Mail Thread Index
- [ MDVSA-2009:031 ] avahi,
security
- VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages,
VMware Security Team
- [SECURITY] [DSA 1716-1] New vnc4 packages fix remote code execution,
Florian Weimer
- BruCON call for papers,
Filip Waeytens
- Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows,
Secunia Research
- Secunia Research: Free Download Manager Remote Control Server Buffer Overflow,
Secunia Research
- [ MDVSA-2009:032 ] kernel,
security
- [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation,
vulns
- ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability,
zdi-disclosures
- Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC,
xhakerman2006
- Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2,
mkanat
- Web Hacking Incidents update for Feb 3rd,
Ofer Shezaf
- SMF 1.1.7 Persistent XSS (requires permision to edit censor),
Eduardo Vela
- NaviCopa webserver 3.01 Multiple Vulnerabilities,
ew1zz
- [security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access,
security-alert
- Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit,
0in . email
- Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART,
Shatter
- Call for papers and trainers - note extended deadline - SeacureIT 2009,
Stefano Zanero
- Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter),
Shatter
- CORE-2008-1009 - VNC Multiple Integer Overflows,
CORE Security Technologies Advisories
- Euphonics Audio Player v1.0 (.pls) Local BOF POC,
darkb0x97
- Squid Proxy Cache Denial of Service in request handling,
Amos Jeffries
- [security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF),
security-alert
- [ MDVSA-2009:033 ] sudo,
security
- QIP 2005 Denial of Service Vulnerability,
ss_contacts
- DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal,
vulnerabilityresearch
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers,
Cisco Systems Product Security Incident Response Team
- rgboard v4 (07.07.27) Multiple Vulnerability,
make0day
- phpslash <= 0.8.1.1 Remote Code Execution Exploit,
gmdarkfig
- flatnux Flatnux-2009-01-27 Remote File Include,
blabla-34
- metabbs 0.11 Change admin password vulnerability,
make0day
- LCPlayer (.qt file) EOP change PoC (app crash),
darkb0x97
- StreamDown v6.4.3 Local Buffer Overflow PoC,
todor . donev
- Microsoft SDL meets CWE/SANS Top25,
Juha-Matti Laurio
- [Tool] sqlmap 0.6.4 released,
Bernardo Damele A. G.
- Re: DMXReady Blog Manager (SQL/XSS),
support
- Cisco IOS XSS/CSRF Vulnerability,
azask2
- [SECURITY] [DSA 1717-1] New devil packages fix buffer overflow,
Devin Carraway
- [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability,
SVRT-Bkis
- Nokia N95-8 browser denial of service,
jplopezy
- C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities,
Eyal Udassin
- dBpowerAMP Audio Player local buffer overflow exploit,
maroc-anti-connexion
- Speaking line up confirmed! uCon Security Conference 2009 - Recife, Brazil,
uCon Security Conference
- SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!),
Daniel Kachakil
- [security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files,
security-alert
- RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities,
noreply-secresearch@xxxxxxxxxxxx
- [security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS),
security-alert
- Vulnerable: Ilch CMS,
Gizmore
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities,
iDefense Labs
- CamFrog Password Disclosure Vulnerability,
zigmatn
- iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities,
iDefense Labs
- [ GLSA 200902-01 ] sudo: Privilege escalation,
Tobias Heinlein
- [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding,
Will Drewry
- PHP filesystem attack vectors,
ascii
- [SECURITY] [DSA 1718-1] New boinc packages fix validation bypass,
Moritz Muehlenhoff
- [BMSA-2009-02] XML injection in PyBlosxom,
Nam Nguyen
- rooting your own phone: android security,
Pavel Machek
- LFI in Drupal CMS,
rasool . nasr
- Trend micro - IWSVA/IWSS - Authorization module password leak,
david . vorel
- Nokia N95-8 JPG crash,
jplopezy
- 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass,
luca . caretton
- ZeroShell <= 1.0beta11 Remote Code Execution,
Luca Carettoni
- London DEFCON DC4420 - February 2009 Meet - Thursday 12th,
Major Malfunction
- Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well),
