Bugtraq
[Prev Page][Next Page]
[SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password,
Mark Thomas
[ MDVSA-2009:295 ] apache,
security
[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution,
Moritz Muehlenhoff
[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities,
Steffen Joeris
[ GLSA 200911-01 ] Horde: Multiple vulnerabilities,
Alex Legler
Php 5.3.0 pdflib extension open_basedir bypass,
r3d . w0rm
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
[ MDVSA-2009:294 ] firefox,
security
Using Blended Browser Threats involving Chrome to steal files on your computer,
Inferno
[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities,
dann frazier
CORE-2009-0912: Blender .blend Project Arbitrary Command Execution,
CORE Security Technologies Advisories
[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
[USN-854-1] GD library vulnerabilities,
Marc Deslauriers
[USN-855-1] libhtml-parser-perl vulnerability,
Marc Deslauriers
ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability,
ZDI Disclosures
[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
[Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report,
Bkis
CONFidence 2.0 schedule online - last time to register,
Andrzej Targosz
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability,
ZDI Disclosures
ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability,
ZDI Disclosures
ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability,
ZDI Disclosures
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability,
ZDI Disclosures
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability,
ZDI Disclosures
AST-2009-008: SIP responses expose valid usernames,
Asterisk Security Team
AST-2009-009: Cross-site AJAX request vulnerability,
Asterisk Security Team
[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities,
Thijs Kinkhorst
Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox,
Context IS - Disclosure
VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities,
VUPEN Security Research
Bractus SunTrack Multiple XSS,
Bugs NotHugs
Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow,
Secunia Research
[security bulletin] HPSBUX02355 SSRT080023 rev.2 - HP-UX Using libc, Remote Denial of Service (DoS),
security-alert
New vulnerability in Xerox Fiery Webtools,
Bernardo Luis
[ MDVSA-2009:293 ] squidGuard,
security
QuahogCon Call for Papers,
info
[ MDVSA-2009:292 ] wireshark,
security
ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability,
ZDI Disclosures
Fwd: {Lostmon´s Group} Re: Wowd search client multiple variable xss (solution),
Lostmon lords
[USN-850-3] poppler vulnerabilities,
Marc Deslauriers
NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow,
NSO Research
[SECURITY] [DSA 1925-1] New proftpd-dfsg packages fix SSL certificate verification weakness,
Steffen Joeris
[USN-853-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
[SECURITY] [DSA 1924-1] New mahara packages fix several vulnerabilities,
Steffen Joeris
ACROS Security: HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1),
ACROS Lists
Reminder for DeepSec 2009 Conference,
DeepSec Conference - Announcement
{PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability,
Protek Research Lab
{PRL} My Remote File Server Privilege Escalation,
Protek Research Lab
CVE-2009-1979 (Oracle RDBMS),
Dennis Yurichev
Windows Media Player Plugin: Local File Detection Vulnerability,
renard-volant
PSAtr v1.2 Sql Injection,
info
CubeCart 4 Session Management Bypass,
Bogdan Calin
[ MDVSA-2009:291 ] jetty5,
security
com_jumi / jumi 2.0.5 for joomla 1.5 backdoored,
Jan van Niekerk
[SECURITY] [DSA 1923-1] New libhtml-parser-perl packages fix denial of service,
Nico Golde
SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008,
Lists
2wire Remote Denial of Service,
Pedro Joaquin
[ MDVSA-2009:290 ] firefox,
security
