Mail Index
- Re: djbdns misformats some long response packets; patch and example attack
- Afian Document Manager Local File Inclusion
- Re: Nokia N95-8 browser denial of service
- [SECURITY] [DSA 1719-2] New GNUTLS packages fix regression
- Weekly Web Hacking Incidents update for Feb 25th
- YEKTA WEB Academic Web Tools CMS Multiple XSS
- BlogMan 0.45 Multiple Vulnerabilities
- From: Salvatore \"drosophila\" Fresta
- [CFP] FRHACK 2nd Call For Papers
- [security bulletin] HPSBUX02401 SSRT090005 rev.3 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
- EZ-Blog Beta 1 Multiple SQL Injection
- From: Salvatore \"drosophila\" Fresta
- Announcing Cap'r Mak'r
- [SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities
- rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
- From: rPath Update Announcements
- [ISecAuditors Security Advisories] eXtplorer Remote Code Execution
- From: ISecAuditors Security Advisories
- [SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
- [ MDVSA-2009:062 ] shadow-utils
- Re: Re: Local vulnerability in suexec + FastCGI + PHP configurations
- RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability
- From: Salvatore \"drosophila\" Fresta
- Blogsa <= 1.0 Beta 3 XSS Vulnerability
- [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability
- [SECURITY] [DSA 1732-1] New squid3 packages fix denial of service
- WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)
- From: Salvatore \"drosophila\" Fresta
- [ MDVSA-2009:063 ] eog
- Zabbix 1.6.2 Frontend Multiple Vulnerabilities
- Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability
- [SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities
- Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability
- BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI)
- From: Salvatore \"drosophila\" Fresta
- [USN-727-1] network-manager-applet vulnerabilities
- [USN-726-1] curl vulnerability
- NovaBoard <= 1.0.1 / XSS Vulnerability
- [ MDVSA-2009:064 ] imap
- [USN-727-2] NetworkManager vulnerability
- [USN-726-2] curl regression
- Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CelerBB 0.0.2 Multiple Vulnerabilities
- From: Salvatore \"drosophila\" Fresta
- Re: djbdns misformats some long response packets; patch and example attack
- Re: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability
- SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7)
- libc:fts_*():multiple vendors, Denial-of-service
- ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability
- iDefense COMRaider, ActiveX controls, and browser configuration
- [ MDVSA-2009:065 ] php4
- [ MDVSA-2009:066 ] php
- [USN-729-1] Python Crypto vulnerability
- [USN-728-1] Firefox and Xulrunner vulnerabilities
- [USN-728-2] Firefox vulnerabilities
- Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities
- From: Roberto Muñoz Fernandez
- [USN-728-3] Firefox vulnerabilities
- [ MDVSA-2009:067 ] libsndfile
- [USN-730-1] libpng vulnerabilities
- [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability
- Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass)
- From: Salvatore \"drosophila\" Fresta
- Re: iDefense COMRaider, ActiveX controls, and browser configuration
- From: Vladimir '3APA3A' Dubrovin
- DEFCON CTF Submissions are in, DC-16 video online!
- [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application
- WarVOX 1.0.0 Released
- [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability
- [ MDVSA-2009:068 ] poppler
- [ GLSA 200903-01 ] Vinagre: User-assisted execution of arbitrary code
- nForum 1.5 Multiple SQL Injection
- From: Salvatore \"drosophila\" Fresta
- [ GLSA 200903-02 ] ZNC: Privilege escalation
- [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code
- [ GLSA 200903-04 ] DevIL: User-assisted execution of arbitrary code
- [ MDVSA-2009:069 ] curl
- [ MDVSA-2009:068-1 ] poppler
- [ GLSA 200903-05 ] PDFjam: Multiple vulnerabilities
- [ GLSA 200903-06 ] nfs-utils: Access restriction bypass
- [ GLSA 200903-07 ] Samba: Data disclosure
- [ GLSA 200903-08 ] gEDA: Insecure temporary file creation
- [ GLSA 200903-09 ] OpenTTD: Execution of arbitrary code
- phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)
- From: Salvatore \"drosophila\" Fresta
- [ GLSA 200903-10 ] Irrlicht: User-assisted execution of arbitrary code
- Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system
- Re: Zabbix 1.6.2 Frontend Multiple Vulnerabilities
- Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability
- [ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code
- [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code
- [ GLSA 200903-13 ] MPFR: Denial of Service
- [ GLSA 200903-14 ] BIND: Incorrect signature verification
- [ GLSA 200903-15 ] git: Multiple vulnerabilties
- [ GLSA 200903-16 ] Epiphany: Untrusted search path
- [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbitrary code
- [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- [ GLSA 200903-19 ] Xerces-C++: Denial of Service