tez
- [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability,
adv
- [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation,
Florian Weimer
- Another SQL injection in ProFTPd with mod_mysql (probably postgres as well),
gat3way
- Craft Silicon Banking@Home SQL Injection,
Francesco Bianchino
- Web Hacking Incidents update for Feb 10th,
Ofer Shezaf
- [Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code],
ivan . sanchez
- [ MDVSA-2009:034 ] squid,
security
- Nokia Phoenix Service Software 2008.04.007.32837 overflow POC,
murderskill
- [SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities,
Nico Golde
- ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption,
ZDI Disclosures
- ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability,
ZDI Disclosures
- [USN-717-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- Local vulnerability in suexec + FastCGI + PHP configurations,
security . 432
- ProFTPd with mod_mysql Authentication Bypass Exploit,
alphanix00
- [ MDVSA-2009:035 ] gstreamer0.10-plugins-good,
security
- Full Path Disclosure In Photolibrary 1.009,
XiaShing
- [USN-717-3] Firefox vulnerabilities,
Jamie Strandboge
- [USN-717-2] Firefox vulnerabilities,
Jamie Strandboge
- [security bulletin] HPSBMA02331 SSRT080000 rev.3 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges,
security-alert
- Web Hacking Incidents update for Feb 10th (Links corrected),
Ofer Shezaf
- Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver),
dejan . levaja
- [SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation,
Moritz Muehlenhoff
- pam-krb5 security advisory (3.12 and earlier),
Russ Allbery
- BackTrack 4 Beta Released,
Mati Aharoni
- [SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation,
Moritz Muehlenhoff
- Full Path Disclosure In Photolibrary 1.009(Update),
XiaShing
- SEP(Symantec) Bug,
Sandeep Cheema
- Denial of Service using Partial GET Request in Mozilla Firefox 3.06,
XiaShing
- [ MDVSA-2009:036 ] python,
security
- [USN-719-1] pam-krb5 vulnerabilities,
Marc Deslauriers
- [USN-720-1] PHP vulnerabilities,
Marc Deslauriers
- [ GLSA 200902-03 ] Valgrind: Untrusted search path,
Robert Buchholz
- [ GLSA 200902-02 ] OpenSSL: Certificate validation error,
Robert Buchholz
- [ GLSA 200902-04 ] xterm: User-assisted arbitrary commands execution,
Pierre-Yves Rofes
- [security bulletin] HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF),
security-alert
- Enomaly ECP/Enomalism: Silent update remote command execution vulnerability,
Sam Johnston
- Nokia N95 browser "setAttributeNode" method crash,
jplopezy
- Security Assessment of the Transmission Control Protocol (TCP),
Fernando Gont
- Cross-site scripting in Samizdat 0.6.1,
Dmitry Borodaenko
- SEPKILL /im SMC.EXE /f,
Sandeep Cheema
- Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability,
sc0ttbeardsley
- ACM CCS '09: Call for Workshop Proposals,
Christopher Kruegel
- RainbowCrack 1.3 is released, the new generation of time-memory tradeoff hash cracker,
shuanglei
- cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian,
Pierre Dinh-van
- [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities,
Martin Schulze
- [security bulletin] HPSBPI02398 SSRT080166 rev.2 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files,
security-alert
- Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux),
Sam Johnston
- [SECURITY] [DSA 1725-1] New websvn packages fix information leak,
Thijs Kinkhorst
- [UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues,
Ubuntu Privacy Remix Team
- [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0,
come2waraxe
- [ MDVSA-2009:037 ] bind,
security
- RFI Bug,
Dr . linux
- [ MDVSA-2009:038 ] blender,
security
- [ MDVSA-2009:039 ] gedit,
security
- [USN-721-1] fglrx-installer vulnerability,
Kees Cook
- [ MDVSA-2009:040 ] dia,
security
- FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd,
FreeBSD Security Advisories
- [security bulletin] HPSBMA02406 SSRT080100 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Unauthorized Access to Data,
security-alert
- [USN-722-1] sudo vulnerability,
Kees Cook
- [ MDVSA-2009:041 ] jhead,
security
- Re: SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei,
organiser@xxxxxxxxxx
- DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability,
ddvulnalert
