Bugtraq
[Prev Page][Next Page]
- Re: [Full-disclosure] e107 latest download link is backdoored, (continued)
- London DEFCON January meet - DC4420 - Wed 27th Jan 2010,
Major Malfunction
- Abusing weak PRNGs in PHP applications,
gat3way
- Publique! CMS SQL Injection Vulnerabilities,
Christophe dlf
- Silverstripe <= v2.3.4: two XSS vulnerabilities,
Moritz Naumann
- [USN-890-2] Python 2.5 vulnerabilities,
Jamie Strandboge
- iBoutique v4.0,
flashcreazione
- Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions),
pen-test
- [USN-890-3] Python 2.4 vulnerabilities,
Jamie Strandboge
- [SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities,
Giuseppe Iuculano
- IdeaCMS v1.0 (fck) Remote Arbitrary File Upload,
whh_iran
- FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability,
noreply-secresearch@xxxxxxxxxxxx
- ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack,
Tavis Ormandy
- ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-004: Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow,
Stefan Fritsch
- [ MDVSA-2010:023 ] phpldapadmin,
security
- ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:022 ] openssl,
security
- eWebeditor Directory Traversal Vulnerability,
info
- TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001,
Lists
- ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability,
ZDI Disclosures
- Insufficient User Input Validation in VP-ASP 6.50 Demo Code,
CodeScan Labs Advisories
- [SECURITY] [DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th,
Stefan Fritsch
- [ MDVSA-2010:021 ] bind,
security
- [UPDATE] NSOADV-2010-001: Panda Security Local Privilege Escalation,
NSO Research
- [USN-890-1] Expat vulnerabilities,
Jamie Strandboge
- [ MDVSA-2010:020 ] gzip,
security
- [USN-889-1] gzip vulnerabilities,
Marc Deslauriers
- [USN-888-1] Bind vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:019 ] gzip,
security
- [SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution,
Steffen Joeris
- Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal,
Secunia Research
- Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow,
Secunia Research
- [Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution,
Onapsis Research Labs
- Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows,
Secunia Research
- Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability,
Secunia Research
- vBulletin nulled (validator.php) files/directories disclosure,
kw3rln
- [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
- Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities,
Secunia Research
- Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow,
Secunia Research
- Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1973-1] New glibc packages fix information disclosure,
Aurelien Jarno
- [CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player,
Security
- [ MDVSA-2010:016 ] wireshark,
security
- [ MDVSA-2010:018 ] phpMyAdmin,
security
- [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2010:017 ] ruby,
security
- [ MDVSA-2010:015 ] roundcubemail,
security
- Blaze Apps Multiple Vulnerabilities,
admin
- ezContents CMS Multiple Vulnerabilities,
admin
- Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC,
superli
- Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC,
superli
- Xunlei XPPlayer ActiveX Remote Exec 0day POC,
superli
- Multiple Vulnerabilities in XOOPS 2.4.3 and earlier,
CodeScan Labs Advisories
- OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability,
karakorsankara
- JBroFuzz 1.9 Fuzzer Released!,
subere
- Study of BlackBerry Proof-of-Concept Malicious Applications (Whitepaper),
Mayank Aggarwal
- QvodPlayer ColorFilter Codec ActiveX Remote Exec,
info
- facebook 'routing flaw'?,
Michael Scheidell
- 0day vulnerability Sogou input method to obtain system privileges,
k4mr4n_st
- [SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow,
Stefan Fritsch
- Zenoss Multiple Admin CSRF,
Adam Baldwin
- [ MDVSA-2010:013 ] transmission,
security
- [ MDVSA-2010:014 ] transmission,
security
- [USN-886-1] Pidgin vulnerabilities,
Marc Deslauriers
- [USN-887-1] LibThai vulnerability,
Marc Deslauriers
- [ MDVSA-2010:011 ] mysql,
security
- [ATHCON2010] CFP/1st Call for Papers - AthCon IT Security Conference,
Kyprianos Vasilopoulos
- [ MDVSA-2010:012 ] mysql,
security
- Reminder: Campus Party EU 2010 Call For Participants,
Campus Party EU Spain
- AOL 9.5 ActiveX Heap Overflow Vulnerability,
karakorsankara
- GDT and LDT in Windows kernel vulnerability exploitation (paper),
Gynvael Coldwind
- [USN-885-1] LibThai vulnerability,
Marc Deslauriers
- Code to mitigate IE event zero-day (CVE-2010-0249),
ds . adv . pub
- [ MDVSA-2010:010 ] libthai,
security
- Browser Fuzzer 3,
krakowlabs
- [ MDVSA-2010:009 ] php,
security
- [ MDVSA-2010:008 ] php,
security
