Mail Thread Index

• Date Index

• PoCfix (PoC for Postfix local root vuln - CVE-2008-2936), Roman Medina-Heigl Hernandez
• Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges, Felix Buenemann
• [SECURITY] [DSA 1627-2] New opensc package fix incomplete check, Thijs Kinkhorst
• Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101, Fabian Fingerle
• rPSA-2008-0264-1 ruby, rPath Update Announcements
• [oCERT-2008-014] WordNet stack and heap overflows, Rob Holland
• [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities, Florian Weimer
• [SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution, Thijs Kinkhorst
• HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMA02362 SSRT080044, SSRT080045 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), security-alert
• ToorCon X Lineup & Training Seminars Posted & Pre-Registration Ending, h1kari
• Postfix Linux-only local denial of service, Wietse Venema
• [AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability, João Antunes
• [ MDVSA-2008:182 ] wordnet, security
• CS-Cart <= 1.3.5 SQL Injection, GulfTech Security Research
• [Tool] sqlmap 0.6 released, Bernardo Damele A. G.
• [USN-639-1] tiff vulnerability, Kees Cook
• [Suspected Spam]New IETF I-D-: Security Assessment of the Internet Protocol version 4, Fernando Gont
• [ MDVSA-2008:183 ] opensc, security
• In search of examples of malicious source code, Steve . Coleman
  • Re: In search of examples of malicious source code, Gabriele Zanoni
• T2´08 Challenge - Free Tickets Available, Tomi Tuominen
• Exploit, Admin
• Has anyone implemented "double forward DNS"?, Duncan Simpson
  • Re: Has anyone implemented "double forward DNS"?, The Fungi
  • Re: Has anyone implemented "double forward DNS"?, Ansgar Wiechers
    • Re: Has anyone implemented "double forward DNS"?, Ansgar -59cobalt- Wiechers
      • Re: Has anyone implemented "double forward DNS"?, Steven Bakker
  • Re: Has anyone implemented "double forward DNS"?, Jerry Franz
  • Re: Has anyone implemented "double forward DNS"?, Glynn Clements
  • Re: Has anyone implemented "double forward DNS"?, terry white
• RUXCON 2008 Final Call For Papers, cfp
• Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow, Secunia Research
• [Tool] Distack framework for attack detection and traffic analysis, Christoph Mayer
• Google Chrome Automatic File Download, nerex
  • RES: Google Chrome Automatic File Download, DIOGO LEAL CHAGAS
    • Re: RES: Google Chrome Automatic File Download, Nick FitzGerald
  • Re: Google Chrome Automatic File Download, Razi Shaban
    • RE: Google Chrome Automatic File Download, James C. Slora Jr.
  • <Possible follow-ups>
  • Re: Google Chrome Automatic File Download, Juha-Matti Laurio
• Google Chrome Browser (ver.0.2.149.27) Vulnerability, psy . echo
• Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA, Cisco Systems Product Security Incident Response Team
• TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload, admin
• Cisco Secure ACS EAP Parsing Vulnerability, Laurent Butti
• Cisco Secure ACS Denial Of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [ MDVSA-2008:184 ] libtiff, security
• FreeBSD Security Advisory FreeBSD-SA-08:08.nmount, FreeBSD Security Advisories
• [ MDVSA-2008:185 ] python-django, security
• FreeBSD Security Advisory FreeBSD-SA-08:09.icmp6, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-08:07.amd64, FreeBSD Security Advisories
• Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664, Fabian Fingerle
• Marvell Driver EAPoL-Key Length Overflow, Laurent Butti
• Marvell Driver Null SSID Association Request Vulnerability, Laurent Butti
• [USN-640-1] libxml2 vulnerability, Kees Cook
• Atheros Vendor Specific Information Element Overflow, Laurent Butti
• Zen Cart <= 1.3.8a SQL Injection, GulfTech Security Research
  • Re: Zen Cart <= 1.3.8a SQL Injection, Ian Wilson
• [ GLSA 200809-04 ] MySQL: Privilege bypass, Robert Buchholz
• [ GLSA 200809-01 ] yelp: User-assisted execution of arbitrary code, Robert Buchholz
• clamav: Crash with crafted chm, CVE-2008-1389, Hanno Böck
• [ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing, Robert Buchholz
• [ GLSA 200809-03 ] RealPlayer: Buffer overflow, Robert Buchholz
• Multiple MicroWorld products insecure directory permissions, Edi Strosar
• [ MDVSA-2008:186 ] python, security
• [security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure, security-alert
• other google chrome crash, jplopezy
• rPSA-2008-0268-1 libtiff, rPath Update Announcements
• Risky Chrome (The perfect cleartext password offering ), quakerdoomer
• XCon 2008 Call for Paper, Sowhat
