Bugtraq

Date Index

[Prev Page][Next Page]

FirmChannel Digital Signage 3.24 Cross-site scripting, brad . antoniewicz
[security bulletin] HPSBUX02381 SSRT080083 rev.1 - HP-UX Running Xserver, Remote Execution of Arbitrary Code, security-alert
Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Steven M. Christey
- <Possible follow-ups>
- Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, sipherr
- Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, unknown . pentester
- Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, unknown . pentester
[Tool] sqlmap 0.6.2 released, Bernardo Damele A. G.
rPSA-2008-0311-1 postfix, rPath Update Announcements
Aruba Mobility Controller SNMP Community String Disclosure, nnposter
[USN-660-1] enscript vulnerability, Kees Cook
CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow, CORE Security Technologies Advisories
Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow, Secunia Research
[security bulletin] HPSBMA02380 SSRT080121 rev.1 - HP System Management Homepage (SMH) for HP-UX, Local Unauthorized Access, security-alert
iDefense Security Advisory 11.03.08: Multiple Vendor CUPS SGI imagetops Heap Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 11.03.08: Multiple Vendor CUPS texttops Integer Overflow Vulnerability, iDefense Labs
[ GLSA 200811-01 ] Opera: Multiple vulnerabilities, Tobias Heinlein
Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow, Bitsec Labs
A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability, Henri Lindberg - Smilehouse Oy
- <Possible follow-ups>
- Re: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability, billy . markette
DriveCMS article.php remote sql injection, beenudel1986
Re: [Full-disclosure] Windows RPC worm (MS08-067) in the wild, Juha-Matti Laurio
Windows RPC worm (MS08-067) in the wild, Juha-Matti Laurio
sharedlog CMS Remote File Includes, joseph . giron13
[ MDVSA-2008:223 ] kernel, security
Final notification about "POC2008" Conference, pocadm
iDefense Security Advisory 10.31.08: OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities, iDefense Labs
[ MDVSA-2008:121-1 ] freetype2, security
iDefense Security Advisory 10.31.08: Oracle WebLogic Apache Connector, iDefense Labs
Typo <= 5.1.3 Multiple Vulnerabilities, L4teral
[Paper] Reflective Dll Injection, stephen_fewer
Secunia Research: Interact SQL Injection and Cross-Site Request Forgery, Secunia Research
Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani, irancrash
- Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani, Jan van Niekerk
- <Possible follow-ups>
- Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani, irancrash
- Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani, dkoston
VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff, VMware Security Team
U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability, WSN1983
phpWebSite links.php Sql Injection, beenudel1986
- <Possible follow-ups>
- Re: phpWebSite links.php Sql Injection, verdonv
spitfirephoto Pro pages.php Sql Injection, beenudel1986
Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Adrian P
- RE: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Jim Harrison
- Message not available
  - Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Adrian P
    - Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Fionnbharr
      - Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Adrian P
- <Possible follow-ups>
- Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, sipherr
- Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, sipherr
  - Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day, Adrian P.
2008 OpenVAS Contest, The OpenVAS Team
iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow, iDefense Labs
- Re: iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow, Vladimir '3APA3A' Dubrovin
[ GLSA 200810-03 ] libspf2: DNS response buffer overflow, Robert Buchholz
ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability, zdi-disclosures
[USN-661-1] Linux kernel regression, Jamie Strandboge
iDefense Security Advisory 10.30.08: Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability, labs-no-reply@xxxxxxxxxxxx
ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability, zdi-disclosures
PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability, Ehsan_Hp200
harlandscripts Mypage.php Sql Injection, beenudel1986
DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference, crimson . loyd
rPSA-2008-0308-1 samba samba-client samba-server samba-swat, rPath Update Announcements
Re: [Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd), Juha-Matti Laurio
[ MDVSA-2008:222 ] Eterm, security
PHP-Nuke Module Sectionsnew (printpage&artid) Remote SQL injection Vulnerability, Ehsan_Hp200
rPSA-2008-0307-1 nfs-client nfs-server nfs-utils, rPath Update Announcements
IranMC ( detail.php?Kala ) Remote SQL injection Vulnerability, Ehsan_Hp200
Tool update: VoIPER v0.07, nnp
[funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd), Gadi Evron
[ MDVSA-2008:219 ] mplayer, security
[ MDVSA-2008:220 ] kernel, security
[ MDVSA-2008:221 ] aterm, security
rPSA-2008-0309-1 lighttpd, rPath Update Announcements
PHP-Nuke Module BookCatalog (category&catid) Remote SQL injection Vulnerability, Ehsan_Hp200
Advanced application-level OS fingerprinting, dan . crowley
- Message not available
  - Re: Advanced application-level OS fingerprinting, Berend-Jan Wever
[SECURITY] [DSA 1661-1] New OpenOffice.org packages fix several vulnerabilities, Martin Schulze
KVIrc version 3.4.0 Virgo remote format string proof of concept exploit., fabio
Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows, Secunia Research
Quassel IRC: connection hijacking, Wouter Coekaerts
- Re: Quassel IRC: connection hijacking, Wouter Coekaerts
Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE], The-0utl4w
[ MDVSA-2008:217 ] lynx, security
- Re: [ MDVSA-2008:217 ] lynx, Thomas Dickey
[ MDVSA-2008:218 ] lynx, security
A video can crash ANY iphone/ipod and a few libraries., zibree
PHP-Nuke Module League (team&tid) XSS Vulnerability, Ehsan_Hp200
[ MDVSA-2008:216 ] emacs, security
rPSA-2008-0306-1 libxslt, rPath Update Announcements