Hijacking Opera's Native Page using malicious RSS payloads,
Inferno
Fwd: Wowd search client multiple variable xss,
Lostmon lords
iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability,
iDefense Labs
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability,
ZDI Disclosures
Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation,
Tavis Ormandy
[G-SEC 48-2009] F-SECURE - Generic PDF detection bypass,
Thierry Zoller
VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues,
VMware Security Team
[G-SEC 49-2009] McAfee generic PDF detection bypass,
Thierry Zoller
[oCERT-2009-015] KDE multiple issues,
Andrea Barisani
Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability,
Secunia Research
[SECURITY] [DSA 1921-1] New expat packages fix denial of service,
Giuseppe Iuculano
[ MDVSA-2009:289 ] kernel,
security
[G-SEC 47-2009] Symantec generic PDF detection bypass,
Thierry Zoller
Mariposa Botnet C&C decryption plugin for wireshark,
megumi1990
PHP168 v6.0 rc,
info
Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point,
Robbie Gill
{PRL} Rising Antivirus 2009 Privilege Escalation,
Protek Research Lab
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.,
adam
{PRL} Rising Firewall 2009 Privilege Escalation,
Protek Research Lab
Rising Multiple Products Local Privilege Escalation Vulnerability,
ss_contacts
AST-2009-007: ACL not respected on SIP INVITE,
Asterisk Security Team
Cherokee Web Server 0.5.4 Denial Of Service,
usman
[SECURITY] [DSA-1920-1] New nginx packages fix denial of service,
Stefan Fritsch
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection,
DSecRG
[ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities,
Alex Legler
[SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities,
Thijs Kinkhorst
[SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities,
Thijs Kinkhorst
Jetty 6.x and 7.x Multiple Vulnerabilities,
ascii
squidGuard 1.3 & 1.4 : buffer overflow,
majinboo
SharePoint 2007 ASP.NET Source Code Disclosure,
Daniel Martin
RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit,
nospam
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability,
karakorsankara
[SECURITY] [DSA 1917-1] New mimetex packages fix several vulnerabilities,
Giuseppe Iuculano
[SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness,
Giuseppe Iuculano
[SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution,
Steffen Joeris
[ MDVSA-2009:288 ] proftpd,
security
/proc filesystem allows bypassing directory permissions on Linux,
Pavel Machek
Message not available
Re: /proc filesystem allows bypassing directory permissions on Linux,
Daryl Tester
Re: /proc filesystem allows bypassing directory permissions on Linux,
Pavel Kankovsky
Re: /proc filesystem allows bypassing directory permissions on Linux,
Tony Finch
<Possible follow-ups>
Re: Re: /proc filesystem allows bypassing directory permissions on Linux,
nomail
Re: /proc filesystem allows bypassing directory permissions on Linux,
Isara Beaumont
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
HP Quality Centre Weak password Obfuscation,
jason
[USN-850-2] poppler regression,
Marc Deslauriers
[SECURITY] [DSA 1914-1] New mapserver packages fix serveral vulnerabilities,
Nico Golde
[security bulletin] HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access,
security-alert
[security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access,
security-alert
[ GLSA 200910-02 ] Pidgin: Multiple vulnerabilities,
Tobias Heinlein
{PRL} Pegasus Mail client BoF,
Protek Research Lab
{PRL} Eureka Mail client BoF,
Protek Research Lab
Avast! Multiple Vulnerabilities,
ss_contacts
[ MDVSA-2009:287 ] xpdf,
security
Everfocus EDR1600 remote authentication bypass,
Andrea Fabrizi
Call for Papers: Conference on Cyber Conflict, Estonia,
k g
Corsaire White Paper: Attacking Magstripe Gift Cards,
Adrian P.
[oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation,
Will Drewry
TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities,
Davide Canali
[USN-851-1] Elinks vulnerabilities,
Jamie Strandboge
Anonymous Remote Arbitrary Code Execution in Alien Arena 7.30,
jason
[waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1,
come2waraxe
[ MDVSA-2009:286 ] ocaml-camlimages,
security
[USN-850-1] poppler vulnerabilities,
Marc Deslauriers
[ GLSA 200910-01 ] Wget: Certificate validation error,
Alex Legler
turbodiff v1.01 beta released,
Nicolas A. Economou
[ MDVSA-2009:285 ] php,
security
NSOADV-2009-003: Websense Email Security Cross Site Scripting,
NSO Research
NSOADV-2009-002: Websense Email Security Web Administrator DoS,
NSO Research
[ MDVSA-2009:281 ] cups,
security
[ MDVSA-2009:284 ] gd,
security
[ MDVSA-2009:280 ] cups,
security
South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges,
nospam
EMC RepliStor Server (rep_serv.exe) 6.3.1.3 remote denial of service,
nospam
[ MDVSA-2009:282 ] cups,
security
[CVE-2009-1479] Boxalino - Directory Traversal Vulnerability,
Axel Neumann
Overland Guardian OS CLI command line bug - let you get uid 0 shell,
trompele
[ MDVSA-2009:283 ] cups,
security
phpcms 2008 Remote File Disclosure Vulnerability,
info
3Com OfficeConnect Firewall/Router multiple remote Vulnerabilities,
Andrea Fabrizi
McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords,
foo
Vulnerability in Zoiper softphone version 2.22 - Denial Of Service,
Inj3ct0r.com
In-depth research on the recent PDF zero-day exploit (CVE-2009-3459),
cocoruder
Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce.,
adam
[SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection,
Giuseppe Iuculano
CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections,
Dragos Ruiu
VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities,
VUPEN Security Research
VMSA-2009-0014 VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues,
VMware Security Team
WASC Announcement: 2008 Web Application Security Statistics Published,
announcements
DWebPro allow an invader to execute any program at server side,
rafa . de . sousa
[SECURITY] [DSA 1912-1] New camlimages fix arbitrary code execution,
Steffen Joeris
NSFOCUS SA2009-03 : Windows Kernel Malformed PE File Remote DoS Vulnerability,
NSFOCUS Security Team
NSFOCUS SA2009-02 : IBM DB2 JDBC Applet Server Remote DoS Vulnerability,
NSFOCUS Security Team
NSFOCUS SA2009-01 : UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability,
NSFOCUS Security Team
[USN-849-1] libsndfile vulnerabilities,
Jamie Strandboge
[ MDVSA-2009:279 ] ocaml-mysql,
security
Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities,
Andrea Fabrizi
[SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure escaping,
Steffen Joeris
[SECURITY] [DSA 1910-1] New mysql-ocaml packages provide secure escaping,
Steffen Joeris
[SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping,
Steffen Joeris
[ MDVSA-2009:278 ] compiz-fusion-plugins-main,
security
[USN-848-1] Zope vulnerabilities,
Marc Deslauriers
DEFCON London - DC4420 October 2009 Meet - This Thursday 15th,
Major Malfunction
[ MDVSA-2009:277 ] samba,
security
Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow,
Secunia Research
[AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS,
Michele Orru
[SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities,
Nico Golde
[AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities,
Michele Orru
Windows Media Audio Voice remote code execution,
Ivan Fratric
Windows GDI+ TIFF memory corruption,
Ivan Fratric
iDefense Security Advisory 10.13.09: Microsoft Office Drawing Format Shape Properties Memory Corruption Vulnerability,
iDefense Labs
iDefense Security Advisory 10.13.09: Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability,
iDefense Labs
ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability,
ZDI Disclosures
ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability,
ZDI Disclosures
ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability,
ZDI Disclosures
iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability,
