Mail Thread Index
- [ MDVSA-2009:224 ] postfix,
security
- Writeup by Amit Klein (Trusteer): "Google Chrome 3.0 (Beta) Math.random vulnerability",
Amit Klein
- Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture,
Ramon de Carvalho Valle
- Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows,
Stefan Kanthak
- [SECURITY] [DSA 1875-1] New ikiwiki packages fix information disclosure,
Moritz Muehlenhoff
- VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0,
VMware Security team
- Norman Internet Update Deamon sends cleartext license key on update,
Stefan Bauer
- Pwning Opera Unite with Inferno's Eleven,
Inferno
- SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console,
Johannes Greil
- Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow,
Secunia Research
- Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow,
Secunia Research
- [BMSA-2009-06] Remote code execution in BKAV eOffice,
Nam Nguyen
- [ MDVSA-2009:197 ] nss,
security
- [SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution,
Florian Weimer
- [USN-827-1] Dnsmasq vulnerabilities,
Jamie Strandboge
- [USN-810-2] NSS regression,
Kees Cook
- Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday,
Thierry Zoller
- [ADVISORY] NetCache URL DoS - Argentinian ISP,
Arturo 'Buanzo' Busleiman
- International Hacking & Security Conference "POC2009" and Call for Paper,
pocadm
- [SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code execution,
Sebastien Delafond
- [SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution,
Florian Weimer
- FRHACK OS v1 alpha1 released,
Jerome Athias
- FRHACK ITSec Conf DVDs and Live Streams,
Jerome Athias
- New Bug Found By Ostoure Sazan Sharif,
ostoure . sazan
- AST-2009-006: IAX2 Call Number Resource Exhaustion,
Asterisk Security Team
- Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion"),
Kingcope
- DvBBS v2.0(PHP) boardrule.php Sql injection,
info
- [SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution,
Nico Golde
- Re: [TZO-08-2009] Bitdefender generic bypass/evasion,
noloader
- yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities,
Akita Software Security
- [ GLSA 200909-01 ] Linux-PAM: Privilege escalation,
Alex Legler
- [ GLSA 200909-02 ] libvorbis: User-assisted execution of arbitrary code,
Alex Legler
- Secunia Research: VMWare VMnc Codec Mismatched Dimensions Buffer Overflow,
Secunia Research
- [oCERT-2009-013] yTNEF/Evolution TNEF attachment decoder input sanitization errors,
Andrea Barisani
- VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.,
VMware Security team
- [SECURITY] [DSA 1881-1] New cyrus-imapd packages fix arbitrary code execution,
Nico Golde
- Various Orion application application server example pages are vulnerable to XSS.,
info
- Novell eDirectory 8.8 SP5 Dhost Http Server DoS,
karakorsankara
- [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation,
Marc Ruef
- [ MDVSA-2009:225 ] qt4,
security
- Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD,
Reversemode
- MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago,
Juha-Matti Laurio
- ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability,
ZDI Disclosures
- [USN-828-1] PAM vulnerability,
Kees Cook
- Open Beta - New Free AV Software,
Alfred Huger
- Re: DoS vulnerability in Google Chrome,
MustLive
- TCP/IP Orphaned Connections Vulnerability,
Fabian Yamaguchi
- [Advisory] ChartDirector Critical File Access,
DokFLeed
- Multiple RDP Connections BSOD DOS,
Tim Medin
- SeacureIT Preview Conference 2009,
Stefano Zanero
- [ GLSA 200909-03 ] Apache Portable Runtime, APR Utility Library: Execution of arbitrary code,
Alex Legler
- [ GLSA 200909-04 ] Clam AntiVirus: Multiple vulnerabilities,
Alex Legler
- 4f: The File Format Fuzzing Framework,
Krakow Labs
- [ GLSA 200909-05 ] Openswan: Denial of Service,
Alex Legler
- [ GLSA 200909-06 ] aMule: Parameter injection,
Alex Legler
- [ GLSA 200909-07 ] TkMan: Insecure temporary file usage,
Alex Legler
- [ GLSA 200909-08 ] C* music player: Insecure temporary file usage,
Alex Legler
- [ GLSA 200909-09 ] Screenie: Insecure temporary file usage,
Alex Legler
- [ GLSA 200909-10 ] LMBench: Insecure temporary file usage,
Alex Legler
- [ GLSA 200909-11 ] GCC-XML: Insecure temporary file usage,
Alex Legler
- [SECURITY] [DSA 1882-1] New xapian-omega packages fix cross-site scripting,
Nico Golde
