Bugtraq
[Prev Page][Next Page]
- AST-2009-003: SIP responses expose valid usernames,
Asterisk Security Team
- Family Connections 1.8.2 Blind SQL Injection (Correct Version),
Salvatore "drosophila" Fresta
- Cyber Warfare Conference: Agenda,
k g
- [ GLSA 200904-03 ] Gnumeric: Untrusted search path,
Robert Buchholz
- [ GLSA 200904-02 ] GLib: Execution of arbitrary code,
Robert Buchholz
- Family Connections <= 1.8.2 - Remote Shell Upload Exploit,
Salvatore "drosophila" Fresta
- IBM DB2,
Dennis Yurichev
- rPSA-2009-0057-1 m2crypto openssl openssl-scripts,
rPath Update Announcements
- Family Connections 1.8.2 Arbitrary File Upload,
Salvatore "drosophila" Fresta
- glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit,
nospam
- Autodesk IDrop ActiveX Control Heap Corruption Vulnerability,
Elazar Broad
- [SECURITY] [DSA 1761-1] New moodle packages fix file disclosure,
Nico Golde
- [ MDVSA-2009:085 ] gstreamer0.10-plugins-base,
security
- [TZO-07-2009] F-PROT ZIP Method evasion,
Thierry Zoller
- [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details),
Thierry Zoller
- [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass,
Thierry Zoller
- ContentKeeper - Remote command execution and privilege escalation,
Patrick Webster
- [SECURITY] [DSA 1762-1] New icu packages fix cross site scripting,
Steffen Joeris
- Q2 Solutions ConnX - SQL Injection Vulnerability,
Patrick Webster
- Asbru Web Content Management Vulnerabilities,
Patrick Webster
- Remote access vulnerability using File Thingie v2.5.4,
xiashing
- Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3,
dh
- OSCommerce Session Fixation Vulnerability,
laurent . desaulniers
- [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities,
Matteo Beccati
- EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009),
Dragos Ruiu
- OpenX 2.6.4 multiple vulnerabilities,
publists
- Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities,
Secunia Research
- [ MDVSA-2009:083 ] mozilla-thunderbird,
security
- [SecNiche Whitepaper] Evading Web XSS Filters with Microsoft Word - WAPT Perspective,
Aditya K Sood
- Massive exploitation of instant messaging applications proved feasible,
Julien TINNES
- Microsoft Internet Explorer 8 - Anti Spoofing is a Myth,
Aditya K Sood
- [ MDVSA-2009:084 ] firefox,
security
- VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim,
VMware Security team
- [security bulletin] HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access,
security-alert
- Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities,
Secunia Research
- CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server,
CORE Security Technologies Advisories
- [DSECRG-09-030] PrecisionID Datamatrix ActiveX control - Arbitrary File overwriting,
DSecRG
- [DSECRG-09-016] SAP SAPDB Multiple XSS,
Alexandr Polyakov
- [security bulletin] HPSBMA02416 SSRT090008 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities,
DSecRG
- webEdition 6.0.0.4 Local File Inclusion,
Salvatore "drosophila" Fresta
- [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities,
Valery Marchuk
- Cisco ASA5520 Web VPN Host Header XSS,
Bugs NotHugs
- aspWebCalendar Free Edition bug,
joseph . giron13
- [SECURITY] [DSA 1760-1] New openswan packages fix denial of service,
Steffen Joeris
- [SECURITY] [DSA 1759-1] New strongswan packages fix denial of service,
Steffen Joeris
- [USN-750-1] OpenSSL vulnerability,
Jamie Strandboge
- [ECHO_ADV_108$2009] JobHut <= 1.2 (pk) Remote Sql Injection Vulnerability,
vuln
- Zabbix Multiple Frontend CSRF (Password reset & command execution),
Adam Baldwin
- ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure,
Moritz Muehlenhoff
- [ GLSA 200903-41 ] gedit: Untrusted search path,
Pierre-Yves Rofes
- Community CMS 0.5 Multiple SQL Injection Vulnerabilities,
Salvatore "drosophila" Fresta
- [USN-749-1] libsndfile vulnerability,
Marc Deslauriers
- DeepSec 2009 - Call for Papers is open,
DeepSec Conference
- [ MDVSA-2009:082 ] krb5,
security
- Family Connections 1.8.1 Multiple Remote Vulnerabilities,
Salvatore "drosophila" Fresta
- Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3,
Positron Security
- CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec,
Paul Wouters
- [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection,
Steffen Joeris
- [USN-745-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- [ GLSA 200903-40 ] Analog: Denial of Service,
Pierre-Yves Rofes
- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow,
Bugs NotHugs
- [ MDVSA-2009:081 ] libsoup,
security
- glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit,
nospam
- [tool release] Watcher v1.0.0 - passive Web-app security testing and compliance auditing,
Chris Weber
- [SECURITY] [DSA 1756-1] New xulrunner packages fix multiple vulnerabilities,
Noah Meyerhans
