Mail Thread Index

• Date Index

• [ MDVSA-2009:182 ] firefox, security
• Re: wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability, YGN Ethical Hacker Group (http://yehg.net)
• [ MDVSA-2009:183 ] apache-mod_security, security
• [ MDVSA-2009:184 ] apache-mod_security, security
• [ MDVSA-2009:185 ] firefox, security
• [ MDVSA-2009:186 ] firebird, security
• [ MDVSA-2009:187 ] nagios, security
• [ MDVSA-2009:188 ] php4-eaccelerator, security
• [ GLSA 200908-01 ] OpenSC: Multiple vulnerabilities, Tobias Heinlein
• [ MDVSA-2009:189 ] apache-mod_auth_mysql, security
• [ GLSA 200908-02 ] BIND: Denial of Service, Alex Legler
• Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869), Roee Hay
• [SECURITY] [DSA 1848-1] New znc packages fix remote code execution, Florian Weimer
• [SECURITY] [DSA 1849-1] New xml-security-c packages fix signature forgery, Florian Weimer
• [ MDVSA-2009:190 ] OpenEXR, security
• [ MDVSA-2009:191 ] OpenEXR, security
• AST-2009-004: Remote Crash Vulnerability in RTP stack, Asterisk Security Team
• [security bulletin] HPSBMA02445 SSRT090058 rev.1 - HP Serviceguard Manager, Remote Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [security bulletin] HPSBUX02181 SSRT061289 rev.4 - HP-UX Running IPFilter, Remote Denial of Service (DoS), security-alert
• Blink Blog System Authentication Bypass, Salvatore Fresta aka Drosophila
• Cross-Site Scripting vulnerabiliy in Firefox and Opera, MustLive
• Discloser 0.0.4-rc2 SQL Injection Vulnerability, Salvatore Fresta aka Drosophila
• Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager, Shatter
• [SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution, Steffen Joeris
• SAP Business One 2005 Remote Buffer Overflow Vulnerability., mikey27
• Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability, palmprehacker
• [BONSAI] SQL Injection in CS-Cart, Bonsai - Information Security
• Re: Multiple Flaws in Huawei D100, wojwar
• [USN-810-1] NSS vulnerabilities, Jamie Strandboge
• [USN-810-2] NSPR update, Jamie Strandboge
• [USN-811-1] Firefox and Xulrunner vulnerability, Jamie Strandboge
• [ MDVSA-2009:192 ] phpmyadmin, security
• Multiple Flaws in Huawei SmartAX MT880 [was: Multiple Flaws in Huawei D100], jerome . athias
• ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability, ZDI Disclosures
• ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability, ZDI Disclosures
• ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability, ZDI Disclosures
• ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability, ZDI Disclosures
• fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666), ma+bt
• [SECURITY] [DSA 1851-1] New gst-plugins-bad0.10 packages fix arbitrary code execution, Steffen Joeris
• [ MDVSA-2009:193 ] ruby, security
• [ MDVSA-2009:194 ] wireshark, security
• [ MDVSA-2009:195 ] apr, security
• [CSS09-01] SlideShowPro Director File Disclosure Vulnerability, Scott Miles
• iDefense Security Advisory 08.06.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability, iDefense Labs
• OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error, katie . french
• iDefense Security Advisory 08.06.09: IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability, iDefense Labs
• [ MDVSA-2009:195-1 ] apr, security
• iDefense Security Advisory 08.06.09: Adobe Flash Player URL Parsing Heap Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability, iDefense Labs
• CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management, Kotas, Kevin J
• CA20090806-01: Security Notice for Data Transport Services, Kotas, Kevin J
• CFP: International workshop on Secure Software Engineering, secse
• [ GLSA 200908-03 ] libTIFF: User-assisted execution of arbitrary code, Robert Buchholz
• [ GLSA 200908-04 ] Adobe products: Multiple vulnerabilities, Robert Buchholz
• [security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBOV02452 SSRT090161 rev.1 - HP TCP/IP Services for OpenVMS BIND Server Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service (DoS), security-alert
• [SECURITY] [DSA 1852-1] New fetchmail packages fix SSL certificate verification weakness, Nico Golde
• Subversion heap overflow, Matt Lewis
• [SECURITY] [DSA 1853-1] New memcached packages fix arbitrary code execution, Nico Golde
• [ MDVSA-2009:196 ] samba, security
• iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability, iDefense Labs
• ASUS Eee PC and other series: BIOS SMM privilege escalation vulnerabilities, core collapse
• ZDI-09-051: EMC Replication Manager Client Control Service Remove Code Execution Vulnerability, ZDI Disclosures
• ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability, ZDI Disclosures
• [USN-813-3] apr-util vulnerability, Jamie Strandboge
• [SECURITY] [DSA 1857-1] New camlimages packages fix arbitrary code execution, Steffen Joeris
• [ MDVSA-2009:161-1 ] squid, security
• [ MDVSA-2009:198 ] firefox, security
• [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite, Adam Baldwin
• [USN-813-1] apr vulnerability, Jamie Strandboge
• [RT-SA-2009-005] Papoo CMS: Authenticated Arbitrary Code Execution, RedTeam Pentesting GmbH
• [SECURITY] [DSA 1854-1] New APR packages fix arbitrary code execution, Florian Weimer
• [USN-813-2] Apache vulnerability, Jamie Strandboge
• [SECURITY] [DSA 1855-1] New subversion packages fix arbitrary code execution, Florian Weimer
• [USN-812-1] Subversion vulnerability, Jamie Strandboge
• [NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF), Adam Baldwin
• XSS in SqLiteManager, hadikiamarsi
• [SECURITY] [DSA 1856-1] New mantis packages fix information leak, Thijs Kinkhorst
• [ MDVSA-2009:199 ] subversion, security
• [ MDVSA-2009:197 ] nss, security
• [SECURITY] [DSA 1843-2] New squid3 packages fix regression, Nico Golde
• [SECURITY] [DSA 1858-1] New imagemagick packages fix several vulnerabilities, Luciano Bello
• [SECURITY] [DSA 1859-1] New libxml2 packages fix several issues, Nico Golde
• [USN-814-1] openjdk-6 vulnerabilities, Kees Cook
• [security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS), security-alert
• AST-2009-005: Remote Crash Vulnerability in SIP channel driver, Asterisk Security Team
• IE7 Script, James C. Slora Jr.
• TPTI-09-06: Microsoft Windows Workstation Service NetrGetJoinInformation Heap Corruption Vulnerability, dvlabs
• Sql injection in OCS Inventory NG Server 1.2.1, gmcbr0 gmcbr0
• [USN-815-1] libxml2 vulnerabilities, Marc Deslauriers
• ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability, ZDI Disclosures
• ZDI-09-057: Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability, ZDI Disclosures
• ZDI-09-053: Microsoft Windows WINS Service Heap Overflow Vulnerability, ZDI Disclosures
• ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability, ZDI Disclosures
• ZDI-09-056: Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability, ZDI Disclosures
• [security bulletin] HPSBTU02454 SSRT080172 rev.1 - HP Internet Express for Tru64 UNIX Running Samba, Remote Information Disclosure, security-alert
• Re: Multiple vulnerabilities in several ATEN IP KVM Switches, starchang
  • Re: Multiple vulnerabilities in several ATEN IP KVM Switches, Glenn Rossi
• Chavoosh CMS SQL Injection Vulnerability, faghani
• [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability, Valery Marchuk
• 2WIRE Gateway Authentication Bypass & Password Reset, hkm
• Plume CMS Multiple SQL Injection Vulnerabilities - Security Advisory - SOS-09-006, Lists
• [security bulletin] HPSBUX02437 SSRT090038 rev.2 - HP-UX Running XNTP, Remote Execution of Arbitrary Code, security-alert
• Hijacking Safari 4 Top Sites with Phish Bombs, Inferno
• JibberBook GuestBook 2.3 Multiple Vulnerabilities, contact
• [DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability, Alexandr Polyakov
• [ MDVSA-2009:200 ] libxml, security
• Microsoft Wordpad Memory Exhaustion (msftedit), murderkey
• [ MDVSA-2009:201 ] fetchmail, security
• [SECURITY] [DSA 1860-1] New Ruby packages fix several issues, Florian Weimer
• [USN-816-1] fetchmail vulnerability, Kees Cook
• Elkapax CMS Cross site scripting vulnerability, faghani
  • Re: Elkapax CMS Cross site scripting vulnerability, security curmudgeon
• Authentication Bypass of Snom Phone Web Interface, Walter Sprenger
• Windows 7 Firewire Attacks - and Defense Techniques, Security Research Publications
• [security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities, security-alert
• Static analysis tool exposition (SATE) 2009 - call for participation, Vadim Okun
• Chris Paget Defcon RFID Presentation Slides Now Online, Timothy (Thor) Mullen
• Fwd: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down, Jeffrey Walton
• Re: Re: Re: Back door trojan in acajoom-3.2.6 for joomla, elkekas
• KIWICON ]|[ - 2009 Call For Papers, Kiwicon <3
• Linux NULL pointer dereference due to incorrect proto_ops initializations, Tavis Ormandy
  • Re: Linux NULL pointer dereference due to incorrect proto_ops initializations, Przemyslaw Frasunek
• [IMF 2009] Call for Participation, Oliver Goebel
• [SECURITY] [DSA 1861-1] New libxml packages fix several issues, Nico Golde
• new vulnerability founded by ostoure, ostoure . sazan
