability
  • From: iDefense Labs
• [SECURITY] [DSA 1546-1] New gnumeric packages fix arbitrary code execution
  • From: Devin Carraway
• Borland InterBase 2007 "ibserver.exe" Buffer Overflow Vulnerability POC
  • From: Liu Zhen Hua
• iDefense Security Advisory 04.09.08: EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability
  • From: iDefense Labs
• w2b.ru multiple products SQL Injection
  • From: noreply
• [ GLSA 200804-10 ] Tomcat: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• [ GLSA 200804-09 ] am-utils: Insecure temporary file creation
  • From: Pierre-Yves Rofes
• [SECURITY] [DSA 1545-1] New rsync packages fix arbitrary code execution
  • From: Moritz Muehlenhoff
• EUSecWest CFP Closes April 14th (conf May 21/22 2008)
  • From: Dragos Ruiu
• Re: Re: licq remote DoS?
  • From: mrangelov
• Re: openMosix userspace library stack-based buffer overflow
  • From: nixpanic
• [ GLSA 200804-08 ] lighttpd: Multiple vulnerabilities
  • From: Tobias Heinlein
• [ MDVSA-2008:083 ] - Updated audit packages fix vulnerability
  • From: security
• paFileDB 3.1 Remote SQL Injection
  • From: noreply
• Re: licq remote DoS?
  • From: 3APA3A
• Re: Alkacon OpenCms sessions.jsp searchfilter XSS
  • From: a . westtermann
• [USN-599-1] Ghostscript vulnerability
  • From: Jamie Strandboge
• IOActive Security Advisory: Buffer overflow in Python zlib extension module
  • From: Justin Ferguson
• [SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities
  • From: Devin Carraway
• [SECURITY] [DSA 1544-1] New pdns-recursor packages fix cache poisoning vulnerability
  • From: Florian Weimer
• [ MDVSA-2008:082 ] - Updated php-apc packages fix vulnerability
  • From: security
• [SECURITY] [DSA 1542-1] New libcairo packages fix arbitrary code execution
  • From: Devin Carraway
• [CVE-2007-5301] alsaplayer PoC - exploit
  • From: Albert Sellarès
• iDefense Security Advisory 04.08.08: Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
  • From: iDefense Labs
• [ GLSA 200804-07 ] PECL APC: Buffer Overflow
  • From: Robert Buchholz
• Pu Arcade component for Joomla - SQL injection
  • From: netmantis . com
• SAP Netweaver 6.40-7.0 Cross-Site-Scripting
  • From: jaime . blasco
• CAU-2008-0002: Microsoft Windows SharePoint Services Picture Source XSS
  • From: I)ruid
• [SECURITY] [DSA 1541-1] New openldap2.3 packages fix denial of service
  • From: Moritz Muehlenhoff
• ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
  • From: zdi-disclosures
• ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability
  • From: zdi-disclosures
• Re: Multiple vulnerabilities in HP OpenView NNM 7.53
  • From: Luigi Auriemma
• [security bulletin] HPSBMA02242 SSRT061260 rev.3 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution
  • From: security-alert
• [security bulletin] [security bulletin] HPSBST02318 SSRT080018 rev.1 - HP Storage Essentials Software, Remote Unauthorized Access to Data
  • From: security-alert
• Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)
  • From: Amit Klein
• New tool released : Syslog Fuzzer
  • From: jaime . blasco
• [security bulletin] HPSBMA02327 SSRT071455 rev.1 - HP Integrity Servers iLO-2 Management Processors (iLO-2 MP), Denial of Service (DoS)
  • From: security-alert
• Wayport Public Access PC Authentication Bypass Weakness
  • From: Pascal Cretain
• licq remote DoS?
  • From: Milen Rangelov
• WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability
  • From: Jessica Hope
• Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility
  • From: yeppy
• Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities
  • From: brad . antoniewicz
• Multiple vulnerabilities in HP OpenView NNM 7.53
  • From: Luigi Auriemma
• Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility
  • From: virangar_nml
• Attack Technique: File Download Injection
  • From: Jeff Williams
• [ GLSA 200804-04 ] MySQL: Multiple vulnerabilities
  • From: Robert Buchholz
• openMosix userspace library stack-based buffer overflow
  • From: jose
• [ GLSA 200804-06 ] UnZip: User-assisted execution of arbitrary code
  • From: Robert Buchholz
• [SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service
  • From: Steve Kemp
• CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities
  • From: Simon Ryeo
• Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow
  • From: Patrick Webster
• [ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code
  • From: Robert Buchholz
• [ GLSA 200804-03 ] OpenSSH: Privilege escalation
  • From: Robert Buchholz
• Blogator-script 0.95 SQL Injection Vulnerbility
  • From: hadihadi_zedehal_2006
• Alkacon OpenCms sessions.jsp searchfilter XSS
  • From: nnposter
• Blogator-script 0.95 Change User Password Vulnerbility
  • From: hadihadi_zedehal_2006
• TheGreenBowVPN, Login Credentials Disclosure
  • From: evilcry
• F5 BIG-IP Management Interface Perl Injection
  • From: nnposter
• rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server
  • From: rPath Update Announcements
• rPSA-2008-0138-1 tshark wireshark
  • From: rPath Update Announcements
• rPSA-2008-0136-1 cups
  • From: rPath Update Announcements
• [SECURITY] [DSA 1538-1] New alsaplayer packages fix arbitrary code execution
  • From: Devin Carraway
• [SECURITY] [DSA 1539-1] New mapserver packages fix multiple vulnerabilities
  • From: Devin Carraway
