Bugtraq
[Prev Page][Next Page]
- [ MDVSA-2011:021 ] postgresql,
security
- [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability,
Mark Thomas
- Troopers11 - Security Conference in Germany,
mozilla
- [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability,
Mark Thomas
- [SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat,
Mark Thomas
- Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure,
beford
- [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions,
Mark Thomas
- TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR),
Trustwave Advisories
- [SECURITY] [DSA-2157-1] PostgreSQL security update,
Florian Weimer
- [USN-1057-1] Linux kernel vulnerabilities,
Kees Cook
- [USN-1058-1] PostgreSQL vulnerability,
Steve Beattie
- ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability,
ZDI Disclosures
- (TAD-2011-001) Vulnerability in HTC Peep: Twitter Credentials Disclosure,
Raul Siles
- [ MDVSA-2011:020 ] pango,
security
- WOOT '11 Call for Papers,
Michal Zalewski
- Majordomo2 - Directory Traversal (SMTP/HTTP),
mike
- HTB22806: SQL Injection in ReOS,
advisory
- HTB22810: SQL Injection in ReOS,
advisory
- HTB22802: XSS in Podcast Generator,
advisory
- HTB22807: SQL Injection in ReOS,
advisory
- HTB22808: Local File Inclusion in ReOS,
advisory
- HTB22800: Path disclosure in Podcast Generator,
advisory
- HTB22801: Local File Inclusion in Podcast Generator,
advisory
- HTB22809: SQL Injection in ReOS,
advisory
- Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints,
Cisco Systems Product Security Incident Response Team
- [USN-1055-1] OpenJDK vulnerabilities,
Steve Beattie
- [USN-1054-1] Linux kernel vulnerabilities,
Kees Cook
- fix for Nvidia CUDA drivers security breach,
Massimo Bernaschi
- Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities,
CORE Security Technologies Advisories
- TinyWebGallery: XSS + Directory Traversal,
Yam Mesicka
- Aruba Mobility Controller - multiple advisories: DoS and authentication bypass,
Robbie Gill
- HTB22805: Path disclosure in Redaxscript,
advisory
- HTB22803: Path disclosure in Razor CMS,
advisory
- HTB22799: Path disclosure in Pluck CMS,
advisory
- HTB22798: Path disclosure in Pluck CMS,
advisory
- HTB22804: SQL Injection in Redaxscript,
advisory
- Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability,
YGN Ethical Hacker Group
- [USN-1053-1] Subversion vulnerabilities,
Marc Deslauriers
- [security bulletin] HPSBMA02627 SSRT090246 rev.1 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code,
security-alert
- ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-036: IBM DB2 db2dasrrm receiveDASMessage Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2153-1] linux-2.6 security update,
dann frazier
- [SECURITY] [DSA-2154-1] exim4 security update,
Stefan Fritsch
- [SECURITY] [DSA 2155-1] freetype security update,
Moritz Muehlenhoff
- [HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb,
Hafez Kamal
- [SECURITY] [DSA-2156-1] pcscd security update,
Steve Kemp
- [SECURITY] [DSA-2154-2] exim4 regression fix,
Stefan Fritsch
- CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue,
Jan Lehnardt
- VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection,
Andrea Fabrizi
- TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow,
noreply
- TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service,
noreply
- TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution,
noreply
- FreeBSD local denial of service - forced reboot,
HI-TECH .
