Bugtraq
[Prev Page][Next Page]
- NSOADV-2010-008: AnNoText Third-Party ActiveX Control Buffer Overflow,
NSO Research
- XCon 2010 XFocus Information Security Conference Call for Paper,
xcon
- CVE-2010-1622: Spring Framework execution of arbitrary code,
s2-security
- [security bulletin] HPSBUX02543 SSRT100152 rev.1 - HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access,,
security-alert
- TitanFTP Server COMB directory traversal,
bill
- [SECURITY] [DSA 2063-1] New pmount packages fix denial of service,
Giuseppe Iuculano
- Vulnerabilities in Firebook,
MustLive
- [ MDVSA-2010:119 ] samba,
security
- TEHTRI-Security released 13 0days against web tools used by evil attackers,
Laurent OUDOT at TEHTRI-Security
- [ MDVSA-2010:118 ] sudo,
security
- [SECURITY] [DSA 2062-1] New sudo packages fix environment sanitization bypass vulnerability,
Giuseppe Iuculano
- TurboFTP Server Directory Traversal Vulnerability,
leinakesi
- [MajorSecurity SA-074]CMS RedAks 2.0 - Multiple Cross-site Scripting issues,
david . kurz
- iDefense Security Advisory 06.16.10: Samba 3.3.12 Memory Corruption Vulnerability,
iDefense Labs
- [security bulletin] HPSBOV02540 SSRT090249 rev.1 - HP SSL for OpenVMS, Remote Unauthorized Data Injection, Denial of Service(Dos),
security-alert
- ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-110: Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- [USN-951-1] Samba vulnerability,
Kees Cook
- [SECURITY] [DSA 2061-1] New samba packages fix arbitrary code execution,
Nico Golde
- [ MDVSA-2010:117 ] cacti,
security
- [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass,
Onapsis Research Labs
- ZDI-10-108: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Remote Code Execution Vulnerability,
ZDI Disclosures
- VUPEN Security Research - Adobe Flash Player "newclass" Invalid Pointer Vulnerability (CVE-2010-2173),
VUPEN Security Research
- Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit,
g1xsystem
- VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities (CVE-2010-2167),
VUPEN Security Research
- VUPEN Security Research - Adobe Flash Player "newfunction" Invalid Pointer Vulnerability (CVE-2010-2174),
VUPEN Security Research
- TitanFTP Server Arbitrary File Disclosure,
bill
- CORE-2010-0514: XnView MBM Processing Heap Overflow,
CORE Security Technologies Advisories
- [SECURITY] [DSA 2054-2] New bind9 packages fix cache poisoning,
Martin Schulze
- [ GLSA 201006-21 ] UnrealIRCd: Multiple vulnerabilities,
Alex Legler
- [SECURITY] [DSA 2060-1] New cacti packages fix SQL injection,
Nico Golde
- [security bulletin] HPSBPI02532 SSRT100111 rev.2 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access,
security-alert
- [security bulletin] HPSBMA02537 SSRT010027 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability,
david . kurz
- SQL injection vulnerability in MODx CMS,
advisory
- [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068,
William A. Rowe Jr.
- [ MDVSA-2010:116 ] perl,
security
- Stored XSS vulnerability in AneCMS blog module,
advisory
- Cherokee Web Server 0.5.3 Multiple Vulnerabilities,
info
- SQL injection vulnerability in AneCMS,
advisory
- SQL injection vulnerability in MODx CMS and Application Framework,
advisory
- [ MDVSA-2010:115 ] perl,
security
- [ MDVSA-2010:114 ] dhcp,
security
- Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow,
Secunia Research
- iDefense Security Advisory 06.10.10: Adobe Flash Player Use-After-Free Vulnerability,
iDefense Labs
- iDefense Security Advisory 06.10.10: Adobe Flash Player Out Of Bounds Memory Indexing Vulnerability,
iDefense Labs
- ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability,
ZDI Disclosures
- iDefense Security Advisory 06.07.10: Multiple Vendor WebKit HTML Caption Use After Free Vulnerability,
iDefense Labs
- [SECURITY] [DSA 2059-1] New pcsc-lite packages fix privilege escalation,
Thijs Kinkhorst
- [MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues,
david . kurz
- Vulnerabilities in Belavir for WordPress,
MustLive
- [SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities,
Aurelien Jarno
- Awcm Cms Local File Inclusion Vulnerability,
x0 . root
- [ MDVSA-2010:113 ] wireshark,
security
- TPTI-10-03: Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation Vulnerability,
ZDI Disclosures
- PR09-17: Juniper Secure Access seriers (Juniper IVE) authenticated XSS & REDIRECTION,
research
- Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly,
Tavis Ormandy
- McAfee UTM Firewall Help Reflected Cross-Site Scripting,
Adam Baldwin
- VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249),
VUPEN Security Research
- [MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting,
david . kurz
- VUPEN Security Research - Microsoft Windows Kernel "GetDCEx()" Memory Corruption Vulnerability (CVE-2010-0484),
VUPEN Security Research