- [ MDVSA-2010:007 ] php,
security
- [security bulletin] HPSBUX02495 SSRT090151 rev.2 - HP-UX Running sendmail, Remote Denial of Service (DoS),
security-alert
- C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers,
Eyal Udassin
- VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability,
VUPEN Security Research
- Major security risk in the unlock pattern for Android devices,
Dan Dascalescu
rPSA-2010-0004-1 openssl openssl-scripts,
rPath Update Announcements
Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker,
Adam Baldwin
SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS),
Lukas Weichselbaum
[SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution,
Giuseppe Iuculano
[USN-885-1] Transmission vulnerabilities,
Jamie Strandboge
[security bulletin] HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, Execution of Arbitrary Code,
security-alert
[ GLSA 201001-05 ] net-snmp: Authorization bypass,
Stefan Behte
[USN-884-1] OpenSSL vulnerability,
Kees Cook
[ GLSA 201001-07 ] Blender: Untrusted search path,
Stefan Behte
[ GLSA 201001-09 ] Ruby: Terminal Control Character Injection,
Alex Legler
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1),
Marty Barbella
[ GLSA 201001-06 ] aria2: Multiple vulnerabilities,
Stefan Behte
[ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities,
Stefan Behte
Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability,
karakorsankara
[ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities,
Stefan Behte
[ MDVSA-2010:005 ] krb5,
security
RE: All China, All The Time,
Thor (Hammer of God)
<Possible follow-ups>
All China, All The Time,
Thor (Hammer of God)
Re: All China, All The Time,
Neil Dickey
Re: All China, All The Time,
Lawrence Pingree
[ MDVSA-2010:006 ] krb5,
security
[SECURITY] [DSA-1970-1] New openssl packages fix denial of service,
Stefan Fritsch
[USN-882-1] PHP vulnerabilities,
Marc Deslauriers
[security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS),
security-alert
[ MDVSA-2010:004 ] bash,
security
[CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption,
CORE Security Advisories
Yoono Firefox Extension - Privileged Code Injection,
Nick Freeman
[USN-883-1] network-manager-applet vulnerabilities,
Marc Deslauriers
[USN-881-1] Kerberos vulnerability,
Kees Cook
[SECURITY] [DSA-1969-1] New krb5 packages fix denial of service,
Giuseppe Iuculano
[ MDVSA-2010:003 ] sendmail,
security
iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability,
iDefense Labs
Cross Site Identification (CSID) attack. Description and demonstration.,
Ronen Z
Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability,
Secunia Research
MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption,
Tom Yu
[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS,
Security
ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability,
ZDI Disclosures
Invitation: nullcon Goa 2010 International Security & Hacking Conference,
nullcon
HITB Ezine 'Reloaded' - Issue #001,
Hafez Kamal
[ MDVSA-2010:002 ] pidgin,
security
[ MDVSA-2010:001 ] pidgin,
security
[ MDVSA-2009:241-1 ] squid,
security
[ MDVSA-2009:293-1 ] squidGuard,
security
XSS Vulnerability in Active Calendar 1.2.0,
Marty Barbella
[ MDVSA-2009:227-1 ] freeradius,
security
[ MDVSA-2010:000 ] firefox,
security
XSS vulnerabilities in 34 millions flash files,
MustLive
[ MDVSA-2009:316-3 ] expat,
security
Cross-Site Scripting vulnerability in JVClouds3D for Joomla,
MustLive
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection,
ascii
[ MDVSA-2009:316-2 ] expat,
security
NSOADV-2010-001: Panda Security Local Privilege Escalation,
NSO Research
[SECURITY] [DSA 1968-1] New pdns-recursor packages fix potential code execution,
Florian Weimer
[CORELAN-10-001] Audiotran 1.4.1 buffer overflow,
Security
TELUS Security Labs VR - ACDSee Systems ACDSee Products XBM File Handling Buffer Overflow,
noreply
MacOS X 10.5/10.6 libc/strtod(3) buffer overflow,
cxib
[ MDVSA-2009:316-1 ] expat,
security
Google Chrome 3.0.195.38 | Chrome Frame - Reloading Memory Allocation based Tab Crashing,
Aditya K Sood
[HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability,
advisory
Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability,
Secunia Research
[USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression,
Jamie Strandboge
[USN-877-1] Firefox 3.0 and Xulrunner 1.9 regression,
Jamie Strandboge
ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability,
ZDI Disclosures
Security contact at Lexmark?,
Protek Research Lab
[SECURITY] [DSA 1967-1] New transmission packages fix directory traversal,
Moritz Muehlenhoff
VMSA-2010-0001 ESX Service Console updates for nss and nspr,
VMware Security team
[USN-880-1] GIMP vulnerabilities,
Marc Deslauriers
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting,