• iDefense Security Advisory 04.03.08: Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities
  • From: iDefense Labs
• iDefense Security Advisory 04.02.08: Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability
  • From: iDefense Labs
• ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability
  • From: zdi-disclosures
• CORE-2008-0314 - Orbit Downloader "Download failed" buffer overflow
  • From: CORE Security Technologies Advisories
• [security bulletin] HPSBMA02323 SSRT080032 rev.1 - HP USB Floppy Drive Key (Option) for ProLiant Servers, Local Virus Infection
  • From: security-alert
• KwsPHP Module ConcoursPhoto XSS
  • From: hsx
• CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities
  • From: Williams, James K
• ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability
  • From: zdi-disclosures
• iDefense Security Advisory 04.02.08: Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability
  • From: iDefense Labs
• CA Alert Notification Server Multiple Vulnerabilities
  • From: Williams, James K
• ZDI-08-015: Apple QuickTime Clipping Region Heap Overflow Vulnerability
  • From: zdi-disclosures
• ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability
  • From: zdi-disclosures
• Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron
  • From: Tim Brown
• ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability
  • From: zdi-disclosures
• ZDI-08-014: Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities
  • From: zdi-disclosures
• POC2008 call for papers
  • From: pocadm
• Cisco Security Advisory: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Recon 2008 CFP last call, early registration open
  • From: Recon Conference
• [USN-588-2] MySQL regression
  • From: Jamie Strandboge
• Parallels virtuozzo's VZPP multiple csrf vulnerabilities
  • From: poplix
• Joomla Component com_lms SQL Injection
  • From: no-reply
• Vulnerabilities in kses-based HTML filters
  • From: lpilorz
• [USN-598-1] CUPS vulnerabilities
  • From: Jamie Strandboge
• Webwasher Denial of Service Vulnerability
  • From: security
• [ GLSA 200804-02 ] bzip2: Denial of Service
  • From: Pierre-Yves Rofes
• [SECURITY] [DSA 1537-1] New xpdf packages fix multiple vulnerabilities
  • From: Devin Carraway
• [ MDVSA-2008:081 ] - Updated CUPS packages fix multiple vulnerabilities
  • From: security
• RE: Internet explorer 7.0 spoofing
  • From: Mike Diaz
• Directory traversal in LANDesk Management Suite 8.80.1.1
  • From: Luigi Auriemma
• ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59
  • From: Adam Laurie
• HPSBTU02325 SSRT080006 rev.1 - HP Internet Express for Tru64 UNIX running PostgreSQL, Arbitrary Code Execution, Privilege Elevation, or Denial of Service (DoS)
  • From: security-alert
• [USN-597-1] OpenSSH vulnerability
  • From: Kees Cook
• Datalife Engine 6.7 XSRF
  • From: irancrash
• HPSBMA02317 SSRT080026 rev.1 - HP Select Identity Software, Gain Unauthorized Access
  • From: security-alert
• Writers Block SQL Injection Vulnerabilities
  • From: nebelfrost23
• Re: Re: Re: Internet explorer 7.0 spoofing
  • From: jplopezy
• RE: Internet explorer 7.0 spoofing
  • From: Darth Jedi
• Re: Hamachi Password Disclosure Vulnerability
  • From: anonymous
• Re: Re: Internet explorer 7.0 spoofing
  • From: w0lfd33m
• Re: Internet explorer 7.0 spoofing
  • From: Razi Shaban
• [ GLSA 200804-01 ] CUPS: Multiple vulnerabilities
  • From: Robert Buchholz
• TCP/IP security vulnerability disclosed
  • From: J. Oquendo
• [SECURITY] [DSA 1533-2] New exiftags packages fix several vulnerabilities
  • From: Devin Carraway
• cevado technologies real estate CMS SQL injection
  • From: joseph . giron13
• Terracotta Personal Edition Multiple vulnerabilities
  • From: joseph . giron13
• CAU-2008-0001 - Slowly Closing Door Race Condition
  • From: I)ruid
• [SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
  • From: Thijs Kinkhorst
• EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)
  • From: irancrash
• iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability
  • From: iDefense Labs
• Paper by Amit Klein (Trusteer): "PowerDNS Recursor DNS Cache Poisoning [pharming]"
  • From: Amit Klein
• [SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Directory traversal in 2X ThinClientServer v5.0_sp1-r3497
  • From: Luigi Auriemma
• rPSA-2008-0132-1 lighttpd
  • From: rPath Update Announcements
• [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption
  • From: Tobias Klein
• London DEFCON meet - DC4420 - New Venue - Wednesday 2nd April, 2008
  • From: Major Malfunction
• PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit
  • From: r57blg
• [SECURITY] [DSA 1531-2] New policyd-weight packages fix insecure temporary files
  • From: Thijs Kinkhorst
• Efestech Video v5,0 (id) Remote Sql Injection
  • From: dj_remix_20
• Proviso SiteKiosk File Download Vulnerability
  • From: nebelfrost23
• Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities
  • From: omnipresent
• Re: Internet explorer 7.0 spoofing
  • From: mouss
• CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities
  • From: hadihadi_zedehal_2006
• Re: Internet explorer 7.0 spoofing
  • From: w0lfd33m
• VMSA-2008-0006 Updated libxml2 service console package
  • From: VMware Security team
• [ MDVSA-2008:080 ] - Updated Firefox packages fix multiple vulnerabilities
