Mail Thread Index

• Date Index

• [ MDVSA-2008:159 ] licq, security
• [oCERT-2008-009] libxslt heap overflow, Andrea Barisani
• Secunia Research: Blue Coat K9 Web Protection "Referer" Header Buffer Overflow, Secunia Research
• [security bulletin] HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM), Unintended Remote Access, security-alert
• Pligg <= 9.9.0 Multiple Vulnerabilities, GulfTech Security Research
• Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows, Secunia Research
• [SECURITY] [DSA 1622-1] New newsx packages fix arbitrary code execution, Thijs Kinkhorst
• [~] Greetz : Me93fg & Mr.SaFa7, Ghost hacker
• iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability, iDefense Labs
• [ GLSA 200807-15 ] Pan: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• [SECURITY] [DSA 1623-1] New dnsmasq packages fix cache poisoning, Moritz Muehlenhoff
• [ GLSA 200807-14 ] Linux Audit: Buffer overflow, Pierre-Yves Rofes
• [ GLSA 200807-13 ] VLC: Multiple vulnerabilities, Pierre-Yves Rofes
• [SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution, Moritz Muehlenhoff
• [ GLSA 200807-16 ] Python: Multiple vulnerabilities, Robert Buchholz
• CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability, Williams, James K
• [CVE-2008-2370] Apache Tomcat information disclosure vulnerability, Mark Thomas
• libxslt heap overflow, chris
• [SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code execution, Thijs Kinkhorst
• [SECURITY] [DSA 1626-1] New httrack packages fix arbitrary code execution, Thijs Kinkhorst
• [CVE-2008-1232] Apache Tomcat XSS vulnerability, Mark Thomas
• [USN-634-1] OpenLDAP vulnerability, Kees Cook
• eVision 2.0 Sql Injection/Remote File Disclosure/Remote File Upload/IG, r3d . w0rm
• DNS Multiple Race Exploiting Tool, AR
• [USN-632-1] Python vulnerabilities, Kees Cook
• [USN-633-1] libxslt vulnerabilities, Kees Cook
• iDefense Security Advisory 07.31.08: Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability, iDefense Labs
• n.runs-SA-2008.005 - Apple Inc. - CoreServices Framework’s CarbonCore Framework - Arbitrary Code Execution (remote), security@xxxxxxxxx
• Re: how to request a cve id?, William A. Rowe, Jr.
• Re: Windows Vista Power Management & Local Security Policy, William A. Rowe, Jr.
• [ MDVSA-2008:160 ] libxslt, security
• file upload exploit, win32 . exe
• iDefense Security Advisory 08.01.08: Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability, iDefense Labs
• iDefense Security Advisory 08.01.08: Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 08.01.08: Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability, iDefense Labs
• Pligg Auto-Voter Using XSS to Bypass CSRF Protection, michaelbrooks
• Homes 4 Sale Remote XSS Vulnerabilitiy, Ghost hacker
• Server termination in America's Army 2.8.3.1, Luigi Auriemma
• Keld: PHP-MySQL News Script 0.7.1 Remote SQL injection Vulnerability, crimson . loyd
• TGS CMS Remote Code Execution Exploit, 0in . email
  • Re: TGS CMS Remote Code Execution Exploit, lcat
• [SECURITY] [DSA 1627-1] New opensc packages fix smart card vulnerability, Thijs Kinkhorst
• UNAK-CMS Lfi, r3d . w0rm
• [USN-626-2] Devhelp, Epiphany, Midbrowser and Yelp update, Jamie Strandboge
• Team SHATTER Security Advisory: SQL Injection in Oracle Application Server (WWEXP_API_ENGINE), Team SHATTER
• Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter), Team SHATTER
• Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN), Team SHATTER
  • Message not available
    • Re: Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN), Team SHATTER
• CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability, CORE Security Technologies Advisories
• Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities, irancrash
• 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy, nnposter
  • <Possible follow-ups>
  • Re: 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy, jyoung01
• Plogger <= 3.0 SQL Injection, GulfTech Security Research
• IGES CMS <=2.0 Multiple Vulnerabilities, admin
• Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities, irancrash
• [ GLSA 200808-01 ] xine-lib: User-assisted execution of arbitrary code, Robert Buchholz
• [ GLSA 200808-02 ] Net-SNMP: Multiple vulnerabilities, Robert Buchholz