- Novell Netstorage Multiple Vulnerabilities,
Bugs NotHugs
- iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability,
iDefense Labs
- Moodle: Sensitive File Disclosure,
Christian Eibl
- Aurora Nutritive Analysis Module Multiple XSS,
Bugs NotHugs
- [USN-748-1] OpenJDK vulnerabilities,
Kees Cook
- [ MDVSA-2009:080 ] glib2.0,
security
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability,
iDefense Labs
- [USN-747-1] ICU vulnerability,
Marc Deslauriers
- [USN-746-1] xine-lib vulnerability,
Marc Deslauriers
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability,
iDefense Labs
- ICAP adaptation: missing data flow control to client side,
Martin Huter
- [Bkis-05-2009] PowerCHM Stack-based Buffer Overflow,
Bkis
- [ GLSA 200903-39 ] pam_krb5: Privilege escalation,
Pierre-Yves Rofes
- CFP RAID 2009,
Corrado Leita
- [SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation,
Moritz Muehlenhoff
- Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1745-2] New lcms packages fix regression,
Steffen Joeris
- Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow,
Secunia Research
- [ GLSA 200903-38 ] Squid: Multiple Denial of Service vulnerabilities,
Pierre-Yves Rofes
- iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability,
iDefense Labs
- [SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable,
Moritz Muehlenhoff
- [security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege,
security-alert
- ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent),
nospam
- [ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
- [ GLSA 200903-36 ] MLDonkey: Information disclosure,
Pierre-Yves Rofes
- [ GLSA 200903-35 ] Muttprint: Insecure temporary file usage,
Pierre-Yves Rofes
- [USN-744-1] LittleCMS vulnerabilities,
Marc Deslauriers
- [USN-743-1] Ghostscript vulnerabilities,
Marc Deslauriers
- [ MDVSA-2009:079 ] postgresql,
security
- CORE-2009-0122: HP OpenView Buffer Overflows,
CORE Security Technologies Advisories
- [ MDVSA-2009:078 ] evolution-data-server,
security
- [SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution,
Florian Weimer
- FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer,
FreeBSD Security Advisories
- [SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities,
Florian Weimer
- [ MDVSA-2009:077 ] pam,
security
- [SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- Rittal CMC-TC Processing Unit II multiple vulnerabilities,
Henri Lindberg - Smilehouse Oy
- ExpressionEngine Persistent Cross-Site Scripting,
Adam Baldwin
- [SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
- [ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code,
Tobias Heinlein
- [oCERT-2009-003] LittleCMS integer errors,
Andrea Barisani
- Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh),
nospam
- [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution,
Steffen Joeris
- [SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution,
Steffen Joeris
- [SECURITY] [DSA 1746-1] New ghostscript packages fix arbitrary code execution,
Steffen Joeris
- [security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- [SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution,
Steffen Joeris
- LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted),
Chris Evans
- [ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities,
Pierre-Yves Rofes
- [USN-741-1] Thunderbird vulnerabilities,
Jamie Strandboge
- [ MDVSA-2009:060-1 ] nfs-utils,
security
- Slides from uCon Security Conference 2009 available online,
uCon Security Conference
- rPSA-2009-0050-1 ghostscript,
rPath Update Announcements
- [USN-742-1] JasPer vulnerabilities,
Marc Deslauriers
- Command Execution in Hannon Hill Cascade Server,
Elliot Kendall
- [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS),
ISecAuditors Security Advisories
- CDex v1.70b2 (.ogg) local buffer overflow exploit poc,
nospam
- [SECURITY] [DSA 1744-1] New weechat packages fix denial of service,
Nico Golde
- [USN-740-1] NSS vulnerability,
Jamie Strandboge
- Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5,
dh
- Sitecore .NET 5.3.x - web service information disclosure,
security . assurance
- iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability,
iDefense Labs
- [ GLSA 200903-31 ] libcdaudio: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
- [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability,
vuln
- DEFCON London DC4420 March meeting - Thursday 19th March,
Major Malfunction
- [USN-739-1] Amarok vulnerabilities,
Marc Deslauriers
- [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability,
vuln
- [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability,
vuln
- [USN-737-1] libsoup vulnerability,
Marc Deslauriers
- [ GLSA 200903-30 ] Opera: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 200903-29 ] BlueZ: Arbitrary code execution,
