Bugtraq
[Prev Page][Next Page]
- Re: [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass, (continued)
- [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service,
Marc Ruef
- ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability,
zdi-disclosures
- reviving the botnets@ mailing list: a new statregy in fighting cyber crime,
Gadi Evron
- [security bulletin] HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS),
security-alert
- [IVIZ-08-005] IBM Lenovo BIOS Plain Text Password Disclosure,
iViZ Security Advisories
- [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure,
iViZ Security Advisories
- XSS and Data Manipulation attacks found in CMS PHPCart.,
vaibhav aher
- [IVIZ-08-004] Intel BIOS Plain Text Password Disclosure,
iViZ Security Advisories
- [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage,
iViZ Security Advisories
- [USN-638-1] Yelp vulnerability,
Kees Cook
- [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage,
iViZ Security Advisories
- [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage,
iViZ Security Advisories
- [security bulletin] HPSBMA02363 SSRT080106 rev.1 - HP Enterprise Discovery Running on Windows, Remote Authorized User, Gain Extended Privileges,
security-alert
- [ MDVSA-2008:180-1 ] libxml2,
security
- PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept .30/ Oct. 1),
Dragos Ruiu
- White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple),
Seth Fogie
- Multiple Vulnerabilities in AWStats Totals,
Elliot Kendall
- Hopeless comments regarding the pointless "HP System Management Homepage (SMH) Unspecified XSS",
Luca.carettoni
- [SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution,
Thijs Kinkhorst
- ZoneMinder Multiple Vulnerabilities,
filip . palian
- Mini-NUKE v2.3 Freehost (tr) Multiple Remote SQL Injection Vulnerabilities,
byccc
- ToorCon X CFP Closing and Workshops and Seminars discounted until Friday!,
David Hulton
- [IVIZ-08-006] DiskCryptor Security Model bypass exploiting wrong BIOS API usage,
iViZ Security Advisories
- [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage,
iViZ Security Advisories
- Crafty Syntax Live Help <= 2.14.6 SQL Injection,
GulfTech Security Research
- SECOBJADV-2008-03.2: PartyGaming PartyPoker Malicious Update Vulnerability,
Security Objectives Corporation
- [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2,
Digital Security Research Group [DSecRG]
- Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows,
Secunia Research
- Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities,
Secunia Research
- [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3,
Digital Security Research Group [DSecRG]
- Secunia Research: Novell iPrint Client ActiveX Control "GetFileList()" Information Disclosure,
Secunia Research
- OneNews Beta 2 Multiple Vulnerabilities,
crimson . loyd
- Fedora confirms: Our servers were breached,
Juha-Matti Laurio
- Secunia Research: Trend Micro Products Web Management Authentication Bypass,
Secunia Research
- [SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service,
Steve Kemp
- [oCERT-2008-008] multiple heap overflows in xine-lib,
Will Drewry
- Apple OSX Leopard (10.5+), inadequate ACL insight can create vuln,
bgtrq . tryfixingit
- Contest: Best Advances for OpenVAS Network Vulnerability Tests,
Michael Wiegand
- Call For Papers - Hackers 2 Hackers Conference 5th Edition - Brazil,
cfp
- [ MDVSA-2008:180 ] libxml2,
security
- Vim: Arbitrary Code Execution in Commands: K, Control-], g],
Jan Minář
- [ MDVSA-2008:179 ] metisse,
security
- PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks,
ProCheckUp Research
TimeTrex Time and Attendance Cookie Theft,
DoZ
[SECURITY] [DSA 1630-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
Null Byte Local file Inclusion in FAR - PHP Project version:1.0,
beenudel1986
UPDATE: [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning,
Robert Buchholz
[ MDVSA-2008:178 ] xine-lib,
security
[ MDVSA-2008:177 ] xine-lib,
security
rPSA-2008-0259-1 postfix,
rPath Update Announcements
CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability,
CORE Security Technologies Advisories
CORE-2008-0624: Anzio Web Print Object Buffer Overflow,
CORE Security Technologies Advisories
IMF 2008 - Call for Participation,
Oliver Goebel
[ MDVSA-2008:176 ] mtr,
security
[ MDVSA-2008:175 ] yelp,
security
[USN-636-1] Postfix vulnerability,
Kees Cook
Folder Lock <= 5.9.5 Local Password Information Disclosure,
glafkos
ToorCon 10 Call For Papers,
David Hulton
[ MDVSA-2008:174 ] kernel,
security
[ MDVSA-2008:173 ] kdegraphics,
security
[SECURITY] [DSA 1629-2] New postfix packages fix installability problem on i386,
Thijs Kinkhorst
SunShop <= 4.1.4 SQL Injection,
GulfTech Security Research
Vanilla <= 1.1.4 Script Injection/ XSS,
GulfTech Security Research
[security bulletin] HPSBST02360 SSRT080117 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-041 to MS08-051,
security-alert
[SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation,
