Mail Thread Index

• Date Index

• Linksys WAG54G2 Web Management Console Local Arbitrary Shell Command Injection Vulnerability, michal . sajdak
• CFP 26C3 / 26th Chaos Communication Congress, lists
• [ MDVSA-2009:125 ] wireshark, security
• ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc, nospam
• FIREFOX URL space character SPOOF, xushaopei
• [SECURITY] [DSA 1807-1] New cyrus-sasl2/cyrus-sasl2-heimdal packages fix arbitrary code execution, Nico Golde
• [ MDVSA-2009:124 ] apache, security
• OCS Inventory NG 1.02 - Multiple SQL Injections, Nico Leidecker
• (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->, y3nh4ck3r
  • Re: (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->, Jeremy Brown
  • <Possible follow-ups>
  • Re: Re: (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->, y3nh4ck3r
• ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability, michal . sajdak
• MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->, y3nh4ck3r
• FRHACK 2009 Final Call For Papers extended, Jerome Athias
• Re: MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->, y3nh4ck3r
• [SECURITY] [DSA 1808-1] New drupal6 packages fix insufficient input sanitising, Steffen Joeris
• ACSAC 2009 submissions due June 8 and June 10 (extended), acsac . publicity
• ZDI-09-024: Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability, ZDI Disclosures
• Zemana Antilogger 1.9.2 DoS attack, loginit
• [USN-778-1] cron vulnerability, Jamie Strandboge
• The father of all bombs - another webdav fiasco, Kingcope
• Secunia Research: Apple QuickTime MS ADPCM Encoding Buffer Overflow, Secunia Research
• (Post Form --> 'cc') Blind (SQLi) EXPLOIT --Online Grades & Attendance <= v-3.2.6-->, y3nh4ck3r
• Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability, Secunia Research
• ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities, VUPEN Security Research
• [ MDVSA-2009:126 ] eggdrop, security
• [SECURITY] [DSA 1809-1] New Linux 2.6.26 packages fix several vulnerabilities, dann frazier
• MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES -- Online Grades & Attendance <= v-3.2.6 -->, y3nh4ck3r
• [security bulletin] HPSBUX02429 SSRT090058 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities, security-alert
• ZDI-09-025: Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability, ZDI Disclosures
• ZDI-09-026: Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability, ZDI Disclosures
• ZDI-09-027: Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability, ZDI Disclosures
• ZDI-09-028: Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability, ZDI Disclosures
• ZDI-09-029: Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability, ZDI Disclosures
• ZDI-09-030: Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability, ZDI Disclosures
• TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability, dvlabs
• [SECURITY] [DSA 1810-1] New cups/cupsys packages fix denial of service, Nico Golde
• TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities, dvlabs
  • Re: TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities, Will Drewry
• CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability, CORE Security Technologies Advisories
• [SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure, Stefan Fritsch
• Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption, Roee Hay
• [USN-781-1] Pidgin vulnerabilities, Marc Deslauriers
• [USN-781-2] Gaim vulnerabilities, Marc Deslauriers
• [USN-780-1] CUPS vulnerability, Marc Deslauriers
• [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector, Mark Thomas
• [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication, Mark Thomas
  • Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication, Christopher Schultz
• [ MDVSA-2009:127 ] gaim, security
• OCS Inventory NG 1.02 - Directory Traversal, Nico Leidecker
• [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure, Mark Thomas
• [InterN0T] moziloCMS 1.11.1 - XSS Vulnerability, security
• [InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability, security
• [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability, security
• [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities, security
  • Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities, Dirk Haun
  • <Possible follow-ups>
  • Re: Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities, peter
• [InterN0T] Flatnux 2009-03-27 - XSS Vulnerabilities + More, security
• SQL INJECTION VULNERABILITY--LightOpen CMS Devel 0.1-->, y3nh4ck3r
• [ MDVSA-2009:128 ] libmodplug, security
• [SECURITY] [DSA 1812-1] New apr-util packages fix several vulnerabilities, Stefan Fritsch
• [Security] XM Easy Personal FTP Server Multiple DoS vulnerabilities, neeraj . thakar
• [ MDVSA-2009:129 ] file, security
• [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication, Mark Thomas
• [ISecAuditors Security Advisories] Joomla! 1.5.10 JA_Purity Multiple Persistent XSS, ISecAuditors Security Advisories
• LightOpenCMS 0.1 pre-alpha Remote SQL Injection, Salvatore \"drosophila\" Fresta
• Reminder: DeepSec 2009 Call for Papers is open, DeepSec Conference
• EC2ND 2009 CFP - 5th European Conference on Computer Network Defence, Maggi Federico
• Re: Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection, lord . ittk
• Re: [Full-disclosure] Cross Site Scripting in PHP Nuke 8.0 Version, Christian Kujau
• Re: [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability-fixed, pm
• SQL INJECTION VULNERABILITY--Kjtechforce mailman Beta-1-->, y3nh4ck3r
• [security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, security-alert
• [ MDVSA-2009:130 ] gstreamer0.10-plugins-good, security
• ('dest') Blind (SQLi) EXPLOIT --Kjtechforce mailman Beta-1 -->, y3nh4ck3r
• [SECURITY] [DSA 1813-1] New evolution-data-server packages fix several vulnerabilities, Steffen Joeris
• [DSECRG-09-015] SAP GUI 6.4 Buffer Overflow vulnerability, Alexandr Polyakov
• [ MDVSA-2009:131-1 ] apr-util, security
• [ MDVSA-2009:132 ] libsndfile, security
• [ MDVSA-2009:131 ] apr-util, security
• Rasterbar libtorrent arbitrary file overwrite vulnerability, Dimitris Glynos
• [USN-783-1] eCryptfs vulnerability, Kees Cook
• New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks, Amit Klein
• ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability, ZDI Disclosures
• [USN-784-1] ImageMagick vulnerability, Jamie Strandboge
• ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability, ZDI Disclosures
• [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability, Mark Thomas
• ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability, ZDI Disclosures
• ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability, ZDI Disclosures
• Apple Safari local file theft vulnerability, Chris Evans
• XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3, pantera_bleed
  • Re: XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3, Adrian P.
