Mail Thread Index

Date Index

[SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier
VisualSentinel 0.7 Cross Agent Scripting Vulnerability, bugtraq
- <Possible follow-ups>
- Re: VisualSentinel 0.7 Cross Agent Scripting Vulnerability, m . morcote
LokiCMS Multiple Vulnerabilities through Authorization weakness, Alireza Hassani
SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier, Charles Vaughn
[SECURITY] [DSA 1553-2] New ikiwiki packages fix regression, Thijs Kinkhorst
rPSA-2008-0180-1 samba samba-client samba-server samba-swat, rPath Update Announcements
ARP handler Inspection tool released, Andrea Di Pasquale
BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability, sys-project
Re: xt:Commerce possible DoS, decoder-bugtraq
OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability, hadihadi_zedehal_2006
ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability, sys-project
[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability, erdc
rPSA-2008-0181-1 openssl openssl-scripts, rPath Update Announcements
DEFCON 16 Updates - Get involved!, The Dark Tangent
Advisory: Xerox Workaround & planned patch, suzanne . hawley
[SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability, Mark Thomas
Windows Installer msiexec GUID Buffer Overflow, Patrick Webster
- RE: Windows Installer msiexec GUID Buffer Overflow, Thor (Hammer of God)
- <Possible follow-ups>
- Re: Windows Installer msiexec GUID Buffer Overflow, 0xjbrown41
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities, Thijs Kinkhorst
[security bulletin] HPSBST02312 SSRT071428 rev.1 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code, security-alert
[ GLSA 200806-02 ] libxslt: Execution of arbitrary code, Tobias Heinlein
[ GLSA 200806-01 ] mtr: Stack-based buffer overflow, Tobias Heinlein
London DEFCON June meet - DC4420 - Thursday 5th June, Major Malfunction
[NSG 03-06-2008] C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit, ipsdix
AccessMe Tool Release, Oliver Lavery
[USN-614-1] Linux kernel vulnerabilities, Kees Cook
AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode, Asterisk Security Team
[ MDVSA-2008:109 ] - Updated kernel packages fix bugs, security
QuickerSite Multiple Vulnerabilities, Admin
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability, iDefense Labs
[security bulletin] HPSBMA02326 SSRT071490 rev.1 - HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code, security-alert
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability, iDefense Labs
CSIS-RI-0003: Multiple buffer overflow vulnerabilities in HP ActiveX, rand
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities, iDefense Labs
IMF 2008 - Deadline Extension (2nd try), Oliver Goebel
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities, iDefense Labs
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability, iDefense Labs
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability, iDefense Labs
Akamai Technologies Security Advisory 2008-0001 (Download Manager), Akamai Security Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA, Cisco Systems Product Security Incident Response Team
VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues, VMware Security team
ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability, zdi-disclosures
- <Possible follow-ups>
- Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability, Luigi Auriemma
ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability, zdi-disclosures
ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow, zdi-disclosures
TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability, DVLabs
iDefense Security Advisory 06.04.08: Skype File URI Security Bypass Code Execution Vulnerability, iDefense Labs
iDefense Security Advisory 06.04.08: Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability, iDefense Labs
CORE-2008-0425 - NASA BigView Stack Buffer Overflow, CORE Security Technologies Advisories
CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities, Williams, James K
AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised, Asterisk Security Team
e107 Plugin echat MENU Blind SQL Injection Vulnerability, hadihadi_zedehal_2006
[security bulletin] HPSBST02312 SSRT071428 rev.2 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code, security-alert
Remote DoS vulnerability in Linksys WRH54G, dubingyao
SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities, tan_prathan
Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability, cocoruder
AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver, Asterisk Security Team
iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability, iDefense Labs
- Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability, iDefense Labs
- Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability, iDefense Labs
iDefense Security Advisory 06.04.08: VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability, iDefense Labs
F5 FirePass Content Inspection Management XSS, nnposter
WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability, tan_prathan
[ MDVSA-2008:110 ] - Updated Firefox packages fix vulnerabilities, security
Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery, Secunia Research
Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software), Akamai Security Team
Vulnerability in Network General/Net Scout product, jgrove_2000
rPSA-2008-0185-1 vsftpd, rPath Update Announcements
SchoolCenter URL Handling Cross Site Scripting Vulnerability, DoZ
[USN-615-1] Evolution vulnerabilities, Jamie Strandboge
FreeSSHD 1.2.1 (Post Auth) Remote Seh Overflow Exploit, m . memelli
[ GLSA 200806-03 ] Imlib 2: User-assisted execution of arbitrary code, Tobias Heinlein
[SECURITY] [DSA 1592-1] New Linux 2.6.18 packages fix overflow conditions, dann frazier
XSS - NEXTGEN GALLERY 0.96 WORDPRESS PLUGIN, Eduardo Jorge
webTA by kronos - XSS, Alex Eden
[SECURITY] [DSA 1592-2] New Linux 2.6.18 packages fix overflow conditions, dann frazier
[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting, Moritz Muehlenhoff
Further Correction to BID 29112 "Apache Server HTML Injection and UTF-7 XSS Vulnerability", William A. Rowe, Jr.
