Mail Index
- [SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities
- VisualSentinel 0.7 Cross Agent Scripting Vulnerability
- LokiCMS Multiple Vulnerabilities through Authorization weakness
- Re: VisualSentinel 0.7 Cross Agent Scripting Vulnerability
- SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier
- [SECURITY] [DSA 1553-2] New ikiwiki packages fix regression
- rPSA-2008-0180-1 samba samba-client samba-server samba-swat
- From: rPath Update Announcements
- ARP handler Inspection tool released
- BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability
- Re: xt:Commerce possible DoS
- OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability
- From: hadihadi_zedehal_2006
- ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability
- [ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability
- rPSA-2008-0181-1 openssl openssl-scripts
- From: rPath Update Announcements
- DEFCON 16 Updates - Get involved!
- Advisory: Xerox Workaround & planned patch
- [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
- Windows Installer msiexec GUID Buffer Overflow
- [SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities
- [security bulletin] HPSBST02312 SSRT071428 rev.1 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code
- Re: Windows Installer msiexec GUID Buffer Overflow
- [ GLSA 200806-02 ] libxslt: Execution of arbitrary code
- RE: Windows Installer msiexec GUID Buffer Overflow
- From: Thor (Hammer of God)
- [ GLSA 200806-01 ] mtr: Stack-based buffer overflow
- London DEFCON June meet - DC4420 - Thursday 5th June
- [NSG 03-06-2008] C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit
- AccessMe Tool Release
- [USN-614-1] Linux kernel vulnerabilities
- AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
- From: Asterisk Security Team
- [ MDVSA-2008:109 ] - Updated kernel packages fix bugs
- QuickerSite Multiple Vulnerabilities
- iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability
- [security bulletin] HPSBMA02326 SSRT071490 rev.1 - HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code
- iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability
- CSIS-RI-0003: Multiple buffer overflow vulnerabilities in HP ActiveX
- iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities
- IMF 2008 - Deadline Extension (2nd try)
- iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities
- iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability
- iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability
- Akamai Technologies Security Advisory 2008-0001 (Download Manager)
- From: Akamai Security Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
- From: Cisco Systems Product Security Incident Response Team
- VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
- From: VMware Security team
- ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability
- ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability
- ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow
- TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability
- iDefense Security Advisory 06.04.08: Skype File URI Security Bypass Code Execution Vulnerability
- iDefense Security Advisory 06.04.08: Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability
- Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability
- CORE-2008-0425 - NASA BigView Stack Buffer Overflow
- From: CORE Security Technologies Advisories
- CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities
- AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised
- From: Asterisk Security Team
- e107 Plugin echat MENU Blind SQL Injection Vulnerability
- From: hadihadi_zedehal_2006
- [security bulletin] HPSBST02312 SSRT071428 rev.2 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code
- Remote DoS vulnerability in Linksys WRH54G
- SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities
- Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability
- AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver
- From: Asterisk Security Team
- iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability
- iDefense Security Advisory 06.04.08: VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability
- Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability
- F5 FirePass Content Inspection Management XSS
- WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability
- [ MDVSA-2008:110 ] - Updated Firefox packages fix vulnerabilities
- Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery
- Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software)
- From: Akamai Security Team
- Vulnerability in Network General/Net Scout product
- rPSA-2008-0185-1 vsftpd
- From: rPath Update Announcements
- SchoolCenter URL Handling Cross Site Scripting Vulnerability
- Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability
- [USN-615-1] Evolution vulnerabilities
- FreeSSHD 1.2.1 (Post Auth) Remote Seh Overflow Exploit
- [ GLSA 200806-03 ] Imlib 2: User-assisted execution of arbitrary code
- [SECURITY] [DSA 1592-1] New Linux 2.6.18 packages fix overflow conditions
- XSS - NEXTGEN GALLERY 0.96 WORDPRESS PLUGIN
- webTA by kronos - XSS
- [SECURITY] [DSA 1592-2] New Linux 2.6.18 packages fix overflow conditions
- [SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting
- Further Correction to BID 29112 "Apache Server HTML Injection and UTF-7 XSS Vulnerability"
- From: William A. Rowe, Jr.