Pierre-Yves Rofes
- [USN-735-1] GStreamer Base Plugins vulnerability,
Marc Deslauriers
- PHPRunner SQL Injection,
admin
- [SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution,
Steffen Joeris
- HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration,
Henri Lindberg
- [USN-736-1] GStreamer Good Plugins vulnerabilities,
Marc Deslauriers
- CPANEL File Manager XSS Vulnerability,
rizki . wicaksono
- [USN-738-1] GLib vulnerability,
Jamie Strandboge
- [USN-733-1] evolution-data-server vulnerability,
Marc Deslauriers
- [USN-734-1] FFmpeg vulnerabilities,
Marc Deslauriers
- [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36,
Bkis
- reporting CVE,
rahimeh . khodadadi
- NGENUITY-2009-005 OpenCart Order By Blind SQL Injection,
Adam Baldwin
- [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow,
Bkis
- [SECURITY] [DSA 1742-1] New libsnd packages fix arbitrary code execution,
Nico Golde
- [ MDVSA-2009:076 ] avahi,
security
- rosoft media player local BOF exploit multi tagets,
maroc-anti-connexion
- [ GLSA 200903-28 ] libpng: Multiple vulnerabilities,
Pierre-Yves Rofes
- [SECURITY] [DSA 1741-1] New psi packages fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1740-1] New yaws packages fix denial of service,
Steffen Joeris
- Infopop UBB.Threads Admin Credentials via SQL Injection,
swhite
- [SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure,
Florian Weimer
- [ MDVSA-2009:075 ] firefox,
security
- [Positive Technologies SA:2009-20] A.CMS Multiple Vulnerabilities,
aanisimov
- [Positive Technologies SA:2009-14] BLOG CMS Cross-Site Scripting vulnerability,
aanisimov
- [Positive Technologies SA:2009-15] Living CMS Cross-Site Scripting vulnerability,
aanisimov
- GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit,
nospam
- rPSA-2009-0045-1 glib,
rPath Update Announcements
- rPSA-2009-0046-1 libpng,
rPath Update Announcements
- Apple iTunes DAAP Messages Handling Denial of Service Vulnerability �,
secresearch@xxxxxxxxxxxx
- rPSA-2009-0041-1 dhclient dhcp libdhcp4client,
rPath Update Announcements
- rPSA-2009-0040-1 tshark wireshark,
rPath Update Announcements
- [ GLSA 200903-27 ] ProFTPD: Multiple vulnerabilities,
Pierre-Yves Rofes
- rPSA-2009-0042-1 curl,
rPath Update Announcements
- [oCERT-2008-015] glib and glib-predecessor heap overflows,
Will Drewry
- [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service,
Valery Marchuk
- [security bulletin] HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access,
security-alert
- [ MDVSA-2009:074 ] libneon0.27,
security
- flv2mpeg4: Malformed parameters Denial of Service,
Anon
- Trellis Desk v1.0 XSS Vulnerability,
larry
- [ GLSA 200903-26 ] TMSNC: Execution of arbitrary code,
Robert Buchholz
- [ GLSA 200903-25 ] Courier Authentication Library: SQL Injection vulnerability,
Pierre-Yves Rofes
- [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities,
Steffen Joeris
- POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability,
Krakow Labs
- [ MDVSA-2009:073 ] sarg,
security
- [ MDVSA-2009:072 ] perl-MDK-Common,
security
- TikiWiki 2.2 XSS Vulnerability in URI,
iliz-z
- TOORCAMP 2009 CALL FOR PARTICIPATION,
h1kari
- Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access,
Nico Golde
- [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access,
security-alert
- [security bulletin] HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting,
Steffen Joeris
- [ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200903-24 ] Shadow: Privilege escalation,
Pierre-Yves Rofes
- Sun Java System Communications Express [HTML Injection],
sosoblood
- [SECURITY] [DSA 1735-1] New znc packages fix privilege escalation,
Florian Weimer
- [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability,
ISecAuditors Security Advisories
- [ MDVSA-2009:071 ] kernel,
security
- [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities,
vuln
- AST-2009-002: Remote Crash Vulnerability in SIP channel driver,
Asterisk Security Team
- [USN-732-1] dash vulnerability,
Marc Deslauriers
- [USN-731-1] Apache vulnerabilities,
Marc Deslauriers
- Addonics NAS Adapter Post-Auth DoS,
mcyr2
- Paper: Socket Capable Browser Plugins Result In Transparent Proxy Abuse,
robert
- [ MDVSA-2009:070 ] openoffice.org,
security
- Multiple Vulnerabilities in iAntiVirus,
Carsten Eilers
- [ GLSA 200903-22 ] Ganglia: Execution of arbitrary code,
Robert Buchholz
- SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability,
Bernhard Mueller
- Aryanic HighCMS and HighPortal multiple Vulnerabilities,
mr . faghani
- SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability,
Bernhard Mueller
- SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability,
Bernhard Mueller
- FINAL: Call for Papers on Cyber Warfare,
k g
- Foxit Reader Multiple Vulnerabilities (CORE-2009-0218),