- [MajorSecurity SA-068]Anantasoft Gazelle CMS - change admin password via Cross-site Request Forgery,
david . kurz
- VUPEN Security Research - Microsoft Office Excel HFPicture Buffer Overflow Vulnerability (CVE-2010-1248),
VUPEN Security Research
- Cisco Security Advisory: Cisco Application Extension Platform Privilege Escalation Vulnerability,
Cisco Systems Product Security Incident Response Team
- CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls,
Kotas, Kevin J
- Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center Express,
Cisco Systems Product Security Incident Response Team
- VUPEN Security Research - Microsoft Office Excel WOPT Heap Corruption Vulnerability (CVE-2010-0824),
VUPEN Security Research
- [MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery,
david . kurz
- [USN-950-1] MySQL vulnerabilities,
Marc Deslauriers
- VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability (CVE-2010-1246),
VUPEN Security Research
- Dlink Di-604 router authenticated user ping tool Xss and DoS,
Ewerson Guimarães (Crash) - Dclabs
- VUPEN Security Research - Microsoft Office Excel SxView Memory Corruption Vulnerability (CVE-2010-1245),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel RTD Heap Corruption Vulnerability (CVE-2010-1247),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822),
VUPEN Security Research
- [CORE-2010-0415] SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application,
CORE Security Technologies Advisories
- [security bulletin] HPSBMA02537 SSRT010027 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- ZDI-10-105: Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability,
ZDI Disclosures
- tool: ref_fuzz (CVE-2010-1259 / MS10-035 and more),
Michal Zalewski
- ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability,
ZDI Disclosures
- IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell,
Cristofaro Mune
- ZDI-10-106: Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-092: Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-094: Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-095: Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-091: Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:111 ] glibc,
security
- DoS attacks on email clients via protocol handlers,
MustLive
- ArpON (Arp handler inspectiON) 2.0 released!,
Andrea Di Pasquale
- Blue Arc Group - IgnitionSuite CMS WebDMailer unsubscribe issue,
Patrick Webster
- Recon 2010 - Speaker list, new additional capacity for sold-out training, party details,
Hugo Fortier
- Paessler - PRTG Traffic Grapher XSS,
Patrick Webster
- The XCon2010 is coming,
xcon
- VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392),
VUPEN Security Research
- SQL injection vulnerability in boastMachine,
advisory
- XSS vulnerability in boastMachine,
advisory
- XSRF (CSRF) in CuteSITE CMS,
advisory
- [security bulletin] HPSBUX02451 SSRT090137 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- XSS vulnerability in CuteSITE CMS,
advisory
- Core FTP Server(SFTP module) 'open' and 'stat' Commands Remote Denial of Service Vulnerability,
leinakesi
- [SECURITY] [DSA 2056-1] New zonecheck packages fix cross-site scripting,
Sebastien Delafond
- SQL injection vulnerability in CuteSITE CMS,
advisory
- [SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Giuseppe Iuculano
- [SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning,
Florian Weimer
- [SECURITY] [DSA 2055-1] New OpenOffice.org packages fix arbitrary code execution,
Nico Golde
- Core FTP mini-sftp-server Several DoS and Directory Traversal Vulnerabilities,
leinakesi
- Vulnerabilities in Gigya Socialize for WordPress,
MustLive
- [Suspected Spam][USN-947-2] Linux kernel regression,
Kees Cook
- CA20100603-01: Security Notice for CA ARCserve Backup,
Kotas, Kevin J
- [USN-948-1] GnuTLS vulnerability,
Jamie Strandboge
- [ GLSA 201006-20 ] Asterisk: Multiple vulnerabilities,
Alex Legler
- [ GLSA 201006-18 ] Oracle JRE/JDK: Multiple vulnerabilities,
Alex Legler
- [ GLSA 201006-19 ] Bugzilla: Multiple vulnerabilities,
Alex Legler
- RSA Key Manager SQL injection Vulnerability ( CVE-2010-1904 ),
Kyle Quest
- Multiple vulnerabilities in Exim,
Dan Rosenberg
- eFront Multiple Parameter Cross Site Scripting Vulnerabilities,
VUPEN Web Security
- [security bulletin] HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access,
security-alert
- [security bulletin] HPSBMA02538 SSRT100136 rev.1 - HP ServiceCenter Running on AIX, HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBST02536 SSRT100057 rev.1 - HP StorageWorks Storage Mirroring, Remote Unauthorized Access,
security-alert
- [ GLSA 201006-17 ] lighttpd: Denial of Service,
Alex Legler
- [ GLSA 201006-16 ] GD: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-15 ] XEmacs: User-assisted execution of arbitrary code,