- [web-app] Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability
- [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
- [web-app] ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability
- [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability
- [web-app] yBlog 0.2.2.2 Multiple Remote Vulnerabilities
- [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities
- Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow
- [security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability
- Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability
- iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities
- XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
- ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability
- iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability
- ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution
- [ MDVSA-2008:111 ] - Updated Evolution packages fix vulnerabilities
- Many bugs on CMS system Piugame
- ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability
- ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
- [security bulletin] HPSBUX02342 SSRT080063 rev.1 - HP-UX Running Apache or Tomcat with PHP, Remote Execution of Arbitrary Code
- TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
- PHPEasyData 1.5.4 Multiple Vulnerabilities
- Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS
- CORE-2008-0125: CitectSCADA ODBC service vulnerability
- From: CORE Security Technologies Advisories
- Flat Calendar v1.1 Remote Permission Bypass Vulnerability
- phpRaider <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable
- [security bulletin] HPSBMA02340 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [SECURITY] [DSA 1594-1] New imlib2 packages fix arbitrary code execution
- iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability
- iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability
- iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
- Xigla Multiple Products - Multiple Vulnerabilities
- iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
- iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability
- rPSA-2008-0189-1 kernel xen
- From: rPath Update Announcements
- [SECURITY] [DSA 1595-1] New xorg-server packages fix several vulnerabilities
- ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability
- SNMPv3 Authentication Bypass - CVE-2008-0960
- DEFCON Switzerland looking for DEFCON visitors
- From: DEF CON Switzerland
- Pooya Site Builder (PSB) SQL Injection Vulnerabilities
- [ MDVSA-2008:112 ] - Updated kernel packages fix security issues
- [SECURITY] [DSA 1596-1] New typo3 packages fix several vulnerabilities
- [SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
- [USN-616-1] X.org vulnerabilities
- AS/400 Vulnerabilities
- Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)
- Securify bulletin: Microsoft Active Directory Denial-of-service
- [USN-612-9] openssl-blacklist update
- [USN-612-10] OpenVPN regression
- RE: AS/400 Vulnerabilities
- RE: Securify bulletin: Microsoft Active Directory Denial-of-service
- Technical Details of Security Issues Regarding Safari for Windows
- [ MDVSA-2008:114 ] - Updated util-linux-ng packages fix log injection issue
- [ MDVSA-2008:113 ] - Updated kernel packages fix security issue
- Re: AS/400 Vulnerabilities
- From: security curmudgeon
- Collection of Vulnerabilities in Fully Patched Vim 7.1
- Re: Collection of Vulnerabilities in Fully Patched Vim 7.1
- GSC Privilege Escalation Exploit
- [ GLSA 200806-04 ] rdesktop: Multiple vulnerabilities
- Re: AS/400 Vulnerabilities
- Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
- E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability
- DUC NO-IP Local Password Information Disclosure Vulnerability
- Denial of Service in S.T.A.L.K.E.R. 1.0006
- PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability
- [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability
- [ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability
- Returnil Virtual System 2008 - Password Disclosure Issue
- VistaReseller Panel BETA Xss Vulnerability
- [DSECRG-08-026] LFI in Open Azimyt CMS 0.22
- From: Digital Security Research Group
- [ MDVSA-2008:115 ] - Updated x11-server packages fix several vulnerabilities
- [ MDVSA-2008:116 ] - Updated x11-server packages fix several vulnerabilities
- NULL pointer in the HTTP/XML-RPC service of Crysis 1.21
- Hacking Coffee Makers.
- Server freezed in Skulltag 0.97d2-RC2
- fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565)
- fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711)
- [ GLSA 200806-05 ] cbrPager: User-assisted execution of arbitrary code
- iPhoneDbg Toolkit
- From: Nicolas A. Economou
- [ GLSA 200806-06 ] Evolution: User-assisted execution of arbitrary code
- S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)
- [security bulletin] HPSBST02344 SSRT080087 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036
- [USN-617-1] Samba vulnerabilities
- Announcement && CFP: ISOI 5, Tallinn Estonia
- Secunia Research: TorrentTrader Multiple SQL Injection Vulnerabilities
- CA ARCserve Backup Discovery Service Denial of Service Vulnerability
- A more detailed description of the Jura F90 vulnerability.
- Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service
- From: Cisco Systems Product Security Incident Response Team
- RE: A more detailed description of the Jura F90 vulnerability.
- From: Thor (Hammer of God)
- [USN-612-11] openssl-blacklist update
- Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities
- eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities
- vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1: XSS in modcp index
- CSW Security Advisory 0002: Oral B SmartMonitor Information Disclosure Vulnerability and DoS
- RE: A more detailed description of the Jura F90 vulnerability.
- From: Thor (Hammer of God)
- RE: A more detailed description of the Jura F90 vulnerability.
- [ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities
- An Apology.
- Re: RFI ====> vBulletin v3.6.5
- [ MDVSA-2008:117 ] - Updated fetchmail packages fix DoS vulnerability
- Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow
- [SECURITY] [DSA 1598-1] New libtk-img packages fix arbitrary code execution
- BackTrack 3 Final has been released
- Diigo Toolbar - Global XSS and Information Leakage in SSL URLs
- [ MDVSA-2008:118 ] - Updated net-snmp/ucd-snmp packages fix vulnerabilities
- [ MDVSA-2008:119 ] - Updated exiv2 packages fix vulnerability
- rPSA-2008-0200-1 xorg-server
- From: rPath Update Announcements
- rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
- From: rPath Update Announcements
- [ MDVSA-2008:120 ] - Updated nasm packages fix vulnerability
- Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities
- n.runs-SA-2008.001 - Jscape Secure FTP Applet
- Trust Testing and Metrics
- Firefox 3.0 security bug: Extensions can STILL hide themselves
- Double Denial of Service in Call of Duty 4 1.6
- Re: Summary of AS/400 Vulnerability Information
- [ MDVSA-2008:121 ] - Updated freetype2 packages fix vulnerabilities
- NULL pointer in World in Conflict 1.008
- [ GLSA 200806-08 ] OpenSSL: Denial of Service
- [ GLSA 200806-09 ] libvorbis: Multiple vulnerabilities
- [ GLSA 200806-10 ] FreeType: User-assisted execution of arbitrary code
- fetchmail REVISED security announcement fetchmail-SA-2008-01 (CVE-2008-2711)
- [ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability
- [ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities
- RSS-aggregator (display) Remote File Inclusion Vulnerability
- [BMSA 2008-07] Format string vulnerability in 5th street
- IdeBox (include) Remote File Inclusion Vulnerability
- ERRATA - n.runs-SA-2008.001 - Jscape Secure FTP Applet
- mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability
- Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- [ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability
- [ MDVSA-2008:123 ] - Updated imlib2 packages fix vulnerabilities
- Re: IdeBox (include) Remote File Inclusion Vulnerability
- From: Vladimir '3APA3A' Dubrovin
- Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version "842 Procapita 840SP1"
- The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities
- Pidgin 2.4.1 Vulnerability
- Evolution Vulnerability
- Rhythmbox Vulnerability
- [USN-620-1] OpenSSL vulnerabilities
- rPSA-2008-0206-1 ruby
- From: rPath Update Announcements
- [SECURITY] [DSA 1599-1] New dbus packages fix privilege escalation
- WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy
- [USN-621-1] Ruby vulnerabilities
- [ MDVSA-2008:124 ] - Updated xine-lib packages fix vulnerability in Speex decoder
- New Release of 'Unhide' (20080519)
- rPSA-2008-0207-1 kernel
- From: rPath Update Announcements
- [security bulletin] HPSBUX02342 SSRT080063 rev.2 - HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code
- BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008)
- [security bulletin] HPSBUX02341 SSRT080075 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
- [Tool] PktAnon packet trace anonymization tool released
- Remote SQL Injection
- Re: Double Denial of Service in Call of Duty 4 1.6
- Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006
- Endless loop in Halo 1.07
- Security and Hacking Papers - Updated!
Mail converted by MHonArc