[ MDVSA-2008:215 ] wireshark, security
rPSA-2008-0305-1 pcre, rPath Update Announcements
Blaze Media Pro 8.02 SE vulnerability, ipsdix
Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6, Amit Klein
- Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6, Amit Klein
n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution, security@xxxxxxxxx
MSF eXploit Builder v2 Alpha Sources Released, Jerome Athias
MyBB 1.4.2: Multiple Vulnerabilties, Micheal Cottingham
- <Possible follow-ups>
- Re: MyBB 1.4.2: Multiple Vulnerabilties, krzysztof . kozlowski
ClubHack2008 [India] - CFP Closing Soon, ClubHack
Windows RPC MS08-067 FAQ document updated, Juha-Matti Laurio
XSS in phpMyadmin, hadikiamarsi
[security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files, security-alert
bcoos 1.0.13 Remote File Include Vulnerability, Cru3l.b0y
BotNet on the Rise, faghani
[SECURITY] [DSA 1660-1] New clamav packages fix denial of service, Florian Weimer
Windows RPC MS08-067 FAQ document released, Juha-Matti Laurio
HTTPBruteForcer released, Jerome Athias
- Re: HTTPBruteForcer released, raven
  - Re: HTTPBruteForcer released, The Anarcat
Java Web start vulnerability, varun . srivastav
- <Possible follow-ups>
- Re: Java Web start vulnerability, varun . srivastav
iPei cross site scripting Vulnerablity, Ghost hacker
MS08-067 - Where can I find an exploit for this?, Chip Panarchy
- Re: MS08-067 - Where can I find an exploit for this?, Salvador III Manaois
  - Re: MS08-067 - Where can I find an exploit for this?, Salvador III Manaois
    - Re: MS08-067 - Where can I find an exploit for this?, illumina7i
      - Re: MS08-067 - Where can I find an exploit for this?, Isaias Calderon
[USN-658-1] Moodle vulnerability, Kees Cook
[SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution, Florian Weimer
[security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-056 to MS08-066, security-alert
txtshop - beta 1.0 / Local File Inclusion Vulnerability, Pepelux
SiteEngine 5.x Multiple Remote Vulnerabilities, xuanmumu
freeSSHd (stf - rename) Buffer Overflow Vulnerability, writ3r
GoodTech SSH Remote Buffer Overflow Exploit, writ3r
vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability, Pepelux
- Re: vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability, Jose Luis
phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :), Pepelux
[SECURITY] [DSA 1658-1] New dbus packages fix denial of service, Thijs Kinkhorst
SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability, Security Objectives Corporation
SNMP Injection: Achieving Persistent HTML Injection via SNMP on Embedded Devices, ProCheckUp Research
Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows, Secunia Research
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA, Cisco Systems Product Security Incident Response Team
Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow, Secunia Research
FGA-2008-23:EMC NetWorker Denial of Service Vulnerability, noreply-secresearch
- <Possible follow-ups>
- Re: FGA-2008-23:EMC NetWorker Denial of Service Vulnerability, Security_Alert
Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges, Pete Finnigan
Secunia Research: HP OpenView Products Shared Trace Service Denial of Service, Secunia Research
Opera Stored Cross Site Scripting Vulnerability, Roberto Suggi
[tool] crapto1 released, blapost
n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution, security@xxxxxxxxx
SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability, Security Objectives Corporation
Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability., Aditya K Sood
[USN-657-1] Amarok vulnerability, Jamie Strandboge
Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation, Brett Moore
[SECURITY] [DSA 1657-1] New qemu packages fix denial of service, Steve Kemp
[Off-Topic] How I was busted. Story of a poor lonesome hacker, Jerome Athias
Last Call for DeepSec IDSC 2008 in Vienna, DeepSec Conference Vienna
[TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability, Tobias Klein
London DEFCON meet - DC4420 - Thursday October 23rd, Major Malfunction
[SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities, Moritz Muehlenhoff
[Tool] sqlmap 0.6.1 released, Bernardo Damele A. G.
Lee has posted more detailed response to Fyodor's TCP/IP DoS post, Juha-Matti Laurio
Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability, Secunia Research
FireGPG Passphrase And Cleartext Vulnerability, Mike Benham
Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121, Fabian Fingerle
CVE-2008-4000: Oracle PeopleTools Authentication Weakness, shulman
CVE-2008-2625: Oracle DBMS Proxy Authentication Vulnerability, shulman
[ MDVSA-2008:208-1 ] pam_mount, security
HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct, Praburaajan
Application-level OS fingerprinting research - pre-release hashes, dan . crowley
flashchat severe bug, ch0p83
Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm, vinodsharma . mimit
- Message not available
  - Re: Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm, g30rg3_x
[SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities, dann frazier
[ MDVSA-2008:214 ] mon, security
rPSA-2008-0294-1 postfix, rPath Update Announcements
rPSA-2008-0295-1 rails, rPath Update Announcements
HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation, office
SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis, Bernhard Mueller
[ MDVSA-2008:213 ] dbus, security
[USN-656-1] CUPS vulnerabilities, Jamie Strandboge
Multiple Flash Authoring Heap Overflows - Malformed SWF Files, Paul Craig
[security bulletin] HPSBMA02349 SSRT080043 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data, security-alert
[ MDVSA-2008:212 ] libxml2, security
Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution, Ivan Fratric
Paper: Adventures with a certain Xen vulnerability, Joanna Rutkowska
Exploit for MS08-066 - AFD.sys kernel memory overwrite., Reversemode
MS OWA 2003 Redirection Vulnerability, Martin Suess
- Re: MS OWA 2003 Redirection Vulnerability, Stefano Di Paola
- Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br], Davide Del Vecchio
  - Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC7368br], Morning Wood
