Bugtraq
[Prev Page][Next Page]
- catching up on several recently fixed bugs of note,
Michal Zalewski
- CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass,
CORE Security Technologies Advisories
- CORE-2009-0521 - DX Studio Player Firefox plug-in command injection,
CORE Security Technologies Advisories
- CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept,
Adrian P.
- Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability,
Secunia Research
- Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability,
Secunia Research
- New paper - Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions,
marian . ventuneac
- [USN-785-1] ipsec-tools vulnerabilities,
Marc Deslauriers
- (Post Form var 'username') BLIND SQLi exploit --S-CMS <= v-2.0 Beta3-->,
y3nh4ck3r
- MULTIPLE SQL INJECTION VULNERABILITIES --S-CMS <= v-2.0 Beta3-->,
y3nh4ck3r
- MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES --S-CMS <= v-2.0 Beta3-->,
y3nh4ck3r
- [security bulletin] HPSBMA02430 SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow,
noreply
- XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3,
pantera_bleed
- Apple Safari local file theft vulnerability,
Chris Evans
- ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability,
ZDI Disclosures
- ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability,
ZDI Disclosures
- ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability,
ZDI Disclosures
- [USN-784-1] ImageMagick vulnerability,
Jamie Strandboge
- [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability,
Mark Thomas
- New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks,
Amit Klein
- [USN-783-1] eCryptfs vulnerability,
Kees Cook
- Rasterbar libtorrent arbitrary file overwrite vulnerability,
Dimitris Glynos
- [ MDVSA-2009:132 ] libsndfile,
security
- [ MDVSA-2009:131 ] apr-util,
security
- [SECURITY] [DSA 1813-1] New evolution-data-server packages fix several vulnerabilities,
Steffen Joeris
- [DSECRG-09-015] SAP GUI 6.4 Buffer Overflow vulnerability,
Alexandr Polyakov
- [ MDVSA-2009:131-1 ] apr-util,
security
- ('dest') Blind (SQLi) EXPLOIT --Kjtechforce mailman Beta-1 -->,
y3nh4ck3r
- [ MDVSA-2009:130 ] gstreamer0.10-plugins-good,
security
- [security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access,
security-alert
- SQL INJECTION VULNERABILITY--Kjtechforce mailman Beta-1-->,
y3nh4ck3r
- Re: [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability-fixed,
pm
- Re: [Full-disclosure] Cross Site Scripting in PHP Nuke 8.0 Version,
Christian Kujau
- EC2ND 2009 CFP - 5th European Conference on Computer Network Defence,
Maggi Federico
- Reminder: DeepSec 2009 Call for Papers is open,
DeepSec Conference
- LightOpenCMS 0.1 pre-alpha Remote SQL Injection,
Salvatore "drosophila" Fresta
- [ISecAuditors Security Advisories] Joomla! 1.5.10 JA_Purity Multiple Persistent XSS,
ISecAuditors Security Advisories
- [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication,
Mark Thomas
- [ MDVSA-2009:129 ] file,
security
- [Security] XM Easy Personal FTP Server Multiple DoS vulnerabilities,
neeraj . thakar
- [SECURITY] [DSA 1812-1] New apr-util packages fix several vulnerabilities,
Stefan Fritsch
- [ MDVSA-2009:128 ] libmodplug,
security
- SQL INJECTION VULNERABILITY--LightOpen CMS Devel 0.1-->,
y3nh4ck3r
- [InterN0T] Flatnux 2009-03-27 - XSS Vulnerabilities + More,
security
- [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities,
security
- [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability,
security
- [InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability,
security
- [InterN0T] moziloCMS 1.11.1 - XSS Vulnerability,
security
- [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure,
Mark Thomas
- OCS Inventory NG 1.02 - Directory Traversal,
Nico Leidecker
- [ MDVSA-2009:127 ] gaim,
security
- [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication,
Mark Thomas
- [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector,
Mark Thomas
- [USN-780-1] CUPS vulnerability,
Marc Deslauriers
- [USN-781-1] Pidgin vulnerabilities,
Marc Deslauriers
- [USN-781-2] Gaim vulnerabilities,
Marc Deslauriers
- Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption,
Roee Hay
- [SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure,
Stefan Fritsch
- CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability,
CORE Security Technologies Advisories
- TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities,
dvlabs
- [SECURITY] [DSA 1810-1] New cups/cupsys packages fix denial of service,
Nico Golde
- TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability,
dvlabs
- ZDI-09-030: Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-029: Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-028: Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-027: Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-026: Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-025: Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBUX02429 SSRT090058 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES -- Online Grades & Attendance <= v-3.2.6 -->,
