Mail Thread Index

• Date Index

• Re: djbdns misformats some long response packets; patch and example attack, Matthew Dempsky
  • <Possible follow-ups>
  • Re: djbdns misformats some long response packets; patch and example attack, Matthew Dempsky
• Afian Document Manager Local File Inclusion, contact
• Re: Nokia N95-8 browser denial of service, MustLive
• [SECURITY] [DSA 1719-2] New GNUTLS packages fix regression, Florian Weimer
• Weekly Web Hacking Incidents update for Feb 25th, Ofer Shezaf
• YEKTA WEB Academic Web Tools CMS Multiple XSS, mr . faghani
• BlogMan 0.45 Multiple Vulnerabilities, Salvatore \"drosophila\" Fresta
• [CFP] FRHACK 2nd Call For Papers, Jerome Athias
• [security bulletin] HPSBUX02401 SSRT090005 rev.3 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF), security-alert
• EZ-Blog Beta 1 Multiple SQL Injection, Salvatore \"drosophila\" Fresta
• Announcing Cap'r Mak'r, kowsik
• [SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities, Steffen Joeris
• rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl, rPath Update Announcements
• [ISecAuditors Security Advisories] eXtplorer Remote Code Execution, ISecAuditors Security Advisories
• [SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites, Steffen Joeris
• [ MDVSA-2009:062 ] shadow-utils, security
• Re: Re: Local vulnerability in suexec + FastCGI + PHP configurations, security . 432
• RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability, Salvatore \"drosophila\" Fresta
• Blogsa <= 1.0 Beta 3 XSS Vulnerability, contact
• [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability, Steffen Joeris
• [SECURITY] [DSA 1732-1] New squid3 packages fix denial of service, Steffen Joeris
• WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI), Salvatore \"drosophila\" Fresta
• [ MDVSA-2009:063 ] eog, security
• Zabbix 1.6.2 Frontend Multiple Vulnerabilities, ascii
  • Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities, Roberto Muñoz Fernandez
  • Re: Zabbix 1.6.2 Frontend Multiple Vulnerabilities, Eygene Ryabinkin
• Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability, Secunia Research
• [SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities, Steffen Joeris
• Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability, Secunia Research
• BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI), Salvatore \"drosophila\" Fresta
• [USN-727-1] network-manager-applet vulnerabilities, Marc Deslauriers
• [USN-726-1] curl vulnerability, Marc Deslauriers
• NovaBoard <= 1.0.1 / XSS Vulnerability, Jose Luis
• [ MDVSA-2009:064 ] imap, security
• [USN-727-2] NetworkManager vulnerability, Marc Deslauriers
• [USN-726-2] curl regression, Marc Deslauriers
• Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• CelerBB 0.0.2 Multiple Vulnerabilities, Salvatore \"drosophila\" Fresta
• Re: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability, iDefense Labs
• SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7), nospam
• libc:fts_*():multiple vendors, Denial-of-service, cxib
• ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability, ZDI Disclosures
• iDefense COMRaider, ActiveX controls, and browser configuration, Steven M. Christey
  • Re: iDefense COMRaider, ActiveX controls, and browser configuration, Vladimir '3APA3A' Dubrovin
• [ MDVSA-2009:065 ] php4, security
• [ MDVSA-2009:066 ] php, security
• [USN-729-1] Python Crypto vulnerability, Kees Cook
• [USN-728-1] Firefox and Xulrunner vulnerabilities, Jamie Strandboge
• [USN-728-2] Firefox vulnerabilities, Jamie Strandboge
• [USN-728-3] Firefox vulnerabilities, Jamie Strandboge
• [ MDVSA-2009:067 ] libsndfile, security
• [USN-730-1] libpng vulnerabilities, Jamie Strandboge
• [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability, aanisimov
• Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass), Salvatore \"drosophila\" Fresta
• DEFCON CTF Submissions are in, DC-16 video online!, The Dark Tangent
• [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application, Mark Thomas
• WarVOX 1.0.0 Released, H D Moore
• [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability, aanisimov
• [ MDVSA-2009:068 ] poppler, security
• [ GLSA 200903-01 ] Vinagre: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• nForum 1.5 Multiple SQL Injection, Salvatore \"drosophila\" Fresta
• [ GLSA 200903-02 ] ZNC: Privilege escalation, Tobias Heinlein
• [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code, Tobias Heinlein
• [ GLSA 200903-04 ] DevIL: User-assisted execution of arbitrary code, Tobias Heinlein
• [ MDVSA-2009:069 ] curl, security