iDefense Labs
ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability,
ZDI Disclosures
ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability,
ZDI Disclosures
iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability,
iDefense Labs
[ MDVSA-2009:276 ] python-django,
security
[BONSAI] XSS in Achievo - Customized XSS payload included,
Bonsai - Information Security
[BONSAI] SQL Injection in Achievo,
Bonsai - Information Security
[ MDVSA-2009:274 ] phpmyadmin,
security
[G-SEC 46-2009] Computer Associates multiple products arbritary code execution,
Thierry Zoller
[SECURITY] [DSA 1907-1] New kvm packages fix several vulnerabilities,
Giuseppe Iuculano
Palm Pre WebOS version <= 1.1 Floating Point Exception,
PalmPreHacker
Quick Heal Local Privilege Escalation Vulnerability,
ss_contacts
[ MDVSA-2009:273 ] strongswan,
security
[ MDVSA-2009:272 ] libmikmod,
security
[ MDVSA-2009:270 ] wireshark,
security
[ MDVSA-2009:271 ] libnasl,
security
[ MDVSA-2009:269 ] mono,
security
[ MDVSA-2009:268 ] mono,
security
DEDECMS v5.1 Sql Injection Vulnerability,
info
[ MDVSA-2009:275 ] python-django,
security
[SECURITY] [DSA 1906-1] End-of-life announcement for clamav in stable and oldstable,
Steffen Joeris
[SECURITY] [DSA 1905-1] New python-django packages fix denial of service,
Nico Golde
[ MDVSA-2009:267 ] xmlsec1,
security
[ MDVSA-2009:266 ] awstats,
security
[SECURITY] [DSA 1895-2] New opensaml2 and shibboleth-sp2 packages fix regression,
Florian Weimer
[ MDVSA-2009:264 ] gd,
security
[ MDVSA-2009:265 ] egroupware,
security
[ MDVSA-2009:263 ] sympa,
security
[ MDVSA-2009:262 ] netpbm,
security
Docebo Multiple SQL-Injection Vulnerabilities,
Andrea Fabrizi
[ MDVSA-2009:260 ] imagemagick,
security
[USN-847-2] devscripts vulnerability,
Jamie Strandboge
[SECURITY] [DSA 1904-1] New wget packages fix SSL certificate verification weakness,
Giuseppe Iuculano
CA20091008-01: Security Notice for CA Anti-Virus Engine,
Williams, James K
[USN-847-1] Devscripts vulnerability,
Jamie Strandboge
[ MDVSA-2009:261 ] graphicsmagick,
security
QuickCart Multiple vlunerabilities,
Paweł Łaskarzewski
[USN-846-1] ICU vulnerability,
Jamie Strandboge
vBulletin - Multiple Versions - Cross Site Script Redirection,
advisories
WASC Announcement: Announcing the Web Application Security Scanner Evaluation Criteria v1,
announcements
FreeBSD 7.2 VFS/devfs race condition exploit,
Przemyslaw Frasunek
FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit,
Przemyslaw Frasunek
[ MDVSA-2009:217-2 ] mozilla-thunderbird,
security
[ MDVSA-2009:217-1 ] mozilla-thunderbird,
security
[USN-845-1] Pan vulnerability,
Marc Deslauriers
[USN-844-1] mimeTeX vulnerabilities,
Marc Deslauriers
BMW 'inventory.php"<= SQL Injection Vulnerability,
Dazz . band
Remote buffer overflow in httpdx,
pankaj208
[ MDVSA-2009:259 ] snort,
security
DreamPoll 3.1 Vulnerabilities,
mark
iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability,
iDefense Labs
[DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities,
DSecRG
[SECURITY] [DSA 1903-1] New graphicsmagick packages fix several vulnerabilities,
Giuseppe Iuculano
[DSECRG-09-017] SAP GUI vsflexGrid ActiveX - Buffer Overflow vulnerability,
DSecRG
[ MDVSA-2009:258 ] openssl,
security
[security bulletin] HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS),
security-alert
BulletProof FTP Client Buffer Overflow (SEH),
rafa . de . sousa
{PRL} XLPD 3.0 Remote DoS,
Protek Research Lab
[ MDVSA-2009:256 ] dbus,
security
[ MDVSA-2009:257 ] qemu,
security
[USN-843-1] BackupPC vulnerability,
Marc Deslauriers
CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application,
CORE Security Technologies Advisories
Dopewars 1.5.12 Server Denial of Service,
dougtko
[USN-842-1] Wget vulnerability,
Marc Deslauriers
[Advisory]PBBoard <=2.0.2 Full Path Disclosure,
admin
[Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic,
admin
AlleyCode SEH overflow POC‏‏,
rafa . de . sousa
FRHACK01 Slides are online,
Jerome Athias
[USN-841-1] GLib vulnerability,
Kees Cook
CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace,
SpringSource Security Team