- RE: hello bug in windows live messenger,
rasod korad
- [ MDVSA-2009:042 ] samba,
security
- [USN-723-1] Git vulnerabilities,
Marc Deslauriers
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection,
Packet Storm
- Weekly Web Hacking Incidents update for Feb 19th,
Ofer Shezaf
- Apache directory traversal on shared hosting environment.,
davec
- [ MDVA-2009:027 ] kernel,
security
- [ MDVSA-2009:043 ] gnumeric,
security
- [ MDVSA-2009:046 ] dia,
security
- [ MDVSA-2009:044 ] firefox,
security
- PHCDownload 1.1.0 Vulnerabilities,
contact
- [ MDVSA-2009:047 ] vim,
security
- [ MDVSA-2009:045 ] php,
security
- [ MDVSA-2009:048 ] epiphany,
security
- [ MDVSA-2009:049 ] pycrypto,
security
- [ MDVSA-2009:050 ] python-pycrypto,
security
- gigCalendar Joomla Component 1.0 SQL Injection,
Salvatore \"drosophila\" Fresta
- gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection,
Salvatore \"drosophila\" Fresta
- XSS Attack using SMS to Optus/Huawei E960 HSDPA Router,
rizki . wicaksono
- gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection,
Salvatore \"drosophila\" Fresta
- HP Quality Center vulnerability,
info
- [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability,
adv
- [ MDVSA-2009:050-1 ] python-pycrypto,
security
- [ GLSA 200902-05 ] KTorrent: Multiple vulnerabilitites,
Pierre-Yves Rofes
- [ MDVSA-2009:051 ] libpng,
security
- [ GLSA 200902-06 ] GNU Emacs, XEmacs: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ MDVSA-2009:049-1 ] pycrypto,
security
- VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27,
VMware Security team
- [ MDVSA-2009:048-1 ] epiphany,
security
- [ MDVSA-2009:047-1 ] vim,
security
- iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability,
iDefense Labs
- [ MDVSA-2009:052 ] php-smarty,
security
- [ MDVSA-2009:053 ] squirrelmail,
security
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well),
Benjamin Milde
- pPIM Multiple Vulnerabilities,
Justin C. Klein Keane
- [ MDVSA-2009:054 ] nagios,
security
- Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow,
Secunia Research
- [security bulletin] HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS),
security-alert
- [BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1,
Nam Nguyen
- Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability,
Trancer
- Secunia Research: SHOUTcast DNAS Relay Server Buffer Overflow,
Secunia Research
- [DSECRG-09-008] JOnAS(4.10.3) - Linked XSS Vulnerability,
Digital Security Research Group
- Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows,
Secunia Research
- Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service,
Moritz Muehlenhoff
- [ MDVSA-2009:055 ] audacity,
security
- Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability,
security . assurance
- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc,
nospam
- [ MDVSA-2009:057 ] valgrind,
security
- Golabi CMS Remote File Inclusion Vulnerability,
rezazahfaran
- [ MDVSA-2009:056 ] net-snmp,
security
- [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites,
Steffen Joeris
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability,
Digital Security Research Group
- [USN-724-1] Squid vulnerability,
Jamie Strandboge
- [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability,
Mark Thomas
- [security bulletin] HPSBGN02410 SSRT080135 rev.1 - HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2009:048-2 ] epiphany,
security
- [ MDVSA-2009:026-1 ] phpMyAdmin,
security
- BitDefender Internet Security XSS,
jplopezy
- ANNOUNCE: RFIDIOt-0.1x release - February 2009,
Adam Laurie
- Re: New site about security conferences : www.security-briefings.com,
John
- VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed,
VMware Security team
- djbdns misformats some long response packets; patch and example attack,
Matthew Dempsky
- [ MDVSA-2009:058 ] wireshark,
security
- Hex Workshop <= v6 (.hex) File Local Code,
xhakerman2008
- Drupal Local File Inclusion Vulnerability (Windows),
Bogdan Calin
- HTC Touch vCard over IP Denial of Service PoC Code,
Mobile Security Lab
- [SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service,
Florian Weimer
- On the implementation of TCP urgent data (IETF Internet Draft),
Fernando Gont
- POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Vulnerability,
Krakow Labs
Mail converted by MHonArc