Alex Legler
- [security bulletin] HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [ GLSA 201006-14 ] Newt: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities,
Alex Legler
- [Suspected Spam][USN-946-1] Net-SNMP vulnerability,
Kees Cook
- DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera,
MustLive
- [ GLSA 201006-12 ] Fetchmail: Multiple vulnerabilities,
Stefan Behte
- [ GLSA 201006-11 ] BIND: Multiple vulnerabilities,
Stefan Behte
- [ GLSA 201006-10 ] multipath-tools: World-writeable socket,
Stefan Behte
- TEHTRI-Security: Many 0days soon released at SyScan Singapore 2010,
Laurent OUDOT at TEHTRI-Security
- Wing FTP Server - Cross Site Scripting Vulnerability,
werew01f
- Trend Micro Data Loss Prevention 5.2 Data Leakage,
nitrØus
- [20100501] - Core - Joomla! Multiple XSS Vulnerabilities in Back End Administrative Module Core Components,
Riyaz Walikar
- SFCB vulnerabilities,
Nicolas Grégoire
- Applicure dotDefender 4.0 administrative interface cross site scripting,
Sandro Gauci
- [ GLSA 201006-09 ] sudo: Privilege escalation,
Tobias Heinlein
- [ GLSA 201006-08 ] nano: Multiple vulnerabilities,
Tobias Heinlein
- ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability,
ZDI Disclosures
- [ GLSA 201006-07 ] SILC: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 201006-06 ] Transmission: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 201006-05 ] Wireshark: Multiple vulnerabilities,
Tobias Heinlein
- Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework,
Onapsis Research Labs
- [ GLSA 201006-04 ] xine-lib: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-03 ] ImageMagick: User-assisted execution of arbitrary code,
Alex Legler
- PuTTY private key passphrase stealing attack,
Jan Schejbal
- [ GLSA 201006-02 ] CamlImages: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-01 ] FreeType 1: User-assisted execution of arbitrary code,
Alex Legler
- XSS vulnerability in Ecomat CMS,
advisory
- SQL injection vulnerability in Ecomat CMS,
advisory
- [Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple - Bkis,
Bkis
- Winamp v5.571 malicious AVI file handling DoS Vulnerability,
praveen_recker
- GR Board v1.8.6. (theme) Local File Inclusion Vulnerability,
g1xsystem
- DM Database Server Memory Corruption Vulnerability,
wsn1983
- IS-2010-001 - Netgear WG602v4 Saved Pass Stack Overflow,
Cristofaro Mune
- GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability,
g1xsystem
- [Suspected Spam]Vulnerability in ArtDesign CMS,
MustLive
- [security bulletin] HPSBUX02523 SSRT100036 rev.2 - HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege,
security-alert
- Nginx 0.8.35 Space Character Remote Source Disclosure,
info
- Groone's Simple Contact Form (abspath) Remote File Inclusion Vulnerability,
g1xsystem
- SQL injection vulnerability in ImpressPages CMS,
advisory
- [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera,
MustLive
- CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities,
Patroklos Argyroudis
- Administrivia: Real domain names in PoC/exploit examples,
dm
- SQL injection in OSCommerce Add-On Visitor Web Stats,
Christopher Schramm
- VMSA-2010-0009 ESXi ntp and ESX Service Console third party updates,
VMware Security team
- [USN-945-1] ClamAV vulnerabilities,
Jamie Strandboge
- clearsite Remote File Include Vulnerability,
admin
- [ MDVSA-2010:109 ] gtk+2.0,
security
- [ MDVSA-2010:110 ] clamav,
security
- EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30),
Dragos Ruiu
- Cross Site URL Hijacking by using Error Object in Mozilla Firefox,
subs
- FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:05.opie,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:04.jail,
FreeBSD Security Advisories
- Static analysis tool exposition (SATE) 2010 Call for participation,
Vadim Okun
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator,
Cisco Systems Product Security Incident Response Team
- ESA-2010-007: EMC Avamar Denial Of Service Vulnerability,
Security_Alert
- XSS vulnerability in razorCMS,
advisory
- [security bulletin] HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS),
security-alert
- [ MDVSA-2010:108 ] kolab-horde-framework,
security
- [security bulletin] HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access,
security-alert
- Cyberoam SSL VPN Client - Plain-text Storage of Username and Password,
Wasim Halani
- CfP: GameSec 2010 - 5 days left to the deadline,
Albert Levi
- [Suspected Spam][USN-944-1] GNU C Library vulnerabilities,
Kees Cook
- [ MDVSA-2010:107 ] mysql,
security
- Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit,
g1xsystem
- XSS vulnerability in 360 Web Manager,
advisory
- SQL injection vulnerability in 360 Web Manager,
advisory
- XSS vulnerability in RuubikCMS,
advisory
- XSS vulnerability in GetSimple CMS,
advisory