- [SECURITY] [DSA 2152-1] hplip security update,
Moritz Muehlenhoff
- CA20101231-01: Security Notice for CA ARCserve D2D (updated),
Williams, James K
- HTB22793: XSRF (CSRF) in KaiBB,
advisory
- [USN-1052-1] OpenJDK vulnerability,
Steve Beattie
- HTB22796: Path disclousure in DBHcms,
advisory
- HTB22797: Path disclousure in BLOG:CMS,
advisory
- OpenOffice.org Multiple Memory Corruption Vulnerabilities,
VSR Advisories
- Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212),
StenoPlasma @ www.ExploitDevelopment.com
- [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities,
Martin Schulze
- Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Huawei HG default WEP/WPA generator,
Pedro Joaquín
- Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
- IETF RFC on "the implementation of the TCP urgent mechanism",
Fernando Gont
- [ MDVSA-2011:019 ] libuser,
security
- PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm,
Joshua Gimer
- VUPEN Security Research - Novell GroupWise "TZID" Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004),
VUPEN Security Research
- Microsoft IIS 6 parsing directory x.asp Vulnerability,
info
- HTB22795: Path disclosure in Hycus CMS,
advisory
- [USN-1051-1] HPLIP vulnerability,
Marc Deslauriers
- [security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS),
security-alert
- [DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss,
Alexandr Polyakov
- [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection,
Tim Brown
- [DSECRG-11-008] Open Edge RDBMS - Multiple architecture vulnerabilities (UNPATCHED),
Alexandr Polyakov
- syslog-ng wrong file permission vulnerability,
SZALAY Attila
- [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow,
Alexandr Polyakov
- [security bulletin] HPSBMA02624 SSRT100195 rev.2 - HP LoadRunner and HP Performace Center, Remote Execution of Arbitrary Code,
security-alert
- [DSECRG-00145] SAP Crystal Reports 2008 - Directory Traversal,
Alexandr Polyakov
- HTB22787: Path disclousure in Pligg CMS,
advisory
- [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method,
Alexandr Polyakov
- HTB22789: Path disclousure in Pivotx,
advisory
- [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files,
Alexandr Polyakov
- [DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods,
Alexandr Polyakov
- HTB22790: XSS in Pivotx,
advisory
- HTB22792: XSS in Pixelpost,
advisory
- HTB22788: XSS in Pivotx,
advisory
- HTB22791: File Content Disclosure in Pixelpost,
advisory
- [DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method,
Alexandr Polyakov
- HTB22794: Path disclousure in Pixelpost,
advisory
- [CFP] LACSEC 2011: 6th Network Security Event for Latin America and the Caribbean,
Fernando Gont
- [USN-1048-1] Tomcat vulnerability,
Marc Deslauriers
- phpcms V9 BLind SQL Injection Vulnerability,
eidelweiss
- [USN-1047-1] AWStats vulnerability,
Marc Deslauriers
- [SECURITY] [DSA 2150-1] request-tracker3.6 security update,
Thijs Kinkhorst
- [ MDVSA-2011:018 ] sudo,
security
- [ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities,
Tim Sammut
- [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities,
Tim Sammut
- [ MDVSA-2011:017 ] tetex,
security
- [ MDVSA-2011:016 ] t1lib,
security
- [ MDVSA-2011:014 ] ccid,
security
- NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability,
NSO Research
- IETF RFC on Port Randomization,
Fernando Gont
- [ MDVSA-2011:015 ] pcsc-lite,
security
- Code execution in Microsoft Fax Cover Page Editor,
Luigi Auriemma
- London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL,
Major Malfunction
- [TEHTRI-Security] CVE-2010-2599: Update your BlackBerry,
Laurent OUDOT at TEHTRI-Security
- [security bulletin] HPSBMA02622 SSRT100342 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBUX02623 SSRT100355 rev.1 - HP-UX Running Kerberos, Remote Unauthorized Modification,
security-alert
- SQL Injection in Pixie,
advisory
- DotNetNuke Remote Code Execution vulnerability,
Daniel Niggebrugge
- [USN-1046-1] Sudo vulnerability,
Jamie Strandboge
- [SECURITY] [DSA 2149-1] Security update for dbus,
Nico Golde
- [security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code,
security-alert
- [USN-1045-1] FUSE vulnerability,
Marc Deslauriers
- [ MDVSA-2011:013 ] hplip,
security
- [USN-1045-2] util-linux update,
Marc Deslauriers
- Simploo CMS Community Edition - Remote PHP Code Execution Issue,
david . kurz
- [USN-1044-1] D-Bus vulnerability,
Jamie Strandboge
- AST-2011-001: Stack buffer overflow in SIP channel driver,
Asterisk Security Team