Core Security Technologies Advisories
- [ GLSA 200903-21 ] cURL: Arbitrary file access,
Tobias Heinlein
- Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability,
Elazar Broad
- DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability,
ddivulnalert
- DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability,
ddivulnalert
- [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities,
Robert Buchholz
- [ GLSA 200903-19 ] Xerces-C++: Denial of Service,
Robert Buchholz
- [ GLSA 200903-18 ] Openswan: Insecure temporary file creation,
Robert Buchholz
- [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbitrary code,
Robert Buchholz
- [ GLSA 200903-16 ] Epiphany: Untrusted search path,
Robert Buchholz
- [ GLSA 200903-15 ] git: Multiple vulnerabilties,
Robert Buchholz
- [ GLSA 200903-14 ] BIND: Incorrect signature verification,
Robert Buchholz
- [ GLSA 200903-13 ] MPFR: Denial of Service,
Robert Buchholz
- [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code,
Robert Buchholz
- [ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code,
Robert Buchholz
- Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability,
Secunia Research
- [ GLSA 200903-10 ] Irrlicht: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
- phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS),
Salvatore "drosophila" Fresta
- [ GLSA 200903-09 ] OpenTTD: Execution of arbitrary code,
Robert Buchholz
- [ GLSA 200903-08 ] gEDA: Insecure temporary file creation,
Robert Buchholz
- [ GLSA 200903-07 ] Samba: Data disclosure,
Robert Buchholz
- [ GLSA 200903-06 ] nfs-utils: Access restriction bypass,
Robert Buchholz
- [ GLSA 200903-05 ] PDFjam: Multiple vulnerabilities,
Robert Buchholz
- [ MDVSA-2009:068-1 ] poppler,
security
- [ MDVSA-2009:069 ] curl,
security
- [ GLSA 200903-04 ] DevIL: User-assisted execution of arbitrary code,
Tobias Heinlein
- [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code,
Tobias Heinlein
- [ GLSA 200903-02 ] ZNC: Privilege escalation,
Tobias Heinlein
- nForum 1.5 Multiple SQL Injection,
Salvatore "drosophila" Fresta
- [ GLSA 200903-01 ] Vinagre: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
- [ MDVSA-2009:068 ] poppler,
security
- [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability,
aanisimov
- WarVOX 1.0.0 Released,
H D Moore
- [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application,
Mark Thomas
- DEFCON CTF Submissions are in, DC-16 video online!,
The Dark Tangent
- [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability,
aanisimov
- Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass),
Salvatore "drosophila" Fresta
- [USN-730-1] libpng vulnerabilities,
Jamie Strandboge
- [ MDVSA-2009:067 ] libsndfile,
security
- [USN-728-3] Firefox vulnerabilities,
Jamie Strandboge
- [USN-728-2] Firefox vulnerabilities,
Jamie Strandboge
- [USN-728-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- [USN-729-1] Python Crypto vulnerability,
Kees Cook
- SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7),
nospam
- [ MDVSA-2009:066 ] php,
security
- [ MDVSA-2009:065 ] php4,
security
- iDefense COMRaider, ActiveX controls, and browser configuration,
Steven M. Christey
- ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability,
ZDI Disclosures
- libc:fts_*():multiple vendors, Denial-of-service,
cxib
- CelerBB 0.0.2 Multiple Vulnerabilities,
Salvatore "drosophila" Fresta
- Re: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability,
iDefense Labs
- Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [USN-726-2] curl regression,
Marc Deslauriers
- [USN-727-2] NetworkManager vulnerability,
Marc Deslauriers
- [ MDVSA-2009:064 ] imap,
security
- NovaBoard <= 1.0.1 / XSS Vulnerability,
Jose Luis
- [USN-726-1] curl vulnerability,
Marc Deslauriers
- [USN-727-1] network-manager-applet vulnerabilities,
Marc Deslauriers
- BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI),
Salvatore "drosophila" Fresta
- Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability,
Secunia Research
- [SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities,
Steffen Joeris
- Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability,
Secunia Research
- Zabbix 1.6.2 Frontend Multiple Vulnerabilities,
ascii
- WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI),
Salvatore "drosophila" Fresta
- [ MDVSA-2009:063 ] eog,
security
- [SECURITY] [DSA 1732-1] New squid3 packages fix denial of service,
Steffen Joeris
- [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability,
Steffen Joeris
- Blogsa <= 1.0 Beta 3 XSS Vulnerability,
contact
- RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability,
Salvatore "drosophila" Fresta
- [ MDVSA-2009:062 ] shadow-utils,
security
- [SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites,