[SECURITY] [DSA 1902-1] New elinks packages fix arbitrary code execution,
Moritz Muehlenhoff
CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list,
SpringSource Security Team
[oCERT-2009-014] Android denial-of-service issues,
Andrea Barisani
[SECURITY] [DSA 1901-1] New mediawiki1.7 packages fix several vulnerabilities,
Giuseppe Iuculano
Palm Pre WebOS <=1.1 Remote File Access Vulnerability,
PalmPreHacker
CORE-2009-0812-Hyperic HQ Multiple XSS,
CORE Security Technologies Advisories
[security bulletin] HPSBUX02421 SSRT090047 rev.2 - HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
FreeBSD Security Advisory FreeBSD-SA-09:14.devfs,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-09:13.pipe,
FreeBSD Security Advisories
[ MDVSA-2009:255 ] perl-DBD-Pg,
security
[SECURITY] [DSA 1899-1] New strongswan packages fix denial of service,
Florian Weimer
[SECURITY] [DSA 1900-1] New PostgreSQL packages fix various problems,
Florian Weimer
[SECURITY] [DSA 1898-1] New openswan packages fix denial of service,
Florian Weimer
VMSA-2009-0013 VMware Fusion resolves two security issues,
VMware Security team
AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit,
nospam
google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (IE),
nospam
[USN-840-1] OpenOffice.org vulnerabilities,
Jamie Strandboge
[USN-839-1] Samba vulnerabilities,
Marc Deslauriers
Rooted CON 2010 - CFP,
Roman Medina-Heigl Hernandez
[ MDVSA-2009:254 ] graphviz,
security
ZDI-09-067: Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability,
ZDI Disclosures
[ MDVSA-2009:253 ] backuppc,
security
{PRL} Cerberus FTP server 3.0.6 Pre-Auth DoS,
Protek Research Lab
{PRL} Novell Edirectory 8.8 SP5 XSS,
Protek Research Lab
THOTCON 0x1 - Call For Papers is Open -> October 1, 2009,
THOTCON Announce
[ MDVSA-2009:178 ] perl-IO-Socket-SSL,
security
[ MDVSA-2009:177 ] postgresql,
security
[ MDVSA-2009:176 ] postgresql,
security
C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness,
Eyal Udassin
MD5 hash extension attack breaks API authentication of Flickr and others,
Juliano Rizzo
FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution,
Giuseppe Fuggiano
Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges,
nospam
WinRAR v3.80 - ZIP Filename Spoofing,
chr1x
Cross-Site Scripting vulnerability in eCaptcha,
MustLive
[security bulletin] HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access,
security-alert
[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution,
Florian Weimer
Vulnerabilities in E107,
MustLive
[DSECRG-09-043] SAP GUI 7.1 Insecure Method,
Alexandr Polyakov
[ MDVSA-2009:249 ] newt,
security
[MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure,
David Vieira-Kurz
Local privilege escalation vulnerability in Trustport security software,
ss_contacts
[USN-838-1] Dovecot vulnerabilities,
Marc Deslauriers
[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution,
Nico Golde
(edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods,
Alexandr Polyakov
[MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure,
David Vieira-Kurz
[ MDVSA-2009:248 ] php,
security
[ MDVSA-2009:247 ] php,
security
[ MDVSA-2009:246 ] php,
security
[ GLSA 200909-20 ] cURL: Certificate validation error,
Alex Legler
Cisco ACE XML Gateway <= 6.0 Internal IP disclosure,
nitrØus
COMPENG 2010 - Extended Submission Deadline,
Federico Maggi
[SECURITY] [DSA 1895-1] New xmltooling packages fix potential code execution,
Florian Weimer
Call for Participation - ACM Conference on Computer and Communications Security (CCS),
Christopher Kruegel
Cross-Site Scripting vulnerability in E107,
MustLive
Engeman - SQL Injection Vulnerability (vendor url erratum),
crashbrz
[SECURITY] [DSA 1894-1] New newt packages fix arbitrary code execution,
Steffen Joeris
Black Hat DC Call for Papers is now OPEN,
Jeff Moss
[USN-837-1] Newt vulnerability,
Marc Deslauriers
[ MDVSA-2009:245 ] glib2.0,
security
[ MDVSA-2009:243-1 ] freetype2,
security
ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability,
ZDI Disclosures
Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