- New vulnerabilities in plugin DS-Syndicate for Joomla,
MustLive
- Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service,
cxib
- SQL injection vulnerability in Zabbix <= 1.8.1,
David Guimaraes
- Arbitrary UNC file read in IE 8,
Tim Starling
- OSSTMM 3 STAR Released!,
Pete Herzog
- London DEFCON May meet - DC4420 - Wed 26th May 2010,
Major Malfunction
- rPSA-2010-0039-1 openssl openssl-scripts,
rPath Update Announcements
- Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue,
eidelweiss
- JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability,
eidelweiss
- Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vulnerability,
yicong2010
- Vulnerabilities in DS-Syndicate for Joomla,
MustLive
- Sun Solaris 10 ftpd Cross-site request forgery,
cxib
- Webby Webserver v1.01 - Buffer overflow vulnerability with overwritten structured exception handler (SEH),
michael . messner
- Ghostscript 8.64 executes random code at startup,
ne01026
- Sun Solaris 10 libc/*convert (*cvt) buffer overflow,
cxib
- [SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues,
dann frazier
- Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities,
Dan Rosenberg
- [ MDVSA-2010:105 ] openoffice.org,
security
- Denial of Dervice vulnerability in Helix Mobile Server (RealNetworks) (14.0.0.348) with long string to PluginDirectory in rmserver.cfg file,
praveen_recker
- [SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution,
Sebastien Delafond
- [SECURITY] [DSA 2052-1] New krb5 packages fix denial of service,
Sebastien Delafond
- Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities,
Secunia Research
- [ MDVSA-2010:106 ] aria2,
security
- CompleteFTP Server v 4.x "PORT" command Remote DOS exploit,
eidelweiss
- [SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 2049-1] New barnowl packages fix arbitrary code execution,
Steffen Joeris
- [Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis,
Bkis
- HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039,
Rodrigo Branco
- XSRF (CSRF) in NPDS REvolution,
advisory
- XSS vulnerability in gpEasy CMS,
advisory
- PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console,
research
- OSSTMM 3 based Home Security Vacation Guide v.2!,
Pete Herzog
- Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability,
praveen_recker
- Mastering Trust in Security Assessments,
Pete Herzog
- Month of PHP Security - Summary - 11st May - 21th,
Stefan Esser
- [ MDVSA-2010:103 ] postgresql,
security
- [ MDVSA-2010:104 ] dovecot,
security
- [USN-942-1] PostgreSQL vulnerabilities,
Jamie Strandboge
- PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities,
VUPEN Web Security
- Cacti Multiple Parameter Cross Site Scripting Vulnerabilities,
VUPEN Web Security
- SQL injection vulnerability in LiSK CMS,
advisory
- XSRF (CSRF) in ocPortal,
advisory
- Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines,
MustLive
- XSS vulnerability in LiSK CMS,
advisory
- Multiple vulnerabilities within 3Com* iMC (Intelligent Management Center),
research
- [HITB-Announce] HITBSecConf2010 - Malaysia Call for Papers,
Hafez Kamal
- XSS bug in US Robotics firmware USR5463-v0_06.bin,
sh4v
- [ MDVSA-2010:082-1 ] clamav,
security
- [USN-941-1] MoinMoin vulnerability,
Marc Deslauriers
- [Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability,
unknown user
- Smart Douran CMS Remote File Download,
info
- [Suspected Spam][USN-940-1] Kerberos vulnerabilities,
Kees Cook
- [ MDVSA-2010:102 ] ghostscript,
security
- Linux Mint 8 mintUpdate Insecure Temporary File Creation,
L4teral
- [ MDVSA-2010:101 ] mysql,
security
- Secunia Research: Orbit Downloader metalink "name" Directory Traversal,
Secunia Research
- [ MDVSA-2010:100 ] krb5,
security
- The New ISO Hacking Standard,
Pete Herzog
- [Suspected Spam][USN-939-1] X.org vulnerabilities,
Kees Cook
- Caucho Technology Resin digest.php Cross Site Scripting Vulnerability,
xuanmumu
- Metasploit Framework 3.4.0 Released,
HD Moore
- [security bulletin] HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of Service (DoS), Increase in Privilege,
security-alert
- [ MDVSA-2010:098 ] kdenetwork4,
security
- [ MDVSA-2010:099 ] wireshark,
security
- MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref,
Tom Yu
- [security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS),
security-alert
- Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities,
geinblues
- DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers,
MustLive
- [security bulletin] HPSBOV02497 SSRT090245 rev.3 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- Security Awareness for kids,
Pete Herzog
- Stored XSS vulnerability in NPDS REvolution,
advisory
- [ MDVSA-2010:097 ] pidgin,
security
- XSS vulnerability in NPDS REvolution,
advisory