  • From: security
• Internet explorer 7.0 spoofing
  • From: jplopezy
• Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities
  • From: Mike Duncan
• Re: XChat 2.8.4-1 - Multiple Vulnerabilities
  • From: fabio
• Immunity Debugger 1.5
  • From: Nicolas Waisman
• Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities
  • From: Jindrich Kubec
• [SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities
  • From: fake
• XChat 2.8.4-1 - Multiple Vulnerabilities
  • From: evilcry
• CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability
  • From: Williams, James K
• [security bulletin] HPSBOV02278 SSRT071479 rev.1 - HP OpenVMS SSH Using TCP/IP Services for OpenVMS, Remote Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBGN02319 SSRT080027 rev.1 - HP Compaq Notebook PC BIOS, Local Unauthorized Access
  • From: security-alert
• [security bulletin] HPSBGN02305 SSRT080004 rev.1 - HP Compaq Business Notebook PC BIOS, Local Denial of Service (DoS)
  • From: security-alert
• Re: Heap overflow in Sybase MobiLink 10.0.1.3629
  • From: jsavill
• Smf 1.1.4 Remote File Inclusion Vulnerabilities
  • From: sibertrwolf
• [SECURITY] [DSA 1533-1] New exiftags packages fix several vulnerabilities
  • From: Devin Carraway
• [ MDVSA-2008:079 ] - Updated sarg packages fix multiple vulnerabilities
  • From: security
• [SECURITY] [DSA 1532-1] New xulrunner packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• rPSA-2008-0128-1 firefox
  • From: rPath Update Announcements
• Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities
  • From: Christos Zoulas
• Re: JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities
  • From: str0ke
• [SECURITY] [DSA 1531-1] New policyd-weight packages fix insecure temporary files
  • From: Thijs Kinkhorst
• JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities
  • From: r57blg
• [USN-595-1] SDL_image vulnerabilities
  • From: Kees Cook
• [USN-593-1] Dovecot vulnerabilities
  • From: Kees Cook
• [securityreason] *BSD libc (strfmon) Multiple vulnerabilities
  • From: cxib
• [USN-596-1] Ruby vulnerabilities
  • From: Kees Cook
• [ MDVSA-2008:078 ] - Updated openssh packages fix X connection hijacking
  • From: security
• TopperMod 2.0 Remote SQL Injection Vulnerability
  • From: r57blg
• [USN-594-1] libnet-dns-perl vulnerability
  • From: Kees Cook
• [SECURITY] [DSA 1529-1] New Firebird packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• [ MDVSA-2008:077 ] - Updated perl-Tk packages fix GIF processing vulnerability
  • From: security
• Multiple XSS in DigiDomain
  • From: xx_hack_xx_2004
• [ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities
  • From: security
• Multiple vulnerabilities in solidDB 06.00.1018
  • From: Luigi Auriemma
• Re: hacking the mitsubishi GB-50A
  • From: Chris Withers
• Invision Power Board <=2.3.x iFrame Vuln
  • From: shaheemirza
• ZDI-08-013: Novell eDirectory for Linux Stack Overflow
  • From: zdi-disclosures
• Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers
  • From: Cisco Systems Product Security Incident Response Team
• [USN-592-1] Firefox vulnerabilities
  • From: Jamie Strandboge
• Cisco Security Advisory: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS
  • From: Cisco Systems Product Security Incident Response Team
• Re: Logaholic Web Analytics Software
  • From: andre
• php-addressbook v2.0 SQL Injection Vulnerbility
  • From: hadihadi_zedehal_2006
• Re: hacking the mitsubishi GB-50A
  • From: Steven M. Christey
• Aztech ADSL2/2+ 4 Port remote root
  • From: sipherr
• [security bulletin] HPSBTU02322 SSRT080011 rev.1 - HP Tru64 UNIX running SSH/SFTP Server, Remote Execution of Arbitrary Code or Denial of Service (DoS)
  • From: security-alert
• Blackboard Academic Suite Multiple XSS Vulnerabilities
  • From: knight4vn
• phpBB PJIRC mod LFI
  • From: 0in . email
• CORE-2007-1212: SILC pkcs_decode buffer overflow
  • From: Core Security Technologies Advisories
• [DSECRG-08-022] Multiple Security Vulnerabilities in Bolinos 4.6.1
  • From: Digital Security Research Group
• rPSA-2008-0123-1 ruby
  • From: rPath Update Announcements
• Cuteflow Bin v1.5.0 Local File Inclusion Vuln
  • From: r57blg
• rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server
  • From: rPath Update Announcements
• e107 My_Gallery Plugin Arbitrary File Download Vulnerability
  • From: Jerome Athias
• [SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities
  • From: Noah Meyerhans
• Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A
  • From: Joe
• Re: hacking the mitsubishi GB-50A
  • From: Chris Withers
• Re: hacking the mitsubishi GB-50A
  • From: Vincent Archer
• aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
  • From: arsalan1991
• Re: Linksys phone adapter denial of service
  • From: Michael VERGOZ
• [ GLSA 200803-32 ] Wireshark: Denial of Service
  • From: Pierre-Yves Rofes
• [USN-590-1] bzip2 vulnerability
  • From: Kees Cook
• [ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities
  • From: Robert Buchholz
• [USN-591-1] libicu vulnerabilities
  • From: Jamie Strandboge
• [SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting
  • From: Thijs Kinkhorst
• HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de)
  • From: zero-x
• RE: hacking the mitsubishi GB-50A
  • From: James C. Slora Jr.