Steffen Joeris
[ MDVSA-2009:300-2 ] apache-conf,
security
[ MDVSA-2009:300-1 ] apache-conf,
security
FreeBSD Security Advisory FreeBSD-SA-10:03.zfs,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-10:01.bind,
FreeBSD Security Advisories
[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion,
Giuseppe Iuculano
HTTP Digest Integrity: Another look, in light of recent attacks,
Timothy D. Morgan
[TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!!,
Nelson Brito
Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2,
bert hubert
[USN-879-1] Kerberos vulnerability,
Kees Cook
{PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS,
Protek Research Lab
[ GLSA 201001-03 ] PHP: Multiple vulnerabilities,
Tobias Heinlein
[ MDVSA-2009:220-1 ] davfs,
security
Multiple vulnerabilities in LineWeb 1.0.5,
ign . sec
SyScan'10 Call For Training (CFT),
organiser@xxxxxxxxxx
REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability,
rewterz security team
REWTERZ-20100101 - n.player Local Heap Overflow Vulnerability,
rewterz security team
Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw,
Aditya K Sood
REWTERZ-20100102 - Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability,
rewterz security team
Y2K10 spamassassin bug, 2010 year mails discared as spam,
Eduardo Romero
httpdx webserver v1.5 Remote Source Disclosure,
info
[ GLSA 201001-01 ] NTP: Denial of Service,
Stefan Behte
[Tool] DeepToad 1.1.0,
Joxean Koret
Java vulnerability,
Paul
[ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities,
Alex Legler
[USN-876-1] PostgreSQL vulnerabilities,
Jamie Strandboge
Secunia Research: PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability,
Secunia Research
WASC Announcement: WASC Threat Classification v2.0 Published,
announcements
Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!,
Stefan Kanthak
[SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities,
Florian Weimer
[SECURITY] [DSA-1953-2] New expat packages fix regression,
Stefan Fritsch
[ MDVSA-2009:346 ] kde,
security
[SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation,
Raphael Geissert
Secunia Research: AproxEngine Multiple Vulnerabilities,
Secunia Research
FreeWebshop.org: multiple vulnerabilities,
Akita Software Security
[ MDVSA-2009:345 ] acl,
security
Tests about semicolon zero-day (BID 37460),
Crash - DcLabs
[ MDVSA-2009:146-1 ] imap,
security
MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing,
Tom Yu
[ MDVSA-2009:189-1 ] apache-mod_auth_mysql,
security
Code to mitigate IIS semicolon zero-day,
ds . adv . pub
[ MDVSA-2009:344 ] perl-DBD-Pg,
security
[ MDVSA-2009:244-1 ] xfig,
security
[SECURITY] [DSA 1957-1] New aria2 packages fix arbitrary code execution,
Steffen Joeris
Sheedravi CMS SQL Injection Vulnerability,
faghani
DBHCMS Web Content Management System v1.1.4 RFI Vulnerability,
info
[InterN0T] LiveZilla - XSS Vulnerability,
advisories
[SECURITY] [DSA 1963-1] New unbound packages fix DNSSEC validation,
Florian Weimer
[ MDVSA-2009:343 ] acpid,
security
[ MDVSA-2009:342 ] acpid,
security
Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug),
bugreport
[tools] hostmap-0.2.1 released,
Alessandro Tanasi
[ MDVSA-2009:341 ] dstat,
security
[ MDVSA-2009:340 ] jpgraph,
security
ClubHack2009 presentations are now online,
ClubHack
Vulnerability in Joomulus for Joomla,
MustLive
XSS Vulnerability in JpGraph 3.0.6,
Martin Barbella
[SECURITY] [DSA-1962-1] New kvm packages fix several vulnerabilities,
Giuseppe Iuculano
[SECURITY] [DSA 1961-1] New bind9 packages fix cache poisoning,
Florian Weimer
[ MDVSA-2009:339 ] firefox,
security
[ MDVSA-2009:338 ] firefox,
security
ClarkConnect XSS vulnerability,
edgard . chammas
[security bulletin] HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of,
security-alert
Remote Buffer Overflow Exploit (TFTP Daemon Version 1.9) by Socket_0x03,
Socket_0x03
[ MDVSA-2009:337 ] proftpd,
security
SQL-Ledger – several vulnerabilities,
Alexander Klink
TLS Renegotiation Vulnerability: Proof of Concept Code (Python),
RedTeam Pentesting GmbH
pragmaMx CMS Blind SQL/XPath Injection vulnerability,
hadikiamarsi
phpPollScript - 1.3 Remote File Include,
admin
[ GLSA 200912-02 ] Ruby on Rails: Multiple vulnerabilities,
Alex Legler
[SECURITY] [DSA 1960-1] New acpid packages fix weak file permissions,
Raphael Geissert
[SECURITY] [DSA-1959-1] New ganeti packages fix arbitrary command execution,
Raphael Geissert
[USN-874-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities,
Jamie Strandboge
[USN-873-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities,
Jamie Strandboge
SMF (Simple Machine Forum) 1.1.11 XSS - Discovered by : Khashayar Fereidani,
irancrash
[USN-875-1] Red Hat Cluster Suite vulnerabilities,
Jamie Strandboge
[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability,