- [security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBGN02511 SSRT100022 rev.3 - Certain HP Small Form Factor, Microtower and Workstations PC's with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 2038-2] New pidgin packages fix regression,
Thijs Kinkhorst
- XSS vulnerability in JComments, Joomla,
advisory
- [SECURITY] [DSA 2047-1] New aria2 packages fix directory traversal,
Thijs Kinkhorst
- [ MDVSA-2010:096 ] tetex,
security
- CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface,
s2-security
- [oCERT-2010-001] multiple http client unexpected download filename vulnerability,
Daniele Bianco
- Joomla component SimpleDownload Local File Inclusion,
jerzy . patraszewski
- XSS, SQL injection vulnerability in I-Vision CMS,
Maciej Gojny
- Vulnerability in 3D user cloud for Joomla,
MustLive
phpvidz Administrative Password Disclosure,
mike
phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404),
VUPEN Web Security
Vulnerability in tagcloud for Kasseler CMS,
MustLive
CfP: GameSec 2010 - Deadline extended to 31 May 2010,
Albert Levi
Mathematica on Linux /tmp/MathLink vulnerability,
paul . szabo
[SECURITY] [DSA-2046-1] New phpgroupware packages fix several vulnerabilities,
Giuseppe Iuculano
LinksAutomation Multiple Remote Vulnerabilities,
md . r00t . defacer
Blind SQL injection vulnerability in NPDS REvolution,
advisory
XSS vulnerability in NPDS,
advisory
Joomla Component advertising (com_aardvertiser) File Inclusion Vulnerability,
eidelweiss
Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability,
Secunia Research
[ MDVSA-2010:095 ] libxext,
security
Secunia Research: Free Download Manager Four Buffer Overflow Vulnerabilities,
Secunia Research
Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability,
Secunia Research
[USN-938-1] KDENetwork vulnerability,
Jamie Strandboge
Secunia Research: Free Download Manager metalink "name" Directory Traversal,
Secunia Research
[security bulletin] HPSBPI02532 SSRT100111 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access,
security-alert
Secunia Research: KDE KGet Insecure File Operation Vulnerability,
Secunia Research
ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability,
ZDI Disclosures
Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch,
Cisco Systems Product Security Incident Response Team
Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow,
Secunia Research
Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability,
Secunia Research
Secunia Research: TomatoCMS "q" SQL Injection Vulnerability,
Secunia Research
Secunia Research: TomatoCMS Script Insertion Vulnerabilities,
Secunia Research
[security bulletin] HPSBMA02520 SSRT100071 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data,
security-alert
[security bulletin] HPSBMA02522 SSRT100086 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS),
security-alert
VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283),
VUPEN Security Research
VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280),
VUPEN Security Research
[ MDVSA-2010:094 ] tetex,
security
VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284),
VUPEN Security Research
VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129),
VUPEN Security Research
Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow,
Secunia Research
Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability,
Secunia Research
PolyPager 1.0rc10 (fckeditor) File Upload Security Issue,
eidelweiss
Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability,
Secunia Research
Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability,
Secunia Research
Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption,
Secunia Research
iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability,
iDefense Labs
[CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite,
Code Audit Labs
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS),
jeromie
[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability,
Code Audit Labs
[CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability,
Code Audit Labs
ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability,
ZDI Disclosures
CFP for ekoparty 0x10 is now open! [ Buenos Aires, Argentina ],
ekoparty Security Conference
ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability,
ZDI Disclosures
Multiple memory corruption vulnerabilities in Ghostscript,
Dan Rosenberg
Vulnerability in widget Cumulus for BlogEngine.NET,
MustLive
[CORE-2010-0405] Adobe Director Invalid Read,
Core Security Technologies Advisories Team
[SECURITY] [DSA 2045-1] New libtheora packages fix arbitrary code execution,
Sebastien Delafond
[SECURITY] [DSA 2043-1] New vlc packages fix arbitrary code execution,
Devin Carraway
[security bulletin] HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
XSS in DynamiXgate Affiliate Store Builder,
advisory
{PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow,