• Re: Linksys phone adapter denial of service
  • From: J. Oquendo
• Re: Linksys phone adapter denial of service
  • From: orsino
• Re: Re: Linksys phone adapter denial of service
  • From: sipherr
• Hamachi Password Disclosure Vulnerability
  • From: evilcry
• [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b
  • From: Digital Security Research Group
• [DSECRG-08-020] RFI-LFI in PowerClan 1.14a
  • From: Digital Security Research Group
• [DSECRG-08-019] LFI in PowerBook 1.21
  • From: Digital Security Research Group
• [SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation
  • From: Thijs Kinkhorst
• Re: XSS in cPanel 11.x
  • From: morin . josh
• Re: Linksys phone adapter denial of service
  • From: J. Oquendo
• RE: hacking the mitsubishi GB-50A
  • From: Desai, Ashish
• ircu/snircd remote crash vulnerability
  • From: Chris Porter
• EfesTech E-Kontr (id) Remote SQL INJECTION
  • From: dj_remix_20
• Alkacon OpenCms users_list.jsp searchfilter XSS
  • From: nnposter
• Linksys phone adapter denial of service
  • From: sipherr
• [ MDVSA-2008:075 ] - Updated bzip2 packages fix denial of service vulnerability
  • From: security
• Re: Potential SQL injection vulnerability in Apache::AuthCAS
  • From: dcastro
• F5 BIG-IP Web Management Audit Log XSS
  • From: nnposter
• Safari browser 3.1 (525.13) spoofing
  • From: jplopezy
• Google SoC 2008: Security Projects
  • From: jkouns
• phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities
  • From: Guns
• hacking the mitsubishi GB-50A
  • From: Chris Withers
• Fedora, Ubuntu publish wrong advisories for CVE-2007-6318
  • From: Abel Cheung
• rPSA-2008-0118-1 bzip2
  • From: rPath Update Announcements
• rPSA-2008-0116-1 unzip
  • From: rPath Update Announcements
• Buffer-overflow in ASUS Remote Console 2.0.0.24
  • From: Luigi Auriemma
• Safari 3.1 for windows download bug
  • From: jplopezy
• Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS
  • From: vermsky
• XSS in cPanel 11.x
  • From: xx_hack_xx_2004
• {securityreason.com}PHP 5 *printf() - Integer Overflow
  • From: cxib
• webutil.pl is still vulnerable against Remote Command Execution.
  • From: zero-x
• [ MDVSA-2008:074 ] - Updated audacity package fixes insecure temporary directory creation
  • From: security
• DotNetNuke Default Machine Key Exposure
  • From: labs
• [MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.
  • From: Minded Security Research Labs
• Re: Horde Webmail file inclusion proof of concept & patch.
  • From: David Morton
• MS08-014
  • From: Anonymous
• [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow
  • From: infocus
• [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.
  • From: Minded Security Research Labs
• CanSecWest 2008 PWN2OWN - Mar 26-28
  • From: Dragos Ruiu
• [ MDVSA-2008:073 ] - Updated perl-Net-DNS packages fix DoS vulnerability
  • From: security
• [USN-589-1] unzip vulnerability
  • From: Kees Cook
• Multiple heap overflows in xine-lib 1.1.11
  • From: Luigi Auriemma
• [ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability
  • From: security
• Note about recently publicized CA BrightStor ActiveX exploit code
  • From: Williams, James K
• [SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities
  • From: Steve Kemp
• KAPhotoservice (album.asp) Remote SQL Injection Exploit
  • From: sys-project
• [USN-588-1] MySQL vulnerabilities
  • From: Jamie Strandboge
• [SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability
  • From: info
• Pizco vulnerable to buffer overflow in activex
  • From: david130490
• [SECURITY] [DSA 1506-2] New iceape packages fix regression
  • From: Moritz Muehlenhoff
• [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure
  • From: Robert Buchholz
• rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
  • From: rPath Update Announcements
• [ MDVSA-2008:071 ] - Updated Kerberos packages fix multiple vulnerabilities
  • From: security
• [ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities
  • From: Tobias Heinlein
• [ MDVSA-2008:070 ] - Updated Kerberos packages fix multiple vulnerabilities
  • From: security
• [ MDVSA-2008:069 ] - Updated Kerberos packages fix multiple vulnerabilities
  • From: security
• [ GLSA 200803-28 ] OpenLDAP: Denial of Service vulnerabilities
  • From: Pierre-Yves Rofes
• IBM Rational ClearQuest Web Multiple XSS Vulnerabilities
  • From: swhite
• CS-Cart XSS
  • From: swhite
• Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?