ISecAuditors Security Advisories
[ISecAuditors Security Advisories] Simple PHP Blog <= 0.5.1 Local File Include vulnerability,
ISecAuditors Security Advisories
[ MDVSA-2009:336 ] koffice,
security
TPTI-09-15: HP OpenView Data Protector Cell Manager Heap Overflow Vulnerability,
dvlabs
ZDI-09-099: Hewlett-Packard OpenView Data Protector Backup Client Service Buffer Overflow Vulnerability,
ZDI Disclosures
Campus Party Eu 2010 Security Challenge - Call For Participants,
Campus Party EU Spain
Rumba XML XSS vulnerability,
hadikiamarsi
[Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors,
Andrea Barisani
[ MDVSA-2009:335 ] ffmpeg,
security
SEC Consult SA-20091217-0 :: Authentication bypass and file manipulation in Sitecore Staging Module,
Lukas Weichselbaum
[ISecAuditors Security Advisories] QuiXplorer <=2.4.1beta Remote Code Execution vulnerability,
ISecAuditors Security Advisories
VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities,
VUPEN Security Research
[ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability,
ISecAuditors Security Advisories
Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability,
Secunia Research
Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow,
Secunia Research
Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows,
Secunia Research
[ISecAuditors Security Advisories] Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass,
ISecAuditors Security Advisories
Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow,
Secunia Research
[ MDVSA-2009:334 ] poppler,
security
[security bulletin] HPSBMA02252 SSRT061258, SSRT061259 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Code Execution,
security-alert
[SECURITY] [DSA 1956-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
rPSA-2009-0161-1 hwdata kernel,
rPath Update Announcements
Cisco Security Advisory: Multiple Cisco WebEx WRF Player Vulnerabilities,
Cisco Systems Product Security Incident Response Team
{PRL} QuickHeal antivirus 2010 Local Privilege Escalation,
Protek Research Lab
[SECURITY] [DSA 1955-1] New network-manager/network-manager-applet packages fix information disclosure,
Steffen Joeris
[security bulletin] HPSBMA02416 SSRT090008 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability,
Maxim A. Kulakov
FW: [Full-disclosure] File Access Vulnerability in Easy File Sharing Web Server,
Thor (Hammer of God)
VideoCache 1.9.2 vccleaner root vulnerability,
Dominick LaTrappe
Family Connections <= 2.1.3 Multiple Remote Vulnerabilities,
Salvatore Fresta aka Drosophila
[SECURITY] [DSA 1954-1] New cacti packages fix insufficient input sanitising,
Steffen Joeris
File Access Vulnerability in Easy File Sharing Web Server,
Thor (Hammer of God)
[ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities,
ISecAuditors Security Advisories
[SECURITY] [DSA-1953-1] New expat packages fix denial of service,
Stefan Fritsch
VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues,
VMware Security Team
[ MDVSA-2009:333 ] postgresql,
security
Trango Broadband Wireless Rogue SU Authentication Bug,
Blair
[scip-Advisory 4063] PasswordManager Pro 6.1 Script Injection Vulnerability,
Stefan Friedli
[BMSA-2009-08] Multiple Vulnerabilities in PyForum,
Nam Nguyen
Daloradius XSS Vulnerability,
hadikiamarsi
[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilities,
Steffen Joeris
APC Switched Rack PDU XSS Vulnerability,
jpecou
[SECURITY] [DSA 1952-2] End-of-life announcement for asterisk in oldstable,
Steffen Joeris
[SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing,
Steffen Joeris
WSCreator 1.1 Blind SQL Injection,
Salvatore Fresta aka Drosophila
[security bulletin] HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS),
security-alert
Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched),
Reversemode
[security bulletin] HPSBUX02409 SSRT080171 rev.3 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk,
security-alert
Zabbix Agent : Bypass of EnableRemoteCommands=0,
Nicob
DC4420 - London DEFCON - Christmas drinks - Wednesday 16th December,
Major Malfunction
[SECURITY] [DSA-1950-1] New webkit packages fix several vulnerabilities,
Giuseppe Iuculano
Monkey HTTPd improper input validation vulnerability,
Patroklos Argyroudis
B2C Booking Centre Systems - SQL Injection Vulnerability,
Salvatore Fresta aka Drosophila
EEGshop v1.2,
secu_lab_ir
Cross-Site Scripting vulnerabilities in Invision Power Board,
MustLive
Miniweb 2.0 Full Path Disclosure,
Salvatore Fresta aka Drosophila
WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities,
admin
Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities,
admin
Zabbix Server : Multiple remote vulnerabilities,
Nicob
Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover,
Ofer Maor
[SECURITY] [DSA 1949-1] New php-net-ping packages fix arbitrary code execution,