- [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities
- DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability
- DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability
- Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability
- Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system
- [ GLSA 200903-21 ] cURL: Arbitrary file access
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)
- From: Core Security Technologies Advisories
- SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
- FINAL: Call for Papers on Cyber Warfare
- SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability
- SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability
- Aryanic HighCMS and HighPortal multiple Vulnerabilities
- [ GLSA 200903-22 ] Ganglia: Execution of arbitrary code
- Multiple Vulnerabilities in iAntiVirus
- [ MDVSA-2009:070 ] openoffice.org
- Paper: Socket Capable Browser Plugins Result In Transparent Proxy Abuse
- Addonics NAS Adapter Post-Auth DoS
- [USN-731-1] Apache vulnerabilities
- [USN-732-1] dash vulnerability
- AST-2009-002: Remote Crash Vulnerability in SIP channel driver
- From: Asterisk Security Team
- [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities
- [ MDVSA-2009:071 ] kernel
- [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability
- From: ISecAuditors Security Advisories
- [SECURITY] [DSA 1735-1] New znc packages fix privilege escalation
- Sun Java System Communications Express [HTML Injection]
- [ GLSA 200903-24 ] Shadow: Privilege escalation
- [ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilities
- [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting
- [security bulletin] HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
- [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash
- [SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access
- Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- TOORCAMP 2009 CALL FOR PARTICIPATION
- TikiWiki 2.2 XSS Vulnerability in URI
- [ MDVSA-2009:072 ] perl-MDK-Common
- POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability
- [ MDVSA-2009:073 ] sarg
- [USN-724-1] Squid vulnerability
- [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities
- [ GLSA 200903-25 ] Courier Authentication Library: SQL Injection vulnerability
- [ GLSA 200903-26 ] TMSNC: Execution of arbitrary code
- Trellis Desk v1.0 XSS Vulnerability
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash
- flv2mpeg4: Malformed parameters Denial of Service
- [ MDVSA-2009:074 ] libneon0.27
- Re: Sun Java System Communications Express [HTML Injection]
- [security bulletin] HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access
- [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service
- [oCERT-2008-015] glib and glib-predecessor heap overflows
- rPSA-2009-0042-1 curl
- From: rPath Update Announcements
- rPSA-2009-0041-1 dhclient dhcp libdhcp4client
- From: rPath Update Announcements
- [ GLSA 200903-27 ] ProFTPD: Multiple vulnerabilities
- rPSA-2009-0040-1 tshark wireshark
- From: rPath Update Announcements
- Apple iTunes DAAP Messages Handling Denial of Service Vulnerability �
- From: secresearch@xxxxxxxxxxxx
- rPSA-2009-0046-1 libpng
- From: rPath Update Announcements
- Re: TikiWiki 2.2 XSS Vulnerability in URI
- rPSA-2009-0045-1 glib
- From: rPath Update Announcements
- [Positive Technologies SA:2009-15] Living CMS Cross-Site Scripting vulnerability
- [Positive Technologies SA:2009-14] BLOG CMS Cross-Site Scripting vulnerability
- [Positive Technologies SA:2009-20] A.CMS Multiple Vulnerabilities
- [ MDVSA-2009:075 ] firefox
- [SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure
- Infopop UBB.Threads Admin Credentials via SQL Injection
- [SECURITY] [DSA 1740-1] New yaws packages fix denial of service
- [SECURITY] [DSA 1741-1] New psi packages fix denial of service
- [ MDVSA-2009:076 ] avahi
- [ GLSA 200903-28 ] libpng: Multiple vulnerabilities
- [SECURITY] [DSA 1742-1] New libsnd packages fix arbitrary code execution
- [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow
- NGENUITY-2009-005 OpenCart Order By Blind SQL Injection
- reporting CVE
- From: rahimeh . khodadadi
- [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36
- rosoft media player local BOF exploit multi tagets
- From: maroc-anti-connexion
- [USN-734-1] FFmpeg vulnerabilities
- [USN-738-1] GLib vulnerability
- [USN-733-1] evolution-data-server vulnerability
- CPANEL File Manager XSS Vulnerability
- [USN-736-1] GStreamer Good Plugins vulnerabilities
- [ GLSA 200903-29 ] BlueZ: Arbitrary code execution
- HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration
- [SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution
- PHPRunner SQL Injection
- [USN-735-1] GStreamer Base Plugins vulnerability
- [ GLSA 200903-30 ] Opera: Multiple vulnerabilities
- [USN-737-1] libsoup vulnerability
- [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability
- [USN-739-1] Amarok vulnerabilities