  • From: James Connery
• HPSBST02321 SSRT080029 rev.1 - HP StorageWorks Library and Tape Tools (LTT) Running on HP-UX, Local Unauthorized Access
  • From: security-alert
• AST-2008-004: Format String Vulnerability in Logger and Manager
  • From: Asterisk Security Team
• [USN-587-1] Kerberos vulnerabilities
  • From: Kees Cook
• AST-2008-002: Two buffer overflows in RTP Codec Payload Handling
  • From: Asterisk Security Team
• [ MDVSA-2008:068 ] - Updated unzip packages vulnerability
  • From: security
• AST-2008-003: Unauthenticated calls allowed from SIP channel driver
  • From: Asterisk Security Team
• Mambo/joomla com_intellect "page" LFI [Aria-Security]
  • From: no-reply
• phpBB 2.0.23 Session Hijacking Vulnerability
  • From: nbbn@xxxxxxx
• AST-2008-005: HTTP Manager ID is predictable
  • From: Asterisk Security Team
• [ GLSA 200803-27 ] MoinMoin: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• [ MDVSA-2008:067 ] - Updated nagios packages fix multiple vulnerabilities
  • From: security
• iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability
  • From: iDefense Labs
• [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities
  • From: Noah Meyerhans
• CORE-2008-0123: Leopard Server Remote Path Traversal
  • From: Core Security Technologies Advisories
• MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)
  • From: raeburn
• MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc
  • From: raeburn
• MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc
  • From: raeburn
• Digital Armaments March-April Hacking Challenge: 5,000$ Prize - Client Vulnerabilities and Exploit
  • From: info
• [ GLSA 200803-26 ] Adobe Acrobat Reader: Insecure temporary file creation
  • From: Robert Buchholz
• [ GLSA 200803-24 ] PCRE: Buffer overflow
  • From: Tobias Heinlein
• cPanel 11.x => List Directories and Folders
  • From: xx_hack_xx_2004
• [security bulletin] HPSBST02320 SSRT080028 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-014 to MS08-017
  • From: security-alert
• Internet Explorer 7.0 crash
  • From: jplopezy
• [ GLSA 200803-25 ] Dovecot: Multiple vulnerabilities
  • From: Robert Buchholz
• VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
  • From: VMware Security team
• eForum 0.4 XSS
  • From: omnipresent
• [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
  • From: Florian Weimer
• [SECURITY] [DSA 1522-1] New unzip packages fix potential code execution
  • From: Florian Weimer
• Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
  • From: opexoc
• Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
  • From: opexoc
• Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125
  • From: Hanno Böck
• [SECURITY] [DSA 1485-2] New icedove packages fix regression
  • From: Moritz Muehlenhoff
• Agile Hacking
  • From: Petko D. Petkov
• Home FTP Server DoS
  • From: 0in . email
• Buffer-overflow in BootManage TFTPD 1.99
  • From: Luigi Auriemma
• Multiple vulnerabilities in Net Inspector 6.5.0.828
  • From: Luigi Auriemma
• VLC highlander bug
  • From: Luigi Auriemma
• Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)
  • From: greentea-lemon
• Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
  • From: david130490
• [SECURITY] [DSA 1493-2] New sdl-image1.2 packages fix arbitrary code execution
  • From: Thijs Kinkhorst
• raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition)
  • From: Collin R. Mulliner
• Security Advisory on RSA Web ID (XSS)
  • From: quentin . berdugo
• Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities
  • From: sys-project
• EasyCalendar <= 4.0tr - Multiple Remote Vulnerabilities
  • From: sys-project
• vuln in snewscms Rus v 2.3
  • From: www . yo . by
• [SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure
  • From: Steve Kemp
• RE: Local persistent DoS in Windows XP SP2 Taskmgr
  • From: Thor (Hammer of God)
• [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage
  • From: Pierre-Yves Rofes
• Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)
  • From: neodwija
• [SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution
  • From: Thijs Kinkhorst
• Re: Local persistent DoS in Windows XP SP2 Taskmgr
  • From: paraw
• Joomla components com_guide "category" Remote SQL Injection [Aria-Security]
  • From: no-reply
• [SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 1518-1] New backup-manager packages fix information disclosure
  • From: Thijs Kinkhorst
• [SECURITY] [DSA 1517-1] New ldapscripts packages fix information disclosure
  • From: Thijs Kinkhorst
• XNview 1.92.1 Long Filename Overflow
  • From: Sylvain
• Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
  • From: opexoc
• [USN-586-1] mailman vulnerability
  • From: Kees Cook
• Troopers08 Security Conference, April 23/24 (Munich/Germany)
  • From: Enno Rey
• [SECURITY] [DSA 1516-1] New dovecot packages fix privilege escalation
  • From: Florian Weimer
• Local persistent DoS in Windows XP SP2 Taskmgr
  • From: SkyOut
• Black Hat Announcements: New CFP system and Japan '08 confirmed
  • From: jmoss
• Re: Office XP Remote SQL Injection
  • From: Steve Shockley
• EasyGallery <= 5.0tr - Multiple Remote Vulnerabilities
  • From: sys-project
• Airspan WiMAX ProST Authentication Bypass Vulnerability
  • From: admin
• [ GLSA 200803-22 ] LIVE555 Media Server: Denial of Service
  • From: Pierre-Yves Rofes
• Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability
  • From: zdi-disclosures
• ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability
  • From: zdi-disclosures
• [ MDVSA-2008:066 ] - Updated gcc packages fix directory traversal vulnerability in fastjar
  • From: security
• Office XP Remote SQL Injection
  • From: no-reply
• PR08-02: Plone CMS Security Research - the Art of Plowning
  • From: ProCheckUp Research
• Re: Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
  • From: sad_wabi_user
• Update+Errata: Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
  • From: Amit Klein
• Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability
  • From: kralor
• Re: Firewire Attack on Windows Vista
  • From: Stefan Kanthak
• Rise of the spammers
  • From: vulns
• Zabbix (zabbix_agentd) denial of service
  • From: Milen Rangelov
• Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
  • From: app
• Directory traversal in EdiorCMS V3.0
  • From: wsn1983
• XSS in PHP-Nuke (eWeather module)
  • From: nima_501
• Re: PHP-Nuke Module NukeC30 sql injection
  • From: my_msn_my_msn_my
• Re: Directory traversal and DoS in WinIPDS G52-33-021
  • From: ph
• rPSA-2008-0108-1 dovecot
  • From: rPath Update Announcements
• Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)
  • From: Luigi Auriemma
• [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code
  • From: Raphael Marichez
• rPSA-2008-0106-1 lighttpd
  • From: rPath Update Announcements
