Mail Thread Index
- [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues,
admin
- White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x,
Seth Fogie
- rPSA-2008-0286-1 mono,
rPath Update Announcements
- Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.,
Philippe Devallois
- [ MDVSA-2008:208 ] pam_mount,
security
- Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit,
ipsdix
- Re: MS Internet Explorer 7 Denial Of Service Exploit,
Jan van Niekerk
- Re: Sun M-class hardware denial of service,
Bob Beck
- Remote File Inclusion Vulnerability,
Pepelux
- MySQL command-line client HTML injection vulnerability,
Thomas Henlich
- International Hacking & Security Conference "POC2008",
pocadm
- WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability,
Juan Galiana
- Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.,
redb0ne
- [USN-648-1] nasm vulnerability,
Kees Cook
- Printlog <= 0.4: Remote File Edition Vulnerability,
Pepelux
- Oracle Password Cracker written in PL/SQL,
pete
- Remote and Local File Inclusion Vulnerability <= 1.1 Rportal,
kadfrox
- phpMyID can act as a redirector and as headers injector,
atomo64
- [USN-649-1] OpenSSH vulnerabilities,
Kees Cook
- FreeBSD Security Advisory FreeBSD-SA-08:10.nd6,
FreeBSD Security Advisories
- Adobe Flash Player plug-in null pointer dereference and browser crash,
Matthew Dempsky
- XSS vulnerability in phpMyID,
Raphael Geissert
- Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection,
dh
- Re: [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues,
admin
- HostAdmin Cross-Site Scripting Vulnerabilities,
admin
- Re: Blue Coat xss,
Tom Kelly
- Re: "Exploit creation - The random approach" or "Playing with random to build exploits",
Nelson Brito
- [USN-650-1] cpio vulnerability,
Jamie Strandboge
- Website Directory - XSS Exploit,
Ghost hacker
- Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability,
Secunia Research
- CMME Multiple Information disclosure vulnerabilities,
admin
- MetaGauge 1.0.0.17 Directory Traversal,
brad . antoniewicz
- AyeView v2.20 (malformed gif image) DoS Exploit,
crimson . loyd
- iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability,
Pepelux
- VMware Emulation Flaw x64 Guest Privilege Escalation (1/2),
ds . adv . pub
- [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems,
Steve Kemp
- [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text,
publists
- [ MDVSA-2008:209 ] pam_krb5,
security
- [ MDVSA-2008:210 ] mono,
security
- FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit,
crimson . loyd
- VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues,
VMware Security team
- PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability,
Pepelux
- FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability,
Pepelux
- FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities,
Pepelux
- [SECURITY] [DSA 1643-1] New feta packages fix denial of service,
Moritz Muehlenhoff
- OpenNMS Multiple Vulnerabilities,
Trancer
- [SECURITY] [DSA-1644-1] New mplayer packages fix integer overflows,
Devin Carraway
- Motorola Timbuktu's Internet Locator Service real-time data exposed to public.,
vulns
- [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities,
Thijs Kinkhorst
- Firefox Privacy Broken If Used to Open Web Page File,
Liu Die Yu
- [SECURITY] [DSA-1646-1] New squid packages fix array bounds check,
Devin Carraway
- HostAdmin 3.* Remote File Include Vulnerabilities,
admin
- Yerba SACphp <= 6.3 / Local File Inclusion Exploit,
Pepelux
- Re: Verizon FIOS (and DSL?) wireless access point insecure default WEP key,
Michael Scheidell
- [security bulletin] HPSBUX02375 SSRT080122 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS),
security-alert
- [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability,
Matteo Beccati
- [ GLSA 200810-01 ] WordNet: Execution of arbitrary code,
Tobias Heinlein
- ANNOUNCE - RFIDIOt version 0.1t released,
Adam Laurie
- [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow),
vulns
- Cisco Security Advisory: Authentication Bypass in Cisco Unity,
Cisco Systems Product Security Incident Response Team
- Windows Mobile 6 insecure password handling and too short WLAN-password,
MC Iglo
- Advisory: Graphviz Buffer Overflow Code Execution,
roeeh
- [SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files,
Thijs Kinkhorst
- [SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
- ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability,
zdi-disclosures
- ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability,
zdi-disclosures
- ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability,
zdi-disclosures
- Token Kidnapping Windows 2003 PoC exploit,
Cesar
- ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability,
zdi-disclosures
- FC2 BLOG Cross-Site Scripting Vulnerabilities,
xsp
- [security bulletin] HPSBMA02376 SSRT080099 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection,
ProCheckUp Research
- [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code,
security-alert
- News Manager Remote SQL Injection Vulnerability,
Ghost hacker
- PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress,
ProCheckUp Research
- [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
- [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability,
Robert Buchholz
- CA ARCserve Backup Multiple Vulnerabilities,
Williams, James K
- [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure,
Mark Thomas
- ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability,
zdi-disclosures
- [USN-651-1] Ruby vulnerabilities,
Jamie Strandboge
- [LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability,
luca . carettoni
- iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20,
Chris Clark
- [ MDVSA-2008:211 ] cups,
security
- [ MDVSA-2008:210-1 ] mono,
security
- NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability,
Pepelux
- CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability,
cocoruder
- Uninformed Journal Release Announcement: Volume 10,
sflist
- Marvell Driver Malformed Association Request Vulnerability,
Laurent Butti
- [SECURITY] [DSA 1646-2] New squid packages fix array bounds check,
Devin Carraway
- CREATE ANY DIRECTORY to SYSDBA,
paul . wright
- İltaweb Alışveriş Sistemi (tr) Sql inj,
ozdemirtravel
- [SECURITY] [DSA 1650-1] New openldap2.3 packags fix denial of service,
Moritz Muehlenhoff
- [SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
- [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability,
RISE Security
- WP Comment Remix 1.4.3 Multiple Vulnerabilities,
g30rg3_x
- Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.,
drpepppperone
- [USN-653-1] D-Bus vulnerabilities,
Kees Cook
- [SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code,
Steve Kemp
- Webscene eCommerce (level) Remote Sql Injection,
angel
- [USN-652-1] LittleCMS vulnerability,
Kees Cook
- iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability,
iDefense Labs
- CORE-2008-1010: VLC media player XSPF Memory Corruption,
CORE Security Technologies Advisories
- ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability,
zdi-disclosures
- ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability,
zdi-disclosures
- TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability,
dvlabs
- iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities,
labs-no-reply@xxxxxxxxxxxx
- [USN-654-1] libexif vulnerabilities,
Kees Cook
- iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow,
labs-no-reply@xxxxxxxxxxxx
- [USN-655-1] exiv2 vulnerabilities,
Kees Cook
- Vivid Ads Shopping Cart (cid) Remote SQL Injection,
djmomo
- MS OWA 2003 Redirection Vulnerability,
Martin Suess
- Exploit for MS08-066 - AFD.sys kernel memory overwrite.,
Reversemode
- Paper: Adventures with a certain Xen vulnerability,
Joanna Rutkowska
- Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution,
Ivan Fratric
- [ MDVSA-2008:212 ] libxml2,
security
- [security bulletin] HPSBMA02349 SSRT080043 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data,
security-alert
- Multiple Flash Authoring Heap Overflows - Malformed SWF Files,
Paul Craig
- [USN-656-1] CUPS vulnerabilities,
Jamie Strandboge
- [ MDVSA-2008:213 ] dbus,
security
- SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis,
Bernhard Mueller
- HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation,
office
- rPSA-2008-0295-1 rails,
rPath Update Announcements
- rPSA-2008-0294-1 postfix,
rPath Update Announcements
- [ MDVSA-2008:214 ] mon,
security
- [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities,
dann frazier
- Doubt in MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability POC posted on milworm,
vinodsharma . mimit
- flashchat severe bug,
ch0p83
- Application-level OS fingerprinting research - pre-release hashes,
dan . crowley
- HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct,
Praburaajan
- [ MDVSA-2008:208-1 ] pam_mount,
security
- CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability,
shulman
- CVE-2008-4000: Oracle PeopleTools – Authentication Weakness,
shulman
- Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121,
Fabian Fingerle
- FireGPG Passphrase And Cleartext Vulnerability,
Mike Benham
- Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability,
Secunia Research
- Lee has posted more detailed response to Fyodor's TCP/IP DoS post,
Juha-Matti Laurio
- [Tool] sqlmap 0.6.1 released,
Bernardo Damele A. G.