Raphael Geissert
[ MDVSA-2009:259-1 ] snort,
security
Camino 1.6.10 Remote Array Overrun (Arbitrary code execution),
cxib
Flock 2.5.2 Remote Array Overrun (Arbitrary code execution),
cxib
[ MDVSA-2009:296-1 ] gimp,
security
[security bulletin] HPSBMA02483 SSRT090257 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
[security bulletin] HPSBPI02472 SSRT090196 rev.2 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service,
security-alert
[security bulletin] HPSBMA02425 SSRT080091 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
[security bulletin] HPSBMA02424 SSRT080125 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities,
Salvatore Fresta aka Drosophila
[security bulletin] HPSBMA02400 SSRT080144 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
[ MDVSA-2009:332 ] gimp,
security
[USN-872-1] KDE 4 Runtime vulnerabilities,
Jamie Strandboge
Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities,
Salvatore Fresta aka Drosophila
E-Store SQL Injection Vulnerability,
Salvatore Fresta aka Drosophila
[USN-871-2] KDE 4 vulnerabilities,
Jamie Strandboge
[USN-871-1] KDE vulnerability,
Jamie Strandboge
[USN-870-1] PyGreSQL vulnerability,
Jamie Strandboge
[ MDVSA-2009:331 ] kdegraphics,
security
[ MDVSA-2009:330 ] kdelibs,
security
[security bulletin] HPSBMA02477 SSRT090177 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
[ MDVSA-2009:329 ] kernel,
security
[USN-869-1] Linux kernel vulnerabilities,
Kees Cook
[security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege,
security-alert
CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System,
CORE Security Technologies Advisories
iDefense Security Advisory 12.08.09: Microsoft Windows Indeo32 Codec Parsing Heap Corruption Vulnerability,
iDefense Labs
iDefense Security Advisory 12.08.09: Microsoft WordPad Word97 Converter Integer Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 12.08.09: Microsoft Internet Explorer HTML Layout Engine Uninitialized Memory Vulnerability,
iDefense Labs
CA20091208-01: Security Notice for CA Service Desk,
Kotas, Kevin J
ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability,
ZDI Disclosures
[ MDVSA-2009:030-1 ] amarok,
security
TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability,
dvlabs
TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability,
dvlabs
TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability,
dvlabs
TPTI-09-11: HP OpenView NNM OvWebHelp.exe CGI Topic Heap Overflow Vulnerability,
dvlabs
TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability,
dvlabs
TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability,
dvlabs
[USN-868-1] GRUB 2 vulnerability,
Jamie Strandboge
TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability,
dvlabs
Advisory 02/2009: PHPIDS Unserialize() Vulnerability,
Stefan Esser
ZDI-09-088: Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability,
ZDI Disclosures
ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability,
ZDI Disclosures
ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability,
ZDI Disclosures
[ MDVSA-2009:328 ] ntp,
security
ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability,
ZDI Disclosures
ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities,
ZDI Disclosures
[ MDVSA-2009:276-1 ] python-django,
security
[ MDVSA-2009:059-1 ] xchat,
security
[USN-867-1] Ntp vulnerability,
Jamie Strandboge
Zen Cart local file disclosure vulnerability,
Bogdan Calin
Fortinet Advisory: Fortinet Discovers Microsoft Office Project Vulnerability,
noreply-secresearch
Advisory 03/2009: Piwik Cookie unserialize() Vulnerability,
Stefan Esser
UPDATE: DISA Unix SRR root compromise / CVE-2009-4211 / VU#433821,
Frank Stuart
ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability,
ZDI Disclosures
ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability,
ZDI Disclosures
ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability,
ZDI Disclosures
Fortinet Advisory: Fortinet Discovers Vulnerability in Indeo Codec,
noreply-secresearch
ZDI-09-087: Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability,
ZDI Disclosures
IPB v2.x up to 3.0.4 XSS vulnerability,
Xacker
[ MDVSA-2009:046-1 ] dia,
security
ZDI-09-091: Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability,
ZDI Disclosures
[security bulletin] HPSBUX02495 SSRT090151 rev.1 - HP-UX Running sendmail, Remote Denial of Service (DoS),
security-alert
ZDI-09-086: Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability,
ZDI Disclosures
[ MDVSA-2009:091-1 ] mod_perl,
security
[ MDVSA-2009:038-1 ] blender,
security
[ MDVSA-2009:093-1 ] mpg123,
security
ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability,
ZDI Disclosures
[SECURITY] [DSA 1948-1] New ntp packages fix denial of service,
Nico Golde