    - Re: MS OWA 2003 Redirection Vulnerability - [MSRC7368br], Davide Dante Del Vecchio
- <Possible follow-ups>
- Re: Re: MS OWA 2003 Redirection Vulnerability, martin . suess
Vivid Ads Shopping Cart (cid) Remote SQL Injection, djmomo
[USN-655-1] exiv2 vulnerabilities, Kees Cook
iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow, labs-no-reply@xxxxxxxxxxxx
[USN-654-1] libexif vulnerabilities, Kees Cook
iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities, labs-no-reply@xxxxxxxxxxxx
TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability, dvlabs
ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability, zdi-disclosures
ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability, zdi-disclosures
CORE-2008-1010: VLC media player XSPF Memory Corruption, CORE Security Technologies Advisories
iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability, iDefense Labs
[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code, Steve Kemp
[USN-652-1] LittleCMS vulnerability, Kees Cook
Webscene eCommerce (level) Remote Sql Injection, angel
[USN-653-1] D-Bus vulnerabilities, Kees Cook
Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN., drpepppperone
WP Comment Remix 1.4.3 Multiple Vulnerabilities, g30rg3_x
[RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability, RISE Security
[SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier
Marvell Driver Malformed Association Request Vulnerability, Laurent Butti
[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities, Moritz Muehlenhoff
[ MDVSA-2008:211 ] cups, security
[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities, Moritz Muehlenhoff
[ MDVSA-2008:210-1 ] mono, security
[SECURITY] [DSA 1650-1] New openldap2.3 packags fix denial of service, Moritz Muehlenhoff
NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability, Pepelux
İltaweb Alışveriş Sistemi (tr) Sql inj, ozdemirtravel
CREATE ANY DIRECTORY to SYSDBA, paul . wright
[SECURITY] [DSA 1646-2] New squid packages fix array bounds check, Devin Carraway
Uninformed Journal Release Announcement: Volume 10, sflist
CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability, cocoruder
iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20, Chris Clark
[LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability, luca . carettoni
[USN-651-1] Ruby vulnerabilities, Jamie Strandboge
ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability, zdi-disclosures
[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure, Mark Thomas
CA ARCserve Backup Multiple Vulnerabilities, Williams, James K
[ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability, Robert Buchholz
[security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), security-alert
PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress, ProCheckUp Research
News Manager Remote SQL Injection Vulnerability, Ghost hacker
- Re: News Manager Remote SQL Injection Vulnerability, packet
FC2 BLOG Cross-Site Scripting Vulnerabilities, xsp
[security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code, security-alert
PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection, ProCheckUp Research
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection, Vladimir '3APA3A' Dubrovin
  - Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection, lee . e . rian
    - Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection, Vladimir '3APA3A' Dubrovin
  - Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection, ProCheckUp Research
[security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), security-alert
ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability, zdi-disclosures
Token Kidnapping Windows 2003 PoC exploit, Cesar
- <Possible follow-ups>
- Re: Token Kidnapping Windows 2003 PoC exploit, groovydude
- Re: Re: Token Kidnapping Windows 2003 PoC exploit, ideaburner
ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability, zdi-disclosures
ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability, zdi-disclosures
ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability, zdi-disclosures
[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities, Moritz Muehlenhoff
[SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files, Thijs Kinkhorst
Cisco Security Advisory: Authentication Bypass in Cisco Unity, Cisco Systems Product Security Incident Response Team
Advisory: Graphviz Buffer Overflow Code Execution, roeeh
Windows Mobile 6 insecure password handling and too short WLAN-password, MC Iglo
ANNOUNCE - RFIDIOt version 0.1t released, Adam Laurie
[W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow), vulns
[ GLSA 200810-01 ] WordNet: Execution of arbitrary code, Tobias Heinlein
[OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability, Matteo Beccati
[security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS), security-alert
Yerba SACphp <= 6.3 / Local File Inclusion Exploit, Pepelux
HostAdmin 3.* Remote File Include Vulnerabilities, admin
- <Possible follow-ups>
- Re: HostAdmin 3.* Remote File Include Vulnerabilities, admin
[SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities, Thijs Kinkhorst
[SECURITY] [DSA-1646-1] New squid packages fix array bounds check, Devin Carraway
Firefox Privacy Broken If Used to Open Web Page File, Liu Die Yu
Motorola Timbuktu's Internet Locator Service real-time data exposed to public., vulns
- <Possible follow-ups>
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public., artful38
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public., Juha-Matti Laurio
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public., therese . vanryne
[SECURITY] [DSA-1644-1] New mplayer packages fix integer overflows, Devin Carraway
OpenNMS Multiple Vulnerabilities, Trancer
[SECURITY] [DSA 1643-1] New feta packages fix denial of service, Moritz Muehlenhoff
FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities, Pepelux
FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability, Pepelux
PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability, Pepelux
VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues, VMware Security team
FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit, crimson . loyd
[ MDVSA-2008:209 ] pam_krb5, security
[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems, Steve Kemp
[ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text, publists
VMware Emulation Flaw x64 Guest Privilege Escalation (1/2), ds . adv . pub
AyeView v2.20 (malformed gif image) DoS Exploit, crimson . loyd
- Re: AyeView v2.20 (malformed gif image) DoS Exploit, Vladimir '3APA3A' Dubrovin
[ MDVSA-2008:210 ] mono, security
MetaGauge 1.0.0.17 Directory Traversal, brad . antoniewicz
CMME Multiple Information disclosure vulnerabilities, admin
iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability, Pepelux
- <Possible follow-ups>
- Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability, Lostmon
Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability, Secunia Research
Website Directory - XSS Exploit, Ghost hacker
[USN-650-1] cpio vulnerability, Jamie Strandboge
HostAdmin Cross-Site Scripting Vulnerabilities, admin
Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection, dh
XSS vulnerability in phpMyID, Raphael Geissert
Adobe Flash Player plug-in null pointer dereference and browser crash, Matthew Dempsky
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash, Matthew Dempsky
  - Re: Adobe Flash Player plug-in null pointer dereference and browser crash, Alex Legler
FreeBSD Security Advisory FreeBSD-SA-08:10.nd6, FreeBSD Security Advisories
[USN-649-1] OpenSSH vulnerabilities, Kees Cook
phpMyID can act as a redirector and as headers injector, atomo64
Remote and Local File Inclusion Vulnerability <= 1.1 Rportal, kadfrox
Oracle Password Cracker written in PL/SQL, pete
Printlog <= 0.4: Remote File Edition Vulnerability, Pepelux
[USN-648-1] nasm vulnerability, Kees Cook
WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability, Juan Galiana
International Hacking & Security Conference "POC2008", pocadm
MySQL command-line client HTML injection vulnerability, Thomas Henlich
- RE: MySQL command-line client HTML injection vulnerability, Quark IT - Hilton Travis
  - Re: MySQL command-line client HTML injection vulnerability, Michael Scheidell
- <Possible follow-ups>
- Re: RE: MySQL command-line client HTML injection vulnerability, mrry . dmlo
  - RE: RE: MySQL command-line client HTML injection vulnerability, Quark IT - Hilton Travis
- Re: MySQL command-line client HTML injection vulnerability, okuno
Remote File Inclusion Vulnerability, Pepelux
Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit, ipsdix
[ MDVSA-2008:208 ] pam_mount, security
rPSA-2008-0286-1 mono, rPath Update Announcements
White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x, Seth Fogie
- Re: White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x, Vladimir '3APA3A' Dubrovin
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues, admin
Advisory: Google Chrome Window Object Suppressing Remote Denial of Service., Aditya K Sood
- <Possible follow-ups>
- Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service., redb0ne
- Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service., ian
MS Internet Explorer 7 Denial Of Service Exploit, UniquE
- Re: MS Internet Explorer 7 Denial Of Service Exploit, Jan van Niekerk
  - Re: MS Internet Explorer 7 Denial Of Service Exploit, Pruett, Mike
- <Possible follow-ups>
- Re: Re: MS Internet Explorer 7 Denial Of Service Exploit, craig
  - Re: MS Internet Explorer 7 Denial Of Service Exploit, Nick Kirby
  - Re: Re: MS Internet Explorer 7 Denial Of Service Exploit, Glynn Clements
- Re: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit, 0xjbrown41
[ MDVSA-2008:207 ] openafs, security
[security bulletin] HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files, security-alert
Advisory : Opera Window Object Suppressing Remote Denial of Service, Aditya K Sood
Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service., Aditya K Sood
- Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service., Philippe Devallois
[oCERT-2008-013] MPlayer Real demuxer heap overflow, Andrea Barisani
Verizon FIOS (and DSL?) wireless access point insecure default WEP key, Paul
- RE: Verizon FIOS (and DSL?) wireless access point insecure default WEP key, Larry Seltzer
  - Re: Verizon FIOS (and DSL?) wireless access point insecure default WEP key, Michael Scheidell
ParsaWeb CMS SQL Injection, admin
PHP Calendar Script Remote XSS (Permanent) Vulnerabilities, tan_prathan
Login Password Sample Remote Password Disclouse Vulnerability, Ghost hacker
hyBook Remote Password Disclouse Vulnerability, Ghost hacker
shoutbox Remote Password Disclouse Vulnerability, Ghost hacker
csphonebook 1.02 Remote XSS Vulnerabilitiy, Ghost hacker
ASP News Remote Password Disclouse Vulnerability, Ghost hacker
Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC, Satan_HackerS
xss in hackmeeting.org, wiky
[ MDVSA-2008:206 ] mozilla-thunderbird, security
FtitzBox, biglowbird
Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector), quakerdoomer
Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below), Kenneth Ng
Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability, Pepelux
Estonian Cyber Security Strategy document -- now available online, Gadi Evron
multiple vendor ftpd - Cross-site request forgery, cxib
The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability, Pepelux
RPG.Board <= 0.0.8Beta2 Remote SQL Injection, Guns
DATAC RealWin 2.0 SCADA Software - Remote PreaAuth Exploit, Reversemode
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration, Teh Kotak
CA Service Desk Multiple Cross-Site Scripting Vulnerabilities, Williams, James K
[USN-647-1] Thunderbird vulnerabilities, Jamie Strandboge
[ MDVSA-2008:205 ] mozilla-firefox, security
[ GLSA 200809-18 ] ClamAV: Multiple Denials of Service, Pierre-Yves Rofes
[ GLSA 200809-17 ] Wireshark: Multiple Denials of Service, Pierre-Yves Rofes
[ GLSA 200809-16 ] Git: User-assisted execution of arbitrary code, Pierre-Yves Rofes
SQL Injection in EasyRealtorPRO 2008, SmOk3
[USN-645-3] Firefox and xulrunner regression, Jamie Strandboge
Fwd: Returned post for bugtraq@xxxxxxxxxxxxxxxxx, Jose Luis