- SMB SRV2.SYS Denial of Service PoC,
igottabug
- CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server,
CORE Security Technologies Advisories
- [ MDVSA-2009:226 ] aria2,
security
- Nullam Blog Multiple Remote Vulnerabilities,
Salvatore Fresta aka Drosophila
- [SECURITY] [DSA 1883-1] New nagios2 packages fix several cross-site scriptings,
Steffen Joeris
- SecurityTubeCon CFP, Venue: Cyberspace!,
Vivek Ramachandran
- [ MDVSA-2009:226 ] freeradius,
security
- T-HTB Manager Mutiple Blind SQL Injection,
Salvatore Fresta aka Drosophila
- [USN-821-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability,
ZDI Disclosures
- ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability,
ZDI Disclosures
- [USN-829-1] Qt vulnerability,
Jamie Strandboge
- [SECURITY] [DSA 1878-2] New devscripts packages fix regressions,
Florian Weimer
- [ MDVSA-2009:229 ] cyrus-imapd,
security
- Siemens Gigaset SE361 Wlan - Remote Reboot,
crashbrz
- Regular Expression Denial of Service,
Alex Roichman
- [ MDVSA-2009:230 ] pidgin,
security
- iphone email client does not validate ssl certificates,
Bill Borskey
- [ MDVSA-2009:231 ] htmldoc,
security
- ShmooCon 2010 CFP,
Bruce Potter
- [ MDVSA-2009:228 ] libneon,
security
- [ MDVSA-2009:197-2 ] nss,
security
- [ MDVSA-2009:232 ] libsamplerate,
security
- vBulletin 3.8.2 Denial of Service Exploit,
snip3r ir4Q
- nullcon Goa 2010 Call For Papers,
nullcon nullcon
- [ GLSA 200909-12 ] HTMLDOC: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 200909-13 ] irssi: Execution of arbitrary code,
Alex Legler
- [ GLSA 200909-14 ] Horde: Multiple vulnerabilities,
Alex Legler
- [ GLSA 200909-15 ] Lynx: Arbitrary command execution,
Alex Legler
- War FTP Daemon Remote Denial Of Service Vulnerability,
Jarle Aase
- Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference,
Przemyslaw Frasunek
- [ GLSA 200909-16 ] Wireshark: Denial of Service,
Tobias Heinlein
- [ GLSA 200909-17 ] ZNC: Directory traversal,
Tobias Heinlein
- [SECURITY] [DSA 1883-2] New nagios2 packages fix regression,
Steffen Joeris
- [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability,
adv
- [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution,
Nico Golde
- [SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1886-1] New iceweasel packages fix several vulnerabilities,
Moritz Muehlenhoff
- [USN-831-1] OpenEXR vulnerabilities,
Marc Deslauriers
- [USN-830-1] OpenSSL vulnerability,
Marc Deslauriers
- [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow,
Tobias Klein
- [ MDVSA-2009:233 ] kernel,
security
- Local privilege escalation vulnerability in Protector Plus Antivirus (Proland Software),
ss_contacts
- [ MDVSA-2009:234-1 ] silc-toolkit,
security
- [ MDVSA-2009:235 ] silc-toolkit,
security
- [ MDVSA-2009:234 ] silc-toolkit,
security
- [SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting,
Steffen Joeris
- 3rd party patch for XP for MS09-048?,
Aras \"Russ\" Memisyazici
- Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point,
Yossi Yakubov
- [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures,
Moritz Muehlenhoff
- [security bulletin] HPSBUX02458 SSRT090104 rev.1 - HP-UX Running bootpd, Remote Denial of Service (DoS),
security-alert
- Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more,
Inferno
- ANNOUNCE: RFIDIOt release - v0.z - 16th September, 2009,
Adam Laurie
- Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793),
Julien TINNES
- [SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence parsing,
Moritz Muehlenhoff
- [USN-832-1] FreeRADIUS vulnerability,
Marc Deslauriers
- nginx internal DNS cache poisoning,
Matthew Dempsky
- Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX stack overflow exploit,
Sebastian Wolfgarten
- SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities,
Stefan Streichsbier
- Peiter "Mudge" Zatko petition to be named U.S. Cybersecurity Chief,
The Sp3ctacle
- Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs),
Adrian P
- [USN-833-1] KDE-Libs vulnerability,
Jamie Strandboge
- [security bulletin] HPSBST02459 SSRT080134 rev.2 - HP StorageWorks Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders, Denial of Service (DoS),
security-alert
- Advisory 01/2009: Horde_Form_Type_image Arbitrary File Overwrite Vulnerability,
Stefan Esser
- [ GLSA 200909-18 ] nginx: Remote execution of arbitrary code,
Alex Legler
- Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200),
Marc Heuse
- [ GLSA 200909-19 ] Dnsmasq: Multiple vulnerabilities,
Alex Legler
- Mambo 4.6.3 arbitrary file upload,
Paweł Łaskarzewski
- Dawaween V 1.03 <<----SQL Injection Exploit,
Dazz . band
- rubrique 'rubrique.php' SQL Injection Vulnerability,
CrAzY_CrAcKeR
- [ MDVSA-2009:236 ] firefox,
security
- [SECURITY] [DSA 1890-1] New wxwidgets packages fix arbitrary code execution,
Steffen Joeris
- [scip_Advisory 4020] Check Point Connectra R62 Login Script Injection Vulnerability,
Stefan Friedli
- [UPRSN] Ubuntu Privacy Remix 9.04r2 fixes security issues,
Ubuntu Privacy Remix Team
- [USN-834-1] PostgreSQL vulnerabilities,
Jamie Strandboge
- [ MDVSA-2009:237 ] openssl,
security
- [Suspected Spam][USN-835-1] neon vulnerabilities,
Kees Cook
- [ MDVSA-2009:238 ] openssl,
security
- [security bulletin] HPSBGN02441 SSRT090082 rev.1 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access,
security-alert
- ToorCon 11 Preliminary Lineup Announced!,
h1kari
- [MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues,
david
- [SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution,
Steffen Joeris
- [ MDVSA-2009:239 ] openssl,
security
- [ MDVSA-2009:240 ] apache,
security
- [ MDVSA-2009:241 ] squid,
security
- [security bulletin] HPSBUX02457 SSRT090174 rev.1 - HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access,
security-alert
- [ MDVSA-2009:242-1 ] dovecot,
security
- [ MDVSA-2009:242 ] dovecot,
security
- [ MDVSA-2009:243 ] freetype2,
security
- [DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities,
research
- nginx - low risk webdav destination bug,
Kingcope
- [USN-836-1] WebKit vulnerabilities,
Marc Deslauriers
- cour supreme 'index.php' SQL Injection & Local File Include Vulnerability,
CrAzY_CrAcKeR
- Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.,
contact . fingers
- [SECURITY] [DSA 1893-1] New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution,
Steffen Joeris
- Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2009:244 ] xfig,
security
- [SECURITY] [DSA 1892-1] New dovecot packages fix arbitrary code execution,
Steffen Joeris
- Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability,
Cisco Systems Product Security Incident Response Team
- ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability,
ZDI Disclosures
- [ MDVSA-2009:243-1 ] freetype2,
security
- [SECURITY] [DSA 1894-1] New newt packages fix arbitrary code execution,
Steffen Joeris
- [ MDVSA-2009:245 ] glib2.0,
security
- [USN-837-1] Newt vulnerability,
Marc Deslauriers
- Black Hat DC Call for Papers is now OPEN,
Jeff Moss
- Engeman - SQL Injection Vulnerability (vendor url erratum),
crashbrz
- Cross-Site Scripting vulnerability in E107,
MustLive
- Call for Participation - ACM Conference on Computer and Communications Security (CCS),
Christopher Kruegel
- [SECURITY] [DSA 1895-1] New xmltooling packages fix potential code execution,
Florian Weimer
- COMPENG 2010 - Extended Submission Deadline,
Federico Maggi
- Cisco ACE XML Gateway <= 6.0 Internal IP disclosure,
nitrØus
- Multiple Vulnerabilities,
Dr_IDE
- [ GLSA 200909-20 ] cURL: Certificate validation error,
Alex Legler
- [ MDVSA-2009:246 ] php,
security
- [ MDVSA-2009:247 ] php,
security
- [ MDVSA-2009:248 ] php,
security
- [MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure,
David Vieira-Kurz
- (edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods,
Alexandr Polyakov
- [SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution,
Nico Golde
- [MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure,
David Vieira-Kurz
- [USN-838-1] Dovecot vulnerabilities,
Marc Deslauriers
- [ MDVSA-2009:249 ] newt,
security
- Local privilege escalation vulnerability in Trustport security software,
ss_contacts
- [DSECRG-09-043] SAP GUI 7.1 Insecure Method,
Alexandr Polyakov
- Vulnerabilities in E107,
MustLive
- [SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution,
Florian Weimer
- [security bulletin] HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access,
security-alert
- Cross-Site Scripting vulnerability in eCaptcha,
MustLive
- WinRAR v3.80 - ZIP Filename Spoofing,
chr1x
- Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges,
nospam
- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution,
Giuseppe Fuggiano
Mail converted by MHonArc