Steffen Joeris
- [ISecAuditors Security Advisories] eXtplorer Remote Code Execution,
ISecAuditors Security Advisories
- rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl,
rPath Update Announcements
- [SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities,
Steffen Joeris
- Announcing Cap'r Mak'r,
kowsik
- [security bulletin] HPSBUX02401 SSRT090005 rev.3 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF),
security-alert
- [CFP] FRHACK 2nd Call For Papers,
Jerome Athias
- EZ-Blog Beta 1 Multiple SQL Injection,
Salvatore "drosophila" Fresta
- BlogMan 0.45 Multiple Vulnerabilities,
Salvatore "drosophila" Fresta
- YEKTA WEB Academic Web Tools CMS Multiple XSS,
mr . faghani
- [SECURITY] [DSA 1719-2] New GNUTLS packages fix regression,
Florian Weimer
- Weekly Web Hacking Incidents update for Feb 25th,
Ofer Shezaf
- Afian Document Manager Local File Inclusion,
contact
- POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Vulnerability,
Krakow Labs
- On the implementation of TCP urgent data (IETF Internet Draft),
Fernando Gont
- [SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service,
Florian Weimer
- HTC Touch vCard over IP Denial of Service PoC Code,
Mobile Security Lab
- Hex Workshop <= v6 (.hex) File Local Code,
xhakerman2008
- Drupal Local File Inclusion Vulnerability (Windows),
Bogdan Calin
- [ MDVSA-2009:058 ] wireshark,
security
- djbdns misformats some long response packets; patch and example attack,
Matthew Dempsky
- VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed,
VMware Security team
- ANNOUNCE: RFIDIOt-0.1x release - February 2009,
Adam Laurie
- BitDefender Internet Security XSS,
jplopezy
- [ MDVSA-2009:056 ] net-snmp,
security
- [ MDVSA-2009:026-1 ] phpMyAdmin,
security
- [ MDVSA-2009:048-2 ] epiphany,
security
- [ MDVSA-2009:057 ] valgrind,
security
- [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability,
Mark Thomas
- [security bulletin] HPSBGN02410 SSRT080135 rev.1 - HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability,
Digital Security Research Group
- [USN-724-1] Squid vulnerability,
Jamie Strandboge
- [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites,
Steffen Joeris
- Golabi CMS Remote File Inclusion Vulnerability,
rezazahfaran
- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc,
nospam
- Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability,
security . assurance
- [SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service,
Moritz Muehlenhoff
- [ MDVSA-2009:055 ] audacity,
security
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows,
Secunia Research
- Secunia Research: SHOUTcast DNAS Relay Server Buffer Overflow,
Secunia Research
- [DSECRG-09-008] JOnAS(4.10.3) - Linked XSS Vulnerability,
Digital Security Research Group
- Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability,
Trancer
- [BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1,
Nam Nguyen
- [security bulletin] HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS),
security-alert
- pPIM Multiple Vulnerabilities,
Justin C. Klein Keane
- Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow,
Secunia Research
- [ MDVSA-2009:054 ] nagios,
security
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well),
Benjamin Milde
- [ MDVSA-2009:053 ] squirrelmail,
security
- [ MDVSA-2009:052 ] php-smarty,
security
- iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability,
iDefense Labs
- [ MDVSA-2009:047-1 ] vim,
security
- [ MDVSA-2009:048-1 ] epiphany,
security
- VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27,
VMware Security team
- [ MDVSA-2009:049-1 ] pycrypto,
security
- [ GLSA 200902-06 ] GNU Emacs, XEmacs: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ MDVSA-2009:051 ] libpng,
security
- [ GLSA 200902-05 ] KTorrent: Multiple vulnerabilitites,
Pierre-Yves Rofes
- [ MDVSA-2009:050-1 ] python-pycrypto,
security
- [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability,
adv
- HP Quality Center vulnerability,
info
- gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection,
Salvatore "drosophila" Fresta
- XSS Attack using SMS to Optus/Huawei E960 HSDPA Router,
rizki . wicaksono
- gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection,
Salvatore "drosophila" Fresta
- gigCalendar Joomla Component 1.0 SQL Injection,
Salvatore "drosophila" Fresta
- [ MDVSA-2009:050 ] python-pycrypto,
security
- [ MDVSA-2009:049 ] pycrypto,
security
- [ MDVSA-2009:048 ] epiphany,
security
- [ MDVSA-2009:045 ] php,
security
- [ MDVSA-2009:047 ] vim,
security
- PHCDownload 1.1.0 Vulnerabilities,
contact
- [ MDVSA-2009:044 ] firefox,
security
- [ MDVSA-2009:046 ] dia,
security
- [ MDVSA-2009:043 ] gnumeric,
security
- [ MDVA-2009:027 ] kernel,
security
- Apache directory traversal on shared hosting environment.,
davec