• Powered by phpBB 2001, 2006 (SQL)
  • From: turkish-warriorr
• ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow
  • From: zdi-disclosures
• ZDI-08-010: Java Web Start encoding Stack Buffer Overflow
  • From: zdi-disclosures
• Cisco ACS UCP Remote Pre-Authentication Buffer Overflows
  • From: Felix 'FX' Lindner
• hacking a pacemaker
  • From: Gadi Evron
• Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
  • From: Maximiliano Müller
• iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection
  • From: iDefense Labs
• iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability
  • From: iDefense Labs
• travelsized cms 0.4.1 multiple local file inclusion vulnerabilities
  • From: muuratsalo experimental hack lab
• [SECURITY] [DSA 1515-1] New libnet-dns-perl packages fix several vulnerabilities
  • From: Florian Weimer
• uberghey cms 0.3.1 multiple local file inclusion vulnerabilities
  • From: muuratsalo experimental hack lab
• iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability
  • From: iDefense Labs
• TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability
  • From: DVLabs
• [ GLSA 200803-20 ] International Components for Unicode: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• PHP-Nuke Module ZClassifieds [cat] SQL Injection
  • From: lovebug
• [ GLSA 200803-19 ] Apache: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• Advisory Adobe LiveCycle Workflow XSS Vulnerability
  • From: Liquidmatrix Security Digest
• ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability
  • From: zdi-disclosures
• CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection
  • From: Core Security Technologies Advisories
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: FD
• ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2008-03-11-1)
  • From: ACROS Security
• ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2)
  • From: ACROS Security
• Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer
  • From: patrick
• [USN-585-1] Python vulnerabilities
  • From: Kees Cook
• PHP-Nuke Module NukeC30 sql injection
  • From: houssamix
• [security bulletin] HPSBUX02313 SSRT080015 rev.2 - HP-UX Running Apache, Remote Cross Site Scripting (XSS)
  • From: security-alert
• Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5
  • From: Luigi Auriemma
• Mambo Components ensenanzas "id" Remote SQL Injection
  • From: no-reply
• Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5
  • From: titon
• Re: Firewire Attack on Windows Vista
  • From: Steve Shockley
• Advisory: SQL-Injections in Mapbender
  • From: RedTeam Pentesting GmbH
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Jacob Appelbaum
• [security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
  • From: security-alert
• [ GLSA 200803-18 ] Cacti: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• Directory traversal in Argon Client Management Services 1.31
  • From: Luigi Auriemma
• NULL pointer in Acronis True Image Windows Agent 1.0.0.54
  • From: Luigi Auriemma
• Invalid memory access in Acronis True Image Group Server 1.5.19.191
  • From: Luigi Auriemma
• iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability
  • From: iDefense Labs
• Multiple vulnerabilities in ASG-Sentry 7.0.0
  • From: Luigi Auriemma
• Vulnerabilities in Timbuktu Pro 8.6.5
  • From: Luigi Auriemma
• iDefense Security Advisory 03.10.08: SAP MaxDB Signedness Error Heap Corruption Vulnerability
  • From: iDefense Labs
• Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076
  • From: Luigi Auriemma
• NULL pointer in Remotely Anywhere 8.0.668
  • From: Luigi Auriemma
• [ GLSA 200803-17 ] PDFlib: Multiple buffer overflows
  • From: Pierre-Yves Rofes
• Denial of Service in PacketTrap TFTP server 2.0.3901.0
  • From: Luigi Auriemma
• [ GLSA 200803-16 ] MPlayer: Multiple buffer overflows
  • From: Pierre-Yves Rofes
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Ansgar -59cobalt- Wiechers
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• Summer Camp 2008 - La Garrotxa
  • From: Gerardo García Peña
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Stefan Kanthak
• Firebird remote BOF POC
  • From: underwater
• PHP-Nuke SQL injection Module "Hadith" [cat]
  • From: lovebug
• Re: Firewire Attack on Windows Vista
  • From: Stefan Kanthak
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
  • From: gmdarkfig
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Jacob Appelbaum
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Tim
• [ MDVSA-2008:065 ] - Updated pulseaudio packages fix denial of service vulnerabilities
  • From: security
• [security bulletin] HPSBUX02306 SSRT071463 rev.2 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS)
  • From: security-alert
• [ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability
  • From: Pierre-Yves Rofes
• [SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Tim
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability
  • From: nbbn
• [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability
  • From: Tobias Klein
• Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure
  • From: nnposter
• F5 BIG-IP Web Management Console XSS
  • From: nnposter
• Re: Horde Webmail file inclusion proof of concept & patch.
  • From: Ben Klang
• [ GLSA 200803-14 ] Ghostscript: Buffer overflow
  • From: Pierre-Yves Rofes
• [ GLSA 200803-13 ] VLC: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• XSS in Neptune Web Server
  • From: nima_501
• [ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling
  • From: security
• rPSA-2008-0099-1 dbus dbus-glib dbus-qt dbus-x11
  • From: rPath Update Announcements
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Thor (Hammer of God)
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Thor (Hammer of God)
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13
  • From: Luigi Auriemma
• Re: Firewire Attack on Windows Vista
  • From: Nathanael Hoyle
• Re: Firewire Attack on Windows Vista
  • From: Tonnerre Lombard
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Tim
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Thor (Hammer of God)
• RE: Firewire Attack on Windows Vista
  • From: Thor (Hammer of God)
• PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding
  • From: r080cy90r
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Tim
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Tim
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Glenn.Everhart
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• RE: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Larry Seltzer
• Re: [Full-disclosure] Firewire Attack on Windows Vista
  • From: Tim
• [ MDVSA-2008:063 ] - Updated Evolution packages fix critical vulnerability
  • From: security
• Horde Webmail file inclusion proof of concept & patch.