  • <Possible follow-ups>
  • Re: XCon 2008 Call for Paper, Sowhat
    • Re: XCon 2008 Call for Paper, Sowhat
• Google Chrome 0.2.149.27 'SaveAs' Function Buffer Overflow Vulnerability, Security Vulnerability Research Team
• Re: Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy, dstinbox
• [ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability, Pierre-Yves Rofes
• [ MDVSA-2008:188 ] tomcat5, security
• xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ), geinblues
• phpAdultSite CMS flaws, SmOk3
• [ GLSA 200809-06 ] VLC: Multiple vulnerabilities, Pierre-Yves Rofes
• Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks, ProCheckUp Research
• [scip_Advisory 3808] D-Link DIR-100 long url filter evasion, Marc Ruef
• DEFCON London - DC4420 - September meet this Thursday 11th, Major Malfunction
• Re: Re: SECURITY ADVISORY - Level Platforms, Inc. Service Center Install Data HTTP Vulnerability, prenaud
• Sagem Router F@ST 2404 Remote Denial Of Service Exploit, zigma
  • Re: Sagem Router F@ST 2404 Remote Denial Of Service Exploit, Vladimir '3APA3A' Dubrovin
• Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Rotem Kerner
  • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Mike Duncan
  • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Wellington Wagner F. Sarmento
    • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Rotem Kerner
      • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Mike Duncan
  • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Razi Shaban
  • <Possible follow-ups>
  • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, a
  • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, gynvael
    • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Razi Shaban
      • Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit, Julien Stuby
• WASC Announcement: 2007 Web Application Security Statistics Published, statistics
• [ GLSA 200809-07 ] libTIFF: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• [ GLSA 200809-08 ] Amarok: Insecure temporary file creation, Pierre-Yves Rofes
• [USN-641-1] Racoon vulnerabilities, Kees Cook
• Stash v1.0.3 Admin bypass / Remote File Disclosure, r3d . w0rm
• Sun M-class hardware denial of service, Theo de Raadt
  • Message not available
    • Re: Sun M-class hardware denial of service, B 650
      • Re: Sun M-class hardware denial of service, terry white
  • <Possible follow-ups>
  • Re: Sun M-class hardware denial of service, Theo de Raadt
    • Re: Sun M-class hardware denial of service, B 650
      • Re: Sun M-class hardware denial of service, Theo de Raadt
        • RE: Sun M-class hardware denial of service, Michael Wojcik
        • Re: Sun M-class hardware denial of service, Micheal Patterson
        • Re: Sun M-class hardware denial of service, Florian Weimer
          • Re: Sun M-class hardware denial of service, Curtis Maloney
        • Message not available
          • Re: Sun M-class hardware denial of service, Brett Lymn
            • Message not available
              • Re: Sun M-class hardware denial of service, Brett Lymn
                • Re: Sun M-class hardware denial of service, Theo de Raadt
                • Message not available
                  • Re: Sun M-class hardware denial of service, Brett Lymn
                    • Re: Sun M-class hardware denial of service, Theo de Raadt
                    • Message not available
                      • Re: Sun M-class hardware denial of service, Brett Lymn
                        • Re: Sun M-class hardware denial of service, Theo de Raadt
                        • Re: Sun M-class hardware denial of service, Florian Weimer
                        • Re: Sun M-class hardware denial of service, Theo de Raadt
                        • Re: Sun M-class hardware denial of service, Florian Weimer
                        • Message not available
                        • Re: Sun M-class hardware denial of service, Brett Lymn
                        • Re: Sun M-class hardware denial of service, Theo de Raadt
                        • Message not available
                        • Re: Sun M-class hardware denial of service, Brett Lymn
            • Re: Sun M-class hardware denial of service, Theo de Raadt
      • Re: Sun M-class hardware denial of service, Bob Beck
• ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability, zdi-disclosures
• ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability, zdi-disclosures
• ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability, zdi-disclosures
• ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability, zdi-disclosures
• ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability, zdi-disclosures
• SQL Smuggling, douglen
  • Re: SQL Smuggling, Marco Ivaldi
  • Re: SQL Smuggling, Tim
    • RE: SQL Smuggling, Gary Oleary-Steele
• [SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated, Mark Thomas
• DeepSec 2008 - Conference Schedule, DeepSec Conference Vienna
• ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability, zdi-disclosures
• ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability, zdi-disclosures
• Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability, Brett Moore
• iDefense Security Advisory 09.09.08: Apple QuickTime PICT Integer Overflow Vulnerability, iDefense Labs
• Multiple Vulnerabilities: LedgerSMB < 1.2.15, Chris Travers
• [ MDVSA-2008:189 ] clamav, security
• iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability, iDefense Labs
• Windows GDI+ GIF memory corruption, Ivan Fratric
• [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS), Will Drewry
• Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability, packet
• [ MDVSA-2008:190 ] postfix, security
• ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability, zdi-disclosures
• [SECURITY] [DSA 1635-1] New freetype packages fix multiple vulnerabilities, Steve Kemp
• [USN-642-1] Postfix vulnerabilities, Kees Cook
• Ezphotogallery 2.1 Multiple Vulnerabilities ( Xss/Login Bypass/Sql injection Exploit/File Disclosure), irancrash
• ZoneAlarm Security Suite buffer overflow, jplopezy
• PhpWebGallery 1.3.4 Multiple Vulnerabilities (XSS/LFI), irancrash
• sqlvdir.dll ActiveX Remote Buffer Overflow Exploit, beenudel1986
• PhsBlog v0.2 Bypass Sql injection Filtering Exploit, irancrash
• minb Remote Code Execution Exploit, r3d . w0rm
• [security bulletin] HPSBOV02364 SSRT080078 rev.1 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access, security-alert
• Nooms 1.1, irancrash
• Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability, Stefan Esser
• [SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities, dann frazier
• [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences, Tobias Klein
• Server termination in the Unreal engine 3, Luigi Auriemma
• [USN-643-1] FreeType vulnerabilities, Kees Cook
• [ MDVSA-2008:192 ] libxml2, security
• [ MDVSA-2008:191 ] rsh, security
• Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability, Stefan Esser
• Re: OpenWiki<--v0.78 Cross-Site Scripting, DJeep
• Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow, Secunia Research
• [USN-644-1] libxml2 vulnerabilities, Kees Cook
• Clients format strings in the Unreal engine, Luigi Auriemma
• community real-time BGP hijack notification service, Gadi Evron
• Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit, Guns
• [scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting, Marc Ruef
• CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service, Core Security Technologies Advisories
• Baidu Hi IM software parsing plaintext stack overflow, Li Gen
• [ MDVSA-2008:193 ] kolab-server, security
• [ MDVSA-2008:194 ] apache2, security
• [ MDVSA-2008:195 ] apache, security
• Baidu Hi IM client software DoS bug, div zero make client crash, Li Gen
• Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS, j . v . vallejo
• [SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow, Devin Carraway
• Critical Vulnerability in Apple Quicktime’s Indeo Codec, NGSSoftware Insight Security Research
• TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow, dvlabs
• [ MDVSA-2008:196 ] mplayer, security
• Security flaw in Airtel DSL modems, shr
• [ MDVSA-2008:182-1 ] wordnet, security
• [ MDVSA-2008:197 ] koffice, security
• InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely., Brian Dowling
• Failed assertion in the Unreal engine, Luigi Auriemma
• Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio, Shatter
• Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS, Shatter
• [SECURITY] [DSA 1638-1] New openssh packages fix denial of service, Florian Weimer
• [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure, John Cobb
• [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC, Albert Sellarès
• [ MDVSA-2008:198 ] R-base, security
• [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities, adv
• [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting, John Cobb
• [NOBYTES.COM: #13] Quick.Cart v3.1 Freeware - Cross Site Scripting, John Cobb
• [ MDVSA-2008:197-1 ] koffice, security
• Skype IM Client Password Disclosure Vulnerability., Aditya K Sood
• Miranda IM Client Password Disclosure Vulnerability., Aditya K Sood