[ MDVSA-2009:126-1 ] eggdrop,
security
[ MDVSA-2009:099-1 ] openafs,
security
[ MDVSA-2009:098-1 ] krb5,
security
[ MDVSA-2009:327 ] clamav,
security
[ MDVSA-2009:133-1 ] irssi,
security
Applicure Technologies response,
tomer
[ MDVSA-2009:191-1 ] OpenEXR,
security
[security bulletin] HPSBMA02481 SSRT090113 rev.1 - HP OpenView Data Protector Application Recovery Manager, Remote Denial,
security-alert
[ MDVSA-2009:251-1 ] postgresql8.2,
security
Security Contact for Netcool at IBM?,
Michael Gripenstedt
Secunia Research: Novell iPrint Client Date/Time Parsing Buffer Overflow,
Secunia Research
Secunia Research: Novell iPrint Client "target-frame" Parameter Buffer Overflow,
Secunia Research
[ MDVSA-2009:282-1 ] cups,
security
[SECURITY] [DSA 1947-1] New Shibboleth packages fix cross-site scripting,
Moritz Muehlenhoff
Mozilla Firefox JavaScript Prompt Spoofing Weakness,
tcphttp
[USN-866-1] gnome-screensaver vulnerability,
Marc Deslauriers
[ MDVSA-2009:326 ] mysql,
security
[ MDVSA-2009:325 ] ruby,
security
CVE-2009-3586: CoreHTTP web server off-by-one buffer overflow vulnerability,
Patroklos Argyroudis
[ MDVSA-2009:199-1 ] subversion,
security
[ MDVSA-2009:256-1 ] dbus,
security
[ MDVSA-2009:243-2 ] freetype2,
security
[ MDVSA-2009:254-1 ] graphviz,
security
[ MDVSA-2009:324 ] php,
security
[ MDVSA-2009:252-1 ] perl-IO-Socket-SSL,
security
[ MDVSA-2008:233-1 ] libcdaudio,
security
[ MDVSA-2009:229-1 ] cyrus-imapd,
security
[USN-865-1] Bind vulnerability,
Marc Deslauriers
[ MDVSA-2009:322 ] mono,
security
PhpShop Multiple Vulnerabilities,
Andrea Fabrizi
[ MDVSA-2009:323 ] apache,
security
[ MDVSA-2009:234-2 ] silc-toolkit,
security
[SECURITY] [DSA 1946-1] New belpic packages fix cryptographic weakness,
Steffen Joeris
[ MDVSA-2009:232-1 ] libsamplerate,
security
[ MDVSA-2009:317 ] netpbm,
security
[ MDVSA-2009:219-1 ] kompozer,
security
[ MDVSA-2009:260-1 ] imagemagick,
security
[ MDVSA-2009:215-1 ] audacity,
security
[ MDVSA-2009:272-1 ] libmikmod,
security
[ MDVSA-2009:321 ] pidgin,
security
[ MDVSA-2009:316 ] expat,
security
[ MDVSA-2009:284-1 ] gd,
security
[ MDVSA-2009:320 ] samba,
security
[ MDVSA-2009:231-1 ] htmldoc,
security
[ MDVSA-2009:307-1 ] libtool,
security
[ MDVSA-2009:319 ] xine-lib,
security
[ MDVSA-2009:318 ] xmlsec1,
security
[ MDVSA-2009:249-1 ] newt,
security
[ MDVSA-2009:297-1 ] ffmpeg,
security
[ MDVSA-2009:128-1 ] libmodplug,
security
[ MDVSA-2009:201-1 ] fetchmail,
security
[ MDVSA-2009:314 ] apr,
security
[ MDVSA-2009:224-1 ] postfix,
security
[ MDVSA-2009:130-1 ] gstreamer0.10-plugins-good,
security
[ MDVSA-2009:200-1 ] libxml,
security
[ MDVSA-2009:213-1 ] wxgtk,
security
[ MDVSA-2009:292-1 ] wireshark,
security
[ MDVSA-2009:218-1 ] w3c-libwww,
security
[ MDVSA-2009:206-1 ] wget,
security
[ MDVSA-2009:223-1 ] xerces-c,
security
[ MDVSA-2009:312 ] dhcp,
security
[ MDVSA-2009:211-1 ] expat,
security
[ MDVSA-2009:315 ] libneon,
security
[ MDVSA-2009:212-1 ] python,
security
[ MDVSA-2009:157-1 ] perl-Compress-Raw-Zlib,
security
[ MDVSA-2009:287-1 ] xpdf,
security
[ MDVSA-2009:311 ] ghostscript,
security
Secunia Research: DevIL DICOM "GetUID()" Buffer Overflow Vulnerability,
Secunia Research
[ MDVSA-2009:142-1 ] jasper,
security
PHP 5.3.1 open_basedir bypass,
cxib
[ MDVSA-2009:158-3 ] pango,
security
[ MDVSA-2009:208-1 ] libgadu,
security
[InterN0T] Google Analytics plugin for Wordpress - XSS Vulnerability,
advisories
[ MDVSA-2009:203-1 ] curl,
security
[ MDVSA-2009:169-1 ] libtiff,
security
[ MDVSA-2009:290-1 ] firefox,
security
Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection,
Dawid Golunski
[ MDVSA-2009:313-1 ] bind,
security
[ MDVSA-2009:132-1 ] libsndfile,
security
FreeBSD Security Advisory FreeBSD-SA-09:15.ssl [REVISED],
FreeBSD Security Advisories
[ MDVSA-2009:308 ] gnutls,
security
[ MDVSA-2009:310 ] openssl,
security
CORE-2009-0911: DAZ Studio Arbitrary Command Execution,
CORE Security Technologies Advisories
[USN-863-1] QEMU vulnerability,
Jamie Strandboge
[ MDVSA-2009:113-1 ] cyrus-sasl,
security
[ MDVSA-2009:309 ] ntp,
security
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821,
Frank Stuart
[ MDVSA-2009:103-1 ] udev,
security
[ MDVSA-2009:112-1 ] ipsec-tools,
security
[ MDVSA-2009:108-1 ] zsh,
security
[ MDVSA-2009:106-1 ] libwmf,
security
[ MDVSA-2009:107-1 ] acpid,
security
[ MDVSA-2009:197-3 ] nss,
security
[ MDVSA-2009:217-3 ] mozilla-thunderbird,
security
[SECURITY] [DSA 1945-1] New gforge packages fix denial of service,
Steffen Joeris
[SECURITY] [DSA 1944-1] New request-tracker packages fix session hijack vulnerability,
Steffen Joeris
FreeBSD Security Advisory FreeBSD-SA-09:17.freebsd-update,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-09:16.rtld,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-09:15.ssl,
