Mail Index
- [ MDVSA-2009:224 ] postfix
- Writeup by Amit Klein (Trusteer): "Google Chrome 3.0 (Beta) Math.random vulnerability"
- Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture
- From: Ramon de Carvalho Valle
- Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
- [SECURITY] [DSA 1875-1] New ikiwiki packages fix information disclosure
- VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0
- From: VMware Security team
- Norman Internet Update Deamon sends cleartext license key on update
- Pwning Opera Unite with Inferno's Eleven
- SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console
- Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow
- Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow
- [BMSA-2009-06] Remote code execution in BKAV eOffice
- [ MDVSA-2009:197 ] nss
- [SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution
- Re: Norman Internet Update Deamon sends cleartext license key on update
- [USN-827-1] Dnsmasq vulnerabilities
- Re[2]: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
- From: Vladimir '3APA3A' Dubrovin
- [USN-810-2] NSS regression
- Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
- Re[2]: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
- From: Vladimir '3APA3A' Dubrovin
- [ADVISORY] NetCache URL DoS - Argentinian ISP
- From: Arturo 'Buanzo' Busleiman
- Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
- Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
- International Hacking & Security Conference "POC2009" and Call for Paper
- [SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code execution
- [SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution
- FRHACK OS v1 alpha1 released
- FRHACK ITSec Conf DVDs and Live Streams
- New Bug Found By Ostoure Sazan Sharif
- AST-2009-006: IAX2 Call Number Resource Exhaustion
- From: Asterisk Security Team
- Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")
- DvBBS v2.0(PHP) boardrule.php Sql injection
- [SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution
- Re: FRHACK OS v1 alpha1 released
- Re: [TZO-08-2009] Bitdefender generic bypass/evasion
- yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities
- From: Akita Software Security
- [ GLSA 200909-01 ] Linux-PAM: Privilege escalation
- [ GLSA 200909-02 ] libvorbis: User-assisted execution of arbitrary code
- Secunia Research: VMWare VMnc Codec Mismatched Dimensions Buffer Overflow
- [oCERT-2009-013] yTNEF/Evolution TNEF attachment decoder input sanitization errors
- VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.
- From: VMware Security team
- [SECURITY] [DSA 1881-1] New cyrus-imapd packages fix arbitrary code execution
- Various Orion application application server example pages are vulnerable to XSS.
- Novell eDirectory 8.8 SP5 Dhost Http Server DoS
- [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation
- Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
- [ MDVSA-2009:225 ] qt4
- Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD
- MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago
- ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
- [USN-828-1] PAM vulnerability
- Open Beta - New Free AV Software
- Re: DoS vulnerability in Google Chrome
- TCP/IP Orphaned Connections Vulnerability
- [Advisory] ChartDirector Critical File Access
- Multiple RDP Connections BSOD DOS
- SeacureIT Preview Conference 2009
- [ GLSA 200909-03 ] Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
- [ GLSA 200909-04 ] Clam AntiVirus: Multiple vulnerabilities
- 4f: The File Format Fuzzing Framework
- [ GLSA 200909-05 ] Openswan: Denial of Service
- [ GLSA 200909-06 ] aMule: Parameter injection
- Re: MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago
- [ GLSA 200909-07 ] TkMan: Insecure temporary file usage
- [ GLSA 200909-08 ] C* music player: Insecure temporary file usage
- [ GLSA 200909-09 ] Screenie: Insecure temporary file usage
- [ GLSA 200909-10 ] LMBench: Insecure temporary file usage
- [ GLSA 200909-11 ] GCC-XML: Insecure temporary file usage
- [SECURITY] [DSA 1882-1] New xapian-omega packages fix cross-site scripting
- SMB SRV2.SYS Denial of Service PoC
- CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
- From: CORE Security Technologies Advisories
- [ MDVSA-2009:226 ] aria2
- Re: Multiple RDP Connections BSOD DOS
- RE: MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago
- Re: Re: Multiple RDP Connections BSOD DOS
- Re: Multiple RDP Connections BSOD DOS
- RE: Re: Multiple RDP Connections BSOD DOS
- From: Earnhart, Benjamin J
- Nullam Blog Multiple Remote Vulnerabilities
- From: Salvatore Fresta aka Drosophila
- Re: Multiple RDP Connections BSOD DOS
- [SECURITY] [DSA 1883-1] New nagios2 packages fix several cross-site scriptings
- SecurityTubeCon CFP, Venue: Cyberspace!