• Pidgin IM Client Password Disclosure Vulnerability., Aditya K Sood
  • RE: Pidgin IM Client Password Disclosure Vulnerability., Quark IT - Hilton Travis
    • Re: Pidgin IM Client Password Disclosure Vulnerability., Aditya K Sood
      • RE: Pidgin IM Client Password Disclosure Vulnerability., Quark IT - Hilton Travis
  • Re: Pidgin IM Client Password Disclosure Vulnerability., Siim Põder
  • <Possible follow-ups>
  • RE: Pidgin IM Client Password Disclosure Vulnerability., Memisyazici, Aras
    • Re: Pidgin IM Client Password Disclosure Vulnerability., John Bailey
      • RE: Pidgin IM Client Password Disclosure Vulnerability., Memisyazici, Aras
        • Re: Pidgin IM Client Password Disclosure Vulnerability., John Bailey
    • Re: Pidgin IM Client Password Disclosure Vulnerability., Steve Shockley
• [AJECT] SurgeMail IMAP 3.9e vulnerability, João Antunes
• Microsoft Internet Explorer DoS in Rendering Malicious PNG Files., Aditya K Sood
• ShmooCon 2009 CFP, Bruce Potter
• [security bulletin] HPSBMA02369 SSRT080115 rev.1 - HP ProLiant Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris Deployment Solution, Remote SQL Injection, Remote or Local Gain Extended Privileges, Local Denial of Service (DoS), security-alert
• rPSA-2008-0278-1 tshark wireshark, rPath Update Announcements
• rPSA-2008-0276-1 mercurial mercurial-hgk, rPath Update Announcements
• [ MDVSA-2008:189-1 ] clamav, security
• [security bulletin] HPSBOV02364 SSRT080078 rev.2 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access, security-alert
• Hi Two Points to consider, Aditya K Sood
• menalto gallery: Session hijacking vulnerability, CVE-2008-3662, Hanno Böck
• Sama XSS Bug, Lagon666
• cyask 3.x Local File Inclusion Vulnerability, xuanmumu
• vi can run arbitrary commands via 'tags' file, Eli the Bearded
• LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities, xsp
• PHP pro bid v 6.04 SQL injection, Jan van Niekerk
• [USN-646-1] rdesktop vulnerabilities, Jamie Strandboge
• VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman, VMware Security Team
• Annutel - Annuaire Téléphonique v1.0 Sensetive Files (MDP), sn0oPy . team
• [ GLSA 200809-09 ] Postfix: Denial of Service, Pierre-Yves Rofes
• [ MDVSA-2008:199 ] wireshark, security
• [SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code, Steve Kemp
• [SECURITY] [DSA 1642-1] New horde3 packages fix cross site scripting, Thijs Kinkhorst
• [SECURITY] [DSA 1640-1] New python-django packages fix cross site request forgery, Thijs Kinkhorst
• [SECURITY] [DSA 1634-2] New wordnet packages fix regression, Thijs Kinkhorst
• [SECURITY] [DSA 1641-1] New phpmyadmin packages fix several issues, Thijs Kinkhorst
• Advanced Electron Forum <= 1.0.6 Remote Code Execution, GulfTech Security Research
• MyFWB 1.0 Remote SQL Injection, Guns
• drupal: Session hijacking vulnerability, CVE-2008-3661, Hanno Böck
• MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection, Guns
• Blue Coat xss, jplopezy
  • Re: Blue Coat xss, Hugo van der Kooij
• "Exploit creation - The random approach" or "Playing with random to build exploits", Nelson Brito
  • Re: "Exploit creation - The random approach" or "Playing with random to build exploits", Stefano Zanero
• [ GLSA 200809-10 ] Mantis: Multiple vulnerabilities, Pierre-Yves Rofes
• [security bulletin] HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service (DoS), security-alert
• [ GLSA 200809-11 ] HAVP: Denial of Service, Pierre-Yves Rofes
• Directory traversal in the webadmin of Unreal Tournament 3 1.3, Luigi Auriemma
• [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues, admin
• [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues, admin
  • Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues, Philipp Hagemeister
  • <Possible follow-ups>
  • Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues, admin
• [SECURITY] [DSA-1619-2] New python-dns package fixes regression, Devin Carraway
• Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098, Fabian Fingerle
• [ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• [ GLSA 200809-13 ] R: Insecure temporary file creation, Pierre-Yves Rofes
• [ MDVSA-2008:200 ] ed, security
• [ MDVSA-2008:201 ] pan, security
• Squirrelmail: Session hijacking vulnerability, CVE-2008-3663, Hanno Böck
• Aruba Mobility Controller Shared Default Certificate, nnposter
• Xss In Datalife Engine CMS 7.2, hadikiamarsi
• [ MDVSA-2008:202 ] phpMyAdmin, security
• [ MDVSA-2008:203 ] awstats, security
• menalto gallery: Session hijacking vulnerability, CVE-2008-3102, Hanno Böck
  • mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102), Hanno Böck
• Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks, Robbie (Rupinder) Gill
• [ GLSA 200809-14 ] BitlBee: Security bypass, Pierre-Yves Rofes
• [ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos., Aditya K Sood
  • Re: Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos., LIUDIEYU dot COM
• [USN-645-1] Firefox and xulrunner vulnerabilities, Jamie Strandboge
• [USN-645-2] Firefox vulnerabilities, Jamie Strandboge
• Internet Information Service remote set password, hamedata
• IAS Helper COM Component (iashlpr.dll) activex remote DOS, hamedata
• Internet Information Service (adsiis.dll) activex remote DOS, hamedata
• Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Firewall Application Inspection Control Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Multicast Vulnerabilities in Cisco IOS Software, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS IPS Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Drupal Brilliant Gallery module SQL injection vulnerability, Justin C. Klein Keane
• Drupal Ajax Checklist Module SQL Injection Vulnerability, Justin C. Klein Keane
• [ MDVSA-2008:204 ] blender, security
• [security bulletin] HPSBOV02364 SSRT080078 rev.3 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access, security-alert
• php create_function commond injection vulnerability, root
  • <Possible follow-ups>
  • Re: php create_function commond injection vulnerability, lmfao
    • Re: php create_function commond injection vulnerability, bzhbfzj3001
      • Re: php create_function commond injection vulnerability, mnapier
  • Re: php create_function commond injection vulnerability, Steven M. Christey
• Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities, alfredo . melloni
• [security bulletin] HPSBST02372 SSRT080133 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-052 to MS08-055, security-alert
• C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow, Idan Ofrat
• Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120, Fabian Fingerle
• adnforum <= 1.0b / Insecure Cookie Handling Vulnerability, Pepelux
• Fwd: Returned post for bugtraq@xxxxxxxxxxxxxxxxx, Jose Luis
• [USN-645-3] Firefox and xulrunner regression, Jamie Strandboge
• SQL Injection in EasyRealtorPRO 2008, SmOk3
• [ GLSA 200809-16 ] Git: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• [ GLSA 200809-17 ] Wireshark: Multiple Denials of Service, Pierre-Yves Rofes
• [ GLSA 200809-18 ] ClamAV: Multiple Denials of Service, Pierre-Yves Rofes
• [ MDVSA-2008:205 ] mozilla-firefox, security
• Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration, Teh Kotak
• [USN-647-1] Thunderbird vulnerabilities, Jamie Strandboge
• Estonian Cyber Security Strategy document -- now available online, Gadi Evron
• CA Service Desk Multiple Cross-Site Scripting Vulnerabilities, Williams, James K
• DATAC RealWin 2.0 SCADA Software - Remote PreaAuth Exploit, Reversemode
• RPG.Board <= 0.0.8Beta2 Remote SQL Injection, Guns
• The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability, Pepelux
• Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability, Pepelux
• multiple vendor ftpd - Cross-site request forgery, cxib
• Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below), Kenneth Ng
• Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector), quakerdoomer
• FtitzBox, biglowbird
• [ MDVSA-2008:206 ] mozilla-thunderbird, security
• xss in hackmeeting.org, wiky
• Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC, Satan_HackerS
• ASP News Remote Password Disclouse Vulnerability, Ghost hacker
• csphonebook 1.02 Remote XSS Vulnerabilitiy, Ghost hacker
• shoutbox Remote Password Disclouse Vulnerability, Ghost hacker
• hyBook Remote Password Disclouse Vulnerability, Ghost hacker
• Login Password Sample Remote Password Disclouse Vulnerability, Ghost hacker
• PHP Calendar Script Remote XSS (Permanent) Vulnerabilities, tan_prathan
• ParsaWeb CMS SQL Injection, admin
• Verizon FIOS (and DSL?) wireless access point insecure default WEP key, Paul
  • RE: Verizon FIOS (and DSL?) wireless access point insecure default WEP key, Larry Seltzer
• [oCERT-2008-013] MPlayer Real demuxer heap overflow, Andrea Barisani
• Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service., Aditya K Sood
• Advisory : Opera Window Object Suppressing Remote Denial of Service, Aditya K Sood
• [security bulletin] HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files, security-alert
• [ MDVSA-2008:207 ] openafs, security
• MS Internet Explorer 7 Denial Of Service Exploit, UniquE
• Advisory: Google Chrome Window Object Suppressing Remote Denial of Service., Aditya K Sood