- DEFCON London DC4420 March meeting - Thursday 19th March
- [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability
- [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability
- [ GLSA 200903-31 ] libcdaudio: User-assisted execution of arbitrary code
- iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
- Sitecore .NET 5.3.x - web service information disclosure
- From: security . assurance
- Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5
- [USN-740-1] NSS vulnerability
- Re: iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability
- [SECURITY] [DSA 1744-1] New weechat packages fix denial of service
- CDex v1.70b2 (.ogg) local buffer overflow exploit poc
- [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS)
- From: ISecAuditors Security Advisories
- [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities
- [USN-742-1] JasPer vulnerabilities
- Command Execution in Hannon Hill Cascade Server
- rPSA-2009-0050-1 ghostscript
- From: rPath Update Announcements
- Slides from uCon Security Conference 2009 available online
- From: uCon Security Conference
- [ MDVSA-2009:060-1 ] nfs-utils
- [USN-741-1] Thunderbird vulnerabilities
- [SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution
- LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)
- [ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities
- [security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
- [SECURITY] [DSA 1746-1] New ghostscript packages fix arbitrary code execution
- [SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution
- [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution
- Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)
- [oCERT-2009-003] LittleCMS integer errors
- [ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code
- [SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities
- [SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
- ExpressionEngine Persistent Cross-Site Scripting
- Rittal CMC-TC Processing Unit II multiple vulnerabilities
- From: Henri Lindberg - Smilehouse Oy
- [ MDVSA-2009:077 ] pam
- [SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer
- From: FreeBSD Security Advisories
- CORE-2009-0122: HP OpenView Buffer Overflows
- From: CORE Security Technologies Advisories
- [SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution
- [ MDVSA-2009:078 ] evolution-data-server
- [ MDVSA-2009:079 ] postgresql
- [USN-743-1] Ghostscript vulnerabilities
- [USN-744-1] LittleCMS vulnerabilities
- [ GLSA 200903-35 ] Muttprint: Insecure temporary file usage
- [ GLSA 200903-36 ] MLDonkey: Information disclosure
- [ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code
- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent)
- [security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
- ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability
- [security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege
- iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
- [SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable
- [ GLSA 200903-38 ] Squid: Multiple Denial of Service vulnerabilities
- Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- [SECURITY] [DSA 1745-2] New lcms packages fix regression
- Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
- From: Vladimir '3APA3A' Dubrovin
- [SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation
- CFP RAID 2009
- [ GLSA 200903-39 ] pam_krb5: Privilege escalation
- [Bkis-05-2009] PowerCHM Stack-based Buffer Overflow
- ICAP adaptation: missing data flow control to client side
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability
- [USN-746-1] xine-lib vulnerability
- [USN-747-1] ICU vulnerability
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability
- [ MDVSA-2009:080 ] glib2.0
- [USN-748-1] OpenJDK vulnerabilities
- Aurora Nutritive Analysis Module Multiple XSS
- Moodle: Sensitive File Disclosure
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability
- iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability
- Novell Netstorage Multiple Vulnerabilities
- [USN-745-1] Firefox and Xulrunner vulnerabilities
- [SECURITY] [DSA 1756-1] New xulrunner packages fix multiple vulnerabilities
- [tool release] Watcher v1.0.0 - passive Web-app security testing and compliance auditing
- [ GLSA 200903-40 ] Analog: Denial of Service
- glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit
- [ MDVSA-2009:081 ] libsoup
- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow
- [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection
- CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec
- Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3
- [ MDVSA-2009:082 ] krb5
- Family Connections 1.8.1 Multiple Remote Vulnerabilities
- From: Salvatore \"drosophila\" Fresta
- DeepSec 2009 - Call for Papers is open
- [USN-749-1] libsndfile vulnerability
- Community CMS 0.5 Multiple SQL Injection Vulnerabilities
- From: Salvatore \"drosophila\" Fresta
Mail converted by MHonArc