- [SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities,
Moritz Muehlenhoff
- London DEFCON meet - DC4420 - Thursday October 23rd,
Major Malfunction
- [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability,
Tobias Klein
- Last Call for DeepSec IDSC 2008 in Vienna,
DeepSec Conference Vienna
- [Off-Topic] How I was busted. Story of a poor lonesome hacker,
Jerome Athias
- [SECURITY] [DSA 1657-1] New qemu packages fix denial of service,
Steve Kemp
- Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation,
Brett Moore
- [USN-657-1] Amarok vulnerability,
Jamie Strandboge
- Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability.,
Aditya K Sood
- SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability,
Security Objectives Corporation
- n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution,
security@xxxxxxxxx
- [tool] crapto1 released,
blapost
- Opera Stored Cross Site Scripting Vulnerability,
Roberto Suggi
- Secunia Research: HP OpenView Products Shared Trace Service Denial of Service,
Secunia Research
- Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges,
Pete Finnigan
- FGA-2008-23:EMC NetWorker Denial of Service Vulnerability,
noreply-secresearch
- Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow,
Secunia Research
- Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows,
Secunia Research
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA,
Cisco Systems Product Security Incident Response Team
- SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability,
Security Objectives Corporation
- SNMP Injection: Achieving Persistent HTML Injection via SNMP on Embedded Devices,
ProCheckUp Research
- [SECURITY] [DSA 1658-1] New dbus packages fix denial of service,
Thijs Kinkhorst
- phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :),
Pepelux
- vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability,
Pepelux
- GoodTech SSH Remote Buffer Overflow Exploit,
writ3r
- freeSSHd (stf - rename) Buffer Overflow Vulnerability,
writ3r
- SiteEngine 5.x Multiple Remote Vulnerabilities,
xuanmumu
- Re: MJGuest 6.8 GT Cross Site Scripting Vulnerability,
alighieri_m
- txtshop - beta 1.0 / Local File Inclusion Vulnerability,
Pepelux
- [security bulletin] HPSBST02379 SSRT080143 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-056 to MS08-066,
security-alert
- [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution,
Florian Weimer
- [USN-658-1] Moodle vulnerability,
Kees Cook
- MS08-067 - Where can I find an exploit for this?,
Chip Panarchy
- iPei cross site scripting Vulnerablity,
Ghost hacker
- Java Web start vulnerability,
varun . srivastav
- HTTPBruteForcer released,
Jerome Athias
- Windows RPC MS08-067 FAQ document released,
Juha-Matti Laurio
- [SECURITY] [DSA 1660-1] New clamav packages fix denial of service,
Florian Weimer
- BotNet on the Rise,
faghani
- bcoos 1.0.13 Remote File Include Vulnerability,
Cru3l.b0y
- [security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files,
security-alert
- XSS in phpMyadmin,
hadikiamarsi
- Windows RPC MS08-067 FAQ document updated,
Juha-Matti Laurio
- ClubHack2008 [India] - CFP Closing Soon,
ClubHack
- MyBB 1.4.2: Multiple Vulnerabilties,
Micheal Cottingham
- MSF eXploit Builder v2 Alpha Sources Released,
Jerome Athias
- n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution,
security@xxxxxxxxx
- Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6,
Amit Klein
- rPSA-2008-0305-1 pcre,
rPath Update Announcements
- [ MDVSA-2008:215 ] wireshark,
security
- Blaze Media Pro 8.02 SE vulnerability,
ipsdix
- rPSA-2008-0306-1 libxslt,
rPath Update Announcements
- [ MDVSA-2008:216 ] emacs,
security
- PHP-Nuke Module League (team&tid) XSS Vulnerability,
Ehsan_Hp200
- A video can crash ANY iphone/ipod and a few libraries.,
zibree
- [ MDVSA-2008:218 ] lynx,
security
- [ MDVSA-2008:217 ] lynx,
security
- Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE],
The-0utl4w
- Quassel IRC: connection hijacking,
Wouter Coekaerts
- Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows,
Secunia Research
- KVIrc version 3.4.0 Virgo remote format string proof of concept exploit.,
fabio
- [SECURITY] [DSA 1661-1] New OpenOffice.org packages fix several vulnerabilities,
Martin Schulze
- Advanced application-level OS fingerprinting,
dan . crowley
- [ MDVSA-2008:221 ] aterm,
security
- PHP-Nuke Module BookCatalog (category&catid) Remote SQL injection Vulnerability,
Ehsan_Hp200
- rPSA-2008-0309-1 lighttpd,
rPath Update Announcements
- [ MDVSA-2008:220 ] kernel,
security
- [ MDVSA-2008:219 ] mplayer,
security
- [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd),
Gadi Evron
- Tool update: VoIPER v0.07,
nnp
- IranMC ( detail.php?Kala ) Remote SQL injection Vulnerability,
Ehsan_Hp200
- rPSA-2008-0307-1 nfs-client nfs-server nfs-utils,
rPath Update Announcements
- PHP-Nuke Module Sectionsnew (printpage&artid) Remote SQL injection Vulnerability,
Ehsan_Hp200
- Re: [Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd),
Juha-Matti Laurio
- rPSA-2008-0308-1 samba samba-client samba-server samba-swat,
rPath Update Announcements
- [ MDVSA-2008:222 ] Eterm,
security
- PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability,
Ehsan_Hp200
- DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference,
crimson . loyd
- harlandscripts Mypage.php Sql Injection,
beenudel1986
- ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability,
zdi-disclosures
- iDefense Security Advisory 10.30.08: Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability,
labs-no-reply@xxxxxxxxxxxx
- [USN-661-1] Linux kernel regression,
Jamie Strandboge
- ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability,
zdi-disclosures
- [ GLSA 200810-03 ] libspf2: DNS response buffer overflow,
Robert Buchholz
- iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow,
iDefense Labs
Mail converted by MHonArc