y3nh4ck3r
- [SECURITY] [DSA 1809-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
- [ MDVSA-2009:126 ] eggdrop,
security
- Secunia Research: Apple QuickTime MS ADPCM Encoding Buffer Overflow,
Secunia Research
- ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities,
VUPEN Security Research
- Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability,
Secunia Research
- (Post Form --> 'cc') Blind (SQLi) EXPLOIT --Online Grades & Attendance <= v-3.2.6-->,
y3nh4ck3r
- The father of all bombs - another webdav fiasco,
Kingcope
- [USN-778-1] cron vulnerability,
Jamie Strandboge
- Zemana Antilogger 1.9.2 DoS attack,
loginit
- ZDI-09-024: Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability,
ZDI Disclosures
- ACSAC 2009 submissions due June 8 and June 10 (extended),
acsac . publicity
- [SECURITY] [DSA 1808-1] New drupal6 packages fix insufficient input sanitising,
Steffen Joeris
- FRHACK 2009 Final Call For Papers extended,
Jerome Athias
- MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->,
y3nh4ck3r
- CFP 26C3 / 26th Chaos Communication Congress,
lists
- ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability,
michal . sajdak
- OCS Inventory NG 1.02 - Multiple SQL Injections,
Nico Leidecker
- (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->,
y3nh4ck3r
- [ MDVSA-2009:124 ] apache,
security
- [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution,
Nico Golde
- FIREFOX URL space character SPOOF,
xushaopei
- ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc,
nospam
- [ MDVSA-2009:125 ] wireshark,
security
- Linksys WAG54G2 Web Management Console Local Arbitrary Shell Command Injection Vulnerability,
michal . sajdak
- SonicWALL SSL-VPN Appliance Format String Vulnerability,
Patrick Webster
- VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues,
VMware Security team
- (whitepaper) Microsoft WPAD Technology Weaknesses [PTResearch Team],
srublev
- [TZO-28-2009] - Avira Antivir generic RAR,CAB,ZIP,
Thierry Zoller
- Novell Groupwise fails to properly sanitize emails.,
c3rb3r
- [InterN0T] Achievo 1.3.4 - XSS Vulnerability,
security
- CORE-2009-0401 - StoneTrip S3DPlayers remote command injection,
CORE Security Technologies Advisories
- [TZO-27-2009] Firefox Denial of Service (Keygen),
Thierry Zoller
- Call For Papers – ACM CCS 2009 Workshops,
Christopher Kruegel
- ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability,
ZDI Disclosures
- rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server,
rPath Update Announcements
- [Bkis-09-2009] XSS vulnerability in 'Monitor_Bandwidth' - PRTG Traffic Grapher,
Bkis
- rPSA-2009-0095-1 tshark wireshark,
rPath Update Announcements
- ecshop 2.6.2,
info
- Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts,
Jacques Copeau
- rPSA-2009-0092-1 ntp ntp-utils,
rPath Update Announcements
- MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->,
y3nh4ck3r
- New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln,
Steve Friedl
- [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities,
security
- [ MDVSA-2009:123 ] opensc,
security
- [ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code,
Alex Legler
- [security bulletin] HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- Vanilla v.1.1.7 Cross-Site Scripting,
darkz . gsa
- PHP Nuke v.8.0 (referer) SQL Injection,
darkz . gsa
- W3af ninja training class in NYC,
Michelangelo Sidagni
- [IMF 2009] 3rd Call - Deadline Extended,
Oliver Goebel
- Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG),
Thierry Zoller
- [ GLSA 200905-08 ] NTP: Remote execution of arbitrary code,
Alex Legler
- SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability,
Bernhard Mueller
- SEC Consult SA-20090525-3 :: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability,
Bernhard Mueller
- COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit,
nospam
- SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability,
Bernhard Mueller
- [ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities,
Alex Legler
- SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability,
Bernhard Mueller
- Backdoor in com_rsgallery2 gallery extension for joomla,
Jan van Niekerk
- SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability,
Bernhard Mueller
- Multiple vulnerabilities in several ATEN IP KVM Switches,
Jakob Lell
- [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG),
Thierry Zoller
- Arcade Trade Script XSS,
SmOk3
- PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs,
Piotr Bania
- Hardening OSX against CVE-2008-5353,
Marc Schoenefeld
- [ GLSA 200905-05 ] FreeType: Multiple vulnerabilities,
Alex Legler
- Secunia Research: Sun Solaris "sadmind" Buffer Overflow Vulnerability,
Secunia Research
- MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component 'Boy Scout Advancement' <= v-0.3 (com_bsadv)-->,
