Mail Index
- [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues
- White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x
- rPSA-2008-0286-1 mono
- From: rPath Update Announcements
- Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.
- [ MDVSA-2008:208 ] pam_mount
- Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit
- Re: MS Internet Explorer 7 Denial Of Service Exploit
- Re: Sun M-class hardware denial of service
- Remote File Inclusion Vulnerability
- MySQL command-line client HTML injection vulnerability
- International Hacking & Security Conference "POC2008"
- WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability
- Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
- Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
- [USN-648-1] nasm vulnerability
- RE: MySQL command-line client HTML injection vulnerability
- From: Quark IT - Hilton Travis
- Printlog <= 0.4: Remote File Edition Vulnerability
- Oracle Password Cracker written in PL/SQL
- Remote and Local File Inclusion Vulnerability <= 1.1 Rportal
- phpMyID can act as a redirector and as headers injector
- Re: MS Internet Explorer 7 Denial Of Service Exploit
- [USN-649-1] OpenSSH vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-08:10.nd6
- From: FreeBSD Security Advisories
- Adobe Flash Player plug-in null pointer dereference and browser crash
- XSS vulnerability in phpMyID
- Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
- Re: [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues
- HostAdmin Cross-Site Scripting Vulnerabilities
- Re: White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x
- From: Vladimir '3APA3A' Dubrovin
- Re: Blue Coat xss
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits"
- [USN-650-1] cpio vulnerability
- Website Directory - XSS Exploit
- Re: RE: MySQL command-line client HTML injection vulnerability
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits"
- Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability
- CMME Multiple Information disclosure vulnerabilities
- MetaGauge 1.0.0.17 Directory Traversal
- AyeView v2.20 (malformed gif image) DoS Exploit
- iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability
- VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)
- [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems
- [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text
- [ MDVSA-2008:209 ] pam_krb5
- [ MDVSA-2008:210 ] mono
- FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit
- VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
- From: VMware Security team
- RE: RE: MySQL command-line client HTML injection vulnerability
- From: Quark IT - Hilton Travis
- PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability
- FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability
- FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities
- [SECURITY] [DSA 1643-1] New feta packages fix denial of service
- OpenNMS Multiple Vulnerabilities
- [SECURITY] [DSA-1644-1] New mplayer packages fix integer overflows
- Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- Re: AyeView v2.20 (malformed gif image) DoS Exploit
- From: Vladimir '3APA3A' Dubrovin
- [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities
- Firefox Privacy Broken If Used to Open Web Page File
- [SECURITY] [DSA-1646-1] New squid packages fix array bounds check
- HostAdmin 3.* Remote File Include Vulnerabilities
- Yerba SACphp <= 6.3 / Local File Inclusion Exploit
- Re: Verizon FIOS (and DSL?) wireless access point insecure default WEP key
- [security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
- [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability
- [ GLSA 200810-01 ] WordNet: Execution of arbitrary code
- Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- ANNOUNCE - RFIDIOt version 0.1t released
- Re: HostAdmin 3.* Remote File Include Vulnerabilities
- [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)
- Cisco Security Advisory: Authentication Bypass in Cisco Unity
- From: Cisco Systems Product Security Incident Response Team
- Windows Mobile 6 insecure password handling and too short WLAN-password
- Advisory: Graphviz Buffer Overflow Code Execution
- [SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files
- Re: MySQL command-line client HTML injection vulnerability
- [SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities
- ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability
- ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability
- ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- Token Kidnapping Windows 2003 PoC exploit
- ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability
- FC2 BLOG Cross-Site Scripting Vulnerabilities
- [security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: ProCheckUp Research
- [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code
- News Manager Remote SQL Injection Vulnerability
- PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress
- From: ProCheckUp Research
- [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
- Re: Token Kidnapping Windows 2003 PoC exploit
- [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: Vladimir '3APA3A' Dubrovin
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- CA ARCserve Backup Multiple Vulnerabilities
- Re: News Manager Remote SQL Injection Vulnerability
- [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
- ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability
- [USN-651-1] Ruby vulnerabilities
- Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: Vladimir '3APA3A' Dubrovin
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
- From: ProCheckUp Research
- [LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability
- iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20
- [ MDVSA-2008:211 ] cups
- [ MDVSA-2008:210-1 ] mono
- NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability
- CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability
- Uninformed Journal Release Announcement: Volume 10
- Marvell Driver Malformed Association Request Vulnerability
- [SECURITY] [DSA 1646-2] New squid packages fix array bounds check
- CREATE ANY DIRECTORY to SYSDBA
- Re: Re: Token Kidnapping Windows 2003 PoC exploit
- İltaweb Alışveriş Sistemi (tr) Sql inj
- [SECURITY] [DSA 1650-1] New openldap2.3 packags fix denial of service
- [SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
- [SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
- [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities
- [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability
- WP Comment Remix 1.4.3 Multiple Vulnerabilities
- Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.