[web-app] Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability, unohope
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing, Andrea Barisani
[web-app] ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability, unohope
[web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability, unohope
[web-app] yBlog 0.2.2.2 Multiple Remote Vulnerabilities, unohope
[web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities, unohope
Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow, Secunia Research
[security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability, iDefense Labs
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities, Cisco Systems Product Security Incident Response Team
iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities, iDefense Labs
XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ), Eduardo Jorge
ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability, zdi-disclosures
iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability, iDefense Labs
ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution, zdi-disclosures
[ MDVSA-2008:111 ] - Updated Evolution packages fix vulnerabilities, security
Many bugs on CMS system Piugame, Psymera
ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability, zdi-disclosures
ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability, zdi-disclosures
[security bulletin] HPSBUX02342 SSRT080063 rev.1 - HP-UX Running Apache or Tomcat with PHP, Remote Execution of Arbitrary Code, security-alert
TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core, lars
PHPEasyData 1.5.4 Multiple Vulnerabilities, Sylvain
Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS, Secunia Research
CORE-2008-0125: CitectSCADA ODBC service vulnerability, CORE Security Technologies Advisories
Flat Calendar v1.1 Remote Permission Bypass Vulnerability, none
phpRaider <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable, none
[security bulletin] HPSBMA02340 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
[SECURITY] [DSA 1594-1] New imlib2 packages fix arbitrary code execution, Moritz Muehlenhoff
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability, iDefense Labs
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability, iDefense Labs
Xigla Multiple Products - Multiple Vulnerabilities, Admin
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities, iDefense Labs
iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability, iDefense Labs
rPSA-2008-0189-1 kernel xen, rPath Update Announcements
[SECURITY] [DSA 1595-1] New xorg-server packages fix several vulnerabilities, Thijs Kinkhorst
ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability, sys-project
SNMPv3 Authentication Bypass - CVE-2008-0960, inode
DEFCON Switzerland looking for DEFCON visitors, DEF CON Switzerland
Pooya Site Builder (PSB) SQL Injection Vulnerabilities, Admin
[ MDVSA-2008:112 ] - Updated kernel packages fix security issues, security
[SECURITY] [DSA 1596-1] New typo3 packages fix several vulnerabilities, Thijs Kinkhorst
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities, Devin Carraway
[USN-616-1] X.org vulnerabilities, Kees Cook
AS/400 Vulnerabilities, Jon Kibler
- RE: AS/400 Vulnerabilities, Michael Wojcik
- Re: AS/400 Vulnerabilities, security curmudgeon
  - Re: AS/400 Vulnerabilities, Marco Ivaldi
- Re: Summary of AS/400 Vulnerability Information, Jon Kibler
Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10), Jessica Hope
Securify bulletin: Microsoft Active Directory Denial-of-service, Securify Bulletins
- RE: Securify bulletin: Microsoft Active Directory Denial-of-service, Michael Wojcik
[USN-612-9] openssl-blacklist update, Jamie Strandboge
[USN-612-10] OpenVPN regression, Jamie Strandboge
Technical Details of Security Issues Regarding Safari for Windows, LIUDIEYU dot COM
[ MDVSA-2008:114 ] - Updated util-linux-ng packages fix log injection issue, security
[ MDVSA-2008:113 ] - Updated kernel packages fix security issue, security
Collection of Vulnerabilities in Fully Patched Vim 7.1, Jan Minář
- Re: Collection of Vulnerabilities in Fully Patched Vim 7.1, Bram Moolenaar
GSC Privilege Escalation Exploit, Moose
[ GLSA 200806-04 ] rdesktop: Multiple vulnerabilities, Pierre-Yves Rofes
Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ), Eduardo Jorge
E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability, sys-project
DUC NO-IP Local Password Information Disclosure Vulnerability, glafkos
Denial of Service in S.T.A.L.K.E.R. 1.0006, Luigi Auriemma
PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability, sys-project
[ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability, erdc
[ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability, erdc
Returnil Virtual System 2008 - Password Disclosure Issue, mikuvoli
VistaReseller Panel BETA Xss Vulnerability, irancrash
[DSECRG-08-026] LFI in Open Azimyt CMS 0.22, Digital Security Research Group
[ MDVSA-2008:115 ] - Updated x11-server packages fix several vulnerabilities, security
[ MDVSA-2008:116 ] - Updated x11-server packages fix several vulnerabilities, security
NULL pointer in the HTTP/XML-RPC service of Crysis 1.21, Luigi Auriemma
Hacking Coffee Makers., Craig Wright
Server freezed in Skulltag 0.97d2-RC2, Luigi Auriemma
fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565), ma+bt
fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711), ma+bt