y3nh4ck3r
- [ MDVSA-2009:122 ] squirrelmail,
security
- [SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution,
Moritz Muehlenhoff
- [ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities,
Alex Legler
- [ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
- [InterN0T] AMember 3.1.7 - Multiple Vulnerabilities,
security
- [ GLSA 200905-03 ] IPSec Tools: Denial of Service,
Alex Legler
- [ GLSA 200905-06 ] acpid: Denial of Service,
Pierre-Yves Rofes
- Secunia Research: Sun Solaris "sadmind" Integer Overflow Vulnerability,
Secunia Research
- MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->,
y3nh4ck3r
- ChinaGames (CGAgent.dll) ActiveX Remote Code Execution Exploit,
info
- [oCERT-2009-006] Android improper package verification when using shared uids,
Will Drewry
- [SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities,
Moritz Muehlenhoff
- [TZO-25-2009] Panda generic evasion (TAR),
Thierry Zoller
- [TZO-24-2009] Panda generic evasion (CAB),
Thierry Zoller
- LxBlog,
info
- [ MDVSA-2009:121 ] lcms,
security
- Serena Dimensions CM Desktop Client does not validate the server SSL certificate,
roland . gruber . extern
- [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix,
Thijs Kinkhorst
- Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities,
VUPEN Security Research
- DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability,
Ben Hawkes
- [ MDVSA-2009:120 ] openssl,
security
- MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->,
y3nh4ck3r
- Novell GroupWise Web Access Multiple XSS,
swhite
- DDIVRT-2009-25 IPsession SQL Injection Vulnerability,
ddvulnalert
- iDefense Security Advisory 05.20.09: IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability,
iDefense Labs
- (GET vars 'x' & 'y') ADMIN FUNCTION EXECUTION--Jorp v-1.3.05.09-->,
y3nh4ck3r
- [security bulletin] HPSBPI02398 SSRT080166 rev.3 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files,
security-alert
- CORE-2009-0109 - Multiple XSS in Sun Communications Express,
CORE Security Technologies Advisories
- Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.,
publists
- [USN-777-1] Ntp vulnerabilities,
Jamie Strandboge
- DMXReady Registration Manager Arbitrary File Upload Vulnerability,
info
- Shakacon Security Conference - Trainers and Speakers Finalized,
Shakacon
- [SECURITY] [DSA 1804-1] New ipsec-tools packages fix denial of service,
Nico Golde
- [SECURITY] [DSA 1803-1] New nsd packages fix denial of service,
Thijs Kinkhorst
- Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2009:119 ] kernel,
security
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Spreadsheet Buffer Overflow Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Integer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities,
iDefense Labs
- [SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
- MULTIPLE REMOTE VULNERABILITIES --my-Gesuad 0.9.14-->,
y3nh4ck3r
- MULTIPLE REMOTE VULNERABILITIES --my-colex 1.4.2-->,
y3nh4ck3r
- [security bulletin] HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software (RGS) Sender Running Easy Login, Remote Unauthorized Access,
security-alert
- [security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access,
security-alert
- Fwd: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009,
Thierry Zoller
- rPSA-2009-0084-1 kernel,
rPath Update Announcements
- WinAppDbg module v1.1 is out!,
Mario Alejandro Vilas Jerez
- [TKADV2009-006] libsndfile/Winamp VOC Processing Heap Buffer Overflow,
Tobias Klein
- NetDecision TFTP Server 4.2 TFTP Directory Traversal,
vuln_research
- BugCON '09 has swine influenza!!,
Carlos Augusto
- [ MDVSA-2009:113 ] cyrus-sasl,
security
- ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability,
ZDI Disclosures
- PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case),
Piotr Bania
- Conference on Cyber Warfare: registration open!,
kgconference
- [ MDVSA-2009:114 ] ipsec-tools,
security
- rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server,
rPath Update Announcements
- [ MDVSA-2009:115 ] phpMyAdmin,
security
- ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability,
ZDI Disclosures
- [ MDVSA-2009:116 ] gnutls,
security
- [TZO-22-2009] Bitdefender generic evasion of heuristics (for PDF),
Thierry Zoller
- [ MDVSA-2009:118 ] kernel,
security
- [TZO-23-2009] Avira antivir generic evasion of heuristics (for PDF),
Thierry Zoller
- [SECURITY] [DSA 1802-1] New squirrelmail packages fix several vulnerabilities,
Thijs Kinkhorst
- [security bulletin] HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- INSECURE COOKIE HANDLING VULNERABILITIES --Dog Pedigree Online Database v1.0.1-Beta-->,
y3nh4ck3r
- (GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->,
y3nh4ck3r
- Namad Cms Remote File Download,
info
- [ MDVSA-2009:117 ] ntp,
security
- HTTP Parameter Pollution,
Luca.carettoni
- [SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities,