adnforum <= 1.0b / Insecure Cookie Handling Vulnerability, Pepelux
Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120, Fabian Fingerle
C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow, Idan Ofrat
Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities, alfredo . melloni
[security bulletin] HPSBST02372 SSRT080133 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-052 to MS08-055, security-alert
php create_function commond injection vulnerability, root
- <Possible follow-ups>
- Re: php create_function commond injection vulnerability, lmfao
  - Re: php create_function commond injection vulnerability, bzhbfzj3001
    - Re: php create_function commond injection vulnerability, mnapier
- Re: php create_function commond injection vulnerability, Steven M. Christey
[security bulletin] HPSBOV02364 SSRT080078 rev.3 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access, security-alert
Drupal Ajax Checklist Module SQL Injection Vulnerability, Justin C. Klein Keane
[ MDVSA-2008:204 ] blender, security
Drupal Brilliant Gallery module SQL injection vulnerability, Justin C. Klein Keane
Cisco Security Advisory: Cisco IOS IPS Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Multicast Vulnerabilities in Cisco IOS Software, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Firewall Application Inspection Control Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Internet Information Service (adsiis.dll) activex remote DOS, hamedata
IAS Helper COM Component (iashlpr.dll) activex remote DOS, hamedata
Internet Information Service remote set password, hamedata
[USN-645-2] Firefox vulnerabilities, Jamie Strandboge
[USN-645-1] Firefox and xulrunner vulnerabilities, Jamie Strandboge
Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos., Aditya K Sood
- Re: Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos., LIUDIEYU dot COM
[ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code, Pierre-Yves Rofes
[ GLSA 200809-14 ] BitlBee: Security bypass, Pierre-Yves Rofes
Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks, Robbie (Rupinder) Gill
menalto gallery: Session hijacking vulnerability, CVE-2008-3102, Hanno Böck
- mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102), Hanno Böck
[ MDVSA-2008:203 ] awstats, security
[ MDVSA-2008:202 ] phpMyAdmin, security
Xss In Datalife Engine CMS 7.2, hadikiamarsi
Aruba Mobility Controller Shared Default Certificate, nnposter
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663, Hanno Böck
[ MDVSA-2008:201 ] pan, security
[ MDVSA-2008:200 ] ed, security
[ GLSA 200809-13 ] R: Insecure temporary file creation, Pierre-Yves Rofes
[ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code, Pierre-Yves Rofes
Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098, Fabian Fingerle
[SECURITY] [DSA-1619-2] New python-dns package fixes regression, Devin Carraway
[security bulletin] HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service (DoS), security-alert
[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues, admin
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues, Philipp Hagemeister
- <Possible follow-ups>
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues, admin
[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues, admin
- <Possible follow-ups>
- Re: [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues, admin
Directory traversal in the webadmin of Unreal Tournament 3 1.3, Luigi Auriemma
[ GLSA 200809-11 ] HAVP: Denial of Service, Pierre-Yves Rofes
[ GLSA 200809-10 ] Mantis: Multiple vulnerabilities, Pierre-Yves Rofes
"Exploit creation - The random approach" or "Playing with random to build exploits", Nelson Brito
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits", Stefano Zanero
  - Re: "Exploit creation - The random approach" or "Playing with random to build exploits", Nelson Brito
    - Re: "Exploit creation - The random approach" or "Playing with random to build exploits", Eygene Ryabinkin
Blue Coat xss, jplopezy
- Re: Blue Coat xss, Hugo van der Kooij
- Re: Blue Coat xss, Tom Kelly
MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection, Guns
drupal: Session hijacking vulnerability, CVE-2008-3661, Hanno Böck
MyFWB 1.0 Remote SQL Injection, Guns
Advanced Electron Forum <= 1.0.6 Remote Code Execution, GulfTech Security Research
[SECURITY] [DSA 1641-1] New phpmyadmin packages fix several issues, Thijs Kinkhorst
[SECURITY] [DSA 1634-2] New wordnet packages fix regression, Thijs Kinkhorst
[SECURITY] [DSA 1640-1] New python-django packages fix cross site request forgery, Thijs Kinkhorst
[SECURITY] [DSA 1642-1] New horde3 packages fix cross site scripting, Thijs Kinkhorst
[SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code, Steve Kemp
[ MDVSA-2008:199 ] wireshark, security
[ GLSA 200809-09 ] Postfix: Denial of Service, Pierre-Yves Rofes
Annutel - Annuaire T�l�phonique v1.0 Sensetive Files (MDP), sn0oPy . team
VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman, VMware Security Team
[USN-646-1] rdesktop vulnerabilities, Jamie Strandboge
PHP pro bid v 6.04 SQL injection, Jan van Niekerk
LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities, xsp
vi can run arbitrary commands via 'tags' file, Eli the Bearded
cyask 3.x Local File Inclusion Vulnerability, xuanmumu
Sama XSS Bug, Lagon666
menalto gallery: Session hijacking vulnerability, CVE-2008-3662, Hanno Böck
Hi Two Points to consider, Aditya K Sood
[security bulletin] HPSBOV02364 SSRT080078 rev.2 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access, security-alert
[ MDVSA-2008:189-1 ] clamav, security
rPSA-2008-0276-1 mercurial mercurial-hgk, rPath Update Announcements
rPSA-2008-0278-1 tshark wireshark, rPath Update Announcements
[security bulletin] HPSBMA02369 SSRT080115 rev.1 - HP ProLiant Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris Deployment Solution, Remote SQL Injection, Remote or Local Gain Extended Privileges, Local Denial of Service (DoS), security-alert
ShmooCon 2009 CFP, Bruce Potter
Microsoft Internet Explorer DoS in Rendering Malicious PNG Files., Aditya K Sood
[AJECT] SurgeMail IMAP 3.9e vulnerability, João Antunes
Pidgin IM Client Password Disclosure Vulnerability., Aditya K Sood