Thijs Kinkhorst
[security bulletin] HPSBMA02345 SSRT080039 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
Ovidentia 6.6.5 XSS (index.php)‏,
mostafa_ragab
Tool: PorkBind v1.3 Nameserver Security Scanner (New Version),
Derek Callaway
[DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171,
Digital Security Research Group [DSecRG]
NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection,
r3d . w0rm
Nokia 6131 NFC URI/URL Spoofing and DoS Advisory,
Collin R. Mulliner
PHP Live Helper <= 2.0.1 Multiple Vulnerabilities,
GulfTech Security Research
[ MDVSA-2008:172 ] amarok,
security
[ MDVSA-2008:171 ] postfix,
security
FlexCMS <= 2.5 Cross Site Scripting Vulnerability,
irancrash
Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani,
irancrash
munky-bliki lfi,
r3d . w0rm
Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface,
oliver karow
Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control,
Cisco Systems Product Security Incident Response Team
[ GLSA 200808-12 ] Postfix: Local privilege escalation vulnerability,
Raphael Marichez
rPSA-2008-0255-1 freetype,
rPath Update Announcements
Security Assessment of the Internet Protocol,
Fernando Gont
ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability,
zdi-disclosures
SYM08-015_SFW_SecurityUpdateBypass,
Mike Prosser
Postfix local privilege escalation via hardlinked symlinks,
Wietse Venema
[ MDVSA-2008:169 ] hplip,
security
[security bulletin] HPSBOV02357 SSRT080058 rev.1 - HP OpenVMS TCP/IP Services running BIND, Remote DNS Cache Poisoning,
security-alert
[ MDVSA-2008:168 ] stunnel,
security
Microsoft Windows Messenger Remote Illegal Access Vulnerability,
cocoruder
[ MDVSA-2008:170 ] cups,
security
CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass,
CORE Security Technologies Advisories
[security bulletin] HPSBTU02358 SSRT080058 rev.1 - HP Tru64 UNIX running BIND, Remote DNS Cache Poisoning,
security-alert
NULL pointer in Ventrilo 3.0.2,
Luigi Auriemma
Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives,
Jan Minář
rPSA-2008-0243-1 idle python,
rPath Update Announcements
iDefense Security Advisory 08.12.08: Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 08.12.08: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability,
iDefense Labs
iDefense Security Advisory 08.12.08: Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability,
iDefense Labs
[TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption,
Tobias Klein
iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability,
iDefense Labs
iDefense Security Advisory 08.12.08: Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability,
iDefense Labs
Vim: Netrw: FTP User Name and Password Disclosure,
Jan Minář
[ MDVSA-2008:166 ] clamav,
security
ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability,
zdi-disclosures
[ MDVSA-2008:167 ] kernel,
security
iDefense Security Advisory 08.12.08: Microsoft Office BMP Input Filter Heap Overflow Vulnerability,
iDefense Labs
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption,
zdi-disclosures
ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability,
zdi-disclosures
ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability,
zdi-disclosures
[security bulletin] HPSBUX02356 SSRT080051 rev.1 - HP-UX Running ftpd, Remote Privileged Access,
security-alert
Surf Jack - HTTPS will not save you,
lists
Re: [funsec] Internet attacks against Georgian web sites,
Paul Ferguson
CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities,
Williams, James K
rPSA-2008-0253-1 git gitweb,
rPath Update Announcements
VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability,
VMware Security Team
VMSA-2008-0013 Updated ESX packages for OpenSSL, net-snmp, perl,
VMware Security Team
Internet attacks against Georgian web sites,
Gadi Evron
iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities,
iDefense Labs
[AJECT] hMailServer 4.4.1 DoS vulnerability,
João Antunes
iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Format String Vulnerabilities,
iDefense Labs
Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow,
dh
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability,
emericboit
rPSA-2008-0247-1 gvim vim vim-minimal,
rPath Update Announcements
[ GLSA 200808-11 ] UUDeview: Insecure temporary file creation,
Pierre-Yves Rofes
rPSA-2008-0249-1 openldap openldap-clients openldap-servers,
rPath Update Announcements
K-Links Directory Blind SQL Injection Exploit,
hadihadi_zedehal_2006
[SECURITY] [DSA 1627-1] New PowerDNS packages reduce DNS spoofing risk,
Florian Weimer
Ovidentia Sql Injection,
r3d . w0rm
[ GLSA 200808-10 ] Adobe Reader: User-assisted execution of arbitrary code,
Robert Buchholz
Kayako SupportSuite < 3.30.00 Multiple Vulnerabilities,
GulfTech Security Research
[security bulletin] HPSBUX02351 SSRT080058 rev.4 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability,
Steve Friedl
[ GLSA 200808-09 ] OpenLDAP: Denial of Service vulnerability,
Raphael Marichez
[DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3,
Digital Security Research Group [DSecRG]
[ GLSA 200808-08 ] stunnel: Security bypass,
Raphael Marichez
[ GLSA 200808-07 ] ClamAV: Multiple Denials of Service,
Raphael Marichez
Vim: Unfixed Vulnerabilities in Tar Plugin Version 20,
Jan Minář
[AJECT] WinGate Email Server (IMAP) vulnerability,
João Antunes
Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory,
Gerald Beuchelt
[AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability,
João Antunes
OpenID/Debian PRNG/DNS Cache poisoning advisory,
Ben Laurie
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory,
"Hal Finney"
Re: [funsec] facebook messages worm,
Juha-Matti Laurio
[ MDVSA-2008:164 ] python,
security
[ MDVSA-2008:163 ] python,
security
[ MDVSA-2008:162 ] qemu,
security
[ MDVSA-2008:161 ] rxvt,
security
e107 <= 0.7.11 Arbitrary Variable Overwriting,
GulfTech Security Research
[SE-2008-01] J2ME Security Vulnerabilities 2008,
Security Explorations
Whitepaper: DNS zone redelegation,
Bernhard Mueller
facebook messages worm,
Gadi Evron
Re: [Full-disclosure] [funsec] facebook messages worm,
Juha-Matti Laurio
Endless loop and resources consumption in Halo 1.0.7.0615,
Luigi Auriemma
OpenVMS fingerd remote stack overflow,
Shaun Colley
[security bulletin] HPSBUX02355 SSRT080023 rev.1 - HP-UX Using libc, Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBUX02351 SSRT080058 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
[ GLSA 200808-06 ] libxslt: Execution of arbitrary code,
Tobias Heinlein
[USN-635-1] xine-lib vulnerabilities,
Jamie Strandboge
[ GLSA 200808-05 ] ISC DHCP: Denial of Service,
Tobias Heinlein
Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting,
marc_bevand
Google Notebook and Google Bookmarks Cross Site Scripting Vulnerabilities,
alfredo . melloni
CA Products That Embed Ingres Multiple Vulnerabilities,
Williams, James K
Interesting things at sec-consult.com, DNS-whitepaper available tomorrow,
Bernhard Mueller
MyClan Sql Injection,
r3d . w0rm
PHP-NUKE module Kleinanzeigen SQL injection (lid),
lovebug
rPSA-2008-0246-1 gaim,
rPath Update Announcements
rPSA-2008-0245-1 cups,
rPath Update Announcements
[ GLSA 200808-04 ] Wireshark: Denial of Service,
Robert Buchholz
[ GLSA 200808-03 ] Mozilla products: Multiple vulnerabilities,
Robert Buchholz
[ GLSA 200808-02 ] Net-SNMP: Multiple vulnerabilities,
Robert Buchholz
[ GLSA 200808-01 ] xine-lib: User-assisted execution of arbitrary code,
Robert Buchholz
Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities,
irancrash
IGES CMS <=2.0 Multiple Vulnerabilities,
admin
Plogger <= 3.0 SQL Injection,
GulfTech Security Research
8e6 Technologies R3000 Internet Filter Bypass with Host Decoy,
nnposter
Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities,
irancrash
CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability,
CORE Security Technologies Advisories
Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN),
Team SHATTER
Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter),
Team SHATTER
Team SHATTER Security Advisory: SQL Injection in Oracle Application Server (WWEXP_API_ENGINE),
Team SHATTER
[USN-626-2] Devhelp, Epiphany, Midbrowser and Yelp update,
Jamie Strandboge
UNAK-CMS Lfi,
r3d . w0rm
[SECURITY] [DSA 1627-1] New opensc packages fix smart card vulnerability,
Thijs Kinkhorst
TGS CMS Remote Code Execution Exploit,
0in . email
Keld: PHP-MySQL News Script 0.7.1 Remote SQL injection Vulnerability,
crimson . loyd
Server termination in America's Army 2.8.3.1,
Luigi Auriemma
Homes 4 Sale Remote XSS Vulnerabilitiy,
Ghost hacker
Pligg Auto-Voter Using XSS to Bypass CSRF Protection,
michaelbrooks
iDefense Security Advisory 08.01.08: Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability,
iDefense Labs
iDefense Security Advisory 08.01.08: Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 08.01.08: Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability,
iDefense Labs
file upload exploit,
win32 . exe
[ MDVSA-2008:160 ] libxslt,
security
n.runs-SA-2008.005 - Apple Inc. - CoreServices Framework’s CarbonCore Framework - Arbitrary Code Execution (remote),
security@xxxxxxxxx
iDefense Security Advisory 07.31.08: Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability,
iDefense Labs
[USN-632-1] Python vulnerabilities,
Kees Cook
[USN-633-1] libxslt vulnerabilities,
Kees Cook
DNS Multiple Race Exploiting Tool,
AR
eVision 2.0 Sql Injection/Remote File Disclosure/Remote File Upload/IG,
r3d . w0rm
[USN-634-1] OpenLDAP vulnerability,
Kees Cook
[CVE-2008-1232] Apache Tomcat XSS vulnerability,
Mark Thomas
[SECURITY] [DSA 1626-1] New httrack packages fix arbitrary code execution,
Thijs Kinkhorst
[SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code execution,
Thijs Kinkhorst
libxslt heap overflow,
chris
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability,
Mark Thomas
CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability,
Williams, James K
[ GLSA 200807-16 ] Python: Multiple vulnerabilities,