Thijs Kinkhorst
- eggdrop/windrop remote crash vulnerability,
Thomas Sader
- MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->,
y3nh4ck3r
- MULTIPLE SQL INJECTION VULNERABILITIES --Shutter v-0.1.1-->,
y3nh4ck3r
- iDefense Security Advisory 05.14.09: Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability,
iDefense Labs
- [security bulletin] HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- Insufficient Authentication vulnerability in Asus notebook,
MustLive
- [ MDVSA-2009:112 ] ipsec-tools,
security
- (GET var 'member') BLIND SQL INJECTION EXPLOIT --FAMILY CONNECTIONS <= v1.9 -->,
y3nh4ck3r
- Pinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory traversal vulnerability poc,
ipsdix
- maxcms2.0 creat new admin exploit,
info
- [USN-776-2] KVM regression,
Marc Deslauriers
- Re: The security tools list, new version with more than 200 new tools!,
Ying
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint Notes Container Heap Corruption Vulnerability,
iDefense Labs
- [ MDVSA-2009:110 ] squirrelmail,
security
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint Build List Memory Corruption Vulnerability,
iDefense Labs
- [ MDVSA-2009:111-1 ] firefox,
security
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint Integer Overflow Vulnerability,
iDefense Labs
- [ MDVSA-2009:111 ] firefox,
security
- [USN-776-1] KVM vulnerabilities,
Kees Cook
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow,
iDefense Labs
- [USN-775-1] Quagga vulnerability,
Kees Cook
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities,
iDefense Labs
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Heap Corruption Vulnerability,
iDefense Labs
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability,
iDefense Labs
- ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability,
ZDI Disclosures
- Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows,
Secunia Research
- User options changer (SQLi) EXPLOIT --Bigace CMS -stable release- 2.5-->,
y3nh4ck3r
- CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities [Updated],
Williams, James K
- Sun IDM Arbitrary Commands Execution Vulnerability,
abb@xxxxxxxxx
- FormMail 1.92 Multiple Vulnerabilities,
ascii
- The security tools list, new version with more than 200 new tools!,
Ying
- Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection,
Inferno
- Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit,
nospam
- Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities,
Felipe M. Aragon
- Security Advisory: Banks in Australia,
militan . c7
- xcon2009 is coming,
bugdigger
- [SECURITY] [DSA 1799-1] New qemu packages fix several vulnerabilities,
Moritz Muehlenhoff
- [security bulletin] HPSBMA02348 SSRT080033 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMA02349 SSRT080043 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data,
security-alert
- (POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->,
y3nh4ck3r
- [oCERT-2009-004] AjaxTerm session id collision,
Andrea Barisani
- [USN-774-1] MoinMoin vulnerability,
Marc Deslauriers
- Five days left to find the oldest data loss incident,
Juha-Matti Laurio
- Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing,
Aditya K Sood
- [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability,
Bkis
- [ MDVSA-2009:109 ] quagga,
security
- Insufficient Authentication vulnerability in Acer notebooks,
MustLive
- [SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution,
Steffen Joeris
- TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit,
travesti
- [TZO-21-2009] Fprot CAB bypass / evasion,
Thierry Zoller
- Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions,
Thierry Zoller
- [TZO-20-2009] AVG ZIP evasion / bypass,
Thierry Zoller
- [SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- speaker Bill Blunden on Rootkits...,
Alex Keller
- Universal XSS in all Google Services,
Inferno
- Vpopmail/QmailAdmin User's Quota Multiple Integer Overflows,
Jacobo Avariento Gimeno
- BLIND SQL INJECTION exploit (GET var 'AlbumID')--RTWebalbum 1.0.462-->,
y3nh4ck3r
- [security bulletin] HPSBUX02366 SSRT080120 rev.2 - HPUX Running useradd(1M), Local Unauthorized Access,
security-alert
- Claroline v.1.8.11 Cross-Site Scripting,
darkz . gsa
- [TOOL] moth - vulnerable web application vmware,
Andres Riancho
- [SECURITY] [DSA 1796-1] New libwmf packages fix denial of service,
Nico Golde
- [USN-773-1] Pango vulnerability,
Marc Deslauriers
- [USN-772-1] MPFR vulnerability,
Marc Deslauriers
- [USN-771-1] libmodplug vulnerabilities,
Marc Deslauriers
- [oCERT-2009-001] Pango integer overflow in heap allocation size calculations,
Will Drewry
- [ MDVSA-2009:108 ] zsh,
security
- SQL INJECTION VULNERABILITIES--ST-Gallery version 0.1 alpha-->,
y3nh4ck3r
- [ MDVSA-2009:107 ] acpid,
security
- [SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution,
Devin Carraway
- Update: [TZO-15-2009] Aladdin eSafe generic bypass - Forced release,