cour supreme 'index.php' SQL Injection & Local File Include Vulnerability,
CrAzY_CrAcKeR
[SECURITY] [DSA 1892-1] New dovecot packages fix arbitrary code execution,
Steffen Joeris
Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
[ MDVSA-2009:244 ] xfig,
security
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability,
Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1893-1] New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution,
Steffen Joeris
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.,
contact . fingers
Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability,
Cisco Systems Product Security Incident Response Team
[USN-836-1] WebKit vulnerabilities,
Marc Deslauriers
nginx - low risk webdav destination bug,
Kingcope
[DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities,
research
[ MDVSA-2009:243 ] freetype2,
security
[ MDVSA-2009:242-1 ] dovecot,
security
[ MDVSA-2009:242 ] dovecot,
security
[security bulletin] HPSBUX02457 SSRT090174 rev.1 - HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access,
security-alert
[ MDVSA-2009:241 ] squid,
security
[ MDVSA-2009:240 ] apache,
security
[ MDVSA-2009:239 ] openssl,
security
[SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution,
Steffen Joeris
[MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues,
david
ToorCon 11 Preliminary Lineup Announced!,
h1kari
[security bulletin] HPSBGN02441 SSRT090082 rev.1 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access,
security-alert
[ MDVSA-2009:238 ] openssl,
security
[Suspected Spam][USN-835-1] neon vulnerabilities,
Kees Cook
[ MDVSA-2009:237 ] openssl,
security
[USN-834-1] PostgreSQL vulnerabilities,
Jamie Strandboge
[scip_Advisory 4020] Check Point Connectra R62 Login Script Injection Vulnerability,
Stefan Friedli
[ MDVSA-2009:236 ] firefox,
security
[UPRSN] Ubuntu Privacy Remix 9.04r2 fixes security issues,
Ubuntu Privacy Remix Team
[SECURITY] [DSA 1890-1] New wxwidgets packages fix arbitrary code execution,
Steffen Joeris
Mambo 4.6.3 arbitrary file upload,
Paweł Łaskarzewski
rubrique 'rubrique.php' SQL Injection Vulnerability,
CrAzY_CrAcKeR
Dawaween V 1.03 <<----SQL Injection Exploit,
Dazz . band
[ GLSA 200909-19 ] Dnsmasq: Multiple vulnerabilities,
Alex Legler
Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200),
Marc Heuse
[ GLSA 200909-18 ] nginx: Remote execution of arbitrary code,
Alex Legler
Advisory 01/2009: Horde_Form_Type_image Arbitrary File Overwrite Vulnerability,
Stefan Esser
[security bulletin] HPSBST02459 SSRT080134 rev.2 - HP StorageWorks Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders, Denial of Service (DoS),
security-alert
[USN-833-1] KDE-Libs vulnerability,
Jamie Strandboge
Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs),
Adrian P
Peiter "Mudge" Zatko petition to be named U.S. Cybersecurity Chief,
The Sp3ctacle
SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities,
Stefan Streichsbier
Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX stack overflow exploit,
Sebastian Wolfgarten
nginx internal DNS cache poisoning,
Matthew Dempsky
[USN-832-1] FreeRADIUS vulnerability,
Marc Deslauriers
[SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence parsing,
Moritz Muehlenhoff
Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793),
Julien TINNES
Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more,
Inferno
ANNOUNCE: RFIDIOt release - v0.z - 16th September, 2009,
Adam Laurie
[security bulletin] HPSBUX02458 SSRT090104 rev.1 - HP-UX Running bootpd, Remote Denial of Service (DoS),
security-alert
[SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures,
Moritz Muehlenhoff
Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point,
Yossi Yakubov
3rd party patch for XP for MS09-048?,
Aras "Russ" Memisyazici
<Possible follow-ups>
Re: Re: 3rd party patch for XP for MS09-048?,
Elizabeth . a . greene
[ MDVSA-2009:234 ] silc-toolkit,
security
[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting,
Steffen Joeris
[ MDVSA-2009:235 ] silc-toolkit,
security
[ MDVSA-2009:234-1 ] silc-toolkit,
security
Local privilege escalation vulnerability in Protector Plus Antivirus (Proland Software),