Robert Buchholz
[SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution,
Moritz Muehlenhoff
[ GLSA 200807-13 ] VLC: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200807-14 ] Linux Audit: Buffer overflow,
Pierre-Yves Rofes
[SECURITY] [DSA 1623-1] New dnsmasq packages fix cache poisoning,
Moritz Muehlenhoff
[ GLSA 200807-15 ] Pan: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability,
iDefense Labs
[~] Greetz : Me93fg & Mr.SaFa7,
Ghost hacker
[SECURITY] [DSA 1622-1] New newsx packages fix arbitrary code execution,
Thijs Kinkhorst
Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows,
Secunia Research
Pligg <= 9.9.0 Multiple Vulnerabilities,
GulfTech Security Research
[security bulletin] HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM), Unintended Remote Access,
security-alert
Secunia Research: Blue Coat K9 Web Protection "Referer" Header Buffer Overflow,
Secunia Research
[oCERT-2008-009] libxslt heap overflow,
Andrea Barisani
[ MDVSA-2008:159 ] licq,
security
Citrix MetaFrame Privilege Escalation,
Wendel Guglielmetti Henrique
DEV WMS Multiple Vulnerabilities,
irancrash
[ MDVSA-2008:158 ] silc-toolkit,
security
Cisco IOS shellcode explanation - additional,
Andy Davis
Tool: PorkBind Nameserver Security Scanner,
super
RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability,
cocoruder
MJGuest 6.8 GT Cross Site Scripting Vulnerability,
irancrash
NULL pointer in Unreal Tournament 2004 v3369,
Luigi Auriemma
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability,
Ghost hacker
HIOX Random Ad 1.3 (hioxRandomAd.php hm) RFI Vulnerability,
Ghost hacker
Memory corruption and NULL pointer in Unreal Tournament III 1.2,
Luigi Auriemma
HIOX Star Rating System 1.0 Remote File Inclusion Vulnerability,
Ghost hacker
Cisco IOS shellcode explanation,
Andy Davis
shoutbox Remote Database Dawnload Exploit,
Ghost hacker
[ MDVSA-2008:157 ] - ffmpeg,
security
Remote Cisco IOS FTP exploit,
Andy Davis
[USN-630-1] ffmpeg vulnerability,
Kees Cook
n.runs-SA-2008.004 - AVG Anti-Virus Divide by Zero - DoS (remote),
security
Gregarius <= 0.5.4 SQL Injection,
GulfTech Security Research
rPSA-2008-0235-1 fetchmail fetchmailconf,
rPath Update Announcements
[DSECRG-08-034] Local File Include Vulnerability in Minishowcase v09b136,
Digital Security Research Group [DSecRG]
VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix,
VMware Security team
plugin Rss Remote File Inclusion Vulnerability,
Ghost hacker
[USN-631-1] poppler vulnerability,
Kees Cook
rPSA-2008-0238-1 firefox,
rPath Update Announcements
[ MDVSA-2008:156 ] - Updated libpng packages fix vulnerability,
security
rPSA-2008-0237-1 tshark wireshark,
rPath Update Announcements
PhpJobScheduler 3.1 Remote File Inclusion Vulnerability,
Ghost hacker
rPSA-2008-0236-1 httpd mod_ssl,
rPath Update Announcements
[USN-626-1] Firefox and xulrunner vulnerabilities,
Jamie Strandboge
iDefense Security Advisory 07.28.08: Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability,
iDefense Labs
Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100,
Fabian Fingerle
ViArt <= 3.5 SQL Injection,
GulfTech Security Research
Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02,
supportrup
JamRoom <= 3.3.8 Authentication Bypass,
GulfTech Security Research
[security bulletin] HPSBMA02353 SSRT080066 rev.1 - HP OpenView Internet Services Running Probe Builder, Remote Denial of Service (DoS),
security-alert
Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations,
[ISR] - Infobyte Security Research
[DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1,
Digital Security Research Group [DSecRG]
Security Bypass Vulnerabilities AXESSTEL,
Bboyhacks
[SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities,
Moritz Muehlenhoff
[ MDVSA-2008:155-1 ] - Updated Thunderbird packages fix multiple vulnerabilities,
security
how to request a cve id?,
xpzhang
[SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing,
Devin Carraway
[SECURITY] [DSA 1618-1] New ruby1.9 packages fix several vulnerabilities,
Moritz Muehlenhoff
[ MDVSA-2008:155 ] - Updated Thunderbird packages fix multiple vulnerabilities,
security
[SECURITY] [DSA 1616-2] New clamav packages fix denial of service,
Devin Carraway
ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability,
zdi-disclosures
http://www.zerodayinitiative.com/advisories/ZDI-08-046,
zdi-disclosures
ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability,
zdi-disclosures
SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability,
advisories
ezContents CMS Renote File inclusion,
security
XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities,
azzcoder
Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow,
Secunia Research
[SECURITY] [DSA 1617-1] New refpolicy packages fix incompatible policy,
Devin Carraway
[USN-629-1] Thunderbird vulnerabilities,
Jamie Strandboge
[ MDVSA-2008:154 ] - Updated xemacs packages fix vulnerability,
security
CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit,