Thierry Zoller
- Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass,
Secunia Research
- [SECURITY] [DSA 1794-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
- EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009,
Dragos Ruiu
- Persistent XSS in Kayako Support Suite,
pen-test
- [SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities,
Noah Meyerhans
- [SECURITY] [DSA 1792-1] New drupal6 packages fix multiple vulnerabilities,
Noah Meyerhans
- [SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting,
Steffen Joeris
- [ MDVSA-2009:106 ] libwmf,
security
- New Browser Security Paper: Why Silent Updates Boost Security,
Stefan Frei
- [security bulletin] HPSBMA02419 SSRT090060 rev.1 - Insight Control Suite For Linux (ICE-LX) Multiple Remote Vulnerabilities In Nagios,
security-alert
- [SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities,
Noah Meyerhans
- BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3-->,
y3nh4ck3r
- MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->,
y3nh4ck3r
- [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability,
Digital Security Research Group [DSecRG]
- [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component,
RedTeam Pentesting GmbH
- CONFidence 2009 trainings,
andrzej . targosz
- [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies,
Digital Security Research Group [DSecRG]
- [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View,
RedTeam Pentesting GmbH
- [USN-770-1] ClamAV vulnerability,
Jamie Strandboge
- [RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader,
RedTeam Pentesting GmbH
- [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content,
RedTeam Pentesting GmbH
- [SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities,
Thijs Kinkhorst
- [SECURITY] [DSA 1787-1] New quagga packages fix denial of service,
Florian Weimer
- LayerOne 2009 - Final Announcement,
LayerOne Call For Papers
- [security bulletin] HPSBMA02374 SSRT080046 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMA02425 SSRT080091 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->,
y3nh4ck3r
- [USN-769-1] libwmf vulnerability,
Marc Deslauriers
- [ MDVSA-2009:105 ] memcached,
security
- Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow,
Niels Teusink
- [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks,
Aditya K Sood
- Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows,
Secunia Research
- “Cross-Site Scripting” vulnerability in MyBB 1.4.5,
Jacques Copeau
- Call for Papers Hack.lu 2009,
hack.lu 2009 info
- [SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities,
dann frazier
- Coppermine Photo Gallery 1.4.21 Cross-Site Scripting,
darkz . gsa
- [ GLSA 200905-01 ] Asterisk: Multiple vulnerabilities,
Robert Buchholz
- [SECURITY] [DSA 1786-1] New acpid packages fix denial of service,
Steffen Joeris
- about inactive account hijacking,
innate
- [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP),
Thierry Zoller
- [SECURITY] [DSA 1785-1] New wireshark packages fix several vulnerabilities,
Moritz Muehlenhoff
- CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities,
Williams, James K
- New WebApp security paper: Anti-fraud Image Solutions,
WebAppSec
- BH USA CFP closing next Tuesday,
jmoss
- multiple vendor - PF NULL pointer dereference,
rembrandt
- USER OPTIONS CHANGER EXPLOIT --MiniTwitter v0.2-Beta+->,
y3nh4ck3r
- BLIND SQL INJECTION--Leap CMS 0.1.4-->,
y3nh4ck3r
- Addonics NAS Adapter FTP Remote Denial of Service,
mcyr2
- MULTIPLE SQL INJECTION VULNERABILITIES --MiniTwitter v0.2-Beta-->,
y3nh4ck3r
- Durzosploit v0.1 alpha,
Benjilenoob
- [ MDVSA-2009:102 ] apache,
security
- [SECURITY] [DSA 1784-1] New freetype packages fix arbitrary code execution,
Nico Golde
- [ MDVSA-2009:104 ] udev,
security
- [ MDVSA-2009:103 ] udev,
security
- MULTIPLE REMOTE VULNERABILITIES--Leap CMS 0.1.4-->,
y3nh4ck3r
- Security tools list: First Version,
Ying
- [TZO-17-2009]Trendmicro multiple bypass/evasions,
Thierry Zoller
- Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions,
Thierry Zoller
- [security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [TZO-16-2009] Nod32 CAB bypass/evasion,
Thierry Zoller
- ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability,
ZDI Disclosures
- SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->,
y3nh4ck3r
- iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability,
iDefense Labs
- Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit,
nospam
- Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000,
SEC Consult Research
- [SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities,
Devin Carraway
- [SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution,
Steffen Joeris
- Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness,
Positron Security
- [ MDVSA-2009:101 ] xpdf,
security
- [ MDVA-2009:057 ] usermode,
security
- [SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution,