- [SECURITY] [DSA 2148-1] Security update for tor,
Moritz Muehlenhoff
- [ MDVSA-2011:012 ] mysql,
security
- 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331),
Mark Stanislav
- Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code),
th_decoder
- [ MDVSA-2011:010 ] xfig,
security
- [ GLSA 201101-05 ] OpenAFS: Arbitrary code execution,
Stefan Behte
- [ GLSA 201101-07 ] Prewikka: password disclosure,
Stefan Behte
- [SECURITY] [DSA 2144-1] Security update for wireshark,
Moritz Muehlenhoff
- [SECURITY] [DSA 2145-1] Security update for libsmi,
Moritz Muehlenhoff
- [ GLSA 201101-03 ] libvpx: User-assisted execution of arbitrary code,
Tim Sammut
- [SECURITY] [DSA 2147-1] Security update for pimd,
Steve Kemp
- [ GLSA 201101-04 ] aria2: Directory traversal,
Tobias Heinlein
- [ GLSA 201101-02 ] Tor: Remote heap-based buffer overflow,
Tim Sammut
- [SECURITY] [DSA 2146-1] Security update for mydms,
Moritz Muehlenhoff
- [ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error,
Stefan Behte
- [ MDVSA-2011:011 ] opensc,
security
- [ MDVSA-2011:009 ] gif2png,
security
- [ MDVSA-2011:008 ] perl-CGI,
security
- Remote Code Execution in ICQ 7,
Daniel Seither
- [ MDVSA-2011:006 ] subversion,
security
- [ MDVSA-2011:007 ] wireshark,
security
- [SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Giuseppe Iuculano
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
- [security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [ MDVSA-2011:005 ] evince,
security
- [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue,
david . kurz
- Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11),
Dragos Ruiu
- [USN-1042-2] PHP5 regression,
Steve Beattie
- [security bulletin] HPSBMA02624 SSRT100195 rev.1 - HP LoadRunner, Remote Execution of Arbitrary Code,
security-alert
- CONFidence 2011 - Call for Papers - 24-25.05.2011 Krakow, Poland,
Andrzej Targosz
- [USN-1043-1] Little CMS vulnerability,
Steve Beattie
- [SECURITY] [DSA-2141-4] New lighttpd packages fix regression,
Stefan Fritsch
- [security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure,
Onapsis Research Labs
- iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability,
labs-no-reply
- [Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart,
Onapsis Research Labs
- Call for Papers: DIMVA 2011 - Extended Deadline Jan 21,
Konrad Rieck
- [USN-1042-1] PHP vulnerabilities,
Steve Beattie
- SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1,
Spala Ferenc
- [USN-1009-2] GNU C Library vulnerability,
Kees Cook
- 2011 Rocky Mountain Information Security Conference Call for Papers,
alex . wood
- [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation,
Florian Weimer
- [security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC,
Nelson Brito
- ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products,
ACROS Security Lists
- [security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- XSRF (CSRF) in whCMS,
advisory
- XSRF (CSRF) in Cambio,
advisory
- XSS vulnerability in diafan.CMS,
advisory
- XSRF (CSRF) in diafan.CMS,
advisory
- XSS vulnerability in VaM Shop,
advisory
- XSRF (CSRF) in Energine,
advisory
- Path disclosure in Energine,
advisory
- Stored XSS vulnerability in diafan.CMS,
advisory
- XSRF (CSRF) in VaM Shop,
advisory
- SQL injection vulnerability in Energine,
advisory
- [ MDVSA-2011:004 ] php-phar,
security
- NewvCommon.ocx ActiveX Remote Code Execution Vulnerability,
wsn1983
- NewvCommon.ocx ActiveX Insecure Method Vulnerability,
wsn1983
- NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute,
yuguo . cn
- www.eVuln.com : "fold" and "site" SQL Injections in WikLink,
bt
- [ MDVSA-2011:003 ] MHonArc,
security
- Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service,
Digit Security Research
- [ MDVSA-2011:002 ] wireshark,
security
- Web Hacking & Database Hijack Online Challenge,
Ivan Buetler
- CUDA drivers/Linux security hole,
gran
- [USN-1038-1] dpkg vulnerability,
Kees Cook
- call for participation,
chpardhasaradhisarma
- McAfee Commandline Updater,
Technion
- GNU libc/regcomp(3) Multiple Vulnerabilities,
cxib
- [USN-1040-1] Django vulnerabilities,
Jamie Strandboge
- [USN-1039-1] AppArmor update,
Jamie Strandboge
- [USN-1037-1] ifupdown update,
Jamie Strandboge
- [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal,
Raphael Geissert
- XSS vulnerability in PHP MicroCMS,
advisory
- XSS vulnerability in WonderCMS,
advisory
- Authentication bypass in phpMySport,
advisory
- XSRF (CSRF) in PHP MicroCMS,
advisory
- SQL Injection in Phenotype CMS,
advisory