Francis Provencher
[security bulletin] HPSBMA02528 SSRT100106 rev.1 - HP Performance Center Agent on Windows, Remote Unauthenticated Arbitrary Code Execution,
security-alert
[ MDVSA-2010:090-1 ] samba,
security
XSS in Saurus CMS,
advisory
29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability,
eidelweiss
[SECURITY] [DSA 2044-1] New mplayer packages fix arbitrary code execution,
Devin Carraway
Month of PHP Security - Summary - 1st May - 10th May,
Stefan Esser
Turnkey Innovations SQL Injection Vulnerability,
md . r00t . defacer
Family Connections 2.2.3 Multiple Remote Vulnerabilities,
Salvatore Fresta aka Drosophila
SA00001-2010,
Zakar Miklós
XSS vulnerability in Advanced Poll,
advisory
XSS vulnerability in EasyPublish CMS,
advisory
Vulnerabilities in Sebo - webstore,
MustLive
[ MDVSA-2010:093 ] mysql,
security
rPSA-2010-0037-1 kernel,
rPath Update Announcements
rPSA-2010-0036-1 openssl openssl-scripts,
rPath Update Announcements
rPSA-2010-0034-1 ntp ntp-utils,
rPath Update Announcements
CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482,
Hanno Böck
pmwiki: persistent cross site scripting (XSS), CVE-2010-1481,
Hanno Böck
[Wintercore Research] Consona Products - Multiple vulnerabilities,
vulns
XSS vulnerability in Jaws,
advisory
Injection of ECShop apps.,
lis cker
REZERVI (root) Remote Command Execution Vulnerability,
eidelweiss
[ MDVSA-2010:092 ] cacti,
security
Vulnerability with Cisco ACE. A2 3.0 (probably all version),
Alexis Tremblay
New web malwares attacking big hosting providers,
angelo
ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability,
ZDI Disclosures
BaoFeng Storm M3U File Processing Buffer Overflow Vulnerability,
lilf
[security bulletin] HPSBMA02201 SSRT071328 rev.1 - HP LoadRunner Agent on Windows, Remote Unauthenticated Arbitrary Code Execution,
security-alert
fetchmail security announcement fetchmail-SA-2010-02 (CVE-2010-1167),
ma+bt
VMSA-2010-0008 VMware View 3.1.3 addresses an important cross-site scripting vulnerability,
VMware Security team
[SECURITY] [DSA 2042-1] New iscsitarget packages fix arbitrary code execution,
Luciano Bello
PCRE compile workspace overflow,
Michael Santos
KHOBE - 8.0 earthquake for Windows desktop security software,
www.matousec.com - Research
[USN-937-1] TeX Live vulnerabilities,
Marc Deslauriers
[USN-936-1] dvipng vulnerability,
Marc Deslauriers
Vulnerabilities in t3m_cumulus_tagcloud for TYPO3,
MustLive
[CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities,
Core Security Technologies Advisories
Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit,
eidelweiss
[security bulletin] HPSBMA02483 SSRT090257 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
[security bulletin] HPSBMA02416 SSRT090008 rev.5 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
[security bulletin] HPSBMA02400 SSRT080144 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
SmartCMS v.2 SQL injection vulnerability,
Maciej Gojny
[ MDVSA-2010:091 ] openoffice.org,
security
REC0N 2010 (MONTREAL) CFP Reminder & Preview,
David Mirza Ahmad
[CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow,
Core Security Technologies Advisories Team
XSRF (CSRF) in Zikula Application Framework,
advisory
XSS in ecoCMS,
advisory
[ MDVSA-2010:090 ] samba,
security
[SECURITY] [DSA-2041-1] New mediawiki packages fix cross-site request forgery,
Raphael Geissert
XSS in eliteCMS,
advisory
XSS in Acuity CMS,
advisory
XSRF (CSRF) in eliteCMS,
advisory
[ MDVSA-2010:089 ] gnutls,
security
Puntal (index.php) Remote File Inclusion Vulnerabilities,
eidelweiss
[SECURITY] [DSA 2040-1] New squidguard packages fix several vulnerabilities,
Sebastien Delafond
Cross-Site Scripting vulnerability in Mango,
MustLive
A vulnerability in Kaspersky Antivirus,
daniel lopez
[ MDVSA-2010:088 ] kernel,
security
BPstyle - Graphic studio SQL Injection Vulnerabilities,
md . r00t . defacer
EUSecWest Amsterdam 2010 Call For Papers (short deadline May 5 - conf June 16/17),
Dragos Ruiu
SQL Injection in MS Access with backslash escaped input,
gheibi
Secunia Research: Internet Download Manager FTP Buffer Overflow Vulnerability,
Secunia Research
[USN-934-1] Netpbm vulnerability,
Jamie Strandboge
[ MDVSA-2010:087 ] poppler,
security
[ MDVSA-2010:086 ] kdegraphics,
security
Vulnerabilities in CCMS,
MustLive
vBulletin - Insecure Custom BBCode Tags,
advisories
Apache ActiveMQ XSS Vulnerability,
arun . gnyan
CONFidence 2010, 25-26th May - Call For Participation,
Andrzej Targosz
[USN-933-1] PostgreSQL vulnerability,
Jamie Strandboge
[ MDVSA-2009:332-1 ] gimp,
security
[ MDVSA-2010:085 ] pidgin,
security
[ MDVSA-2010:078-1 ] sudo,
security
ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability,
ZDI Disclosures
XSS in Microsoft SharePoint Server 2007,
advisory
STP mitm attack idea,
Przemyslaw Borkowski
Adobe viewer plugin can be made to crash IE or FF,