• ICQ 6.5 HTML-injection vulnerability, ss_contacts
• ClubHack2009: Call for Papers/Speakers, ClubHack
• [ MDVSA-2009:202 ] memcached, security
• [SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation, dann frazier
• [SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution, Nico Golde
• [ MDVSA-2009:203 ] curl, security
• DUgallery 3.0 / Remote Admin Bug, spymeta
• [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies, research
  • Re: [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies, Mike Duncan
• [SECURITY] [DSA 1864-1] New Linux 2.6.24 packages fix privilege escalation, dann frazier
• Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit, ostoure . sazan
• Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007, Lists
• DeepSec 2009 - Preliminary Schedule is online, DeepSec Conference
• [DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities, research
• [DSECRG-09-051] Adobe JRun 4 Multiple XSS, research
• [ MDVSA-2009:204 ] wxgtk, security
• [SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier
• TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local, contact . fingers
• [ MDVSA-2009:205 ] kernel, security
• Vtiger CRM 5.0.4 Multiple Vulnerabilities, ascii
• Safari buffer overflow, Leon Juranic
• Re: common dns misconfiguration can lead to "same site" scripting, saik0pod
• [USN-818-1] curl vulnerability, Kees Cook
• ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service, brad . antoniewicz
  • (Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service, dm
• Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBMA02448 SSRT061231 rev.1 - HP Network Node Manager (NNM) Remote Console Running on Windows, Local Execution of Arbitrary Code, Denial of Service (DoS), security-alert
• [ GLSA 200908-07 ] Perl Compress::Raw modules: Denial of Service, Alex Legler
• CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System, Kotas, Kevin J
• [ GLSA 200908-05 ] Subversion: Remote execution of arbitrary code, Alex Legler
• [ GLSA 200908-08 ] ISC DHCP: dhcpd Denial of Service, Alex Legler
• [ GLSA 200908-10 ] Dillo: User-assisted execution of arbitrary code, Alex Legler
• CA20090818-02: Security Notice for CA Internet Security Suite, Kotas, Kevin J
• [ GLSA 200908-09 ] DokuWiki: Local file inclusion, Alex Legler
• [ GLSA 200908-06 ] CDF: User-assisted execution of arbitrary code, Alex Legler
• CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability, CORE Security Technologies Advisories
• [SECURITY] [DSA 1868-1] New kde4libs packages fix several vulnerabilities, Steffen Joeris
• rPSA-2009-0118-1 mod_dav_svn subversion, rPath Update Announcements
• [SECURITY] [DSA 1867-1] New kdelibs packages fix several vulnerabilities, Steffen Joeris
• rPSA-2009-0119-1 apr apr-util, rPath Update Announcements
• [SECURITY] [DSA 1866-1] New kdegraphics packages fix several vulnerabilities, Steffen Joeris
• rPSA-2009-0121-1 kernel open-vm-tools, rPath Update Announcements
• ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability, ZDI Disclosures
• ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities, ZDI Disclosures
• [ MDVSA-2009:206 ] wget, security
• [USN-802-2] Apache regression, Marc Deslauriers
• Cisco Security Advisory: Firewall Services Module Crafted ICMP Message Vulnerability, Cisco Systems Product Security Incident Response Team
• Adobe Flex 3.3 SDK DOM-Based XSS, labs
• iDefense Security Advisory 08.11.09: Microsoft Office Web Components 2000 Buffer Overflow Vulnerability, iDefense Labs
• [SECURITY] [DSA 1869-1] New curl packages fix SSL certificate verification weakness, Nico Golde
• [ MDVSA-2009:207 ] perl-Compress-Raw-Bzip2, security
• [SECURITY] [DSA 1870-1] New pidgin packages fix arbitrary code execution, Nico Golde
• [Bkis-11-2009] ProShow Gold Buffer Overflow Vulnerabilities, Bkis
• [USN-809-1] GnuTLS vulnerabilities, Jamie Strandboge
• iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability, iDefense Labs
• [USN-820-1] Pidgin vulnerability, Marc Deslauriers
• Bypassing OWASP ESAPI XSS Protection inside Javascript, Inferno
  • RE: Bypassing OWASP ESAPI XSS Protection inside Javascript, Schmidt, Chris
• iDefense Security Advisory 08.11.09: Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability, iDefense Labs
• iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability, iDefense Labs
• t2?09 Challenge - Free Tickets Available, Tomi Tuominen
• SQL Injection vulnerabilities in Subdreamer CMS, itweb
  • <Possible follow-ups>
  • Re: SQL Injection vulnerabilities in Subdreamer CMS, ziad
• [ MDVSA-2009:208 ] libgadu, security