- [ MDVSA-2009:226 ] freeradius
- T-HTB Manager Mutiple Blind SQL Injection
- From: Salvatore Fresta aka Drosophila
- [USN-821-1] Firefox and Xulrunner vulnerabilities
- ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability
- ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability
- ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
- [USN-829-1] Qt vulnerability
- [SECURITY] [DSA 1878-2] New devscripts packages fix regressions
- [ MDVSA-2009:229 ] cyrus-imapd
- Siemens Gigaset SE361 Wlan - Remote Reboot
- Regular Expression Denial of Service
- [ MDVSA-2009:230 ] pidgin
- Re: Regular Expression Denial of Service
- iphone email client does not validate ssl certificates
- [ MDVSA-2009:231 ] htmldoc
- ShmooCon 2010 CFP
- [ MDVSA-2009:228 ] libneon
- Re[2]: Regular Expression Denial of Service
- [ MDVSA-2009:197-2 ] nss
- [ MDVSA-2009:232 ] libsamplerate
- Re: Regular Expression Denial of Service
- Re: Re[2]: Regular Expression Denial of Service
- vBulletin 3.8.2 Denial of Service Exploit
- nullcon Goa 2010 Call For Papers
- [ GLSA 200909-12 ] HTMLDOC: User-assisted execution of arbitrary code
- [ GLSA 200909-13 ] irssi: Execution of arbitrary code
- [ GLSA 200909-14 ] Horde: Multiple vulnerabilities
- [ GLSA 200909-15 ] Lynx: Arbitrary command execution
- War FTP Daemon Remote Denial Of Service Vulnerability
- Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference
- From: Przemyslaw Frasunek
- Re: Regular Expression Denial of Service
- [ GLSA 200909-16 ] Wireshark: Denial of Service
- [ GLSA 200909-17 ] ZNC: Directory traversal
- Re: Regular Expression Denial of Service
- [SECURITY] [DSA 1883-2] New nagios2 packages fix regression
- [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability
- [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
- [SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities
- [SECURITY] [DSA 1886-1] New iceweasel packages fix several vulnerabilities
- [USN-831-1] OpenEXR vulnerabilities
- [USN-830-1] OpenSSL vulnerability
- [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow
- [ MDVSA-2009:233 ] kernel
- Local privilege escalation vulnerability in Protector Plus Antivirus (Proland Software)
- [ MDVSA-2009:234-1 ] silc-toolkit
- [ MDVSA-2009:235 ] silc-toolkit
- [ MDVSA-2009:234 ] silc-toolkit
- [SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting
- 3rd party patch for XP for MS09-048?
- From: Aras \"Russ\" Memisyazici
- Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
- Re: Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- Re: Re: 3rd party patch for XP for MS09-048?
- From: Elizabeth . a . greene
- [security bulletin] HPSBUX02458 SSRT090104 rev.1 - HP-UX Running bootpd, Remote Denial of Service (DoS)
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- From: Thor (Hammer of God)
- Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more
- ANNOUNCE: RFIDIOt release - v0.z - 16th September, 2009
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- From: Thor (Hammer of God)
- Re: 3rd party patch for XP for MS09-048?
- Re: 3rd party patch for XP for MS09-048?
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- From: Thor (Hammer of God)
- Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793)
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- From: Thor (Hammer of God)
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- [SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence parsing
- Re: 3rd party patch for XP for MS09-048?
- [USN-832-1] FreeRADIUS vulnerability
- Re: 3rd party patch for XP for MS09-048?