I)ruid
[Full-disclosure] [tool] SDT Cleaner 1.0,
Nahuel C. Riva
[SECURITY] [DSA 1616-1] new clamav packages fix denial of service,
Devin Carraway
[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability,
security
[SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
[SECURITY] [DSA 1614-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
[USN-628-1] PHP vulnerabilities,
Jamie Strandboge
Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim,
Jan Minář
[SECURITY] [DSA 1540-3] New lighttpd packages fix regression,
Thijs Kinkhorst
AST-2008-010: Asterisk IAX 'POKE' resource exhaustion,
Asterisk Security Team
AST-2008-011: Traffic amplification in IAX2 firmware provisioning system,
Asterisk Security Team
[ MDVSA-2008:152 ] - Updated wireshark packages fix denial of service vulnerability,
security
Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities,
jplopezy
[USN-627-1] Dnsmasq vulnerability,
Jamie Strandboge
PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page,
ProCheckUp Research
PR08-15: Several Webroot Disclosures on Moodle,
ProCheckUp Research
PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title,
ProCheckUp Research
[DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities,
Digital Security Research Group [DSecRG]
[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities,
Devin Carraway
FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability,
zhliu
[security bulletin] HPSBMA02346 SSRT080097 rev.3 - HP OpenView Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access,
security-alert
[ GLSA 200807-12 ] BitchX: Multiple vulnerabilities,
Pierre-Yves Rofes
Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw,
Tim Loshak
[ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability,
security
NULL pointer in ZDaemon 1.08.07,
Luigi Auriemma
[ GLSA 200807-11 ] PeerCast: Buffer overflow,
Pierre-Yves Rofes
[ GLSA 200807-10 ] Bacula: Information disclosure,
Pierre-Yves Rofes
E-Mail header Injection in HiFriend,
Peter Wiesen
[SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities,
Moritz Muehlenhoff
[White Paper] Abusing HTML 5 Structured Client-side Storage,
Alberto Trivero
Flip V3.0 final,
Cru3l . b0y
[DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1,
Digital Security Research Group [DSecRG]
FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability,
zhliu
Vim: Improper Implementation of shellescape()/Arbitrary Code Execution,
Jan Minář
MyBlog <=0.9.8 Multiple Vulnerabilities,
admin
Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ),
irancrash
EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability,
Ghost hacker
Maran PHP Blog Xss By Khashayar Fereidani,
irancrash
Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system,
Julien Thomas
FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability,
zhliu
Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani,
irancrash
EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability,
zhliu
[ MDVSA-2008:150 ] - Updated mysql packages fix vulnerabilities,
security
Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani,
irancrash
EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ),
irancrash
[ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities,
security
Oracle Database Local Untrusted Library Path Vulnerability,
Joxean Koret
rPSA-2008-0231-1 bind bind-utils,
rPath Update Announcements
[security bulletin] HPSBUX02351 SSRT080058 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
Windows Vista Power Management & Local Security Policy,
Abe Getchell
[DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities,
Digital Security Research Group [DSecRG]
[ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution,
ISecAuditors Security Advisories
Lateral SQL Injection Revisited - No Special Privs Required,
David Litchfield
[ MDVSA-2008:148 ] - Updated Firefox packages fix vulnerabilities,
security
Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities,
tan_prathan
Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution,
Jan Minář
Security Vacation Guide,
Pete Herzog
ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability,
zdi-disclosures
ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow,
zdi-disclosures
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability,
zdi-disclosures
communitycms-0.1 Remote File Includion,
n3tr00t3r
[USN-623-1] Firefox vulnerabilities,
Jamie Strandboge
Oracle Portal XSS fixed by CPU July 2008,
Andrea Purificato
HPSBMA02346 SSRT080097 rev.2 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access,
security-alert
[DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5,
Digital Security Research Group
ekoparty security trainings (2008) announcement,
ekoparty
[security bulletin] HPSBUX02351 SSRT080058 rev.1 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
[SECURITY] [DSA 1611-1] New afuse packages fix privilege escalation,
Thijs Kinkhorst
IETF Internet-Draft on TCP Port randomization,
Fernando Gont