- [USN-653-1] D-Bus vulnerabilities
- [SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
- Webscene eCommerce (level) Remote Sql Injection
- [USN-652-1] LittleCMS vulnerability
- iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability
- CORE-2008-1010: VLC media player XSPF Memory Corruption
- From: CORE Security Technologies Advisories
- ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
- ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability
- TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability
- iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities
- From: labs-no-reply@xxxxxxxxxxxx
- [USN-654-1] libexif vulnerabilities
- iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow
- From: labs-no-reply@xxxxxxxxxxxx
- [USN-655-1] exiv2 vulnerabilities
- Vivid Ads Shopping Cart (cid) Remote SQL Injection
- MS OWA 2003 Redirection Vulnerability
- Exploit for MS08-066 - AFD.sys kernel memory overwrite.
- Paper: Adventures with a certain Xen vulnerability
- Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution
- [ MDVSA-2008:212 ] libxml2
- Re: MS OWA 2003 Redirection Vulnerability
- [security bulletin] HPSBMA02349 SSRT080043 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data
- Multiple Flash Authoring Heap Overflows - Malformed SWF Files
- [USN-656-1] CUPS vulnerabilities
- [ MDVSA-2008:213 ] dbus
- SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis
- HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation
- rPSA-2008-0295-1 rails
- From: rPath Update Announcements
- rPSA-2008-0294-1 postfix
- From: rPath Update Announcements
- [ MDVSA-2008:214 ] mon
- Re: Re: MS OWA 2003 Redirection Vulnerability
- [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
- Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm
- From: vinodsharma . mimit
- flashchat severe bug
- Re: Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm
- Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br]
- Application-level OS fingerprinting research - pre-release hashes
- Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC7368br]
- HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct
- [ MDVSA-2008:208-1 ] pam_mount
- Re: MS OWA 2003 Redirection Vulnerability - [MSRC7368br]
- From: Davide Dante Del Vecchio
- CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability
- CVE-2008-4000: Oracle PeopleTools – Authentication Weakness
- Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121
- FireGPG Passphrase And Cleartext Vulnerability
- Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
- Lee has posted more detailed response to Fyodor's TCP/IP DoS post
- [Tool] sqlmap 0.6.1 released
- From: Bernardo Damele A. G.
- [SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities
- London DEFCON meet - DC4420 - Thursday October 23rd
- [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability
- Last Call for DeepSec IDSC 2008 in Vienna
- From: DeepSec Conference Vienna
- [Off-Topic] How I was busted. Story of a poor lonesome hacker
- [SECURITY] [DSA 1657-1] New qemu packages fix denial of service
- Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation
- [USN-657-1] Amarok vulnerability
- Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.
- SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability
- From: Security Objectives Corporation
- n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution
- [tool] crapto1 released
- Opera Stored Cross Site Scripting Vulnerability
- Secunia Research: HP OpenView Products Shared Trace Service Denial of Service
- Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges
- FGA-2008-23:EMC NetWorker Denial of Service Vulnerability
- From: noreply-secresearch
- Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow
- Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
- From: Cisco Systems Product Security Incident Response Team
- SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability
- From: Security Objectives Corporation
- SNMP Injection: Achieving Persistent HTML Injection via SNMP on Embedded Devices
- From: ProCheckUp Research
- Re: FGA-2008-23:EMC NetWorker Denial of Service Vulnerability
- [SECURITY] [DSA 1658-1] New dbus packages fix denial of service
- phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)
- vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
- GoodTech SSH Remote Buffer Overflow Exploit
- freeSSHd (stf - rename) Buffer Overflow Vulnerability
- SiteEngine 5.x Multiple Remote Vulnerabilities
- Re: MJGuest 6.8 GT Cross Site Scripting Vulnerability
- Re: vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
- txtshop - beta 1.0 / Local File Inclusion Vulnerability
- [security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-056 to MS08-066
- [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution
- [USN-658-1] Moodle vulnerability
- MS08-067 - Where can I find an exploit for this?
- Re: MS08-067 - Where can I find an exploit for this?
- From: Salvador III Manaois
- iPei cross site scripting Vulnerablity
- Re: MS08-067 - Where can I find an exploit for this?
- From: Salvador III Manaois
- Java Web start vulnerability
- HTTPBruteForcer released
- Re: HTTPBruteForcer released
- Re: HTTPBruteForcer released
- Windows RPC MS08-067 FAQ document released
- [SECURITY] [DSA 1660-1] New clamav packages fix denial of service
- BotNet on the Rise
- bcoos 1.0.13 Remote File Include Vulnerability
- [security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files
- XSS in phpMyadmin
- Windows RPC MS08-067 FAQ document updated
- ClubHack2008 [India] - CFP Closing Soon
- MyBB 1.4.2: Multiple Vulnerabilties
- MSF eXploit Builder v2 Alpha Sources Released
- n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution
- Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
- rPSA-2008-0305-1 pcre
- From: rPath Update Announcements
- [ MDVSA-2008:215 ] wireshark
- Blaze Media Pro 8.02 SE vulnerability
- rPSA-2008-0306-1 libxslt
- From: rPath Update Announcements
- Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
- Re: MyBB 1.4.2: Multiple Vulnerabilties
- From: krzysztof . kozlowski
- [ MDVSA-2008:216 ] emacs
- PHP-Nuke Module League (team&tid) XSS Vulnerability
- A video can crash ANY iphone/ipod and a few libraries.
- [ MDVSA-2008:218 ] lynx
- [ MDVSA-2008:217 ] lynx
- Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE]
- Re: MySQL command-line client HTML injection vulnerability
- Quassel IRC: connection hijacking
- Re: Quassel IRC: connection hijacking
- Re: [ MDVSA-2008:217 ] lynx
- Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows
- KVIrc version 3.4.0 Virgo remote format string proof of concept exploit.
- [SECURITY] [DSA 1661-1] New OpenOffice.org packages fix several vulnerabilities
- Advanced application-level OS fingerprinting
- [ MDVSA-2008:221 ] aterm
- Re: MS08-067 - Where can I find an exploit for this?
- PHP-Nuke Module BookCatalog (category&catid) Remote SQL injection Vulnerability
- Re: MS08-067 - Where can I find an exploit for this?
- rPSA-2008-0309-1 lighttpd
- From: rPath Update Announcements
- [ MDVSA-2008:220 ] kernel
- [ MDVSA-2008:219 ] mplayer
- [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)
- Tool update: VoIPER v0.07
- IranMC ( detail.php?Kala ) Remote SQL injection Vulnerability
- rPSA-2008-0307-1 nfs-client nfs-server nfs-utils
- From: rPath Update Announcements
- PHP-Nuke Module Sectionsnew (printpage&artid) Remote SQL injection Vulnerability
- Re: [Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)
- Re: Advanced application-level OS fingerprinting
- rPSA-2008-0308-1 samba samba-client samba-server samba-swat
- From: rPath Update Announcements
- [ MDVSA-2008:222 ] Eterm
- PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability
- DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference
- harlandscripts Mypage.php Sql Injection
- ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability
- iDefense Security Advisory 10.30.08: Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability
- From: labs-no-reply@xxxxxxxxxxxx
- [USN-661-1] Linux kernel regression
- ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability
- [ GLSA 200810-03 ] libspf2: DNS response buffer overflow
- iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow
Mail converted by MHonArc