- RE: Pidgin IM Client Password Disclosure Vulnerability., Quark IT - Hilton Travis
  - Re: Pidgin IM Client Password Disclosure Vulnerability., Aditya K Sood
    - RE: Pidgin IM Client Password Disclosure Vulnerability., Quark IT - Hilton Travis
- Re: Pidgin IM Client Password Disclosure Vulnerability., Siim Põder
- <Possible follow-ups>
- RE: Pidgin IM Client Password Disclosure Vulnerability., Memisyazici, Aras
  - Re: Pidgin IM Client Password Disclosure Vulnerability., John Bailey
    - RE: Pidgin IM Client Password Disclosure Vulnerability., Memisyazici, Aras
      - Re: Pidgin IM Client Password Disclosure Vulnerability., John Bailey
  - Re: Pidgin IM Client Password Disclosure Vulnerability., Steve Shockley
Miranda IM Client Password Disclosure Vulnerability., Aditya K Sood
Skype IM Client Password Disclosure Vulnerability., Aditya K Sood
[ MDVSA-2008:197-1 ] koffice, security
[NOBYTES.COM: #13] Quick.Cart v3.1 Freeware - Cross Site Scripting, John Cobb
[NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting, John Cobb
[ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities, adv
[ MDVSA-2008:198 ] R-base, security
[Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC, Albert Sellarès
[NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure, John Cobb
- <Possible follow-ups>
- Re: [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure, Anonymous
[SECURITY] [DSA 1638-1] New openssh packages fix denial of service, Florian Weimer
Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS, Shatter
Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio, Shatter
Failed assertion in the Unreal engine, Luigi Auriemma
InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely., Brian Dowling
[ MDVSA-2008:197 ] koffice, security
[ MDVSA-2008:182-1 ] wordnet, security
Security flaw in Airtel DSL modems, shr
[ MDVSA-2008:196 ] mplayer, security
TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow, dvlabs
Critical Vulnerability in Apple Quicktime’s Indeo Codec, NGSSoftware Insight Security Research
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow, Devin Carraway
Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS, j . v . vallejo
Baidu Hi IM client software DoS bug, div zero make client crash, Li Gen
[ MDVSA-2008:195 ] apache, security
[ MDVSA-2008:194 ] apache2, security
[ MDVSA-2008:193 ] kolab-server, security
Baidu Hi IM software parsing plaintext stack overflow, Li Gen
CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service, Core Security Technologies Advisories
Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit, Guns
[scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting, Marc Ruef
community real-time BGP hijack notification service, Gadi Evron
Clients format strings in the Unreal engine, Luigi Auriemma
[USN-644-1] libxml2 vulnerabilities, Kees Cook
Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow, Secunia Research
Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability, Stefan Esser
[ MDVSA-2008:191 ] rsh, security
[ MDVSA-2008:192 ] libxml2, security
[USN-643-1] FreeType vulnerabilities, Kees Cook
Server termination in the Unreal engine 3, Luigi Auriemma
[TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences, Tobias Klein
[SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities, dann frazier
Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability, Stefan Esser
Nooms 1.1, irancrash
[security bulletin] HPSBOV02364 SSRT080078 rev.1 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access, security-alert
minb Remote Code Execution Exploit, r3d . w0rm
PhsBlog v0.2 Bypass Sql injection Filtering Exploit, irancrash
sqlvdir.dll ActiveX Remote Buffer Overflow Exploit, beenudel1986
PhpWebGallery 1.3.4 Multiple Vulnerabilities (XSS/LFI), irancrash
ZoneAlarm Security Suite buffer overflow, jplopezy
Ezphotogallery 2.1 Multiple Vulnerabilities ( Xss/Login Bypass/Sql injection Exploit/File Disclosure), irancrash
[USN-642-1] Postfix vulnerabilities, Kees Cook
[SECURITY] [DSA 1635-1] New freetype packages fix multiple vulnerabilities, Steve Kemp
ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability, zdi-disclosures
[ MDVSA-2008:190 ] postfix, security
Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability, packet
[oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS), Will Drewry
Windows GDI+ GIF memory corruption, Ivan Fratric
iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability, iDefense Labs
[ MDVSA-2008:189 ] clamav, security
Multiple Vulnerabilities: LedgerSMB < 1.2.15, Chris Travers
iDefense Security Advisory 09.09.08: Apple QuickTime PICT Integer Overflow Vulnerability, iDefense Labs
Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability, Brett Moore
ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability, zdi-disclosures
ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability, zdi-disclosures
DeepSec 2008 - Conference Schedule, DeepSec Conference Vienna
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated, Mark Thomas
SQL Smuggling, douglen
- Re: SQL Smuggling, Marco Ivaldi
- Re: SQL Smuggling, Tim
  - RE: SQL Smuggling, Gary Oleary-Steele
ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability, zdi-disclosures
ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability, zdi-disclosures
ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability, zdi-disclosures
ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability, zdi-disclosures
ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability, zdi-disclosures
Sun M-class hardware denial of service, Theo de Raadt
- Message not available
  - Re: Sun M-class hardware denial of service, B 650
    - Re: Sun M-class hardware denial of service, terry white
- <Possible follow-ups>
- Re: Sun M-class hardware denial of service, Theo de Raadt
  - Re: Sun M-class hardware denial of service, B 650
    - Re: Sun M-class hardware denial of service, Theo de Raadt
      - RE: Sun M-class hardware denial of service, Michael Wojcik
      - Re: Sun M-class hardware denial of service, Micheal Patterson
      - Re: Sun M-class hardware denial of service, Florian Weimer
        