• [ MDVSA-2009:068-1 ] poppler, security
• [ GLSA 200903-05 ] PDFjam: Multiple vulnerabilities, Robert Buchholz
• [ GLSA 200903-06 ] nfs-utils: Access restriction bypass, Robert Buchholz
• [ GLSA 200903-07 ] Samba: Data disclosure, Robert Buchholz
• [ GLSA 200903-08 ] gEDA: Insecure temporary file creation, Robert Buchholz
• [ GLSA 200903-09 ] OpenTTD: Execution of arbitrary code, Robert Buchholz
• phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS), Salvatore \"drosophila\" Fresta
• [ GLSA 200903-10 ] Irrlicht: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system, alexchf . fyp
  • Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system, Julien Thomas
• Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability, Secunia Research
• [ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code, Robert Buchholz
• [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code, Robert Buchholz
• [ GLSA 200903-13 ] MPFR: Denial of Service, Robert Buchholz
• [ GLSA 200903-14 ] BIND: Incorrect signature verification, Robert Buchholz
• [ GLSA 200903-15 ] git: Multiple vulnerabilties, Robert Buchholz
• [ GLSA 200903-16 ] Epiphany: Untrusted search path, Robert Buchholz
• [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbitrary code, Robert Buchholz
• [ GLSA 200903-18 ] Openswan: Insecure temporary file creation, Robert Buchholz
  • Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation, Paul Wouters
    • Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation, Robert Buchholz
• [ GLSA 200903-19 ] Xerces-C++: Denial of Service, Robert Buchholz
• [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities, Robert Buchholz
• DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability, ddivulnalert
• DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability, ddivulnalert
• Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability, Elazar Broad
• [ GLSA 200903-21 ] cURL: Arbitrary file access, Tobias Heinlein
• Foxit Reader Multiple Vulnerabilities (CORE-2009-0218), Core Security Technologies Advisories
• SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability, Bernhard Mueller
• FINAL: Call for Papers on Cyber Warfare, k g
• SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability, Bernhard Mueller
• SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability, Bernhard Mueller
• Aryanic HighCMS and HighPortal multiple Vulnerabilities, mr . faghani
• [ GLSA 200903-22 ] Ganglia: Execution of arbitrary code, Robert Buchholz
• Multiple Vulnerabilities in iAntiVirus, Carsten Eilers
• [ MDVSA-2009:070 ] openoffice.org, security
• Paper: Socket Capable Browser Plugins Result In Transparent Proxy Abuse, robert
• Addonics NAS Adapter Post-Auth DoS, mcyr2
• [USN-731-1] Apache vulnerabilities, Marc Deslauriers
• [USN-732-1] dash vulnerability, Marc Deslauriers
• AST-2009-002: Remote Crash Vulnerability in SIP channel driver, Asterisk Security Team
• [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities, vuln
• [ MDVSA-2009:071 ] kernel, security
• [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability, ISecAuditors Security Advisories
• [SECURITY] [DSA 1735-1] New znc packages fix privilege escalation, Florian Weimer
• Sun Java System Communications Express [HTML Injection], sosoblood
  • <Possible follow-ups>
  • Re: Sun Java System Communications Express [HTML Injection], sosoblood
• [ GLSA 200903-24 ] Shadow: Privilege escalation, Pierre-Yves Rofes
• [ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilities, Pierre-Yves Rofes
• [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting, Steffen Joeris
• [security bulletin] HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities, security-alert
• [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access, security-alert
• Re: Adobe Flash Player plug-in null pointer dereference and browser crash, Matthew Dempsky
  • Re: Adobe Flash Player plug-in null pointer dereference and browser crash, Alex Legler
• [SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access, Nico Golde
• Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
• TOORCAMP 2009 CALL FOR PARTICIPATION, h1kari
• TikiWiki 2.2 XSS Vulnerability in URI, iliz-z
  • <Possible follow-ups>
  • Re: TikiWiki 2.2 XSS Vulnerability in URI, danny
• [ MDVSA-2009:072 ] perl-MDK-Common, security
• POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability, Krakow Labs
• [ MDVSA-2009:073 ] sarg, security
• [USN-724-1] Squid vulnerability, Jamie Strandboge
• [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities, Steffen Joeris
• [ GLSA 200903-25 ] Courier Authentication Library: SQL Injection vulnerability, Pierre-Yves Rofes