- Weekly Web Hacking Incidents update for Feb 19th,
Ofer Shezaf
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection,
Packet Storm
- [USN-723-1] Git vulnerabilities,
Marc Deslauriers
- [ MDVSA-2009:042 ] samba,
security
- RE: hello bug in windows live messenger,
rasod korad
- DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability,
ddvulnalert
- [USN-722-1] sudo vulnerability,
Kees Cook
- [USN-721-1] fglrx-installer vulnerability,
Kees Cook
- [ MDVSA-2009:041 ] jhead,
security
- [security bulletin] HPSBMA02406 SSRT080100 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Unauthorized Access to Data,
security-alert
- [ MDVSA-2009:040 ] dia,
security
- FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd,
FreeBSD Security Advisories
- [ MDVSA-2009:039 ] gedit,
security
- [ MDVSA-2009:038 ] blender,
security
- RFI Bug,
Dr . linux
- [ MDVSA-2009:037 ] bind,
security
- [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0,
come2waraxe
- [UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues,
Ubuntu Privacy Remix Team
- [SECURITY] [DSA 1725-1] New websvn packages fix information leak,
Thijs Kinkhorst
- Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux),
Sam Johnston
- [security bulletin] HPSBPI02398 SSRT080166 rev.2 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files,
security-alert
- [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities,
Martin Schulze
- cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian,
Pierre Dinh-van
- RainbowCrack 1.3 is released, the new generation of time-memory tradeoff hash cracker,
shuanglei
- ACM CCS '09: Call for Workshop Proposals,
Christopher Kruegel
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability,
sc0ttbeardsley
- SEPKILL /im SMC.EXE /f,
Sandeep Cheema
- Cross-site scripting in Samizdat 0.6.1,
Dmitry Borodaenko
- Security Assessment of the Transmission Control Protocol (TCP),
Fernando Gont
- [security bulletin] HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF),
security-alert
- Enomaly ECP/Enomalism: Silent update remote command execution vulnerability,
Sam Johnston
- Nokia N95 browser "setAttributeNode" method crash,
jplopezy
- [ GLSA 200902-04 ] xterm: User-assisted arbitrary commands execution,
Pierre-Yves Rofes
- [ GLSA 200902-02 ] OpenSSL: Certificate validation error,
Robert Buchholz
- [ GLSA 200902-03 ] Valgrind: Untrusted search path,
Robert Buchholz
- [USN-720-1] PHP vulnerabilities,
Marc Deslauriers
- [USN-719-1] pam-krb5 vulnerabilities,
Marc Deslauriers
- [ MDVSA-2009:036 ] python,
security
- Denial of Service using Partial GET Request in Mozilla Firefox 3.06,
XiaShing
- SEP(Symantec) Bug,
Sandeep Cheema
- Full Path Disclosure In Photolibrary 1.009(Update),
XiaShing
- [SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation,
Moritz Muehlenhoff
- BackTrack 4 Beta Released,
Mati Aharoni
- pam-krb5 security advisory (3.12 and earlier),
Russ Allbery
- [SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation,
Moritz Muehlenhoff
- Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver),
dejan . levaja
- Web Hacking Incidents update for Feb 10th (Links corrected),
Ofer Shezaf
- [security bulletin] HPSBMA02331 SSRT080000 rev.3 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges,
security-alert
- [USN-717-2] Firefox vulnerabilities,
Jamie Strandboge
- Full Path Disclosure In Photolibrary 1.009,
XiaShing
- Local vulnerability in suexec + FastCGI + PHP configurations,
security . 432
- [USN-717-3] Firefox vulnerabilities,
Jamie Strandboge
- [ MDVSA-2009:035 ] gstreamer0.10-plugins-good,
security
- ProFTPd with mod_mysql Authentication Bypass Exploit,
alphanix00
- [USN-717-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability,
ZDI Disclosures
- ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption,
ZDI Disclosures
- [SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities,
Nico Golde
- Nokia Phoenix Service Software 2008.04.007.32837 overflow POC,
murderskill
- [Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code],
ivan . sanchez
- Web Hacking Incidents update for Feb 10th,
Ofer Shezaf
- Craft Silicon Banking@Home SQL Injection,
Francesco Bianchino
- Another SQL injection in ProFTPd with mod_mysql (probably postgres as well),
gat3way
- [ MDVSA-2009:034 ] squid,
security
- [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation,
Florian Weimer
- [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability,
adv
- Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well),
tez
- London DEFCON DC4420 - February 2009 Meet - Thursday 12th,
Major Malfunction
- ZeroShell <= 1.0beta11 Remote Code Execution,
Luca Carettoni
- 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass,
luca . caretton
- Nokia N95-8 JPG crash,
jplopezy
- Trend micro - IWSVA/IWSS - Authorization module password leak,