ss_contacts
[ MDVSA-2009:233 ] kernel,
security
[TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow,
Tobias Klein
[USN-830-1] OpenSSL vulnerability,
Marc Deslauriers
[USN-831-1] OpenEXR vulnerabilities,
Marc Deslauriers
[SECURITY] [DSA 1886-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution,
Nico Golde
[ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability,
adv
[SECURITY] [DSA 1883-2] New nagios2 packages fix regression,
Steffen Joeris
[ GLSA 200909-17 ] ZNC: Directory traversal,
Tobias Heinlein
[ GLSA 200909-16 ] Wireshark: Denial of Service,
Tobias Heinlein
Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference,
Przemyslaw Frasunek
War FTP Daemon Remote Denial Of Service Vulnerability,
Jarle Aase
[ GLSA 200909-15 ] Lynx: Arbitrary command execution,
Alex Legler
[ GLSA 200909-14 ] Horde: Multiple vulnerabilities,
Alex Legler
[ GLSA 200909-13 ] irssi: Execution of arbitrary code,
Alex Legler
[ GLSA 200909-12 ] HTMLDOC: User-assisted execution of arbitrary code,
Alex Legler
nullcon Goa 2010 Call For Papers,
nullcon nullcon
vBulletin 3.8.2 Denial of Service Exploit,
snip3r ir4Q
[ MDVSA-2009:232 ] libsamplerate,
security
[ MDVSA-2009:197-2 ] nss,
security
[ MDVSA-2009:228 ] libneon,
security
ShmooCon 2010 CFP,
Bruce Potter
[ MDVSA-2009:231 ] htmldoc,
security
iphone email client does not validate ssl certificates,
Bill Borskey
[ MDVSA-2009:230 ] pidgin,
security
Regular Expression Denial of Service,
Alex Roichman
Siemens Gigaset SE361 Wlan - Remote Reboot,
crashbrz
[ MDVSA-2009:229 ] cyrus-imapd,
security
[SECURITY] [DSA 1878-2] New devscripts packages fix regressions,
Florian Weimer
[USN-829-1] Qt vulnerability,
Jamie Strandboge
ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability,
ZDI Disclosures
ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability,
ZDI Disclosures
ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability,
ZDI Disclosures
[USN-821-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
T-HTB Manager Mutiple Blind SQL Injection,
Salvatore Fresta aka Drosophila
[ MDVSA-2009:226 ] freeradius,
security
SecurityTubeCon CFP, Venue: Cyberspace!,
Vivek Ramachandran
[SECURITY] [DSA 1883-1] New nagios2 packages fix several cross-site scriptings,
Steffen Joeris
Nullam Blog Multiple Remote Vulnerabilities,
Salvatore Fresta aka Drosophila
[ MDVSA-2009:226 ] aria2,
security
CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server,
CORE Security Technologies Advisories
SMB SRV2.SYS Denial of Service PoC,
igottabug
[SECURITY] [DSA 1882-1] New xapian-omega packages fix cross-site scripting,
Nico Golde
[ GLSA 200909-11 ] GCC-XML: Insecure temporary file usage,
Alex Legler
[ GLSA 200909-10 ] LMBench: Insecure temporary file usage,
Alex Legler
[ GLSA 200909-09 ] Screenie: Insecure temporary file usage,
Alex Legler
[ GLSA 200909-08 ] C* music player: Insecure temporary file usage,
Alex Legler
[ GLSA 200909-07 ] TkMan: Insecure temporary file usage,
Alex Legler
[ GLSA 200909-06 ] aMule: Parameter injection,
Alex Legler
[ GLSA 200909-05 ] Openswan: Denial of Service,
Alex Legler
4f: The File Format Fuzzing Framework,
Krakow Labs
[ GLSA 200909-04 ] Clam AntiVirus: Multiple vulnerabilities,
Alex Legler
[ GLSA 200909-03 ] Apache Portable Runtime, APR Utility Library: Execution of arbitrary code,
Alex Legler
TCP/IP Orphaned Connections Vulnerability,
Fabian Yamaguchi
SeacureIT Preview Conference 2009,
Stefano Zanero
Multiple RDP Connections BSOD DOS,
Tim Medin
[Advisory] ChartDirector Critical File Access,
DokFLeed
Open Beta - New Free AV Software,
Alfred Huger
[USN-828-1] PAM vulnerability,
Kees Cook
ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability,
ZDI Disclosures
MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago,
Juha-Matti Laurio
Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD,
Reversemode
[ MDVSA-2009:225 ] qt4,
security
[oCERT-2009-013] yTNEF/Evolution TNEF attachment decoder input sanitization errors,
Andrea Barisani
[scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation,
Marc Ruef
Novell eDirectory 8.8 SP5 Dhost Http Server DoS,