• [ GLSA 200808-03 ] Mozilla products: Multiple vulnerabilities, Robert Buchholz
• [ GLSA 200808-04 ] Wireshark: Denial of Service, Robert Buchholz
• rPSA-2008-0245-1 cups, rPath Update Announcements
• rPSA-2008-0246-1 gaim, rPath Update Announcements
• PHP-NUKE module Kleinanzeigen SQL injection (lid), lovebug
• MyClan Sql Injection, r3d . w0rm
• Interesting things at sec-consult.com, DNS-whitepaper available tomorrow, Bernhard Mueller
• CA Products That Embed Ingres Multiple Vulnerabilities, Williams, James K
• Google Notebook and Google Bookmarks Cross Site Scripting Vulnerabilities, alfredo . melloni
• Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting, marc_bevand
• [ GLSA 200808-05 ] ISC DHCP: Denial of Service, Tobias Heinlein
• [USN-635-1] xine-lib vulnerabilities, Jamie Strandboge
• [ GLSA 200808-06 ] libxslt: Execution of arbitrary code, Tobias Heinlein
• [security bulletin] HPSBUX02351 SSRT080058 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert
• [security bulletin] HPSBUX02355 SSRT080023 rev.1 - HP-UX Using libc, Remote Denial of Service (DoS), security-alert
• OpenVMS fingerd remote stack overflow, Shaun Colley
  • Re: OpenVMS fingerd remote stack overflow, Kevin Finisterre (lists)
  • Re: OpenVMS fingerd remote stack overflow, mlbugtraq
  • Re: OpenVMS fingerd remote stack overflow, Alexander Sotirov
    • Re: OpenVMS fingerd remote stack overflow, Tim Newsham
• Endless loop and resources consumption in Halo 1.0.7.0615, Luigi Auriemma
• Re: [Full-disclosure] [funsec] facebook messages worm, Juha-Matti Laurio
  • Re: [funsec] facebook messages worm, Gadi Evron
• facebook messages worm, Gadi Evron
  • Re: [funsec] facebook messages worm, Gadi Evron
  • Re: [funsec] facebook messages worm, Gadi Evron
• Whitepaper: DNS zone redelegation, Bernhard Mueller
• [SE-2008-01] J2ME Security Vulnerabilities 2008, Security Explorations
  • <Possible follow-ups>
  • Re: [SE-2008-01] J2ME Security Vulnerabilities 2008, 0xjbrown41
  • re: [SE-2008-01] J2ME Security Vulnerabilities 2008, Security Explorations
  • Re: Re: [SE-2008-01] J2ME Security Vulnerabilities 2008, 0xjbrown41
• [ MDVSA-2008:161 ] rxvt, security
• e107 <= 0.7.11 Arbitrary Variable Overwriting, GulfTech Security Research
• [ MDVSA-2008:162 ] qemu, security
• [ MDVSA-2008:163 ] python, security
• [ MDVSA-2008:164 ] python, security
• Re: [funsec] facebook messages worm, Juha-Matti Laurio
• OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
  • <Possible follow-ups>
  • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Eric Rescorla
    • RE: OpenID/Debian PRNG/DNS Cache poisoning advisory, Dave Korn
      • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Eric Rescorla
        • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
          • Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory, Dick Hardt
          • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Perry E. Metzger
            • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Nicolas Williams
              • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Paul Hoffman
                • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Nicolas Williams
        • RE: OpenID/Debian PRNG/DNS Cache poisoning advisory, Dave Korn
        • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Peter Gutmann
        • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Dan Kaminsky
          • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Eric Rescorla
            • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Nicolas Williams
              • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Leichter, Jerry
                • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Eric Rescorla
                  • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Forrest J. Cavalier III
                  • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Leichter, Jerry
            • key blacklisting & file size (was: OpenID/Debian PRNG/DNS Cache poisoning advisory), Solar Designer
            • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Florian Weimer
          • Message not available
            • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
          • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Stefan Kanthak
          • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Tim Dierks
      • RE: OpenID/Debian PRNG/DNS Cache poisoning advisory, Leichter, Jerry
    • RE: OpenID/Debian PRNG/DNS Cache poisoning advisory, Clausen, Martin (DK - Copenhagen)
      • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
      • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
  • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, \"Hal Finney\"
    • Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
• [AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability, João Antunes
• Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory, Gerald Beuchelt
  • <Possible follow-ups>
  • Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
    • Message not available
      • Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory, Ben Laurie
• [AJECT] WinGate Email Server (IMAP) vulnerability, João Antunes
• Vim: Unfixed Vulnerabilities in Tar Plugin Version 20, Jan Minář
• [ GLSA 200808-07 ] ClamAV: Multiple Denials of Service, Raphael Marichez
• [ GLSA 200808-08 ] stunnel: Security bypass, Raphael Marichez
• [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3, Digital Security Research Group [DSecRG]
  • <Possible follow-ups>
  • Re: [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3, o_0 . iahumeil
• [ GLSA 200808-09 ] OpenLDAP: Denial of Service vulnerability, Raphael Marichez
• New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability, Steve Friedl
• [security bulletin] HPSBUX02351 SSRT080058 rev.4 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert
• Kayako SupportSuite < 3.30.00 Multiple Vulnerabilities, GulfTech Security Research
• [ GLSA 200808-10 ] Adobe Reader: User-assisted execution of arbitrary code, Robert Buchholz
• Ovidentia Sql Injection, r3d . w0rm
• [SECURITY] [DSA 1627-1] New PowerDNS packages reduce DNS spoofing risk, Florian Weimer
• K-Links Directory Blind SQL Injection Exploit, hadihadi_zedehal_2006
• rPSA-2008-0249-1 openldap openldap-clients openldap-servers, rPath Update Announcements
• rPSA-2008-0247-1 gvim vim vim-minimal, rPath Update Announcements
• [ GLSA 200808-11 ] UUDeview: Insecure temporary file creation, Pierre-Yves Rofes
• Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability, emericboit
• Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow, dh
• iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Format String Vulnerabilities, iDefense Labs
• [AJECT] hMailServer 4.4.1 DoS vulnerability, João Antunes
• iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities, iDefense Labs
• Internet attacks against Georgian web sites, Gadi Evron
• VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability, VMware Security Team
• rPSA-2008-0253-1 git gitweb, rPath Update Announcements
• CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities, Williams, James K
• VMSA-2008-0013 Updated ESX packages for OpenSSL, net-snmp, perl, VMware Security Team
• Surf Jack - HTTPS will not save you, lists
• Re: [funsec] Internet attacks against Georgian web sites, Paul Ferguson
  • <Possible follow-ups>
  • Re: [funsec] Internet attacks against Georgian web sites, Paul Ferguson
• [security bulletin] HPSBUX02356 SSRT080051 rev.1 - HP-UX Running ftpd, Remote Privileged Access, security-alert
• ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability, zdi-disclosures
• ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability, zdi-disclosures
• ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption, zdi-disclosures
• iDefense Security Advisory 08.12.08: Microsoft Office BMP Input Filter Heap Overflow Vulnerability, iDefense Labs
• [ MDVSA-2008:167 ] kernel, security
• ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability, zdi-disclosures
• [ MDVSA-2008:166 ] clamav, security
• Vim: Netrw: FTP User Name and Password Disclosure, Jan Minář
  • Re: Vim: Netrw: FTP User Name and Password Disclosure, Tony Mechelynck
• iDefense Security Advisory 08.12.08: Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability, iDefense Labs
• [TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption, Tobias Klein
• iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability, iDefense Labs
• iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 08.12.08: Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability, iDefense Labs
• iDefense Security Advisory 08.12.08: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability, iDefense Labs
• iDefense Security Advisory 08.12.08: Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability, iDefense Labs
• rPSA-2008-0243-1 idle python, rPath Update Announcements
• Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives, Jan Minář
• NULL pointer in Ventrilo 3.0.2, Luigi Auriemma
• [security bulletin] HPSBTU02358 SSRT080058 rev.1 - HP Tru64 UNIX running BIND, Remote DNS Cache Poisoning, security-alert
• CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass, CORE Security Technologies Advisories
• [ MDVSA-2008:170 ] cups, security
• Microsoft Windows Messenger Remote Illegal Access Vulnerability, cocoruder
• [ MDVSA-2008:168 ] stunnel, security
• [ MDVSA-2008:169 ] hplip, security
• [security bulletin] HPSBOV02357 SSRT080058 rev.1 - HP OpenVMS TCP/IP Services running BIND, Remote DNS Cache Poisoning, security-alert
• Postfix local privilege escalation via hardlinked symlinks, Wietse Venema
• SYM08-015_SFW_SecurityUpdateBypass, Mike Prosser
• ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability, zdi-disclosures
• Security Assessment of the Internet Protocol, Fernando Gont
• rPSA-2008-0255-1 freetype, rPath Update Announcements
• [ GLSA 200808-12 ] Postfix: Local privilege escalation vulnerability, Raphael Marichez
• Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control, Cisco Systems Product Security Incident Response Team
• Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface, oliver karow
• munky-bliki lfi, r3d . w0rm
• Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani, irancrash
• FlexCMS <= 2.5 Cross Site Scripting Vulnerability, irancrash
• [ MDVSA-2008:171 ] postfix, security
• [ MDVSA-2008:172 ] amarok, security
• PHP Live Helper <= 2.0.1 Multiple Vulnerabilities, GulfTech Security Research
• Nokia 6131 NFC URI/URL Spoofing and DoS Advisory, Collin R. Mulliner
• Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user, Eder Wentz
• NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection, r3d . w0rm
• [DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171, Digital Security Research Group [DSecRG]
• Tool: PorkBind v1.3 Nameserver Security Scanner (New Version), Derek Callaway
• Ovidentia 6.6.5 XSS (index.php)&#8207;, mostafa_ragab
• [security bulletin] HPSBMA02345 SSRT080039 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), security-alert
• [SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation, Thijs Kinkhorst
• [SECURITY] [DSA 1629-2] New postfix packages fix installability problem on i386, Thijs Kinkhorst
• [security bulletin] HPSBST02360 SSRT080117 rev.2 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-041 to MS08-051, security-alert
• SunShop <= 4.1.4 SQL Injection, GulfTech Security Research
• Vanilla <= 1.1.4 Script Injection/ XSS, GulfTech Security Research
• [ MDVSA-2008:173 ] kdegraphics, security
• [ MDVSA-2008:174 ] kernel, security
• [USN-636-1] Postfix vulnerability, Kees Cook
• ToorCon 10 Call For Papers, David Hulton
• Folder Lock <= 5.9.5 Local Password Information Disclosure, glafkos
• [ MDVSA-2008:175 ] yelp, security
• IMF 2008 - Call for Participation, Oliver Goebel
• [ MDVSA-2008:176 ] mtr, security
• CORE-2008-0624: Anzio Web Print Object Buffer Overflow, CORE Security Technologies Advisories
• Null Byte Local file Inclusion in FAR - PHP Project version:1.0, beenudel1986
  • Re: Null Byte Local file Inclusion in FAR - PHP Project version:1.0, William McAfee
• CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability, CORE Security Technologies Advisories
• rPSA-2008-0259-1 postfix, rPath Update Announcements
• [ MDVSA-2008:177 ] xine-lib, security
• [ MDVSA-2008:178 ] xine-lib, security
• UPDATE: [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning, Robert Buchholz
• [SECURITY] [DSA 1630-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier
• TimeTrex Time and Attendance Cookie Theft, DoZ
  • RE: TimeTrex Time and Attendance Cookie Theft, Alex Eden
  • Re: TimeTrex Time and Attendance Cookie Theft, Mike
  • <Possible follow-ups>
  • Re: RE: TimeTrex Time and Attendance Cookie Theft, hi