  • Re: XMLHttpRequest file upload vulnerability Chrome 2 & Safari 3, Michal Zalewski
• TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow, noreply
• [security bulletin] HPSBMA02430 SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES --S-CMS <= v-2.0 Beta3-->, y3nh4ck3r
• [USN-785-1] ipsec-tools vulnerabilities, Marc Deslauriers
• MULTIPLE SQL INJECTION VULNERABILITIES --S-CMS <= v-2.0 Beta3-->, y3nh4ck3r
• (Post Form var 'username') BLIND SQLi exploit --S-CMS <= v-2.0 Beta3-->, y3nh4ck3r
• New paper - Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions, marian . ventuneac
• Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability, Secunia Research
• Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability, Secunia Research
• CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept, Adrian P.
  • <Possible follow-ups>
  • Re: CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept, lord . iitk
• CORE-2009-0521 - DX Studio Player Firefox plug-in command injection, CORE Security Technologies Advisories
• CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass, CORE Security Technologies Advisories
• catching up on several recently fixed bugs of note, Michal Zalewski
• [USN-775-2] Quagga regression, Kees Cook
• FreeBSD Security Advisory FreeBSD-SA-09:11.ntpd, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-09:10.ipv6, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-09:09.pipe, FreeBSD Security Advisories
• [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability, Mark Thomas
• [security bulletin] HPSBUX02435 SSRT090059 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions, security-alert
• ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability, ZDI Disclosures
• ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability, ZDI Disclosures
• FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability, noreply-secresearch@xxxxxxxxxxxx
• ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability, ZDI Disclosures
• ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability, ZDI Disclosures
• FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability, noreply-secresearch@xxxxxxxxxxxx
• XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit, vinodsharma . mimit
• ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability, ZDI Disclosures
• [ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services, y3dips
• ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability, ZDI Disclosures
• Secunia Research: Microsoft PowerPoint Freelance Layout Parsing Vulnerability, Secunia Research
• Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow, Secunia Research
• Apple Safari cross-domain XML theft vulnerability, Chris Evans
• ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability, ZDI Disclosures
• [USN-786-1] apr-util vulnerabilities, Jamie Strandboge
• F5 FirePass Cross-Site Scripting vulnerability, Sjoerd Resink
• ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability, ZDI Disclosures
• (Post Form login var 'username') BLIND SQLi exploit--Open Biller 0.1-->, y3nh4ck3r
• MULTIPLE SQL INJECTION VULNERABILITIES --Splog <= v-1.2 Beta-->, y3nh4ck3r
• iDefense Security Advisory 06.11.09: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability, iDefense Labs
• iDefense Security Advisory 06.11.09: Multiple Vendor WebKit Error Handling Use After Free Vulnerability, iDefense Labs
• ModSecurity (Core Rules) HTTP Parameter Pollution Filter Bypass Vulnerability, lavakumar kuppan
• iDefense Security Advisory 06.11.09: Microsoft Excel SST Record Integer Overflow Vulnerability, iDefense Labs
• FortiGuard Advisory: Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability, noreply-secresearch@xxxxxxxxxxxx
• iDefense Security Advisory 06.11.09: Microsoft Windows 2000 Print Spooler Remote Stack Buffer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 06.11.09: Adobe Reader and Acrobat FlateDecode Integer Overflow Vulnerability, iDefense Labs
• VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability, VUPEN Security Research
  • Re: VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability, Nick Boyce