rPSA-2008-0035-1 httpd mod_ssl,
rPath Update Announcements
openPro 1.3.1 (LIBPATH) Remote RFI Vulnerability,
Ghost hacker
[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness,
Florian Weimer
n.runs-SA-2008.002 - F-Prot Out-of-Bound Memory Access DoS (remote),
security
[DSECRG-08-028] File read in Velocity web-server,
Alexandr Polyakov
[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability,
adv
[security bulletin] HPSBMA02133 SSRT061201 rev.9 - HP Oracle for OpenView (OfO) Critical Patch Update,
security-alert
Arbitrary code execution in Netrw version 127, Vim 7.2b,
Jan Minář
Oracle Application Server PLSQL injection flaw,
David Litchfield
[security bulletin] HPSBMA02346 SSRT080097 rev.1 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access,
security-alert
[ MDVSA-2008:146 ] - Updated poppler packages fix arbitrary code execution vulnerability,
security
iDefense Security Advisory 07.15.08: Oracle Database Local Untrusted Library Path Vulnerability,
iDefense Labs
iDefense Security Advisory 07.15.08: Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability,
iDefense Labs
[ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability,
security
iDefense Security Advisory 07.15.08: Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability,
iDefense Labs
[ GLSA 200807-09 ] Mercurial: Directory traversal,
Tobias Heinlein
[SECURITY] [DSA 1569-3] New cacti packages fix regression,
Thijs Kinkhorst
[SECURITY] [DSA 1610-1] New gaim packages fix execution of arbitrary code,
Steve Kemp
[SECURITY] [DSA 1609-1] New lighttpd packages fix multiple DOS issues,
Steve Kemp
[ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability,
security
HPSBST02350 SSRT080102 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040,
security-alert
[USN-624-1] PCRE vulnerability,
Kees Cook
CFP now open for ClubHack2008 - India,
ClubHack
Yuhhu Pubs Black Cat Remote SQL Injection Exploit,
RM-x
DeepSec 2008 - Last call for submissions,
DeepSec Conference Vienna
FreeBSD Security Advisory FreeBSD-SA-08:06.bind,
FreeBSD Security Advisories
Pluck Local File inclusion,
admin
Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit,
Rotem-BugSec
[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass,
Devin Carraway
[ MDVSA-2008:144 ] - Updated openldap packages fix slapd DoS vulnerability,
security
[ MDVSA-2008:138-1 ] - Updated OpenOffice.org packages fix vulnerability,
security
[NETRAGARD SECURITY ADVISORY][Apple Core Image Fun House <= 2.0 OS X -- Arbitrary Code Execution][NETRAGARD-20080711],
Netragard Security Advisories
[ GLSA 200807-08 ] BIND: Cache poisoning,
Matthias Geerdsen
[SECURITY] [DSA 1607-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability,
zdi-disclosures
[ MDVSA-2008:143 ] - Updated pidgin packages fix MSN protocol handler vulnerability,
security
iDefense Security Advisory 07.09.08: Novell eDirectory LDAP Search Request Heap Corruption Vulnerability,
iDefense Labs
[ MDVSA-2008:140 ] - Updated ruby packages fix vulnerabilities,
security
[ MDVSA-2008:141 ] - Updated ruby packages fix vulnerabilities,
security
[ GLSA 200807-06 ] Apache: Denial of Service,
Robert Buchholz
London DEFCON July meet - DC4420 - Thursday 10th July (today!),
alien
rPSA-2008-0223-1 poppler,
rPath Update Announcements
phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability,
Ghost hacker
[ GLSA 200807-07 ] NX: User-assisted execution of arbitrary code,
Robert Buchholz
gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability,
Ghost hacker
Re: Microsoft DNS patch KB951748 incompatible with Zonealarm FIXED,
davee1
Nessus plugins for recent MS Bulletins,
Chandrashekhar B
[ MDVSA-2008:142 ] - Updated ruby packages fix vulnerabilities,
security
Context IS Advisory - MS08-39 OWA XSS,
Context IS - Disclosure
[ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability,
security
[ GLSA 200807-05 ] OpenOffice.org: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
Microsoft DNS patch KB951748 incompatible with Zonealarm,
Pages-Web.com - Services internet
rPSA-2008-0218-1 ruby,
rPath Update Announcements
[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code,
Steve Kemp
Insomnia : ISVA-080709.1 - Microsoft SQL Server - Corrupt Backup File Heap Overflow,
Brett Moore
Local information disclosure in WeFi Client v3.3.3.0,
XiaShing
[ MDVSA-2008:138 ] - Updated OpenOffice.org packages fix vulnerability,
security
[ MDVSA-2008:137 ] - Updated OpenOffice.org fix vulnerability, and a few other bugs,
security
rPSA-2008-0217-1 vsftpd,
rPath Update Announcements
rPSA-2008-0216-1 firefox,
rPath Update Announcements
Minneapolis DC612 Meeting July 10th, 2008@6pm,
David Bryan
[ MDVSA-2008:136 ] - Updated Firefox packages fix vulnerabilities,
security
[USN-622-1] Bind vulnerability,
Kees Cook
iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability,
iDefense Labs
Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks,
Cisco Systems Product Security Incident Response Team
[ GLSA 200807-04 ] Poppler: User-assisted execution of arbitrary code,