david . vorel
- LFI in Drupal CMS,
rasool . nasr
- rooting your own phone: android security,
Pavel Machek
- PHP filesystem attack vectors,
ascii
- [BMSA-2009-02] XML injection in PyBlosxom,
Nam Nguyen
- [SECURITY] [DSA 1718-1] New boinc packages fix validation bypass,
Moritz Muehlenhoff
- [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding,
Will Drewry
- [ GLSA 200902-01 ] sudo: Privilege escalation,
Tobias Heinlein
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities,
iDefense Labs
- CamFrog Password Disclosure Vulnerability,
zigmatn
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities,
iDefense Labs
- Vulnerable: Ilch CMS,
Gizmore
- [security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS),
security-alert
- [security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities,
noreply-secresearch@xxxxxxxxxxxx
- [security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files,
security-alert
- SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!),
Daniel Kachakil
- Speaking line up confirmed! uCon Security Conference 2009 - Recife, Brazil,
uCon Security Conference
- dBpowerAMP Audio Player local buffer overflow exploit,
maroc-anti-connexion
- C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities,
Eyal Udassin
- Nokia N95-8 browser denial of service,
jplopezy
- [SECURITY] [DSA 1717-1] New devil packages fix buffer overflow,
Devin Carraway
- [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability,
SVRT-Bkis
- Cisco IOS XSS/CSRF Vulnerability,
azask2
- [Tool] sqlmap 0.6.4 released,
Bernardo Damele A. G.
- Microsoft SDL meets CWE/SANS Top25,
Juha-Matti Laurio
- flatnux Flatnux-2009-01-27 Remote File Include,
blabla-34
- StreamDown v6.4.3 Local Buffer Overflow PoC,
todor . donev
- LCPlayer (.qt file) EOP change PoC (app crash),
darkb0x97
- metabbs 0.11 Change admin password vulnerability,
make0day
- phpslash <= 0.8.1.1 Remote Code Execution Exploit,
gmdarkfig
- rgboard v4 (07.07.27) Multiple Vulnerability,
make0day
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers,
Cisco Systems Product Security Incident Response Team
- DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal,
vulnerabilityresearch
- QIP 2005 Denial of Service Vulnerability,
ss_contacts
- [ MDVSA-2009:033 ] sudo,
security
- [security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF),
security-alert
- Squid Proxy Cache Denial of Service in request handling,
Amos Jeffries
- Euphonics Audio Player v1.0 (.pls) Local BOF POC,
darkb0x97
- CORE-2008-1009 - VNC Multiple Integer Overflows,
CORE Security Technologies Advisories
- Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter),
Shatter
- Call for papers and trainers - note extended deadline - SeacureIT 2009,
Stefano Zanero
- Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART,
Shatter
- [security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access,
security-alert
- Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit,
0in . email
- NaviCopa webserver 3.01 Multiple Vulnerabilities,
ew1zz
- SMF 1.1.7 Persistent XSS (requires permision to edit censor),
Eduardo Vela
- Web Hacking Incidents update for Feb 3rd,
Ofer Shezaf
- Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2,
mkanat
- Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC,
xhakerman2006
- ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability,
zdi-disclosures
- [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation,
vulns
- [ MDVSA-2009:032 ] kernel,
security
- Secunia Research: Free Download Manager Remote Control Server Buffer Overflow,
Secunia Research
- Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows,
Secunia Research
- [ MDVSA-2009:031 ] avahi,
security
- BruCON call for papers,
Filip Waeytens
- [SECURITY] [DSA 1716-1] New vnc4 packages fix remote code execution,
Florian Weimer
- VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages,
VMware Security Team
- PR08-23: XSS on Novell GroupWise WebAccess,
ProCheckUp Research
- PR08-22: Persistent XSS on Novell GroupWise WebAccess,
ProCheckUp Research
- PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks,
ProCheckUp Research
- [USN-716-1] MoinMoin vulnerabilities,
Jamie Strandboge
- ANNOUNCE - RFIDIOt 0.1w released - January 2009,
Adam Laurie
- [USN-715-1] Linux kernel vulnerabilities,
Kees Cook
- [OPENX-SA-2009-001] OpenX 2.4.10 and 2.6.4 fix multiple vulnerabilities,
Matteo Beccati
- CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities,
Sam Johnston
- Bugs Online v2.14 Sql Injection,
r3d . w0rm
- PerlSoft Guestbook v1.7b Bruteforcer + RCE!,
Perforin
- [SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service,
Nico Golde
- rPSA-2009-0021-1 sudo,
rPath Update Announcements
- Motorola Wimax Modem CPEi300 Multiple Vulnerabilities,
usman