FreeBSD Security Advisories
Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) Overlong DSC Comment Buffer Overflow Exploit,
nospam
[ MDVSA-2009:121-1 ] lcms,
security
[SECURITY] [DSA 1943-1] New openldap2.3/openldap packages fix SSL certificate verification weakness,
Giuseppe Iuculano
Call for Papers - you Sh0t the Sheriff 4 - Security Conference, Brazil,
Luiz Eduardo
Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow,
Secunia Research
Same-origin policy bypass vulnerabilities in several VPN products reported,
Juha-Matti Laurio
[ GLSA 200912-01 ] OpenSSL: Multiple vulnerabilities,
Alex Legler
40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit),
smf2 . review
Secunia Research: Roxio Creator Image Rendering Integer Overflow Vulnerability,
Secunia Research
AST-2009-010: RTP Remote Crash Vulnerability,
Asterisk Security Team
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities,
c0dy
Upcoming FreeBSD Security Advisory,
FreeBSD Security Officer
** FreeBSD local r00t zeroday,
Kingcope
Re: ** FreeBSD local r00t zeroday,
Robert BARABAS
[oCERT-2009-017] PHP multiple issues,
Andrea Barisani
WinAppDbg 1.3 is out!,
Mario Alejandro Vilas Jerez
[ MDVSA-2009:305 ] php,
security
[SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities,
Moritz Muehlenhoff
Eshopbuilde CMS SQL Injection Vulnerability,
faghani
[ MDVSA-2009:304 ] bind,
security
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others,
Andrea Purificato
[ GLSA 200911-06 ] PEAR Net_Traceroute: Command injection,
Alex Legler
[ MDVSA-2009:304 ] php,
security
TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability),
Thierry Zoller
Announce: RFIDIOt-1.0a released - November 2009,
Adam Laurie
Windows packages for BIND9 contain vulnerable MSVC runtime components,
Stefan Kanthak
Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition,
k4mr4n_St
[ MDVSA-2009:306 ] dovecot,
security
Xxasp v3.3.2 Sql injection,
secu_lab_ir
[USN-862-1] PHP vulnerabilities,
Marc Deslauriers
Remote Command Execution in dotDefender Site Management,
John Dos
[BMSA-2009-07] Backdoor in PyForum,
Nam Nguyen
[ MDVSA-2009:303 ] php,
security
Some more details on IE STYLE zero-day,
ds . adv . pub
Cacti 0.8.7e: Multiple security issues,
Moritz Naumann
[security bulletin] HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of,
security-alert
[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA-1940-1] New php5 packages fix several issues,
Stefan Fritsch
[ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities,
Alex Legler
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path,
Robert Buchholz
[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities,
Robert Buchholz
rPSA-2009-0156-1 sun-jdk sun-jre,
rPath Update Announcements
rPSA-2009-0155-1 httpd mod_ssl,
rPath Update Announcements
rPSA-2009-0154-1 httpd mod_ssl,
rPath Update Announcements
[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities,
Giuseppe Iuculano
Vulnerabilities in WP-Cumulus for WordPress,
MustLive
[security bulletin] HPSBMA02417 SSRT090031 rev.2 - HP Data Protector Express and HP Data Protector Express Single Server,
security-alert
[USN-861-1] libvorbis vulnerabilities,
Marc Deslauriers
New Paper: MitM Attacks against the chipTAN comfort Online Banking System,
RedTeam Pentesting GmbH
Executing arbitrary PHP code on OpenX <= 2.8.1,
Moritz Naumann
XM Easy Personal FTP Server Remote DoS Vulnerability,
leinakesi
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote DoS Vulnerabilities,
leinakesi
CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution,
CORE Security Technologies Advisories
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution,
CORE Security Technologies Advisories
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution,
CORE Security Technologies Advisories
Millions of PDF invisibly embedded with your internal disk paths,
Inferno
[ MDVSA-2009:301 ] kernel,
security
Code to mitigate IE STYLE zero-day,
ds . adv . pub
[ MDVSA-2009:302 ] php,
security
[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising,
Steffen Joeris
[Bkis-13-2009] e107 Multiple Vulnerabilities,
Bkis
Vulnerabilities in plugins for WordPress,
MustLive
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting,
Steffen Joeris
ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability,
ZDI Disclosures
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components,
VMware Security Team
IE7,
info
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution),
cxib
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access,
security-alert
PHP "multipart/form-data" denial of service,
Bogdan Calin
Firefox 3.5.3 Remote Array Overrun (UPDATE),
cxib
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution),
cxib
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution),