• Contest: Best Advances for OpenVAS Network Vulnerability Tests, Michael Wiegand
• Call For Papers - Hackers 2 Hackers Conference 5th Edition - Brazil, cfp
• PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks, ProCheckUp Research
• Vim: Arbitrary Code Execution in Commands: K, Control-], g], Jan Minář
  • RE: Arbitrary Code Execution in Commands: K, Control-], g], Michael Wojcik
• [ MDVSA-2008:179 ] metisse, security
• [ MDVSA-2008:180 ] libxml2, security
• Secunia Research: Trend Micro Products Web Management Authentication Bypass, Secunia Research
• Fedora confirms: Our servers were breached, Juha-Matti Laurio
  • Re: Fedora confirms: Our servers were breached, Dragos Ruiu
• Apple OSX Leopard (10.5+), inadequate ACL insight can create vuln, bgtrq . tryfixingit
• [SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service, Steve Kemp
  • [SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service, Steve Kemp
• [oCERT-2008-008] multiple heap overflows in xine-lib, Will Drewry
• OneNews Beta 2 Multiple Vulnerabilities, crimson . loyd
• Secunia Research: Novell iPrint Client ActiveX Control "GetFileList()" Information Disclosure, Secunia Research
• [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3, Digital Security Research Group [DSecRG]
• Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities, Secunia Research
• Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows, Secunia Research
• [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2, Digital Security Research Group [DSecRG]
• SECOBJADV-2008-03.2: PartyGaming PartyPoker Malicious Update Vulnerability, Security Objectives Corporation
• [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage, iViZ Security Advisories
• [IVIZ-08-006] DiskCryptor Security Model bypass exploiting wrong BIOS API usage, iViZ Security Advisories
• Crafty Syntax Live Help <= 2.14.6 SQL Injection, GulfTech Security Research
• ToorCon X CFP Closing and Workshops and Seminars discounted until Friday!, David Hulton
• Mini-NUKE v2.3 Freehost (tr) Multiple Remote SQL Injection Vulnerabilities, byccc
• ZoneMinder Multiple Vulnerabilities, filip . palian
• Hopeless comments regarding the pointless "HP System Management Homepage (SMH) Unspecified XSS", Luca.carettoni
• [SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution, Thijs Kinkhorst
• Multiple Vulnerabilities in AWStats Totals, Elliot Kendall
• White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple), Seth Fogie
• PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept .30/ Oct. 1), Dragos Ruiu
• [ MDVSA-2008:180-1 ] libxml2, security
• [security bulletin] HPSBMA02363 SSRT080106 rev.1 - HP Enterprise Discovery Running on Windows, Remote Authorized User, Gain Extended Privileges, security-alert
• [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage, iViZ Security Advisories
• [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage, iViZ Security Advisories
• [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage, iViZ Security Advisories
• [USN-638-1] Yelp vulnerability, Kees Cook
• [IVIZ-08-004] Intel BIOS Plain Text Password Disclosure, iViZ Security Advisories
• XSS and Data Manipulation attacks found in CMS PHPCart., vaibhav aher
• [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure, iViZ Security Advisories
• [IVIZ-08-005] IBM Lenovo BIOS Plain Text Password Disclosure, iViZ Security Advisories
• [security bulletin] HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS), security-alert
• reviving the botnets@ mailing list: a new statregy in fighting cyber crime, Gadi Evron
• ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability, zdi-disclosures
• [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service, Marc Ruef
• [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass, gmdarkfig
  • <Possible follow-ups>
  • Re: [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass, gmdarkfig
• [ MDVSA-2008:181 ] ipsec-tools, security
• [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities, gmdarkfig
  • <Possible follow-ups>
  • Re: [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities, gmdarkfig
• VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues., VMware Security team
• [SECURITY] [DSA-1597-2] New mt-daapd package fix regression, Devin Carraway