Matthias Geerdsen
[SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver,
Florian Weimer
XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower,
Jessica Hope
[SECURITY] [DSA 1604-1] BIND 8 deprecation notice,
Florian Weimer
[SECURITY] [DSA 1603-1] New bind9 packages fix cache poisoning,
Florian Weimer
[security bulletin] HPSBMA02349 SSRT080043 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data,
security-alert
[security bulletin] HPSBMA02348 SSRT080033 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
Call for Papers for the MEITSEC 2008 is now open.,
Meitsec2008 Conference
Pwnie Awards 2008,
Alexander Sotirov
PHP-NUKE SQL Module's Name 4ndvddb,
lovebug
[ GLSA 200807-03 ] PCRE: Buffer overflow,
Robert Buchholz
Re: Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version,
Juha-Matti Laurio
[oCERT-2008-007] libpoppler uninitialized pointer,
Andrea Barisani
[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution,
Florian Weimer
[ MDVSA-2008:135 ] - Updated gnome-screensaver packages fix authentication vulnerability,
security
[ MDVSA-2008:134 ] - Updated squid packages fix DoS vulnerability,
security
[ MDVSA-2008:133 ] - Updated sympa packages fix DoS vulnerability,
security
[ MDVSA-2008:132 ] - Updated gnome-screensaver packages fix authentication vulnerability,
security
[ MDVSA-2008:131 ] - Updated phpMyAdmin packages fix multiple vulnerabilities,
security
Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow,
[ISR] - Infobyte Security Research
[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC,
Digital Security Research Group [DSecRG]
F5 FirePass 1200 SNMP daemon DoS,
nnposter
[ MDVSA-2008:129 ] - Updated PHP packages fix multiple vulnerabilities,
security
[ MDVSA-2008:130 ] - Updated PHP packages fix multiple vulnerabilities,
security
Unauthorized reading confirmation from Outlook,
Augusto Paes de Barros
Local vulnerability in WeFi Client v3.2.1.4.1(Update),
XiaShing
[SECURITY] [DSA 1601-1] New wordpress packages fix several vulnerabilities,
Thijs Kinkhorst
[ MDVSA-2008:128 ] - Updated PHP packages fix multiple vulnerabilities,
security
[ MDVSA-2008:127 ] - Updated PHP packages fix multiple vulnerabilities,
security
[ MDVSA-2008:126 ] - Updated PHP packages fix multiple vulnerabilities,
security
[ MDVSA-2008:125 ] - Updated PHP packages fix multiple vulnerabilities,
security
rPSA-2008-0212-1 tshark wireshark,
rPath Update Announcements
rPSA-2008-0211-1 mercurial mercurial-hgk,
rPath Update Announcements
Release of Pass-The-Hash Toolkit v1.4,
Hernan Ochoa
Secunia Research: VLC Media Player WAV Processing Integer Overflow,
Secunia Research
ISEC 2008(Information Security Conference) Guide,
isec
[tool] ratproxy - passive web application security assessment tool,
Michal Zalewski
[USN-619-1] Firefox vulnerabilities,
Jamie Strandboge
[SECURITY] [DSA 1560-1] New sympa packages fix denial of service,
Steve Kemp
Deepsec Talks 2007 are online - registration for 2008 is open,
DeepSec 2008
Vuln name: Ruby rb_ary_fill() DOS,
snagg
New Paper: More than 600 million users surf at high risk,
Stefan Frei
[ GLSA 200807-02 ] Motion: Execution of arbitrary code,
Tobias Heinlein
[security bulletin] HPSBMA02345 SSRT080039 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
[ GLSA 200807-01 ] Python: Multiple integer overflows,
Tobias Heinlein
[SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability,
Scanit Labs
CFP 25C3 - The 25th Chaos Communication Congress 2008,
fukami
[SCANIT-2008-003] Wordtrans-web Remote Command Execution Vulnerability,
Scanit Labs
[SCANIT-2008-002] Wordtrans-web Remote Command Execution Vulnerability,
Scanit Labs
[USN-617-2] Samba regression,
Jamie Strandboge
Endless loop in Soldner 33724,
Luigi Auriemma
RSS-aggregator Multiple vulnerabilities,
Sylvain
[security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
Security and Hacking Papers - Updated!,
ork
Endless loop in Halo 1.07,
Luigi Auriemma
Remote SQL Injection,
saidmoftakhar
Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006,
Luigi Auriemma
[Tool] PktAnon packet trace anonymization tool released,
Christoph Mayer
[security bulletin] HPSBUX02341 SSRT080075 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code,
security-alert
BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008),
Dragos Ruiu
[security bulletin] HPSBUX02342 SSRT080063 rev.2 - HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code,
security-alert
rPSA-2008-0207-1 kernel,
rPath Update Announcements
New Release of 'Unhide' (20080519),
yago jesus
[ MDVSA-2008:124 ] - Updated xine-lib packages fix vulnerability in Speex decoder,
security
[USN-621-1] Ruby vulnerabilities,
Jamie Strandboge
WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy,
the_3dit0r
[SECURITY] [DSA 1599-1] New dbus packages fix privilege escalation,
Moritz Muehlenhoff
rPSA-2008-0206-1 ruby,
rPath Update Announcements
[USN-620-1] OpenSSL vulnerabilities,
Jamie Strandboge
Evolution Vulnerability,
jplopezy