• [ GLSA 200903-26 ] TMSNC: Execution of arbitrary code, Robert Buchholz
• Trellis Desk v1.0 XSS Vulnerability, larry
• flv2mpeg4: Malformed parameters Denial of Service, Anon
• [ MDVSA-2009:074 ] libneon0.27, security
• [security bulletin] HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access, security-alert
• [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service, Valery Marchuk
• [oCERT-2008-015] glib and glib-predecessor heap overflows, Will Drewry
• rPSA-2009-0042-1 curl, rPath Update Announcements
• rPSA-2009-0041-1 dhclient dhcp libdhcp4client, rPath Update Announcements
• [ GLSA 200903-27 ] ProFTPD: Multiple vulnerabilities, Pierre-Yves Rofes
• rPSA-2009-0040-1 tshark wireshark, rPath Update Announcements
• Apple iTunes DAAP Messages Handling Denial of Service Vulnerability , secresearch@xxxxxxxxxxxx
• rPSA-2009-0046-1 libpng, rPath Update Announcements
• rPSA-2009-0045-1 glib, rPath Update Announcements
• [Positive Technologies SA:2009-15] Living CMS Cross-Site Scripting vulnerability, aanisimov
• [Positive Technologies SA:2009-14] BLOG CMS Cross-Site Scripting vulnerability, aanisimov
• [Positive Technologies SA:2009-20] A.CMS Multiple Vulnerabilities, aanisimov
• [ MDVSA-2009:075 ] firefox, security
• [SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure, Florian Weimer
• Infopop UBB.Threads Admin Credentials via SQL Injection, swhite
• [SECURITY] [DSA 1740-1] New yaws packages fix denial of service, Steffen Joeris
• [SECURITY] [DSA 1741-1] New psi packages fix denial of service, Moritz Muehlenhoff
• [ MDVSA-2009:076 ] avahi, security
• [ GLSA 200903-28 ] libpng: Multiple vulnerabilities, Pierre-Yves Rofes
• [SECURITY] [DSA 1742-1] New libsnd packages fix arbitrary code execution, Nico Golde
• [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow, Bkis
• NGENUITY-2009-005 OpenCart Order By Blind SQL Injection, Adam Baldwin
• reporting CVE, rahimeh . khodadadi
• [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36, Bkis
• rosoft media player local BOF exploit multi tagets, maroc-anti-connexion
• [USN-734-1] FFmpeg vulnerabilities, Marc Deslauriers
• [USN-738-1] GLib vulnerability, Jamie Strandboge
• [USN-733-1] evolution-data-server vulnerability, Marc Deslauriers
• CPANEL File Manager XSS Vulnerability, rizki . wicaksono
• [USN-736-1] GStreamer Good Plugins vulnerabilities, Marc Deslauriers
• [ GLSA 200903-29 ] BlueZ: Arbitrary code execution, Pierre-Yves Rofes
• HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration, Henri Lindberg
• [SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution, Steffen Joeris
• PHPRunner SQL Injection, admin
• [USN-735-1] GStreamer Base Plugins vulnerability, Marc Deslauriers
• [ GLSA 200903-30 ] Opera: Multiple vulnerabilities, Tobias Heinlein
• [USN-737-1] libsoup vulnerability, Marc Deslauriers
• [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability, vuln
• [USN-739-1] Amarok vulnerabilities, Marc Deslauriers
• DEFCON London DC4420 March meeting - Thursday 19th March, Major Malfunction
• [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability, vuln
• [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability, vuln
• [ GLSA 200903-31 ] libcdaudio: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability, iDefense Labs
  • Re: iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability, iDefense Labs
• Sitecore .NET 5.3.x - web service information disclosure, security . assurance
• Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5, dh
• [USN-740-1] NSS vulnerability, Jamie Strandboge
• [SECURITY] [DSA 1744-1] New weechat packages fix denial of service, Nico Golde
• CDex v1.70b2 (.ogg) local buffer overflow exploit poc, nospam
• [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS), ISecAuditors Security Advisories
• [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities, Pierre-Yves Rofes
• [USN-742-1] JasPer vulnerabilities, Marc Deslauriers
• Command Execution in Hannon Hill Cascade Server, Elliot Kendall
• rPSA-2009-0050-1 ghostscript, rPath Update Announcements
• Slides from uCon Security Conference 2009 available online, uCon Security Conference
• [ MDVSA-2009:060-1 ] nfs-utils, security
• [USN-741-1] Thunderbird vulnerabilities, Jamie Strandboge
• [SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution, Steffen Joeris
• LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted), Chris Evans
• [ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities, Pierre-Yves Rofes
• [security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [SECURITY] [DSA 1746-1] New ghostscript packages fix arbitrary code execution, Steffen Joeris