Angus Mann
Fun with FORTIFY_SOURCE,
Dan Rosenberg
[ MDVSA-2010:084 ] java-1.6.0-openjdk,
security
[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation,
security-alert
[security bulletin] HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure,
security-alert
XSS vulnerability in Zikula Application Framework,
advisory
[SECURITY] [DSA 2021-2] New spamass-milter packages fix regression,
Giuseppe Iuculano
Conference on Cyber Conflict: speakers selected!,
k g
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability,
eidelweiss
Re: Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918addresses),
r . st
NovaStor NovaNet <= 13.0 issues,
mu-b
Widnows XP TCP/IP Stack Security Issue (ARP for non RFC 1918 addresses),
wborskey
[USN-931-2] FFmpeg regression,
Marc Deslauriers
t2'10: Call for Papers 2010 (Helsinki / Finland),
Tomi Tuominen
phpegasus 'config.php' Arbitrary File Upload Vulnerability,
eidelweiss
SmodCMS 'config.php' Arbitrary File Upload Vulnerability,
eidelweiss
hashdays 2010 - Call for Papers (#days CFP),
hashdays CFP
A XSS in User_ChkLogin.asp of PowerEasy 2006,
lis cker
[SECURITY] [DSA 2039-1] New cacti packages fix missing input sanitising,
Thijs Kinkhorst
[ MDVSA-2010:071 ] mozilla-thunderbird,
security
ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability,
ZDI Disclosures
Vulnerability in Referer for DataLife Engine,
MustLive
IWD Group SQL Injection Vulnerabilities,
md . r00t . defacer
In-portal 5.0.3 Remote Arbitrary File Upload Exploit,
eidelweiss
[HITB-Announce] HITBSecConf2010 - Dubai - Presentation Materials,
Hafez Kamal
XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp,
michael . mueller
Vulnerabilities in NovaBoard,
MustLive
Apache ActiveMQ is prone to source code disclosure vulnerability.,
research
[security bulletin] HPSBUX02519 SSRT100004 rev.1 - HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses,
security-alert
Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability,
th_decoder
CfP: GameSec 2010 - Deadline is 3 weeks away!,
Albert Levi
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability,
th_decoder
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access,
security-alert
[security bulletin] HPSBMA02494 SSRT090168 rev.1 - HP Virtual Machine Manager (VMM) for Windows, Remote Unauthorized Access, Privilege Elevation,
security-alert
Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox,
Roberto Suggi Liverani
[SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability,
Mark Thomas
London DEFCON April meet - DC4420 - Wed 28th April 2010,
Major Malfunction
ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
Cisco Security Advisory: Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
CORE-2010-0406 - User Invoices Persistent XSS Vulnerability in CactuShop,
CORE Security Technologies Advisories
Secunia Research: imlib2 "IMAGE_DIMENSIONS_OK()" Logic Error,
Secunia Research
Call for participation -- Eth0:2010 Summer,
Mark Janssen
[security bulletin] HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access,
security-alert
[security bulletin] HPSBMA02491 SSRT100060 rev.1 - HP Operations Manager for Windows, Remote Execution of Arbitrary Code,
security-alert
[#OUF-273299]: AVTECH Software (AVC781Viewer.dll) ActiveX Multiple Remote Vulnerabilities,
sinner
[security bulletin] HPSBUX02518 SSRT100051 rev.1 - HP-UX, Local Denial of Service (DoS),
security-alert
[USN-929-2] irssi regression,
Jamie Strandboge
[ MDVSA-2010:070-1 ] firefox,
security
[security bulletin] HPSBUX02517 SSRT100058 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS),
security-alert
[USN-932-1] KDM vulnerability,
Jamie Strandboge
IP address spoofing in e107,
advisory
[ MDVSA-2010:083 ] emacs,
security
[USN-931-1] FFmpeg vulnerabilities,
Marc Deslauriers
Vbulletin - Two-Step External Link XSS,
edgard . chammas
MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC,
Tom Yu
CSRF in e107,
advisory
[ MDVSA-2010:076-1 ] openssl,
security
sudoedit local privilege escalation through PATH manipulation,
Agazzini Maurizio
[ MDVSA-2010:082 ] clamav,
security
[SECURITY] [DSA 2038-1] New pidgin packages fix denial of service,
Thijs Kinkhorst
[ MDVSA-2010:079 ] irssi,
security
iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Integer Overflow Vulnerability,
iDefense Labs
[ MDVSA-2010:077 ] nss_db,
security
iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability,
iDefense Labs
CompleteFTP v3.3.0 - Remote Memory Consumption DoS,
Mehdi Mahdjoub [SYSDREAM]
[ MDVSA-2010:078 ] sudo,
security
[SECURITY] [DSA 2034-1] New phpmyadmin packages fix several vulnerabilities,
Thijs Kinkhorst
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues,
Stefan Fritsch
[Suspected Spam]New vulnerabilities in CMS SiteLogic,
MustLive
Secunia Research: e107 Content Management Plugin Script Insertion Vulnerability,