karakorsankara
Various Orion application application server example pages are vulnerable to XSS.,
info
[SECURITY] [DSA 1881-1] New cyrus-imapd packages fix arbitrary code execution,
Nico Golde
VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.,
VMware Security team
Secunia Research: VMWare VMnc Codec Mismatched Dimensions Buffer Overflow,
Secunia Research
[ GLSA 200909-02 ] libvorbis: User-assisted execution of arbitrary code,
Alex Legler
[ GLSA 200909-01 ] Linux-PAM: Privilege escalation,
Alex Legler
yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities,
Akita Software Security
[SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution,
Nico Golde
AST-2009-006: IAX2 Call Number Resource Exhaustion,
Asterisk Security Team
DvBBS v2.0(PHP) boardrule.php Sql injection,
info
Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion"),
Kingcope
New Bug Found By Ostoure Sazan Sharif,
ostoure . sazan
FRHACK ITSec Conf DVDs and Live Streams,
Jerome Athias
FRHACK OS v1 alpha1 released,
Jerome Athias
[SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution,
Florian Weimer
[SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code execution,
Sebastien Delafond
International Hacking & Security Conference "POC2009" and Call for Paper,
pocadm
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday,
Thierry Zoller
[ADVISORY] NetCache URL DoS - Argentinian ISP,
Arturo 'Buanzo' Busleiman
[USN-810-2] NSS regression,
Kees Cook
[USN-827-1] Dnsmasq vulnerabilities,
Jamie Strandboge
[SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution,
Florian Weimer
[BMSA-2009-06] Remote code execution in BKAV eOffice,
Nam Nguyen
Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow,
Secunia Research
Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow,
Secunia Research
VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0,
VMware Security team
SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console,
Johannes Greil
Pwning Opera Unite with Inferno's Eleven,
Inferno
Norman Internet Update Deamon sends cleartext license key on update,
Stefan Bauer
[SECURITY] [DSA 1875-1] New ikiwiki packages fix information disclosure,
Moritz Muehlenhoff
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows,
Stefan Kanthak
Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture,
Ramon de Carvalho Valle
Writeup by Amit Klein (Trusteer): "Google Chrome 3.0 (Beta) Math.random vulnerability",
Amit Klein
[ MDVSA-2009:224 ] postfix,
security
[ MDVSA-2009:223 ] xerces-c,
security
[ MDVSA-2009:222 ] squirrelmail,
security
Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon,
MustLive
Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter,
Shatter
[SECURITY] [DSA 1871-2] New wordpress packages fix regression,
Steffen Joeris
[USN-826-1] Mono vulnerabilities,
Marc Deslauriers
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1873-1] New xulrunner packages fix spoofing vulnerabilities,
Moritz Muehlenhoff
[MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9,
Andrew Horton
[PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability,
Valery Marchuk
H4RDW4RE presentations updated,
Thor (Hammer of God)
Oracle 11g (11.1.0.6) Password Policy and Compliance,
David Litchfield
Bypassing DBMS_ASSERT in certain situations,
David Litchfield
Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC,
David Litchfield
iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability,
iDefense Labs
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution,
Florian Weimer
HyperVM File Permissions Local Vulnerability,
XiaShing
[security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS),
security-alert
EesySec Personal Firewall Remote Buffer Overflow Exploit,
the_3dit0r
CONFidence 2009, November, CfP,
Andrzej Targosz
Xerox WorkCentre multiple models Denial of Service,
Henri Lindberg - Smilehouse Oy
[ MDVSA-2009:221 ] libneon0.27,
security
[USN-825-1] libvorbis vulnerability,
Marc Deslauriers
rPSA-2009-0122-1 idle python,
rPath Update Announcements
[USN-824-1] PHP vulnerability,
Marc Deslauriers
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