• [SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution, Steffen Joeris
• [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution, Steffen Joeris
• Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh), nospam
• [oCERT-2009-003] LittleCMS integer errors, Andrea Barisani
• [ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code, Tobias Heinlein
• [SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities, dann frazier
• [SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities, Moritz Muehlenhoff
• ExpressionEngine Persistent Cross-Site Scripting, Adam Baldwin
• Rittal CMC-TC Processing Unit II multiple vulnerabilities, Henri Lindberg - Smilehouse Oy
• [ MDVSA-2009:077 ] pam, security
• [SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities, Florian Weimer
• FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer, FreeBSD Security Advisories
• CORE-2009-0122: HP OpenView Buffer Overflows, CORE Security Technologies Advisories
• [SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution, Florian Weimer
• [ MDVSA-2009:078 ] evolution-data-server, security
• [ MDVSA-2009:079 ] postgresql, security
• [USN-743-1] Ghostscript vulnerabilities, Marc Deslauriers
• [USN-744-1] LittleCMS vulnerabilities, Marc Deslauriers
• [ GLSA 200903-35 ] Muttprint: Insecure temporary file usage, Pierre-Yves Rofes
• [ GLSA 200903-36 ] MLDonkey: Information disclosure, Pierre-Yves Rofes
• [ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code, Pierre-Yves Rofes
• PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent), nospam
• [security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, security-alert
• ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability, ZDI Disclosures
• [security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege, security-alert
• iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability, iDefense Labs
• [SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable, Moritz Muehlenhoff
• [ GLSA 200903-38 ] Squid: Multiple Denial of Service vulnerabilities, Pierre-Yves Rofes
• Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow, Secunia Research
  • Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow, Florian Weimer
    • Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow, Eric C. Lukens
      • Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow, Vladimir '3APA3A' Dubrovin
• [SECURITY] [DSA 1745-2] New lcms packages fix regression, Steffen Joeris
• Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation, Moritz Muehlenhoff
• CFP RAID 2009, Corrado Leita
• [ GLSA 200903-39 ] pam_krb5: Privilege escalation, Pierre-Yves Rofes
• [Bkis-05-2009] PowerCHM Stack-based Buffer Overflow, Bkis
• ICAP adaptation: missing data flow control to client side, Martin Huter
• iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability, iDefense Labs
• [USN-746-1] xine-lib vulnerability, Marc Deslauriers
• [USN-747-1] ICU vulnerability, Marc Deslauriers
• iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability, iDefense Labs
• [ MDVSA-2009:080 ] glib2.0, security
• [USN-748-1] OpenJDK vulnerabilities, Kees Cook
• Aurora Nutritive Analysis Module Multiple XSS, Bugs NotHugs
• Moodle: Sensitive File Disclosure, Christian Eibl
• iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability, iDefense Labs
• iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability, iDefense Labs
• Novell Netstorage Multiple Vulnerabilities, Bugs NotHugs
• [USN-745-1] Firefox and Xulrunner vulnerabilities, Jamie Strandboge
• [SECURITY] [DSA 1756-1] New xulrunner packages fix multiple vulnerabilities, Noah Meyerhans
• [tool release] Watcher v1.0.0 - passive Web-app security testing and compliance auditing, Chris Weber
• [ GLSA 200903-40 ] Analog: Denial of Service, Pierre-Yves Rofes
• glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit, nospam
• [ MDVSA-2009:081 ] libsoup, security
• Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow, Bugs NotHugs
• [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection, Steffen Joeris
• CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec, Paul Wouters
• Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3, Positron Security
• [ MDVSA-2009:082 ] krb5, security
• Family Connections 1.8.1 Multiple Remote Vulnerabilities, Salvatore \"drosophila\" Fresta
• DeepSec 2009 - Call for Papers is open, DeepSec Conference
• [USN-749-1] libsndfile vulnerability, Marc Deslauriers
• Community CMS 0.5 Multiple SQL Injection Vulnerabilities, Salvatore \"drosophila\" Fresta