Mail Index
- [ MDVSA-2009:031 ] avahi
- VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages
- From: VMware Security Team
- [SECURITY] [DSA 1716-1] New vnc4 packages fix remote code execution
- BruCON call for papers
- Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows
- Secunia Research: Free Download Manager Remote Control Server Buffer Overflow
- [ MDVSA-2009:032 ] kernel
- [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation
- ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
- Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC
- Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2
- Web Hacking Incidents update for Feb 3rd
- SMF 1.1.7 Persistent XSS (requires permision to edit censor)
- NaviCopa webserver 3.01 Multiple Vulnerabilities
- [security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access
- Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit
- Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- Call for papers and trainers - note extended deadline - SeacureIT 2009
- Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter)
- CORE-2008-1009 - VNC Multiple Integer Overflows
- From: CORE Security Technologies Advisories
- Euphonics Audio Player v1.0 (.pls) Local BOF POC
- Squid Proxy Cache Denial of Service in request handling
- [security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- [ MDVSA-2009:033 ] sudo
- QIP 2005 Denial of Service Vulnerability
- DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal
- From: vulnerabilityresearch
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- rgboard v4 (07.07.27) Multiple Vulnerability
- phpslash <= 0.8.1.1 Remote Code Execution Exploit
- flatnux Flatnux-2009-01-27 Remote File Include
- metabbs 0.11 Change admin password vulnerability
- LCPlayer (.qt file) EOP change PoC (app crash)
- StreamDown v6.4.3 Local Buffer Overflow PoC
- Microsoft SDL meets CWE/SANS Top25
- [Tool] sqlmap 0.6.4 released
- From: Bernardo Damele A. G.
- Re: DMXReady Blog Manager (SQL/XSS)
- Cisco IOS XSS/CSRF Vulnerability
- [SECURITY] [DSA 1717-1] New devil packages fix buffer overflow
- [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability
- Nokia N95-8 browser denial of service
- Re: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
- C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities
- dBpowerAMP Audio Player local buffer overflow exploit
- From: maroc-anti-connexion
- Re: Nokia N95-8 browser denial of service
- Speaking line up confirmed! uCon Security Conference 2009 - Recife, Brazil
- From: uCon Security Conference
- SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- [security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities
- From: noreply-secresearch@xxxxxxxxxxxx
- [security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- [security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS)
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- Vulnerable: Ilch CMS
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities
- CamFrog Password Disclosure Vulnerability
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities
- [ GLSA 200902-01 ] sudo: Privilege escalation
- [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding
- PHP filesystem attack vectors
- [SECURITY] [DSA 1718-1] New boinc packages fix validation bypass
- Re: [Full-disclosure] PHP filesystem attack vectors
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- From: Roman Medina-Heigl Hernandez
- [BMSA-2009-02] XML injection in PyBlosxom
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- rooting your own phone: android security
- LFI in Drupal CMS
- Trend micro - IWSVA/IWSS - Authorization module password leak
- Nokia N95-8 JPG crash
- 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass
- ZeroShell <= 1.0beta11 Remote Code Execution
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- London DEFCON DC4420 - February 2009 Meet - Thursday 12th
- Re: Nokia N95-8 JPG crash
- From: Dmitry Yu. Bolkhovityanov
- Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)
- [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability
- [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
- Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Craft Silicon Banking@Home SQL Injection
- From: Francesco Bianchino
- Web Hacking Incidents update for Feb 10th
- [Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]
- [ MDVSA-2009:034 ] squid
- Re: PHP filesystem attack vectors
- Nokia Phoenix Service Software 2008.04.007.32837 overflow POC
- [SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption
- ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
- [USN-717-1] Firefox and Xulrunner vulnerabilities
- Local vulnerability in suexec + FastCGI + PHP configurations
- ProFTPd with mod_mysql Authentication Bypass Exploit
- Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [ MDVSA-2009:035 ] gstreamer0.10-plugins-good
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Full Path Disclosure In Photolibrary 1.009
- [USN-717-3] Firefox vulnerabilities
- [USN-717-2] Firefox vulnerabilities
- [security bulletin] HPSBMA02331 SSRT080000 rev.3 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges
- Web Hacking Incidents update for Feb 10th (Links corrected)
- Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- [SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation
- pam-krb5 security advisory (3.12 and earlier)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- From: Edward Bjarte Fjellskål
- Re: pam-krb5 security advisory (3.12 and earlier)
- BackTrack 4 Beta Released
- [SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation
- Full Path Disclosure In Photolibrary 1.009(Update)
- SEP(Symantec) Bug
- Re: LFI in Drupal CMS
- Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- RE: SEP(Symantec) Bug
- [ MDVSA-2009:036 ] python
- [USN-719-1] pam-krb5 vulnerabilities
- [USN-720-1] PHP vulnerabilities
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [ GLSA 200902-03 ] Valgrind: Untrusted search path
- [ GLSA 200902-02 ] OpenSSL: Certificate validation error
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [ GLSA 200902-04 ] xterm: User-assisted arbitrary commands execution