cxib
Opera 10.01 Remote Array Overrun (Arbitrary code execution),
cxib
NSA Iraqi Computer Attacks And U.S. Defense,
Gadi Evron
AssetsSoSimple supplier_admin.php Supplier Field XSS,
Bugs NotHugs
Auto Manager admin.cgi Multiple Field XSS,
Bugs NotHugs
[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service,
security-alert
[USN-860-1] Apache vulnerabilities,
Jamie Strandboge
CORE-2009-1027: IBM SolidDB invalid error code vulnerability,
CORE Security Technologies Advisories
Announcement: Critical Internet Infrastructure WG is now open to public participation,
Gadi Evron
Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow,
Secunia Research
[security bulletin] HPSBMI02473 SSRT080138 rev.1 - Cisco Catalyst Blade Switch 3020/3120, Remote Denial of Service (DoS),
security-alert
TLS / SSLv3 vulnerability explained (DRAFT),
Thierry Zoller
DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009,
Major Malfunction
[security bulletin] HPSBUX02409 SSRT080171 rev.2 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege,
security-alert
[ GLSA 200911-02 ] Sun JDK/JRE: Multiple vulnerabilites,
Alex Legler
CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability,
CORE Security Technologies Advisories
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities,
Giuseppe Iuculano
Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability,
s . leberre
Home FTP Server 'MKD' Command Directory Traversal Vulnerability,
zhangmc
[security bulletin] HPSBMA02456 SSRT090188 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Execution of Arbitrary Code,
security-alert
Secunia Research: Gimp PSD Image Parsing Integer Overflow Vulnerability,
Secunia Research
Metasploit Framework 3.3 Released,
HD Moore
[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness,
Giuseppe Iuculano
Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability,
karakorsankara
[security bulletin] HPSBUX02451 SSRT090137 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
[ MDVSA-2009:158-2 ] pango,
security
[SECURITY] [DSA-1934-1] New apache2 packages fix several issues,
Stefan Fritsch
[ MDVSA-2009:158-1 ] pango,
security
Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation,
contact . fingers
Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability,
zhangmc
[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities,
DSecRG
[ MDVSA-2009:300 ] apache-conf,
security
[ MDVSA-2009:299 ] xine-lib,
security
[ MDVSA-2009:297 ] ffmpeg,
security
[ MDVSA-2009:298 ] xine-lib,
security
[USN-859-1] OpenJDK vulnerabilities,
Kees Cook
[ MDVSA-2009:296 ] gimp,
security
XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability,
zhangmc
rPSA-2009-0142-2 httpd mod_ssl,
rPath Update Announcements
rPSA-2009-0145-1 samba samba-client samba-server samba-swat,
rPath Update Announcements
rPSA-2009-0144-1 apr-util,
rPath Update Announcements
rPSA-2009-0143-1 util-linux util-linux-extras,
rPath Update Announcements
rPSA-2009-0142-1 httpd mod_ssl,
rPath Update Announcements
[SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability,
ctu-no-reply
Panda Security Software Local Privilege Escalation,
Maxim A. Kulakov
WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution,
golunski
VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities,
VUPEN Security Research
[SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability,
ctu-no-reply
[USN-853-2] Firefox and Xulrunner regression,
Jamie Strandboge
Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability,
advisory
Exploit writing tutorials,
Peter Van Eeckhoutte
[USN-858-1] OpenLDAP vulnerability,
Marc Deslauriers
Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability,
Secunia Research
Novell eDirectory 8.8 SP5 Denial of Service,
advisory
iDefense Security Advisory 11.10.09: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability,
iDefense Labs
iDefense Security Advisory 11.10.09: Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability,
iDefense Labs
ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability,
ZDI Disclosures
ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability,
ZDI Disclosures
TPTI-09-07: Microsoft Windows License Logging Service Heap Corruption Vulnerability,
dvlabs
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability,
zhangmc
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting,
Steffen Joeris
[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities,
security-alert
Atheros Driver Reserved Frame Vulnerability,
Laurent Butti
Marvell Driver Multiple Information Element Overflows,
Laurent Butti
[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News,
Andrew Horton
[USN-857-1] Qt vulnerabilities,
Marc Deslauriers
[USN-856-1] CUPS vulnerability,
Marc Deslauriers
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