Steffen Joeris
- [SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution,
Florian Weimer
- iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability,
iDefense Labs
- [USN-765-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- [USN-766-1] acpid vulnerability,
Marc Deslauriers
- MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->,
y3nh4ck3r
- one shot remote root for linux?,
Gadi Evron
- [USN-761-2] PHP vulnerabilities,
Marc Deslauriers
- [USN-767-1] FreeType vulnerability,
Marc Deslauriers
- [security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access,
security-alert
- Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow,
Secunia Research
- security tools list,
Ying
- [ MDVSA-2009:099 ] openafs,
security
- [ MDVSA-2009:098 ] krb5,
security
- [security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2009:096-1 ] printer-drivers,
security
- DDIVRT-2009-24 Precidia Ether232 Memory Corruption,
ddivulnalert
- [SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities,
Thijs Kinkhorst
- [TZO-14-2009] Comodo Antivirus RAR evasion,
Thierry Zoller
- SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->,
y3nh4ck3r
- [TZO-15-2009] Aladdin eSafe generic bypass - Forced release,
Thierry Zoller
- Remote iodinetd DoS vulnerability on Debian Lenny,
Albert Sellarès
- [TZO-13-2009] Avira Antivir generic CAB evasion / bypass,
Thierry Zoller
- MataChat Cross-Site Scripting Vulnerabilities,
IrIsT . Ir
- T2'09: Call for Papers 2009 (Helsinki / Finland),
Tomi Tuominen
- [ MDVSA-2009:097 ] clamav,
security
- Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication,
Robbie Gill
- [ MDVSA-2009:096 ] printer-drivers,
security
- MSL-2009-001 - Samsung Missing Provisioning Authentication,
Mobile Security Lab
- [ MDVSA-2009:095 ] ghostscript,
security
- Juniper Advisory,
security
- REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30-->,
y3nh4ck3r
- Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities,
Salvatore "drosophila" Fresta
- Formshield Captcha - Older Version vulnerable to replay attacks,
arvind doraiswamy
- CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability,
Mark Thomas
- WOOT'09 call for papers,
Alexander Sotirov
- [ GLSA 200904-20 ] CUPS: Multiple vulnerabilities,
Pierre-Yves Rofes
- FOWLCMS 1.1--Multiple Remote Vulnerabilities-->,
y3nh4ck3r
- [USN-764-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- [ MDVSA-2009:094 ] mysql,
security
- [SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting,
Nico Golde
- FreeBSD Security Advisory FreeBSD-SA-09:08.openssl,
FreeBSD Security Advisories
- [Tool] sqlmap 0.7rc1 released,
Bernardo Damele A. G.
- [ MDVSA-2009:093 ] mpg123,
security
- FreeBSD Security Advisory FreeBSD-SA-09:07.libc,
FreeBSD Security Advisories
- [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities,
Bkis
- [TZO-12-2009] SUN / Oracle JVM Remote code execution,
Thierry Zoller
- SAP Cfolders Multiple Stored XSS Vulnerabilies,
Digital Security Research Group [DSecRG]
- SAP Cfolders Multiple Linked XSS Vulnerabilities,
Digital Security Research Group [DSecRG]
- CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator,
CORE Security Technologies Advisories
- Python winappdbg module v1.0 is out!,
Mario Alejandro Vilas Jerez
- MixedCMS 1.0--Multiple Remote Vulnerabilities-->,
y3nh4ck3r
- [SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalation,
Thijs Kinkhorst
- Trend Micro OfficeScan Client - DOS,
jplopezy
- [SECURITY] [DSA 1777-1] New git-core packages fix privilege escalation,
Thijs Kinkhorst
- CVE-2009-0991 PoC,
Dennis Yurichev
- [USN-763-1] xine-lib vulnerabilities,
Marc Deslauriers
- [USN-762-1] APT vulnerabilities,
Jamie Strandboge
- [USN-761-1] PHP vulnerabilities,
Marc Deslauriers
- Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth),
mcyr2
- [security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access,
security-alert
- Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details),
Thierry Zoller
- [security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges,
security-alert
- Windows Update (re-)installs outdated Flash ActiveX on Windows XP,
Stefan Kanthak
- Creasito e-commerce content manager Authentication Bypass,
Salvatore "drosophila" Fresta
- Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->,
y3nh4ck3r
- WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit-->,
y3nh4ck3r
- Sungard Banner System XSS,
reportback
- Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities,
Salvatore "drosophila" Fresta
- Linksys WRT54GC - Admin Password Change (POC),
gabriel
- Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007,
XiaShing
- CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION,
y3nh4ck3r
- [SECURITY] [DSA 1775-1] New php-json-ext packages fix denial of service,
Steffen Joeris
- [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200904-18 ] udev: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code,