- SQL Injection in phpMySport,
advisory
- Path disclousure in phpMySport,
advisory
- [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option,
Stefan Fritsch
- [SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw,
Stefan Fritsch
- [SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw,
Stefan Fritsch
- [SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow,
Stefan Fritsch
- Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference,
Kyprianos Vasilopoulos
- [ GLSA 201101-01 ] gif2png: User-assisted execution of arbitrary code,
Tim Sammut
- Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability,
YGN Ethical Hacker Group
- Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section,
Walikar Riyaz Ahemed Dawalmalik
- Multiple XSS Vulnerabilities in Openfire 3.6.4 Administrative Section,
Walikar Riyaz Ahemed Dawalmalik
- BlogEngine.NET 1.6 Multiple Vulnerabilities,
Deniz CEVIK
- [ MDVSA-2011:000 ] phpmyadmin,
security
- Getting root, the hard way,
Dan Rosenberg
- [USN-1035-1] Evince vulnerabilities,
Marc Deslauriers
- www.eVuln.com : "id" SQL Injection in WikLink,
bt
- VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap,
VMware Security Team
- Plunging Through the Palo Alto Networks Firewall,
Jeromie
- [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss,
Ewerson Guimarães (Crash) - Dclabs
- Mathematica8 on Linux /tmp/MathLink vulnerability,
paul . szabo
- [ACM, Ariadne Content Manager] unauth. SQL injection + user enumeration,
Andrea Purificato
- Geeklog 1.7.1 <= Cross Site Scripting Vulnerability,
YGN Ethical Hacker Group
- www.eVuln.com : SQL Injection in WikLink,
bt
- Announcing cross_fuzz, a potential 0-day in circulation, and more,
Michal Zalewski
- CA20101231-01: Security Notice for CA ARCserve D2D,
Williams, James K
- [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities,
Thijs Kinkhorst
- HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc,
ipsdix
- [ MDVSA-2010:260 ] libxml2,
security
- Path disclousure in Nibbleblog,
advisory
- Path disclosure in LightNEasy,
advisory
- CSRF (Cross-Site Request Forgery) in Open blog,
advisory
- Path disclousure in ocPortal,
advisory
- LFI in LightNEasy,
advisory
- Path disclousure in OpenCart,
advisory
- Information disclosure in LightNEasy,
advisory
- CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc,
ipsdix
- SQL Injection in LightNEasy,
advisory
- OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS,
Attilla de Groot
- [SECURITY] [DSA 2138-1] Security update for wordpress,
Giuseppe Iuculano
- Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc,
ipsdix
- Pre Jobo .NET "Password" SQL Injection Vulnerability,
non customers
- Fedora 14 - Format string attack in allegro-tools package,
rafaldworaczek
- Path disclosure in KaiBB,
advisory
- SQL injection in KaiBB,
advisory
- [security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access,
security-alert
- BBcode XSS in KaiBB,
advisory
- [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10,
come2waraxe
- YEKTAWEB CMS XSS Vulnerability,
faghani
- HotWeb Rentals "PageId" SQL Injection Vulnerability,
non customers
- [ MDVSA-2010:251-1 ] firefox,
security
- Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability,
MyDoom2009
- Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc,
ipsdix
- Security Advisory - FlexVision Listener Vulnerability,
Victor Ribeiro Hora
- Multiple Vulnerabilities in OpenClassifieds 1.7.0.3,
mike
- [IMF 2011] 2nd Call - Deadline Extended,
Oliver Goebel
- Pligg XSS and SQL Injection,
mike
- [ MDVSA-2010:259 ] pidgin,
security
- [ MDVSA-2010:251-2 ] firefox,
security
- Django admin list filter data extraction / leakage,
Adam Baldwin
- [SECURITY] [DSA 2137-1] Security update for libxml2,
Moritz Muehlenhoff
- MyBB 1.6 <= SQL Injection Vulnerability,
YGN Ethical Hacker Group
- [waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0,
come2waraxe
- Asan Portal (IdehPardaz) Multiple Vulnerabilities,
info
- Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability,
Secunia Research
- [security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code,
security-alert
- Sigma Portal Denial of Service Vulnerability,
info
- www.eVuln.com : HTTP Response Splitting in Social Share,
bt
- [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities,
Moritz Muehlenhoff
- VSR Advisories: Citrix Access Gateway Command Injection Vulnerability,
VSR Advisories
- VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw,
VMware Security Team
- [SECURITY] [DSA-2136-1] New tor packages fix potential code execution,