• [USN-817-1] Thunderbird vulnerabilities, Jamie Strandboge
• [ MDVSA-2009:209 ] java-1.6.0-openjdk, security
• [ MDVSA-2009:210 ] gnutls, security
• VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server, VMware Security team
• Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier, ryan . wessels
  • Re: Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier, Eloy Paris
• Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities, gamr-14
• Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability, hever
• DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome, MustLive
• FreeBSD <= 6.1 kqueue() NULL pointer dereference, Przemyslaw Frasunek
• Local Kernel Buffer Overflow vulnerability in Avast!, s . leberre
• [SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities, Steffen Joeris
• [ MDVSA-2009:211 ] expat, security
• Radvision's Scopia Cross Site Scripting Vulnerabilities, Francesco Bianchino
• [ MDVSA-2009:212 ] python, security
  • <Possible follow-ups>
  • [ MDVSA-2009:212 ] python, security
• CoolPreviews - Firefox Extension - Chrome Privileged Code Injection, Roberto Suggi Liverani
• [ MDVSA-2009:213 ] wxgtk, security
  • <Possible follow-ups>
  • [ MDVSA-2009:213 ] wxgtk, security
• WM Downloader (.Smi/ .Ram/ .pls/ .smil/ .wax/ .wpl File) Local Buffer Overflow Exploit, the_3dit0r
• [ MDVSA-2009:214 ] python-celementtree, security
• [ MDVSA-2009:215 ] audacity, security
• [ MDVSA-2009:216 ] mozilla-thunderbird, security
• [ MDVSA-2009:217 ] mozilla-thunderbird, security
• Feed Sidebar Firefox Extension - Privileged Code Injection, Nick Freeman
• ScribeFire Firefox Extension - Privileged Code Injection, Nick Freeman
• WizzRSS Firefox Extension - Privileged Code Injection, Nick Freeman
• AiO ( All into One) Flash Mixer 3 (.afp File) Crash Vulnerability Exploit, the_3dit0r
• FLIP Flash Album Deluxe 1.8.407.1 (.fft File) Crash Vulnerability Exploit, the_3dit0r
• Update Scanner - Firefox Extension - Chrome Privileged Code Injection, Roberto Suggi Liverani
• DoS vulnerability in Google Chrome, MustLive
  • <Possible follow-ups>
  • RE: DoS vulnerability in Google Chrome, advisories
    • Re: DoS vulnerability in Google Chrome, MustLive
  • Re: DoS vulnerability in Google Chrome, advisories
• Packet Storm is back online., Packet Storm
• [ MDVSA-2009:218 ] w3c-libwww, security
• [ MDVSA-2009:219 ] kompozer, security
• [SECURITY] [DSA 1872-1] New Linux 2.6.18 packages fix several vulnerabilities, dann frazier
• rPSA-2009-0122-1 idle python, rPath Update Announcements
• [USN-822-1] KDE-Libs vulnerabilities, Marc Deslauriers
• [ MDVSA-2009:220 ] davfs, security
• rPSA-2009-0124-1 curl, rPath Update Announcements
• [USN-823-1] KDE-Graphics vulnerabilities, Marc Deslauriers
• rPSA-2009-0123-1 apr-util, rPath Update Announcements
• [USN-824-1] PHP vulnerability, Marc Deslauriers
• [USN-825-1] libvorbis vulnerability, Marc Deslauriers
• [ MDVSA-2009:221 ] libneon0.27, security
• Xerox WorkCentre multiple models Denial of Service, Henri Lindberg - Smilehouse Oy
• CONFidence 2009, November, CfP, Andrzej Targosz
• EesySec Personal Firewall Remote Buffer Overflow Exploit, the_3dit0r
• Re: [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage, phcoder
• [security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS), security-alert
• HyperVM File Permissions Local Vulnerability, XiaShing
• [SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution, Florian Weimer
• iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability, iDefense Labs
• Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC, David Litchfield
• Bypassing DBMS_ASSERT in certain situations, David Litchfield
• Oracle 11g (11.1.0.6) Password Policy and Compliance, David Litchfield
• H4RDW4RE presentations updated, Thor (Hammer of God)
  • RE: H4RDW4RE presentations updated, Thor (Hammer of God)
• [PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability, Valery Marchuk
• Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• [MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9, Andrew Horton
• [SECURITY] [DSA 1873-1] New xulrunner packages fix spoofing vulnerabilities, Moritz Muehlenhoff
• [SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities, Moritz Muehlenhoff
• [USN-826-1] Mono vulnerabilities, Marc Deslauriers
• [SECURITY] [DSA 1871-2] New wordpress packages fix regression, Steffen Joeris
• Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter, Shatter
• Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon, MustLive
• [ MDVSA-2009:222 ] squirrelmail, security
• [ MDVSA-2009:223 ] xerces-c, security