  • From: ppelanne
• [ MDVSA-2008:062 ] - Updated Thunderbird packages fix multiple vulnerabilities
  • From: security
• WordPress Multiple Cross-Site Scripting Vulnerabilities
  • From: DoZ
• [USN-582-2] Thunderbird vulnerabilities
  • From: Jamie Strandboge
• Re: Multiple vulnerabilities in Double-Take 5.0.0.2865
  • From: Steve Shockley
• [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure
  • From: Steve Kemp
• [ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities
  • From: security
• Directory traversal in MicroWorld eScan Server 9.0.742.98
  • From: Luigi Auriemma
• RE: Firewire Attack on Windows Vista
  • From: Larry Seltzer
• RE: Firewire Attack on Windows Vista
  • From: bzhbfzj3001
• Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability
  • From: H D Moore
• Checkpoint VPN-1 UTM Edge cross-site scripting
  • From: Henri Lindberg - Smilehouse Oy
• PHP-Nuke KutubiSitte "kid" SQL Injection
  • From: lovebug
• Sun JDK image parsing vulnerabilities
  • From: Chris Evans
• Re: Firewire Attack on Windows Vista
  • From: Tonnerre Lombard
• Re: Firewire Attack on Windows Vista
  • From: Daniel O'Connor
• Re: Firewire Attack on Windows Vista
  • From: Peter Watkins
• [SECURITY] [DSA 1503-2] New Linux kernel 2.4.27 packages fix several issues
  • From: dann frazier
• [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability
  • From: Alexandr Polyakov
• [ GLSA 200803-11 ] Vobcopy: Insecure temporary file creation
  • From: Pierre-Yves Rofes
• [USN-584-1] OpenLDAP vulnerabilities
  • From: Jamie Strandboge
• [ MDVSA-2008:060 ] - Updated Joomla! packages fix multiple vulnerabilities
  • From: security
• [ GLSA 200803-12 ] Evolution: Format string vulnerability
  • From: Pierre-Yves Rofes
• [USN-583-1] Evolution vulnerability
  • From: Kees Cook
• [ MDVSA-2008:058 ] - Updated openldap packages fix multiple vulnerabilities
  • From: security
• RE: Firewire Attack on Windows Vista
  • From: Roger A. Grimes
• [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability
  • From: security
• [ GLSA 200803-10 ] lighttpd: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• ERRATA: [ GLSA 200801-09 ] X.Org X server and Xfont library: Multiple vulnerabilities
  • From: Robert Buchholz
• Multiple vulnerabilities in Perforce Server 2007.3/143793
  • From: Luigi Auriemma
• Re: Firewire Attack on Windows Vista
  • From: Thierry Zoller
• Firewire Attack on Windows Vista
  • From: Bernhard Mueller
• [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution
  • From: Thijs Kinkhorst
• Arbitrary commands execution in Versant Object Database 7.0.1.3
  • From: Luigi Auriemma
• CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
  • From: Core Security Technologies Advisories
• Dovecot mail_extra_groups setting is often used insecurely
  • From: Timo Sirainen
• [ GLSA 200803-09 ] Opera: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• Minigal 2 critical XSS
  • From: jose
• [ GLSA 200803-08 ] Win32 binary codecs: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit
  • From: nyubicrew
• Re: Crafty Syntax Xss Vulnerability
  • From: cmzs
• PHP-Nuke Module "seminar" Local FIle Inclusion
  • From: no-reply
• PHP-Nuke Module eGallery "pid" Remote SQL Injection
  • From: no-reply
• [ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities
  • From: security
• VMSA-2008-0004 Low: Updated e2fsprogs service console package
  • From: VMware Security team
• Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities
  • From: Seth Fogie
• [ GLSA 200803-04 ] Mantis: Cross-Site Scripting
  • From: Pierre-Yves Rofes
• [SECURITY] [DSA 1511-1] New libicu packages fix multiple problems
  • From: Steve Kemp
• [ GLSA 200803-07 ] Paramiko: Information disclosure
  • From: Pierre-Yves Rofes
• [ GLSA 200803-06 ] SWORD: Shell command injection
  • From: Pierre-Yves Rofes
• [ GLSA 200803-05 ] SplitVT: Privilege escalation
  • From: Pierre-Yves Rofes
• DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability
  • From: vulnerabilityresearch
• LayerOne 2008 Update
  • From: Layer One
• Cross-site Scripting and CSRF in TorrentTrader Classic v1.08
  • From: Valery Marchuk
• Multiple integer overflows in Borland StarTeam server 10.0.0.57
  • From: Luigi Auriemma
• Re: CSRF in joomla 1.0.11 stable version
  • From: zinho
• DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability
  • From: vulnerabilityresearch
• CSRF in joomla 1.0.11 stable version
  • From: vivek_infosec
• [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities
  • From: Digital Security Research Group
• Re: Crafty Syntax Xss Vulnerability
  • From: erics
• Recon 2008 - Call For Paper
  • From: Recon
• [ GLSA 200803-03 ] Audacity: Insecure temporary file creation
  • From: Pierre-Yves Rofes
• Squid Analysis Report Generator <= 2.2.3.1 buffer overflow
  • From: L4teral
• [ GLSA 200803-01 ] Adobe Acrobat Reader: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• XSS in XP Book version 3.0
  • From: xx_hack_xx_2004
• kcwiki 1.0 multiple remote file inclusion vulnerabilities.
  • From: muuratsalo experimental hack lab
• [ GLSA 200803-02 ] Firebird: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• Dynamic photo gallery V1.02 SQL Injection
  • From: no-reply
• The Router Hacking Challenge is Over!
  • From: Petko D. Petkov
• Livebox Router vulnerability to REMOTE BUFFER OVERFLOW DoS (FTPD)_
  • From: 0in . email
• PHP-Nuke Copyright 2005 SQL
  • From: turkish-warriorr
• h2desk helpdesk path disclosure vulnerability
  • From: joseph . giron13
• Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability
  • From: sys-project
• Mambo com_Musica "id" Remote SQL Injection
  • From: no-reply
• [ MDVSA-2008:056 ] - Updated gnumeric packages fix vulnerability
  • From: security
• [USN-582-1] Thunderbird vulnerabilities
  • From: Jamie Strandboge
• rPSA-2008-0094-1 kernel
  • From: rPath Update Announcements
• rPSA-2008-0093-1 thunderbird
  • From: rPath Update Announcements
• Release: Pass-The-Hash toolkit v1.3
  • From: Hernan Ochoa
• rPSA-2008-0092-1 tshark wireshark
  • From: rPath Update Announcements
• rPSA-2008-0091-1 cups
  • From: rPath Update Announcements
• netOffice Dwins 1.3 Remote code execution.