Raphael Geissert
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04,
research
- Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability,
Secunia Research
- Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows,
Secunia Research
- [ MDVSA-2010:258 ] mozilla-thunderbird,
security
- LFI in Hycus CMS,
advisory
- [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34,
come2waraxe
- PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing),
research
- [security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code,
security-alert
- www.eVuln.com : Authentication Bypass by SQL Injection in Social Share,
bt
- XSS vulnerability in ImpressCMS,
advisory
- nSense-2010-004: Sybase Afaria,
Henri Lindberg
- Path disclosure in HTML-EDIT CMS,
advisory
- XSS vulnerability in Injader CMS,
advisory
- Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows,
Secunia Research
- XSS in HTML-EDIT CMS,
advisory
- Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability,
Secunia Research
- Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability,
Secunia Research
- nSense-2010-005: Winamp,
Henri Lindberg
- Path disclosure in Habari,
advisory
- SQL Injection in HTML-EDIT CMS,
advisory
- SQL injection in Injader CMS,
advisory
- XSS vulnerability in Habari,
advisory
- Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow,
Secunia Research
- Path disclosure in GetSimple CMS,
advisory
- SQL injection in Hycus CMS,
advisory
- OpenBSD CARP Hash Vulnerability,
Sam Banks
- Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow,
Secunia Research
- Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability,
Secunia Research
- www.eVuln.com : "postid" SQL Injection in Social Share,
bt
- Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004,
Sense of Security
- Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability,
Secunia Research
- Default SSL Keys in Multiple Routers,
cheffner
- Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability,
Secunia Research
- MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability,
YGN Ethical Hacker Group
- [SECURITY] [DSA 2134-1] Upcoming changes in advisory format,
Moritz Muehlenhoff
- Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277,
Rodrigo Branco
- Apple Quicktime Memory Corruption - CVE-2010-3801,
Rodrigo Branco
- [USN-1033-1] Eucalyptus vulnerability,
Kees Cook
- [ GLSA 201012-01 ] Chromium: Multiple vulnerabilities,
Tobias Heinlein
- Making Security Suck Less,
Pete Herzog
- [ MDVSA-2010:257 ] kernel,
security
- Alt-N WebAdmin Source Code Disclosure,
wsn1983
- www.eVuln.com : "link" and "linkdescription" XSS in Social Share,
bt
- www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share,
bt
- cross site scripting vulnerability in BLOG:CMS,
advisory
- PR10-06: Cross-domain redirect on PGP Universal Web Messenger,
research
- 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332),
Mark Stanislav
- 'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333),
Mark Stanislav
- Stored Cross Site Scripting vulnerability in BEdita,
advisory
- XSRF (CSRF) in BLOG:CMS,
advisory
- Updated online binary planting exposure test continues operation,
ACROS Security Lists
- XSRF (CSRF) in BEdita,
advisory
- XSS vulnerability in BEdita,
advisory
- XSS vulnerability in BLOG:CMS,
advisory
- [security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
- Call for Paper @ Swiss Cyber Storm 3,
Ivan Buetler
- www.eVuln.com : "error" Non-persistent XSS in slickMsg,
bt
- VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206),
VUPEN Security Research
- [security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access,
security-alert
- VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199),
VUPEN Security Research
- Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project,
Solar Designer
- [ MDVSA-2010:256 ] git,
security
- VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201),
VUPEN Security Research
- [security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS),
security-alert
- VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200),
VUPEN Security Research
- [security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code,
security-alert
- VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041),
VUPEN Security Research
- [security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure,
security-alert
- OpenBSD Paradox,
musnt live
- [ MDVSA-2010:255 ] php-intl,
security
- [ MDVSA-2010:254 ] php,
security
- www.eVuln.com : BBCode CSS XSS in slickMsg,
bt