Robert Buchholz
- Malleo 1.2.3 Local File Inclusion Vulnerability,
Salvatore "drosophila" Fresta
- CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)-->,
y3nh4ck3r
- CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES-->,
y3nh4ck3r
- CLAN TIGER CMS--(module custompage.php) BLIND SQL INJECTION-->,
y3nh4ck3r
- [ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
- rPSA-2009-0059-1 poppler,
rPath Update Announcements
- Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow,
Secunia Research
- Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability,
Secunia Research
- [TZO-11-2009] Fortinet bypass / evasion (Limited details),
Thierry Zoller
- [TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details),
Thierry Zoller
- rPSA-2009-0060-1 ghostscript,
rPath Update Announcements
- [ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code,
Robert Buchholz
- rPSA-2009-0064-1 icu,
rPath Update Announcements
- [SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting,
Steffen Joeris
- Tiny Blogr 1.0.0 rc4 Authentication Bypass,
Salvatore "drosophila" Fresta
- [IMF 2009] 2nd Call for Papers - Submission Open,
Oliver Goebel
- [USN-760-1] CUPS vulnerability,
Jamie Strandboge
- rPSA-2009-0063-1 udev,
rPath Update Announcements
- rPSA-2009-0061-1 cups,
rPath Update Announcements
- [TZO-09-2009] Avast bypass / evasion (Limited details),
Thierry Zoller
- [TZO-08-2009] Bitdefender generic bypass/evasion,
Thierry Zoller
- [SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution,
Steffen Joeris
- rPSA-2009-0062-1 tshark wireshark,
rPath Update Announcements
- [USN-759-1] poppler vulnerabilities,
Marc Deslauriers
- ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service,
mozilla
- Miniweb Buffer Overflow,
ew1zz
- Miniweb server Multiple Vulnerabilities,
ew1zz
- [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities,
DSecRG
- [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt,
DSecRG
- [DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities,
DSecRG
- skpd: A tool to dump processes to executable ELF files,
Albert Sellarès
- iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 04.15.09: IBM AIX muxatmd Buffer Overflow Vulnerability,
iDefense Labs
- [SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilities,
Florian Weimer
- DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues,
ddvulnalert
- webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--,
y3nh4ck3r
- SQL Injection in package DBMS_AQADM_SYS,
ak
- [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation,
Florian Weimer
- Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit,
nospam
- Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow,
Secunia Research
- Phorum < 5.2.10 Cross-Site Scripting/Request Forgery,
research
- Unprivileged DB users can see APEX password hashes,
ak
- SQL Injection in package DBMS_AQIN,
ak
- SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure Vulnerability,
Bernhard Mueller
- [USN-758-1] udev vulnerabilities,
Kees Cook
- XSS with mod_perl perl_status utility,
antonia . goodwin
- Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow,
Secunia Research
- HITBSecConf2009 - Malaysia: Call for Papers,
S. Praburaajan
- SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming,
Bernhard Mueller
- Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow,
Secunia Research
- Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow,
Secunia Research
- [USN-757-1] Ghostscript vulnerabilities,
Marc Deslauriers
- Zervit Webserver Buffer Overflow,
ewizz
- Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method,
Secunia Research
- Microsoft Office Excel Remote Memory Corruption Vulnerability,
noreply-secresearch@xxxxxxxxxxxx
- [ GLSA 200904-14 ] F-PROT Antivirus: Denial of Service,
Pierre-Yves Rofes
- ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability,
ZDI Disclosures
- [ GLSA 200904-13 ] Ventrilo: Denial of Service,
Pierre-Yves Rofes
- iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability,
iDefense Labs
- [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities,
DSecRG
- MonGoose 2.4 Directory Traversal Vulnerability,
ew1zz
- BugCON '09, Mexico: Call For Papers,
Carlos Augusto
- [ MDVSA-2009:092 ] ntp,
security
- [USN-756-1] ClamAV vulnerability,
Jamie Strandboge
- OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic),
rembrandt
- [Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities,
Valery Marchuk
- [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting,
Steffen Joeris
- Hacker Space Fest 2009 CFP: Call For Paper,
Philippe Mailinglist
- [ MDVSA-2009:091 ] mod_perl,
security
- ftpdmin v. 0.96 RNFR remote buffer overflow exploit,
nospam
- HP Deskjet 6800 XSS in Web Interface,
mcyr2
- In Response to Bid 34130 Invalid,
Aditya K Sood
- [BMSA 2009-04] Remote DoS in Internet Explorer,
Nam Nguyen
- [SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution,
Florian Weimer