Secunia Research
[SECURITY] [DSA 2037-1] New kdm packages fix privilege escalation,
Thijs Kinkhorst
WinMount MOU File Handling Overflow Vulnerability,
lilf
[ MDVSA-2010:081 ] apache-mod_auth_shadow,
security
Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability,
Secunia Research
[ MDVSA-2010:076 ] openssl,
security
[SECURITY] [DSA 2036-1] New jasper packages fix denial of service,
Thijs Kinkhorst
[ MDVSA-2010:080 ] brltty,
security
[ MDVSA-2010:075 ] openoffice.org,
security
[USN-890-6] CMake vulnerabilities,
Jamie Strandboge
Hackproofing Oracle Financials 11i & R12,
Joxean Koret
[USN-929-1] irssi vulnerabilities,
Jamie Strandboge
[ MDVSA-2010:074 ] kdebase,
security
[SECURITY] [DSA 2033-1] New ejabberd packages fix denial of service,
Sébastien Delafond
[USN-928-1] Sudo vulnerability,
Jamie Strandboge
ZDI-10-076: Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability,
ZDI Disclosures
Nucleus CMS v.3.51 (DIR_LIBS) Multiple Vulnerability,
eidelweiss
ZDI-10-072: Cisco Secure Desktop CSDWebInstaller ActiveX Control Remote Code Execution Vulnerability,
ZDI Disclosures
VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability,
VUPEN Web Research
VUPEN Security Research - Adobe Acrobat and Reader JPEG Data Buffer Overflow Vulnerability,
VUPEN Web Research
[CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities,
Jacopo Cappellato
Vulnerability in CB Captcha for Joomla and Mambo,
MustLive
Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
[DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability,
Alexandr Polyakov
[DSecRG-09-053] VMware Remoute Console - format string,
Alexandr Polyakov
VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability,
VUPEN Web Research
VUPEN Security Research - Adobe Acrobat and Reader PNG Data Buffer Overflow Vulnerability,
VUPEN Web Research
VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities,
VUPEN Web Research
[ MDVSA-2010:073 ] cups,
security
Ziggurat CMS Multiple Vulnerabilities,
info
[ MDVSA-2010:073-1 ] cups,
security
ZDI-10-070: Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
[security bulletin] HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS),
security-alert
60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability,
eidelweiss
Cert-Lexsi - Microsoft Windows Media Services MMS Buffer Overflow Vulnerability,
Fabien PERIGAUD
[ MDVSA-2010:070 ] firefox,
security
[ MDVSA-2010:071 ] krb5,
security
[ MDVSA-2010:072 ] cups,
security
ZDI-10-069: Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability,
ZDI Disclosures
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities,
wsn1983
ZDI-10-074: Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
Secunia Research: Visualization Library DAT File Parsing Vulnerabilities,
Secunia Research
ZDI-10-075: Sun Microsystems Directory Server Enterprise DSML UTF-8 Denial of Service Vulnerability,
ZDI Disclosures
ZDI-10-071: Adobe Reader TrueType Font Handling Remote Code Execution Vulnerability,
ZDI Disclosures
ZDI-10-073: Sun Microsystems Directory Server DSML-over-HTTP Username Search Denial of Service Vulnerability,
ZDI Disclosures
Unauthenticated Filesystem Access in iomega Home Media Network Hard Drive,
fizix610
Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit,
dlrow1991
Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability,
Clear Skies Security
Advisory 02/2010: MyBB Password Reset Weak Random Numbers Vulnerability,
Stefan Esser
Advisory 01/2010: MyBB Password Reset Email BCC: Injection Vulnerability,
Stefan Esser
Vana CMS Remote File Download,
info
Insufficient Anti-automation and Denial of Service vulnerabilities in multiple systems,
MustLive
ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1),
ACROS Lists
ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2),
ACROS Lists
[security bulletin] HPSBPI02398 SSRT080166 rev.5 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files,
security-alert
iDefense Security Advisory 04.09.10: VMware VMnc Codec Heap Overflow Vulnerability,
iDefense Labs
[USN-920-1] Firefox 3.0 and Xulrunner vulnerabilities,
Jamie Strandboge
CVE-2009-4509: TANDBERG VCS Authentication Bypass,
Timothy D. Morgan
CVE-2009-4510: TANDBERG VCS Static SSH Host Keys,
VSR Advisories
CVE-2009-4511: TANDBERG VCS Arbitrary File Retrieval,
VSR Advisories
[SECURITY] [DSA 2031-1] New krb5 packages fix denial of service,
Giuseppe Iuculano
[USN-927-2] NSS regression,
Jamie Strandboge
[SECURITY] [DSA 2032-1] New libpng packages fix several vulnerabilities,
Giuseppe Iuculano
HITBSecConf DUBAI 2010: Learn more about web attacks and stealth hacking,
Laurent OUDOT at TEHTRI-Security
[USN-927-1] NSS vulnerability,
Jamie Strandboge
[USN-921-1] Firefox 3.5 and Xulrunner vulnerabilities,
Jamie Strandboge
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