- Oracle Application Server 10g Cross Site Scripting Vulnerability,
DoZ
- Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet),
DoZ
- [SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising,
Devin Carraway
- [security bulletin] HPSBMP02404 SSRT090014 rev.1 - MPE/iX Running BIND/iX, Remote DNS Cache Poisoning,
security-alert
- dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit,
alphanix00
- [security bulletin] HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution,
Moritz Muehlenhoff
- [SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution,
Moritz Muehlenhoff
- [TKADV2009-004] FFmpeg Type Conversion Vulnerability,
Tobias Klein
- [SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution,
Moritz Muehlenhoff
- Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.,
Aditya K Sood
- CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities,
Core Security Technologies Advisories
- Internet explorer 7.0 stack overflow,
jplopezy
- Web Hacking Incidents update for Jan 28th,
Ofer Shezaf
- CONFidence 2009, Final CfP,
Andrzej Targosz
- [USN-713-1] openjdk-6 vulnerabilities,
Kees Cook
- Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass,
Salvatore "drosophila" Fresta
- Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability,
Salvatore "drosophila" Fresta
- [ MDVSA-2009:030 ] amarok,
security
- Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability,
Salvatore "drosophila" Fresta
- CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities,
Williams, James K
- Total video player 1.3.7 local buffer overflow universal exploit,
maroc-anti-connexion
- SAP NetWeaver XSS Vulnerability,
Martin Suess
- JetAudio Basic 7.0.3 BufferOverFlow PoC,
alphanix00
- CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1),
Williams, James K
- OpenX 2.6.3 - Local File Inclusion,
admin
- Secunia Research: OpenX Multiple Vulnerabilities,
Secunia Research
- [USN-712-1] Vim vulnerabilities,
Marc Deslauriers
- ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1),
ACROS Security
- NewsCMSlite Insecure Cookie Handling,
admin
- [USN-711-1] KTorrent vulnerabilities,
Marc Deslauriers
- [USN-710-1] xine-lib vulnerabilities,
Marc Deslauriers
- [SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution,
Nico Golde
- [SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote code execution,
Steffen Joeris
- WB News v2.0.X Remote File include ..,
security
- CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities,
Williams, James K
- [ MDVSA-2009:027 ] cups,
security
- EleCard MPEG PLAYER (.m3u file) Local Stack Overflow Exploit,
alphanix00
- Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200,
thadeum
- Browse3d (.sfs file) Local Stack Overflow Exploit,
alphanix00
- Re: [Full-disclosure] ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability,
Juha-Matti Laurio
- MediaMonkey 3.0.6 (.m3u file) Local Buffer Overflow PoC,
alphanix00
- /bin/login DoS remains after DSA-1709,
Paul Szabo
- Nokia Multimedia Player (.AVI File) Null Dereference Pointer Exploit,
alphanix00
- LDF Sql injection vulnerability,
arash . setayeshi
- SonyEricsson WAP Push Denial of Service,
Mobile Security Lab
- Lootan(kedor) Sql Injection vulnerability,
arash . setayeshi
- [HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS,
office
- Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c),
maroc-anti-connexion
- VUplayer (.wax file) local buffer overflow crash exploit,
storms0uth
- Problems with syscall filtering technologies on Linux,
Chris Evans
- ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability,
zdi-disclosures
- Oblog XSS valnerability,
arash . setayeshi
- [ MDVSA-2009:026 ] phpMyAdmin,
security
- BBSxp Xss vulnerability,
arashps0
- Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow,
Secunia Research
- PHP-Nuke 8.0 Downloads Blind Sql Injection,
r3d . w0rm
- [ MDVSA-2009:025 ] pidgin,
security
- [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities,
Tobias Klein
- ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability,
zdi-disclosures
- [ MDVSA-2009:021 ] php,
security
- [ MDVSA-2009:023 ] php,
security
- VUPlayer 2.49 .ASX local universal BOF exploit,
maroc-anti-connexion
- [ GLSA 200901-15 ] Net-SNMP: Denial of Service,
Pierre-Yves Rofes
- ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability,
zdi-disclosures
- [ MDVSA-2009:022 ] php,
security
- Asp-project Cookie Handling,
r3d . w0rm
- ZDI-09-008: Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability,
zdi-disclosures
- ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability,
zdi-disclosures
- [ MDVSA-2009:020 ] xine-lib,
security
- [ MDVSA-2009:024 ] php4,
security
- Digital Security opens a site of its research center DSec Research Group,
Digital Security Research Group
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