• VUPEN Security - Adobe Acrobat and Reader JBIG2 Filter Heap Overflow Vulnerability, VUPEN Security Research
• [USN-787-1] Apache vulnerabilities, Jamie Strandboge
• Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability, Secunia Research
• Serena Dimensions CM has insufficient default privileges, roland . gruber . extern
• [USN-779-1] Firefox and Xulrunner vulnerabilities, Jamie Strandboge
• [TZO-31-2009] Ikarus multiple generic evasions (CAB,ZIP,RAR), Thierry Zoller
• [TZO-32-2009] Norman generic bypass (RAR), Thierry Zoller
• [TZO-33-2009] Frisk F-prot evasion (TAR), Thierry Zoller
• [TZO-36-2009] Apple Safari & Quicktime Denial of Service, Thierry Zoller
• [SECURITY] [DSA 1815-1] New libtorrent-rasterbar packages fix denial of service, Moritz Muehlenhoff
• [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09, come2waraxe
• [TZO-37-2009] Apple Safari <v4 Remote code execution, Thierry Zoller
• [TZO-30-2009] Kaspersky and the silent patch that wasn't (PDF evasion, forced full disclosure), Thierry Zoller
• SugarCRM 5.2.0e Remote Code Execution, ascii
• Link Logger syslogd resource overwhelm DoS, mcyr2
• CakeCMS XSRF Vulnerability, onur . turkeshan
• [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities, security
• [InterN0T] SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities, security
• [InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities, security
• [InterN0T] transLucid 1.75 - Multiple Vulnerabilities, security
• [InterN0T] Webmedia Explorer - XSS Vulnerability, security
• [SECURITY] [DSA 1814-1] New libsndfile packages fix arbitrary code execution, Nico Golde
• [USN-788-1] Tomcat vulnerabilities, Marc Deslauriers
• [DSF-02-2009] - Zoki Catalog SQL Injection, SmOk3
• Netgear DG632 Router Authentication Bypass Vulnerability, Tom Neaves
• Netgear DG632 Router Remote DoS Vulnerability, Tom Neaves
  • Message not available
    • Message not available
      • Message not available
        • Re: Netgear DG632 Router Remote DoS Vulnerability, Tom Neaves
          • Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability, Vladimir '3APA3A' Dubrovin
  • Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability, Hanno Böck
• [TZO-33-2009] Fprot generic bypass (TAR), Thierry Zoller
• [TZO-40-2009] Clamav generic bypass (RAR,CAB,ZIP), Thierry Zoller
• CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities, Williams, James K
• CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities (Updated), Williams, James K
• CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability, Williams, James K
• Official release of "Keykeriki" open source wireless keyboard sniffer, Max Moser
• [ MDVSA-2009:133 ] irssi, security
• phpMyTourney adminfunctions.php Remote File Include Vulnerabilities, IrIsT . Ir
• WinAppDbg version 1.2 is out!, Mario Alejandro Vilas Jerez
• Re: [Full-disclosure] WinAppDbg version 1.2 is out!, Jared DeMott
  • Re: [Full-disclosure] WinAppDbg version 1.2 is out!, Mario Alejandro Vilas Jerez
• ZDI-09-043: Apple Java CColorUIResource Pointer Derference Code Execution Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 1816-1] New apache2 packages fix privilege escalation, Stefan Fritsch
• CERT-FI statement on the Outpost24 TCP issues updated, Juha-Matti Laurio
• [ MDVSA-2009:134 ] firefox, security
• [ MDVSA-2009:135 ] kernel, security
• [SECURITY] [DSA 1817-1] New ctorrent packages fix arbitrary code execution, Nico Golde
• [SECURITY] [DSA 1818-1] New gforge packages fix insufficient input sanitising, Steffen Joeris
• [TZO-34-2009] Frisk FPROT generic evasion (RAR,ARJ,LHA), Thierry Zoller
• [TZO-43-2009] - Clamav generic evasion (CAB), Thierry Zoller
• iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008), Collin Mulliner
  • Re: iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008), Collin Mulliner
• [SECURITY] [DSA 1820-1] New xulrunner packages fix several vulnerabilities, Steffen Joeris
• Nokia 6212 classic URI spoofing and DoS advisory (original date: Dec. 2008), Collin Mulliner
• ERRATA: [TZO-32-2009] Norman generic bypass (RAR), Thierry Zoller
• The Möbius Defense, the end of Defense in Depth, Pete Herzog
• [SECURITY] [DSA 1819-1] New vlc packages fix several vulnerabilities, Steffen Joeris