- [security bulletin] HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- Re: RE: SEP(Symantec) Bug
- Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- Nokia N95 browser "setAttributeNode" method crash
- Re: SEP(Symantec) Bug
- Security Assessment of the Transmission Control Protocol (TCP)
- Cross-site scripting in Samizdat 0.6.1
- SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- RE: SEP(Symantec) Bug
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Re: SEPKILL /im SMC.EXE /f
- RE: SEPKILL /im SMC.EXE /f
- ACM CCS '09: Call for Workshop Proposals
- From: Christopher Kruegel
- Re: Local vulnerability in suexec + FastCGI + PHP configurations
- RainbowCrack 1.3 is released, the new generation of time-memory tradeoff hash cracker
- cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian
- Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
- Re: SEP(Symantec) Bug
- [security bulletin] HPSBPI02398 SSRT080166 rev.2 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
- Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux)
- [SECURITY] [DSA 1725-1] New websvn packages fix information leak
- [UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues
- From: Ubuntu Privacy Remix Team
- [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0
- [ MDVSA-2009:037 ] bind
- RFI Bug
- [ MDVSA-2009:038 ] blender
- [ MDVSA-2009:039 ] gedit
- [USN-721-1] fglrx-installer vulnerability
- [ MDVSA-2009:040 ] dia
- FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd
- From: FreeBSD Security Advisories
- Re: RFI Bug
- [security bulletin] HPSBMA02406 SSRT080100 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Unauthorized Access to Data
- [USN-722-1] sudo vulnerability
- [ MDVSA-2009:041 ] jhead
- Re: SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei
- From: organiser@xxxxxxxxxx
- Re: LFI in Drupal CMS
- DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability
- RE: hello bug in windows live messenger
- [ MDVSA-2009:042 ] samba
- [USN-723-1] Git vulnerabilities
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
- Weekly Web Hacking Incidents update for Feb 19th
- Apache directory traversal on shared hosting environment.
- Re: SEPKILL /im SMC.EXE /f
- Re: Apache directory traversal on shared hosting environment.
- Re: Apache directory traversal on shared hosting environment.
- [ MDVA-2009:027 ] kernel
- Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- From: security curmudgeon
- [ MDVSA-2009:043 ] gnumeric
- [ MDVSA-2009:046 ] dia
- [ MDVSA-2009:044 ] firefox
- Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
- PHCDownload 1.1.0 Vulnerabilities
- Re: SEPKILL /im SMC.EXE /f
- Re: SEPKILL /im SMC.EXE /f
- [ MDVSA-2009:047 ] vim
- [ MDVSA-2009:045 ] php
- [ MDVSA-2009:048 ] epiphany
- [ MDVSA-2009:049 ] pycrypto
- [ MDVSA-2009:050 ] python-pycrypto
- gigCalendar Joomla Component 1.0 SQL Injection
- From: Salvatore \"drosophila\" Fresta
- gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection
- From: Salvatore \"drosophila\" Fresta
- XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
- gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection
- From: Salvatore \"drosophila\" Fresta
- HP Quality Center vulnerability
- [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability
- [ MDVSA-2009:050-1 ] python-pycrypto
- [ GLSA 200902-05 ] KTorrent: Multiple vulnerabilitites
- [ MDVSA-2009:051 ] libpng
- [ GLSA 200902-06 ] GNU Emacs, XEmacs: Multiple vulnerabilities
- [ MDVSA-2009:049-1 ] pycrypto
- VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27
- From: VMware Security team
- [ MDVSA-2009:048-1 ] epiphany
- [ MDVSA-2009:047-1 ] vim
- [ MDVSA-2009:047-1 ] vim
- iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability
- [ MDVSA-2009:052 ] php-smarty
- [ MDVSA-2009:053 ] squirrelmail
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
- Re: HP Quality Center vulnerability
- pPIM Multiple Vulnerabilities
- From: Justin C. Klein Keane
- [ MDVSA-2009:054 ] nagios
- Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow
- [security bulletin] HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS)
- [BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1
- Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability
- Secunia Research: SHOUTcast DNAS Relay Server Buffer Overflow
- [DSECRG-09-008] JOnAS(4.10.3) - Linked XSS Vulnerability
- From: Digital Security Research Group
- Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows
- Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service
- [ MDVSA-2009:055 ] audacity
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability
- From: security . assurance
- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
- [ MDVSA-2009:057 ] valgrind
- Golabi CMS Remote File Inclusion Vulnerability
- [ MDVSA-2009:056 ] net-snmp
- [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Digital Security Research Group
- [USN-724-1] Squid vulnerability
- [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability
- [security bulletin] HPSBGN02410 SSRT080135 rev.1 - HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code
- [ MDVSA-2009:048-2 ] epiphany
- [ MDVSA-2009:026-1 ] phpMyAdmin
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- BitDefender Internet Security XSS
- [ MDVSA-2009:056 ] net-snmp
- ANNOUNCE: RFIDIOt-0.1x release - February 2009
- Re: New site about security conferences : www.security-briefings.com
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed
- From: VMware Security team
- Re: BitDefender Internet Security XSS
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- djbdns misformats some long response packets; patch and example attack
- [ MDVSA-2009:058 ] wireshark
- Hex Workshop <= v6 (.hex) File Local Code
- Drupal Local File Inclusion Vulnerability (Windows)
- HTC Touch vCard over IP Denial of Service PoC Code
- From: Mobile Security Lab
- [SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service
- On the implementation of TCP urgent data (IETF Internet Draft)
- POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Vulnerability
Mail converted by MHonArc