[ GLSA 200806-05 ] cbrPager: User-assisted execution of arbitrary code, Pierre-Yves Rofes
iPhoneDbg Toolkit, Nicolas A. Economou
[ GLSA 200806-06 ] Evolution: User-assisted execution of arbitrary code, Pierre-Yves Rofes
S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS), S21sec labs
[security bulletin] HPSBST02344 SSRT080087 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036, security-alert
[USN-617-1] Samba vulnerabilities, Jamie Strandboge
Announcement && CFP: ISOI 5, Tallinn Estonia, Gadi Evron
Secunia Research: TorrentTrader Multiple SQL Injection Vulnerabilities, Secunia Research
CA ARCserve Backup Discovery Service Denial of Service Vulnerability, Williams, James K
A more detailed description of the Jura F90 vulnerability., Craig Wright
- RE: A more detailed description of the Jura F90 vulnerability., Thor (Hammer of God)
  - RE: A more detailed description of the Jura F90 vulnerability., Craig Wright
    - RE: A more detailed description of the Jura F90 vulnerability., Thor (Hammer of God)
Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service, Cisco Systems Product Security Incident Response Team
[USN-612-11] openssl-blacklist update, Jamie Strandboge
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities, Admin
eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities, Admin
vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1: XSS in modcp index, Jessica Hope
CSW Security Advisory 0002: Oral B SmartMonitor Information Disclosure Vulnerability and DoS, craigswright
[ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities, Matthias Geerdsen
An Apology., cwrigh20
Re: RFI ====> vBulletin v3.6.5, hh-ua
[ MDVSA-2008:117 ] - Updated fetchmail packages fix DoS vulnerability, security
Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow, Secunia Research
[SECURITY] [DSA 1598-1] New libtk-img packages fix arbitrary code execution, Thijs Kinkhorst
BackTrack 3 Final has been released, Max Moser
Diigo Toolbar - Global XSS and Information Leakage in SSL URLs, Ferruh Mavituna
[ MDVSA-2008:118 ] - Updated net-snmp/ucd-snmp packages fix vulnerabilities, security
[ MDVSA-2008:119 ] - Updated exiv2 packages fix vulnerability, security
rPSA-2008-0200-1 xorg-server, rPath Update Announcements
rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs, rPath Update Announcements
[ MDVSA-2008:120 ] - Updated nasm packages fix vulnerability, security
Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities, tan_prathan
n.runs-SA-2008.001 - Jscape Secure FTP Applet, security
Trust Testing and Metrics, Pete Herzog
Firefox 3.0 security bug: Extensions can STILL hide themselves, azurIt
Double Denial of Service in Call of Duty 4 1.6, Luigi Auriemma
- Re: Double Denial of Service in Call of Duty 4 1.6, Luigi Auriemma
[ MDVSA-2008:121 ] - Updated freetype2 packages fix vulnerabilities, security
NULL pointer in World in Conflict 1.008, Luigi Auriemma
[ GLSA 200806-08 ] OpenSSL: Denial of Service, Robert Buchholz
[ GLSA 200806-09 ] libvorbis: Multiple vulnerabilities, Robert Buchholz
[ GLSA 200806-10 ] FreeType: User-assisted execution of arbitrary code, Robert Buchholz
fetchmail REVISED security announcement fetchmail-SA-2008-01 (CVE-2008-2711), ma+bt
[ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability, security
[ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities, Tobias Heinlein
RSS-aggregator (display) Remote File Inclusion Vulnerability, Ghost hacker
[BMSA 2008-07] Format string vulnerability in 5th street, Nam Nguyen
IdeBox (include) Remote File Inclusion Vulnerability, Ghost hacker
- Re: IdeBox (include) Remote File Inclusion Vulnerability, Vladimir '3APA3A' Dubrovin
ERRATA - n.runs-SA-2008.001 - Jscape Secure FTP Applet, security
mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability, Ghost hacker
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities, Cisco Systems Product Security Incident Response Team
[ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability, adv
[ MDVSA-2008:123 ] - Updated imlib2 packages fix vulnerabilities, security
Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version "842 Procapita 840SP1", pelzi
The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities, tan_prathan
Pidgin 2.4.1 Vulnerability, jplopezy
Evolution Vulnerability, jplopezy
Rhythmbox Vulnerability, jplopezy
[USN-620-1] OpenSSL vulnerabilities, Jamie Strandboge
rPSA-2008-0206-1 ruby, rPath Update Announcements
[SECURITY] [DSA 1599-1] New dbus packages fix privilege escalation, Moritz Muehlenhoff
WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy, the_3dit0r
[USN-621-1] Ruby vulnerabilities, Jamie Strandboge
[ MDVSA-2008:124 ] - Updated xine-lib packages fix vulnerability in Speex decoder, security
New Release of 'Unhide' (20080519), yago jesus
rPSA-2008-0207-1 kernel, rPath Update Announcements
[security bulletin] HPSBUX02342 SSRT080063 rev.2 - HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code, security-alert
BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008), Dragos Ruiu
[security bulletin] HPSBUX02341 SSRT080075 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code, security-alert
[Tool] PktAnon packet trace anonymization tool released, Christoph Mayer
Remote SQL Injection, saidmoftakhar
Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006, Luigi Auriemma
Endless loop in Halo 1.07, Luigi Auriemma
Security and Hacking Papers - Updated!, ork

Mail converted by MHonArc