  • From: db
• Centreon <= 1.4.2.3 (index.php) Remote File Disclosure
  • From: sys-project
• Ghostscript buffer overflow
  • From: Chris Evans
• [ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability
  • From: security
• PHPMyTourney Remote file include Vulnerability
  • From: security
• Re: Loginwindow.app and Mac OS X
  • From: Matt Johnston
• Re: Loginwindow.app and Mac OS X
  • From: Jacob Appelbaum
• Re: Loginwindow.app and Mac OS X
  • From: oc photon
• Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials
  • From: brad . antoniewicz
• [ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability
  • From: security
• Loginwindow.app and Mac OS X
  • From: Jacob Appelbaum
• rPSA-2008-0082-1 espgs
  • From: rPath Update Announcements
• rPSA-2008-0088-1 am-utils
  • From: rPath Update Announcements
• rPSA-2008-0086-1 pcre
  • From: rPath Update Announcements
• rPSA-2008-0084-1 lighttpd
  • From: rPath Update Announcements
• XSS on XRMS- open source CRM
  • From: vijayv
• RE: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
  • From: Raymond_Villafania
• Re: 123 Flash Chat Module for phpBB
  • From: f10
• PR07-41: XSS on Juniper Networks Secure Access 2000
  • From: ProCheckUp Research
• PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000
  • From: ProCheckUp Research
• PHP-Nuke My_eGallery "gid" Remote SQL Injection
  • From: no-reply
• 123 Flash Chat Module for phpBB
  • From: f10
• Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)
  • From: Daniel Roethlisberger
• security and aluminum foil hats
  • From: Pete Herzog
• [ MDVSA-2008:053 ] - Updated pcre packages fix vulnerability
  • From: security
• CORE-2008-0130: VLC media player chunk context validation error
  • From: Core Security Technologies Advisories
• [ MDVSA-2008:052 ] - Updated cacti packages fix multiple vulnerabilities
  • From: security
• Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
  • From: Luigi Auriemma
• Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS
  • From: jamboomla
• CFP - ekoparty 4th edition
  • From: ekoparty
• iDefense Security Advisory 02.26.08: Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability
  • From: iDefense Labs
• [SECURITY] [DSA 1510-1] New ghostscript packages fix arbitrary code execution
  • From: Thijs Kinkhorst
• iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability
  • From: iDefense Labs
• iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
  • From: iDefense Labs
• [ MDVSA-2008:051 ] - Updated cups packages fix vulnerabilities
  • From: security
• [ GLSA 200802-11 ] Asterisk: Multiple vulnerabilities
  • From: Pierre-Yves Rofes
• [ GLSA 200802-12 ] xine-lib: User-assisted execution of arbitrary code
  • From: Robert Buchholz
• [ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities
  • From: security
• Re: Re: Nortel IP Phone DoS
  • From: sipherr
• Re: Nortel IP Phone DoS
  • From: amarkov
• SandMan 1.0.080226 is out!
  • From: Matthieu Suiche
• Bypassing OfficeScan Trend Micro AV
  • From: Danux
• [SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities
  • From: Noah Meyerhans
• php-nuke sql injection reportaj [secid]
  • From: lovebug
• Nortel IP Phone DoS
  • From: sipherr
• NULL pointer in SurgeFTP 2.3a2
  • From: Luigi Auriemma
• Re: Powered by Pagetool Ver (1.04-05-06-07)
  • From: packet
• Format string and buffer-overflow in SurgeMail 38k4
  • From: Luigi Auriemma
• [SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution
  • From: Thijs Kinkhorst
• Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection
  • From: No-Reply
• Powered by Pagetool Ver (1.04-05-06-07)
  • From: turkish-warrorr
• Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities
  • From: nbbn
• CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation
  • From: Core Security Technologies Advisories
• [ GLSA 200802-10 ] Python: PCRE Integer overflow
  • From: Robert Buchholz
• Packeteer Products File Listing XSS
  • From: nnposter
• Php Nuke "Sell" module SQL Injection ("cid")
  • From: no-reply
• [SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 1507-1] New turba2 packages fix permission testing
  • From: Steve Kemp
• S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server
  • From: S21sec labs
• Alkacon OpenCms tree_files.jsp resource XSS
  • From: nnposter
• Pigyard Art Gallery Multiple SQL Injection
  • From: No-Reply
• Softbiz jokes and funny pictures (index.php) sql injection
  • From: Hamza Almersoumi
• Joomla com_inter "id" Remote SQL Injection
  • From: no-reply
• Joomla Com_blog "pid" Remote SQL Injection
  • From: no-reply
• joomla com_simpleshop SQL Injection(section) #
  • From: hackturkiye . hackturkiye
• Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)
  • From: dcid
• joomla com_wines SQL Injection(id)
  • From: hackturkiye . hackturkiye
• joomla com_garyscookbook SQL Injection(id)
  • From: hackturkiye . hackturkiye
• Joomla com_stat "id" Remote SQL Injection
  • From: no-reply
• [ MDVSA-2008:049 ] - Updated nss_ldap package fixes race condition allowing user data theft
  • From: security
• phpechocms v 2.0 rc3 RFI
  • From: beenudel1986
• php-nuke Quran SQL Injection(surano)
  • From: hackturkiye . hackturkiye