- OpenBSD's IPSEC is Backdoored,
musnt live
- [USN-1024-2] OpenJDK regression,
Kees Cook
- Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root,
Kryptos Logic Secure
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability,
labs-no-reply
- [security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access,
security-alert
- Microsoft Internet Explorer Denial of Service Vulnerability,
info
- ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book,
ACROS Security Lists
- minor browser UI nitpicking,
Michal Zalewski
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability,
labs-no-reply
OSSTMM 3 Now Available!,
Pete Herzog
www.eVuln.com : "post" - Non-persistent XSS in slickMsg,
www.eVuln.com Advisories
USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb,
xpo xpo
[ MDVSA-2010:253 ] bind,
security
Honggfuzz,
Robert Święcki
VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31),
VUPEN Security Research
VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30),
VUPEN Security Research
VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005),
VUPEN Security Research
VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003),
VUPEN Security Research
VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004),
VUPEN Security Research
[ MDVSA-2010:252 ] perl-CGI-Simple,
security
[SECURITY] [DSA-2133-1] New collectd packages fix denial of service,
Raphael Geissert
www.eVuln.com : "url" BBCode XSS in slickMsg,
bt
hidden admin user on every HP MSA2000 G3,
hpdisclosure
[CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service,
Core Security Technologies Advisories
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ ExploitDevelopment
Call for Papers -- BADGERS 2011,
Federico Maggi
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability,
labs-no-reply
iwconfig and recent patches?,
Jeffrey Walton
[SECURITY] [DSA-2130-1] New BIND packages fix denial of service,
Florian Weimer
[security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities,
security-alert
Exim security issue in historical release,
nigel
TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities,
Trustwave Advisories
[USN-1032-1] Exim vulnerability,
Kees Cook
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability,
labs-no-reply
[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD,
HI-TECH .
Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability,
robkraus
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution,
Stefan Fritsch
ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability,
robkraus
ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities,
robkraus
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow,
cxib
www.eVuln.com : Non-persistent XSS in slickMsg,
bt
[ MDVSA-2010:251 ] firefox,
security
[USN-1031-1] ClamAV vulnerabilities,
Steve Beattie
Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ www.ExploitDevelopment.com
[USN-1020-1] Thunderbird vulnerabilities,
Jamie Strandboge
[USN-1019-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
www.eVuln.com : Non-persistent XSS in BizDir,
bt
CA20101209-01: Security Notice for CA XOsoft,
Kotas, Kevin J
Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774),
Michal Zalewski
Cross Site Scripting vulnerability in Diferior,
advisory
XSS vulnerability in Diferior,
advisory
[USN-1030-1] Kerberos vulnerabilities,
Marc Deslauriers
XSRF (CSRF) in CMScout,
advisory
[ MDVSA-2010:250 ] perl-CGI-Simple,
security
Follow-up on HTTP Parameter Pollution,
embyte
www.eVuln.com : Non-persistent XSS in WWWThreads (perl version),
bt
[security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS),
security-alert
Google Website Optimizer security issue reportedly fixed,
Juha-Matti Laurio
[USN-1029-1] OpenSSL vulnerabilities,
Steve Beattie
[security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS),
security-alert
iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability,
labs-no-reply
Re: [Full-disclosure] Linux kernel exploit,
Kai
Re: [Full-disclosure] Linux kernel exploit,
Ryan Sears
Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability,
Secunia Research
Linux kernel exploit,
Dan Rosenberg
RE: [Full-disclosure] Linux kernel exploit,
John Jacobs
Re: Linux kernel exploit,
Wolf
[USN-1028-1] ImageMagick vulnerability,
Marc Deslauriers
www.eVuln.com : HTTP Response Splitting in WWWThreads (php version),
bt
[USN-1027-1] Quagga vulnerabilities,
Marc Deslauriers
[USN-1026-1] Python Paste vulnerability,
Marc Deslauriers
[security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code,