        Re: Sun M-class hardware denial of service, Curtis Maloney
      - Message not available
        
        Re: Sun M-class hardware denial of service, Brett Lymn
        
        Message not available
        
        Re: Sun M-class hardware denial of service, Brett Lymn
        
        Re: Sun M-class hardware denial of service, Theo de Raadt
        
        Message not available
        
        Re: Sun M-class hardware denial of service, Brett Lymn
        
        Re: Sun M-class hardware denial of service, Theo de Raadt
        
        Message not available
        
        Re: Sun M-class hardware denial of service, Brett Lymn
        
        Re: Sun M-class hardware denial of service, Theo de Raadt
        
        Re: Sun M-class hardware denial of service, Florian Weimer
        
        Re: Sun M-class hardware denial of service, Theo de Raadt
        
        Re: Sun M-class hardware denial of service, Florian Weimer
        
        Message not available
        
        Re: Sun M-class hardware denial of service, Brett Lymn
        
        Re: Sun M-class hardware denial of service, Theo de Raadt
        
        Message not available
        
        Re: Sun M-class hardware denial of service, Brett Lymn
        
        Re: Sun M-class hardware denial of service, Bob Beck
        
        Re: Sun M-class hardware denial of service, Theo de Raadt
    - Re: Sun M-class hardware denial of service, Bob Beck
Stash v1.0.3 Admin bypass / Remote File Disclosure, r3d . w0rm
[USN-641-1] Racoon vulnerabilities, Kees Cook
[ GLSA 200809-08 ] Amarok: Insecure temporary file creation, Pierre-Yves Rofes
[ GLSA 200809-07 ] libTIFF: User-assisted execution of arbitrary code, Pierre-Yves Rofes
WASC Announcement: 2007 Web Application Security Statistics Published, statistics
Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Rotem Kerner
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Mike Duncan
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Wellington Wagner F. Sarmento
  - Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Rotem Kerner
    - Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Mike Duncan
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Razi Shaban
- <Possible follow-ups>
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, a
- Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, gynvael
  - Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Razi Shaban
    - Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Julien Stuby
Sagem Router F@ST 2404 Remote Denial Of Service Exploit, zigma
- Re: Sagem Router F@ST 2404 Remote Denial Of Service Exploit, Vladimir '3APA3A' Dubrovin
DEFCON London - DC4420 - September meet this Thursday 11th, Major Malfunction
[scip_Advisory 3808] D-Link DIR-100 long url filter evasion, Marc Ruef
[ GLSA 200809-06 ] VLC: Multiple vulnerabilities, Pierre-Yves Rofes
phpAdultSite CMS flaws, SmOk3
xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ), geinblues
[ MDVSA-2008:188 ] tomcat5, security
Google Chrome Auto download exploit .., security
[ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability, Pierre-Yves Rofes
Google Chrome 0.2.149.27 'SaveAs' Function Buffer Overflow Vulnerability, Security Vulnerability Research Team
XCon 2008 Call for Paper, Sowhat
- <Possible follow-ups>
- Re: XCon 2008 Call for Paper, Sowhat
  - Re: XCon 2008 Call for Paper, Sowhat
Risky Chrome (The perfect cleartext password offering ), quakerdoomer
rPSA-2008-0268-1 libtiff, rPath Update Announcements
other google chrome crash, jplopezy
[security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure, security-alert
[ MDVSA-2008:186 ] python, security
Multiple MicroWorld products insecure directory permissions, Edi Strosar
[ GLSA 200809-03 ] RealPlayer: Buffer overflow, Robert Buchholz
[ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing, Robert Buchholz
clamav: Crash with crafted chm, CVE-2008-1389, Hanno Böck
[ GLSA 200809-01 ] yelp: User-assisted execution of arbitrary code, Robert Buchholz
[ GLSA 200809-04 ] MySQL: Privilege bypass, Robert Buchholz
Zen Cart <= 1.3.8a SQL Injection, GulfTech Security Research
- Re: Zen Cart <= 1.3.8a SQL Injection, Ian Wilson