• Re: Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption, rajendra . palnaty
• PhpPortal v1 Insecure Cookie Handling Vulnerability, ceza_fuat_kolik
• MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES --FretsWeb 1.2-->, y3nh4ck3r
• [ MDVSA-2009:137 ] java-1.6.0-openjdk, security
• (GET var 'name') BLIND SQL INJECTION EXPLOIT --FretsWeb 1.2-->, y3nh4ck3r
• [USN-789-1] GStreamer Good Plugins vulnerability, Marc Deslauriers
• CMS Buzz (XSS/PC/HI) Multiple Remote Vulnerabilities, ceza_fuat_kolik
• FretsWeb 1.2 (name) Remote Blind SQL Injection Exploit, ceza_fuat_kolik
• phportal 1.0 Insecure Cookie Handling Vulnerability, ceza_fuat_kolik
• fuzzylime cms <= 3.03a Local Inclusion / Arbitrary File Corruption PoC, ceza_fuat_kolik
• FretsWeb 1.2 Multiple Local File Inclusion Vulnerabilities, ceza_fuat_kolik
• [RISE-2009001] ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow Vulnerability, RISE Security
• Back door trojan in acajoom-3.2.6 for joomla, Jan van Niekerk
• [ MDVSA-2009:136 ] tomcat5, security
• [SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanitising, Steffen Joeris
• [ MDVSA-2009:138 ] tomcat5, security
• CFP: ISOI 7 - Sept 17, 18 - San Diego, Gadi Evron
• [SECURITY] [DSA 1822-1] New mahara packages fix cross-site scripting, Nico Golde
• n.runs-SA-2009.006 - Apple Safari - Null pointer dereference, security
• n.runs-SA-2009.005 - Apple Safari - Information disclosure, security
• Authentication Bypas in BASE version 1.2.4 and prior, timmedin
  • <Possible follow-ups>
  • Re: Authentication Bypas in BASE version 1.2.4 and prior, timmedin
• Re: Authentication Bypass in BASE version 1.2.4 and prior, timmedin
• [ MDVSA-2009:139 ] libtorrent-rasterbar, security
• Trustwave's SpiderLabs Security Advisory TWSL2009-002, Trustwave Advisories
• CHASE - 2009 Lahoe Pakistan | Call for Papers, Muhammad Farooq-i-Azam
• Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products, Cisco Systems Product Security Incident Response Team
• [USN-790-1] Cyrus SASL vulnerability, Kees Cook
• [USN-791-1] Moodle vulnerabilities, Kees Cook
• [USN-791-2] Moodle vulnerability, Kees Cook
• [USN-791-3] Smarty vulnerability, Kees Cook
• [ MDVSA-2009:140 ] gaim, security
• (POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-->, y3nh4ck3r
• [USN-792-1] OpenSSL vulnerabilities, Marc Deslauriers
• iDefense Security Advisory 06.25.09: Unisys Business Information Server Stack Buffer Overflow, iDefense Labs
• [SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities, Thijs Kinkhorst
• iDefense Security Advisory 06.25.09: Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Vulnerability, iDefense Labs
• SQL INJECTION VULNERABILITY --AlumniServer v-1.0.1-->, y3nh4ck3r
• [SECURITY] [DSA 1824-1] New phpmyadmin packages fix several vulnerabilities, Thijs Kinkhorst
• [USN-782-1] Thunderbird vulnerabilities, Jamie Strandboge
• Security Assessment of TCP at the IETF, Fernando Gont
• aMSN SSL Certificate Vulnerability, Gabriel Menezes Nunes
• Gizmo SSL Certificate Vulnerability, Gabriel Menezes Nunes
• Trillian SSL Certificate Vulnerability, Gabriel Menezes Nunes
  • <Possible follow-ups>
  • Re: Trillian SSL Certificate Vulnerability, krymson
• Report vulnerabilities, JP
• evil little dictionary, Pavel Machek
• MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x-->, y3nh4ck3r
• [ MDVSA-2009:141 ] mozilla-thunderbird, security
• iDefense Security Advisory 06.26.09: HP Network Node Manager rping Stack Buffer Overflow Vulnerability, iDefense Labs
• [ MDVSA-2009:143 ] netpbm, security
• [ GLSA 200906-01 ] libpng: Information disclosure, Tobias Heinlein
• Mega File Manager Remote File Vuln, ceza_fuat_kolik
• osTicket v1.6 RC4 Admin Login Blind SQLi, Adam Baldwin
• [ MDVSA-2009:145 ] php, security
• Shakacon III - Presentations Posted to site, Shakacon
• [ MDVSA-2009:142 ] jasper, security
• AjaxPortal v3.0 Remote File Inclusion Vulnerability, Cru3l.b0y
• [ MDVSA-2009:144 ] ghostscript, security
• [ GLSA 200906-02 ] Ruby: Denial of Service, Alex Legler
• [ MDVSA-2009:146 ] imap, security
• [ GLSA 200906-03 ] phpMyAdmin: Multiple vulnerabilities, Alex Legler
• [ GLSA 200906-04 ] Apache Tomcat JK Connector: Information disclosure, Alex Legler