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- nginx internal DNS cache poisoning
- Re: nginx internal DNS cache poisoning
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
- From: Aras \"Russ\" Memisyazici
- Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX stack overflow exploit
- From: Sebastian Wolfgarten
- SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities
- From: Stefan Streichsbier
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- Peiter "Mudge" Zatko petition to be named U.S. Cybersecurity Chief
- Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs)
- [USN-833-1] KDE-Libs vulnerability
- [security bulletin] HPSBST02459 SSRT080134 rev.2 - HP StorageWorks Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders, Denial of Service (DoS)
- Advisory 01/2009: Horde_Form_Type_image Arbitrary File Overwrite Vulnerability
- [ GLSA 200909-18 ] nginx: Remote execution of arbitrary code
- Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
- [ GLSA 200909-19 ] Dnsmasq: Multiple vulnerabilities
- Mambo 4.6.3 arbitrary file upload
- Dawaween V 1.03 <<----SQL Injection Exploit
- rubrique 'rubrique.php' SQL Injection Vulnerability
- [ MDVSA-2009:236 ] firefox
- [SECURITY] [DSA 1890-1] New wxwidgets packages fix arbitrary code execution
- [scip_Advisory 4020] Check Point Connectra R62 Login Script Injection Vulnerability
- [UPRSN] Ubuntu Privacy Remix 9.04r2 fixes security issues
- From: Ubuntu Privacy Remix Team
- [USN-834-1] PostgreSQL vulnerabilities
- [ MDVSA-2009:237 ] openssl
- [Suspected Spam][USN-835-1] neon vulnerabilities
- [ MDVSA-2009:238 ] openssl
- [security bulletin] HPSBGN02441 SSRT090082 rev.1 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access
- ToorCon 11 Preliminary Lineup Announced!
- [MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues
- [SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution
- [ MDVSA-2009:239 ] openssl
- [ MDVSA-2009:240 ] apache
- [ MDVSA-2009:241 ] squid
- [security bulletin] HPSBUX02457 SSRT090174 rev.1 - HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access
- [ MDVSA-2009:242-1 ] dovecot
- [ MDVSA-2009:242 ] dovecot
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- From: Mailing lists at Core Security Technologies
- [ MDVSA-2009:243 ] freetype2
- [DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities
- nginx - low risk webdav destination bug
- [USN-836-1] WebKit vulnerabilities
- cour supreme 'index.php' SQL Injection & Local File Include Vulnerability
- Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.
- [SECURITY] [DSA 1893-1] New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution
- Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2009:244 ] xfig
- [SECURITY] [DSA 1892-1] New dovecot packages fix arbitrary code execution
- Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability
- [ MDVSA-2009:243-1 ] freetype2
- [SECURITY] [DSA 1894-1] New newt packages fix arbitrary code execution
- [ MDVSA-2009:245 ] glib2.0
- [USN-837-1] Newt vulnerability
- Black Hat DC Call for Papers is now OPEN
- Engeman - SQL Injection Vulnerability (vendor url erratum)
- Cross-Site Scripting vulnerability in E107
- Call for Participation - ACM Conference on Computer and Communications Security (CCS)
- From: Christopher Kruegel
- [SECURITY] [DSA 1895-1] New xmltooling packages fix potential code execution
- COMPENG 2010 - Extended Submission Deadline
- Cisco ACE XML Gateway <= 6.0 Internal IP disclosure
- Multiple Vulnerabilities
- [ GLSA 200909-20 ] cURL: Certificate validation error
- [ MDVSA-2009:246 ] php
- [ MDVSA-2009:247 ] php
- [ MDVSA-2009:248 ] php
- Re: iphone email client does not validate ssl certificates
- [MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure
- (edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods
- [SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution
- Re: Regular Expression Denial of Service
- [MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure
- [USN-838-1] Dovecot vulnerabilities
- [ MDVSA-2009:249 ] newt
- Local privilege escalation vulnerability in Trustport security software
- [DSECRG-09-043] SAP GUI 7.1 Insecure Method
- Vulnerabilities in E107
- [SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution
- Multiple Vulnerabilities
- [security bulletin] HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access
- Cross-Site Scripting vulnerability in eCaptcha
- WinRAR v3.80 - ZIP Filename Spoofing
- Re: iphone email client does not validate ssl certificates
- Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges
- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution
Mail converted by MHonArc