security-alert
[ MDVSA-2010:249 ] clamav,
security
Multiple XSS in Solarwinds Orion NPM 10.1,
John Blakley
LFI in Exponent CMS,
advisory
Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser,
Kryptos Logic Secure
[ MDVSA-2010:248 ] openssl,
security
XSS vulnerability in Zimplit CMS,
advisory
www.eVuln.com : XSS vulnerability in WWWThreads (php version),
bt
VMSA-2010-0019 VMware ESX third party updates for Service Console,
VMware Security Team
Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET),
Christopher Kruegel
rPSA-2010-0076-1 gnupg,
rPath Update Announcements
[www.eVuln.com] SQL Injection vulnerability in Alguest,
bt
'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330),
Mark Stanislav
OWASP Zed Attack Proxy version 1.1.0,
psiinon
[ MDVSA-2010:247 ] kernel,
security
Vulnerabilities in Register Plus Redux for WordPress,
MustLive
[security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
[eVuln.com] Cookie authentication bypass in Alguest,
bt
[eVuln.com] PHP Code Execution in Alguest,
bt
VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues,
VMware Security team
New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)",
Amit Klein
Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001),
Steno Plasma
NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration,
Research@NGSSecure
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution,
Giuseppe Iuculano
[SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness,
Stefan Fritsch
[USN-1025-1] Bind vulnerabilities,
Marc Deslauriers
Vulnerabilities in Fabrica Engine,
MustLive
[eVuln.com] Multiple XSS in Alguest,
bt
Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow,
Secunia Research
Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt,
eidelweiss
[ MDVSA-2010:245 ] krb5,
security
[ MDVSA-2010:246 ] krb5,
security
CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net,
CORE Security Technologies Advisories
MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021],
Tom Yu
[USN-1024-1] OpenJDK vulnerability,
Marc Deslauriers
VMSA-2010-0017 VMware ESX third party update for Service Console kernel,
VMware Security Team
[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues,
dann frazier
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities,
Juan Galiana Lara
[eVuln.com] Multiple SQL injections in Wernhart Guestbook,
bt
[eVuln.com] Multiple XSS inj in Wernhart Guestbook,
bt
[ MDVSA-2010:244 ] phpmyadmin,
security
'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313),
Mark Stanislav
[CVE-2010-3449] Apache Archiva CSRF Vulnerability,
Deng Ching
FreeBSD Security Advisory FreeBSD-SA-10:10.openssl,
FreeBSD Security Advisories
[ MDVSA-2010:243 ] libxml2,
security
Vulnerabilities in Joomla,
MustLive
[ MDVSA-2010:242 ] wireshark,
security
[SECURITY] [DSA-2127-1] New wireshark packages fix denial of service,
Stefan Fritsch
SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X,
u6q
Google Desktop Insecure Library Loading Vulnerability,
apa-iutcert
AOL Instant Messenger Insecure Library Loading Vulnerability,
apa-iutcert
jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload,
underground stockholm
XSRF (CSRF) in Wolf CMS,
advisory
Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(,
Dan Rosenberg
[eVuln.com] URL XSS in Easy Banner Free,
bt
[eVuln.com] SQL injection Auth Bypass in Easy Banner Free,
bt
[Suspected Spam]Vulnerabilities in Register Plus for WordPress,
MustLive
NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI),
0kn0ck
CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp,
0kn0ck
[USN-1022-1] APR-util vulnerability,
Marc Deslauriers
[eVuln.com] SQL injections in FreeTicket,
bt
XSS vulnerability in Frog CMS,
advisory
[USN-1021-1] Apache vulnerabilities,
Marc Deslauriers
XSRF (CSRF) in Frog CMS,
advisory
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption,
Advisories Toucan-System
XSS vulnerability in Wolf CMS,
advisory
[security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized,
security-alert
[ MDVSA-2010:241 ] gnucash,
security
[ MDVSA-2010:240 ] mono,
security
[eVuln.com] email XSS in SimpLISTic,
bt
[eVuln.com] Multiple XSS in MCG GuestBook,
bt
Mozilla Firefox 3.6.12 Denial of Service Vulnerability,
info
The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness,
ACROS Security Lists
[SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow,
Stefan Fritsch
Juniper VPN client rdesktop clickhack,
niekt0
ZyXEL P-660R-T1 V2 XSS,
Usman Saeed
[eVuln.com] sitename XSS in Hot Links Lite,
bt
Microsoft Visual Studio vulnerability,