Pidgin 2.4.1 Vulnerability,
jplopezy
The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities,
tan_prathan
Rhythmbox Vulnerability,
jplopezy
Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version "842 Procapita 840SP1",
pelzi
[ MDVSA-2008:123 ] - Updated imlib2 packages fix vulnerabilities,
security
[ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability,
adv
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities,
Cisco Systems Product Security Incident Response Team
mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability,
Ghost hacker
ERRATA - n.runs-SA-2008.001 - Jscape Secure FTP Applet,
security
IdeBox (include) Remote File Inclusion Vulnerability,
Ghost hacker
[ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities,
Tobias Heinlein
[BMSA 2008-07] Format string vulnerability in 5th street,
Nam Nguyen
RSS-aggregator (display) Remote File Inclusion Vulnerability,
Ghost hacker
[ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability,
security
fetchmail REVISED security announcement fetchmail-SA-2008-01 (CVE-2008-2711),
ma+bt
[ GLSA 200806-10 ] FreeType: User-assisted execution of arbitrary code,
Robert Buchholz
[ GLSA 200806-09 ] libvorbis: Multiple vulnerabilities,
Robert Buchholz
[ GLSA 200806-08 ] OpenSSL: Denial of Service,
Robert Buchholz
NULL pointer in World in Conflict 1.008,
Luigi Auriemma
[ MDVSA-2008:121 ] - Updated freetype2 packages fix vulnerabilities,
security
Double Denial of Service in Call of Duty 4 1.6,
Luigi Auriemma
Firefox 3.0 security bug: Extensions can STILL hide themselves,
azurIt
Trust Testing and Metrics,
Pete Herzog
n.runs-SA-2008.001 - Jscape Secure FTP Applet,
security
Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities,
tan_prathan
[ MDVSA-2008:120 ] - Updated nasm packages fix vulnerability,
security
rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs,
rPath Update Announcements
rPSA-2008-0200-1 xorg-server,
rPath Update Announcements
[ MDVSA-2008:119 ] - Updated exiv2 packages fix vulnerability,
security
[ MDVSA-2008:118 ] - Updated net-snmp/ucd-snmp packages fix vulnerabilities,
security
Diigo Toolbar - Global XSS and Information Leakage in SSL URLs,
Ferruh Mavituna
BackTrack 3 Final has been released,
Max Moser
[SECURITY] [DSA 1598-1] New libtk-img packages fix arbitrary code execution,
Thijs Kinkhorst
Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow,
Secunia Research
[ MDVSA-2008:117 ] - Updated fetchmail packages fix DoS vulnerability,
security
An Apology.,
cwrigh20
[ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities,
Matthias Geerdsen
CSW Security Advisory 0002: Oral B SmartMonitor Information Disclosure Vulnerability and DoS,
craigswright
vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1: XSS in modcp index,
Jessica Hope
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities,
Admin
eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities,
Admin
[USN-612-11] openssl-blacklist update,
Jamie Strandboge
Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service,
Cisco Systems Product Security Incident Response Team
A more detailed description of the Jura F90 vulnerability.,
Craig Wright
CA ARCserve Backup Discovery Service Denial of Service Vulnerability,
Williams, James K
Secunia Research: TorrentTrader Multiple SQL Injection Vulnerabilities,
Secunia Research
Announcement && CFP: ISOI 5, Tallinn Estonia,
Gadi Evron
[USN-617-1] Samba vulnerabilities,
Jamie Strandboge
[security bulletin] HPSBST02344 SSRT080087 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036,
security-alert
S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS),
S21sec labs
[ GLSA 200806-06 ] Evolution: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
iPhoneDbg Toolkit,
Nicolas A. Economou
fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565),
ma+bt
[ GLSA 200806-05 ] cbrPager: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711),
ma+bt
Server freezed in Skulltag 0.97d2-RC2,
Luigi Auriemma
Hacking Coffee Makers.,
Craig Wright
NULL pointer in the HTTP/XML-RPC service of Crysis 1.21,
Luigi Auriemma
[ MDVSA-2008:115 ] - Updated x11-server packages fix several vulnerabilities,
security
[ MDVSA-2008:116 ] - Updated x11-server packages fix several vulnerabilities,
security
[DSECRG-08-026] LFI in Open Azimyt CMS 0.22,
Digital Security Research Group
VistaReseller Panel BETA Xss Vulnerability,
irancrash
Returnil Virtual System 2008 - Password Disclosure Issue,
mikuvoli
[ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability,
erdc
PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability,
sys-project
[ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability,
erdc
Denial of Service in S.T.A.L.K.E.R. 1.0006,
Luigi Auriemma
DUC NO-IP Local Password Information Disclosure Vulnerability,
glafkos
E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability,
sys-project
Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ),
Eduardo Jorge
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]