Atheros Vendor Specific Information Element Overflow, Laurent Butti
[USN-640-1] libxml2 vulnerability, Kees Cook
Marvell Driver Null SSID Association Request Vulnerability, Laurent Butti
Marvell Driver EAPoL-Key Length Overflow, Laurent Butti
Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664, Fabian Fingerle
- <Possible follow-ups>
- Re: Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664, gopherit
FreeBSD Security Advisory FreeBSD-SA-08:09.icmp6, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-08:07.amd64, FreeBSD Security Advisories
[ MDVSA-2008:185 ] python-django, security
[ MDVSA-2008:184 ] libtiff, security
FreeBSD Security Advisory FreeBSD-SA-08:08.nmount, FreeBSD Security Advisories
TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload, admin
Cisco Secure ACS Denial Of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Secure ACS EAP Parsing Vulnerability, Laurent Butti
Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA, Cisco Systems Product Security Incident Response Team
[Tool] Distack framework for attack detection and traffic analysis, Christoph Mayer
Google Chrome Browser (ver.0.2.149.27) Vulnerability, psy . echo
Google Chrome Automatic File Download, nerex
- RES: Google Chrome Automatic File Download, DIOGO LEAL CHAGAS
  - Re: RES: Google Chrome Automatic File Download, Nick FitzGerald
- Re: Google Chrome Automatic File Download, Razi Shaban
  - RE: Google Chrome Automatic File Download, James C. Slora Jr.
- <Possible follow-ups>
- Re: Google Chrome Automatic File Download, Juha-Matti Laurio
Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow, Secunia Research
RUXCON 2008 Final Call For Papers, cfp
Has anyone implemented "double forward DNS"?, Duncan Simpson
- Re: Has anyone implemented "double forward DNS"?, The Fungi
- Re: Has anyone implemented "double forward DNS"?, Jerry Franz
- Re: Has anyone implemented "double forward DNS"?, Ansgar Wiechers
  - Re: Has anyone implemented "double forward DNS"?, Ansgar -59cobalt- Wiechers
    - Re: Has anyone implemented "double forward DNS"?, Steven Bakker
- Re: Has anyone implemented "double forward DNS"?, Glynn Clements
- Re: Has anyone implemented "double forward DNS"?, terry white
Exploit, Admin
T2´08 Challenge - Free Tickets Available, Tomi Tuominen
In search of examples of malicious source code, Steve . Coleman
- Re: In search of examples of malicious source code, Gabriele Zanoni
[ MDVSA-2008:183 ] opensc, security
[Suspected Spam]New IETF I-D-: Security Assessment of the Internet Protocol version 4, Fernando Gont
[USN-639-1] tiff vulnerability, Kees Cook
[Tool] sqlmap 0.6 released, Bernardo Damele A. G.
CS-Cart <= 1.3.5 SQL Injection, GulfTech Security Research
[ MDVSA-2008:182 ] wordnet, security
[AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability, João Antunes
Postfix Linux-only local denial of service, Wietse Venema
ToorCon X Lineup & Training Seminars Posted & Pre-Registration Ending, h1kari
[security bulletin] HPSBMA02362 SSRT080044, SSRT080045 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), security-alert
HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution, Thijs Kinkhorst
[SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities, Florian Weimer
[oCERT-2008-014] WordNet stack and heap overflows, Rob Holland
PoCfix (PoC for Postfix local root vuln - CVE-2008-2936), Roman Medina-Heigl Hernandez
rPSA-2008-0264-1 ruby, rPath Update Announcements
Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101, Fabian Fingerle
[SECURITY] [DSA 1627-2] New opensc package fix incomplete check, Thijs Kinkhorst
Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges, Felix Buenemann
[SECURITY] [DSA-1597-2] New mt-daapd package fix regression, Devin Carraway
VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues., VMware Security team
[Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities, gmdarkfig
- <Possible follow-ups>
- Re: [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities, gmdarkfig
[ MDVSA-2008:181 ] ipsec-tools, security
[Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass, gmdarkfig

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]