jabea
ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162,
Security_Alert
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability,
Mark Thomas
NGS00015 Patch Notification: ImageIO Memory Corruption,
Research@NGSSecure
[eVuln.com] url XSS in Hot Links Lite,
bt
[eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version),
bt
H2HC Cancun - Free Entrance!,
Rodrigo Rubira Branco (BSDaemon)
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298),
Mark Stanislav
Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability,
Amit Klein
vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization,
advisories
New vulnerabilities in CMS SiteLogic,
MustLive
[USN-1018-1] OpenSSL vulnerability,
Steve Beattie
[ MDVSA-2010:239 ] php,
security
[eVuln.com] URL and Title XSS in AxsLinks,
bt
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245),
VUPEN Security Research
[eVuln.com] Cookie Auth Bypass in Hot Links SQL,
bt
Vtiger CRM 5.2.0 Multiple Vulnerabilities,
ascii
H2CSO (Hackers to CSO) debate second edition - Free Live Streaming,
Rodrigo Rubira Branco (BSDaemon)
VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246),
VUPEN Security Research
[HITB-Announce] HITB2011AMS -- Call For Papers now Open,
Hafez Kamal
XSS in CompactCMS,
advisory
Multiple vulnerabilities in chCounter <= 3.1.3,
Soporte CERT
[ MDVSA-2010:238 ] openssl,
security
AWCM v2.2 Auth Bypass Vulnerabilities,
eidelweiss
nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November,
nullcon
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products,
Cisco Systems Product Security Incident Response Team
SQL injection in IceBB,
advisory
SQL injection in CompactCMS,
advisory
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038,
Florent Daigniere
SQL Injection in CLANSPHERE,
advisory
XSS in CLANSPHERE,
advisory
Path disclosure in CLANSPHERE,
advisory
BBcode XSS in CLANSPHERE,
advisory
Path disclosure in IceBB,
advisory
Information disclosure in IceBB,
advisory
[ MDVSA-2010:232 ] cups,
security
[ MDVSA-2010:237 ] perl-CGI,
security
[ MDVSA-2010:233 ] cups,
security
[ MDVSA-2010:236 ] freetype2,
security
[ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities,
Tobias Heinlein
Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer,
Amit Klein
LFI and XSS vulnerability in openEngine,
SecPod Research
[ MDVSA-2010:234 ] cups,
security
[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files,
security-alert
[ MDVSA-2010:235 ] freetype2,
security
VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components,
VMware Security team
Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability,
YGN Ethical Hacker Group
Packet Storm - New Site,
bugtraq
Saved XSS vulnerability in Internet Explorer,
MustLive
TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera,
Trustwave Advisories
vBulletin 4.0.8 - Persistent XSS via Profile Customization,
advisories
[SECURITY] [DSA 2038-3] New pidgin packages fix regression,
Thijs Kinkhorst
[ MDVSA-2010:230 ] poppler,
security
[ MDVSA-2010:231 ] poppler,
security
[TEHTRI-Security] CVE-2010-1752: Update your MacOSX,
Laurent OUDOT at TEHTRI-Security
[ MDVSA-2010:228 ] xpdf,
security
[ MDVSA-2010:229 ] kdegraphics,
security
[ MDVSA-2010:227 ] proftpd,
security
[USN-1016-1] libxml2 vulnerability,
Jamie Strandboge
[HITB-Announce] HITB Magazine #5 Call for Articles,
Hafez Kamal
iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability,
labs-no-reply
FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs,
FreeBSD Security Advisories
Additional information on the Microsoft Office 2010 binary planting bugs,
ACROS Security Lists
CORE-2010-1018 - Landesk OS command injection,
CORE Security Technologies Advisories
[USN-1017-1] MySQL vulnerabilities,
Marc Deslauriers
Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability,
Secunia Research
Apple Directory Services Memory Corruption - CVE-2010-1840,
Rodrigo Branco
Vulnerability in Google AJAX Search,
MustLive
eBlog 1.7 Multiple SQL Injection Vulnerabilities,
Salvatore Fresta aka Drosophila
[ MDVSA-2010:226 ] dhcp,
security
Babylon Cross-Application Scripting Code Execution,
Roee Hay
[USN-1015-1] libvpx vulnerability,
Jamie Strandboge
ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010,
ACROS Security Lists
ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010,
ACROS Security Lists
Kernel 0-day,
Dan Rosenberg
iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability,
labs-no-reply
[ MDVSA-2010:225-1 ] libmbfl,
security
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