- Opening Intranets to attack by using Internet Explorer [paper],
Cesar
- VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability,
VMware Security Team
- Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities,
Salvatore "drosophila" Fresta
- [ GLSA 200904-12 ] Wicd: Information disclosure,
Tobias Heinlein
- [ MDVSA-2009:090 ] php,
security
- [SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation,
Florian Weimer
- [DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download,
DSecRG
- [SECURITY] [DSA 1768-1] New openafs packages potential code execution,
Florian Weimer
- Summer Camp Garrotxa 2009 event,
Gerardo García Peña
- Loggix Project 9.4.5 Blind SQL Injection,
Salvatore "drosophila" Fresta
- [ MDVSA-2009:089 ] opensc,
security
- PHP 5.2.9 curl safe_mode & open_basedir bypass,
cxib
- [DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow,
DSecRG
- PHP-agenda <= 2.2.5 Remote File Overwriting,
Salvatore "drosophila" Fresta
- Bid 34130 Invalid,
vpandey
- Reminder: RAID 2009 CFP,
Corrado Leita
- [ MDVSA-2009:088 ] wireshark,
security
- [security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data,
security-alert
- Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow,
Secunia Research
- [ GLSA 200904-10 ] Avahi: Denial of Service,
Robert Buchholz
- [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service,
Nico Golde
- IBM BladeCenter Advanced Management Module Multiple vulnerabilities,
Henri Lindberg - Smilehouse Oy
- [ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities,
Robert Buchholz
- [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities,
Nico Golde
- Exjune Guestbook v2 Remote Database Disclosure Exploit,
alphanix00
- Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit,
nospam
- [ GLSA 200904-11 ] Tor: Multiple vulnerabilities,
Robert Buchholz
- Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability,
nospam
- AdaptBB 1.0 Beta Multiple Remote Vulnerabilities,
Salvatore "drosophila" Fresta
- FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability,
noreply-secresearch@xxxxxxxxxxxx
- OpenVAS now beyond 10000 Network Vulnerability Tests,
Michael Wiegand
- net2ftp <= 0.97 Cross-Site Scripting/Request Forgery,
c1c4tr1z
- OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploit,
alphanix00
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances,
Cisco Systems Product Security Incident Response Team
- SASPCMS Multiple Vulnerabilities,
admin
- Adgregate ShopAd widget validation is vulnerable to replay attack,
Matthew Dempsky
- [USN-755-1] Kerberos vulnerabilities,
Kees Cook
- rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation,
rPath Update Announcements
- [SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities,
Steffen Joeris
- [SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities,
Moritz Muehlenhoff
- [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability,
Bkis
- [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability,
Mark Thomas
- [USN-754-1] ClamAV vulnerabilities,
Jamie Strandboge
- MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846],
Tom Yu
- LayerOne 2009 - Registration Open, Initial Speakers Announced,
LayerOne Call For Papers
- MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847],
Tom Yu
- [USN-752-1] Linux kernel vulnerabilities,
Kees Cook
- POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration,
Marco Mella
- OSSTMM 3 Sample Released,
Pete Herzog
- [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path,
Pierre-Yves Rofes
- TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow,
dvlabs
- [USN-753-1] PostgreSQL vulnerability,
Marc Deslauriers
- [security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access,
security-alert
- Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow,
Secunia Research
- [ GLSA 200904-08 ] OpenSSL: Denial of Service,
Robert Buchholz
- [ GLSA 200904-07 ] Xpdf: Untrusted search path,
Robert Buchholz
- ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability,
ZDI Disclosures
- TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow,
dvlabs
- [security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 1763-1] New openssl packages fix denial of service,
Moritz Muehlenhoff
- [ GLSA 200904-05 ] ntp: Certificate validation error,
Pierre-Yves Rofes
- Amaya 11.1 XHTML Parser Buffer Overflow,
c1c4tr1z
- [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow,
Tobias Klein
- [Aria-Security.com] vBulletin multiple XSS,
dontcontactorspamme
- [ GLSA 200904-04 ] WeeChat: Denial of Service,
Tobias Heinlein
- VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues,
VMware Security Team
- [ MDVSA-2009:087 ] openssl,
security
- Joomla Component com_bookjoomlas SQL Injection Vulnerability,
Salvatore "drosophila" Fresta
- [ MDVSA-2009:086 ] gstreamer-plugins,
security
- [ GLSA 200904-01 ] Openfire: Multiple vulnerabilities,
Pierre-Yves Rofes
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
