Mail Thread Index

• Date Index

• MD5 hash extension attack breaks API authentication of Flickr and others, Juliano Rizzo
• C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness, Eyal Udassin
• [ MDVSA-2009:176 ] postgresql, security
• [ MDVSA-2009:177 ] postgresql, security
• [ MDVSA-2009:178 ] perl-IO-Socket-SSL, security
• THOTCON 0x1 - Call For Papers is Open -> October 1, 2009, THOTCON Announce
• {PRL} Novell Edirectory 8.8 SP5 XSS, Protek Research Lab
• {PRL} Cerberus FTP server 3.0.6 Pre-Auth DoS, Protek Research Lab
• [ MDVSA-2009:253 ] backuppc, security
• ZDI-09-067: Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability, ZDI Disclosures
• [ MDVSA-2009:254 ] graphviz, security
• Rooted CON 2010 - CFP, Roman Medina-Heigl Hernandez
• [USN-839-1] Samba vulnerabilities, Marc Deslauriers
• [USN-840-1] OpenOffice.org vulnerabilities, Jamie Strandboge
• google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (IE), nospam
• VMSA-2009-0013 VMware Fusion resolves two security issues, VMware Security team
  • Re: VMSA-2009-0013 VMware Fusion resolves two security issues, mu-b
• [SECURITY] [DSA 1898-1] New openswan packages fix denial of service, Florian Weimer
• [SECURITY] [DSA 1900-1] New PostgreSQL packages fix various problems, Florian Weimer
• [SECURITY] [DSA 1899-1] New strongswan packages fix denial of service, Florian Weimer
• FreeBSD Security Advisory FreeBSD-SA-09:14.devfs, FreeBSD Security Advisories
• [ MDVSA-2009:255 ] perl-DBD-Pg, security
• FreeBSD Security Advisory FreeBSD-SA-09:13.pipe, FreeBSD Security Advisories
• [security bulletin] HPSBUX02421 SSRT090047 rev.2 - HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• CORE-2009-0812-Hyperic HQ Multiple XSS, CORE Security Technologies Advisories
• Palm Pre WebOS <=1.1 Remote File Access Vulnerability, PalmPreHacker
• [SECURITY] [DSA 1901-1] New mediawiki1.7 packages fix several vulnerabilities, Giuseppe Iuculano
• [oCERT-2009-014] Android denial-of-service issues, Andrea Barisani
• CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace, SpringSource Security Team
• CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list, SpringSource Security Team
• [SECURITY] [DSA 1902-1] New elinks packages fix arbitrary code execution, Moritz Muehlenhoff
• [USN-841-1] GLib vulnerability, Kees Cook
• FRHACK01 Slides are online, Jerome Athias
  • Re: FRHACK01 Slides are online, Jerome Athias
• Re: Cross-Site Scripting vulnerability in eCaptcha, code
• AlleyCode SEH overflow POC&#8207;&#8207;, rafa . de . sousa
• Re: WinRAR v3.80 - ZIP Filename Spoofing, chris . levny
• [Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic, admin
• [Advisory]PBBoard <=2.0.2 Full Path Disclosure, admin
• [USN-842-1] Wget vulnerability, Marc Deslauriers
• Dopewars 1.5.12 Server Denial of Service, dougtko
• CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application, CORE Security Technologies Advisories
• [USN-843-1] BackupPC vulnerability, Marc Deslauriers
• [ MDVSA-2009:257 ] qemu, security
• [ MDVSA-2009:256 ] dbus, security
• {PRL} XLPD 3.0 Remote DoS, Protek Research Lab
• Remote File Inclusion In AIOCP, hadikiamarsi
• BulletProof FTP Client Buffer Overflow (SEH), rafa . de . sousa
• [security bulletin] HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS), security-alert
• [ MDVSA-2009:258 ] openssl, security
• [DSECRG-09-017] SAP GUI vsflexGrid ActiveX - Buffer Overflow vulnerability, DSecRG
• [SECURITY] [DSA 1903-1] New graphicsmagick packages fix several vulnerabilities, Giuseppe Iuculano
• [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities, DSecRG
• iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability, iDefense Labs
• DreamPoll 3.1 Vulnerabilities, mark
• [ MDVSA-2009:259 ] snort, security
• Remote buffer overflow in httpdx, pankaj208
  • <Possible follow-ups>
  • Re: Remote buffer overflow in httpdx, dr_ide
  • Re: Re: Remote buffer overflow in httpdx, pankaj208
• BMW 'inventory.php"<= SQL Injection Vulnerability, Dazz . band
• [USN-844-1] mimeTeX vulnerabilities, Marc Deslauriers
• [USN-845-1] Pan vulnerability, Marc Deslauriers
• [ MDVSA-2009:217-1 ] mozilla-thunderbird, security
• [ MDVSA-2009:217-2 ] mozilla-thunderbird, security
• FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit, Przemyslaw Frasunek
• FreeBSD 7.2 VFS/devfs race condition exploit, Przemyslaw Frasunek
• WASC Announcement: Announcing the Web Application Security Scanner Evaluation Criteria v1, announcements
• vBulletin - Multiple Versions - Cross Site Script Redirection, advisories
• [USN-846-1] ICU vulnerability, Jamie Strandboge
• QuickCart Multiple vlunerabilities, Paweł Łaskarzewski
• [ MDVSA-2009:261 ] graphicsmagick, security
• [USN-847-1] Devscripts vulnerability, Jamie Strandboge
• CA20091008-01: Security Notice for CA Anti-Virus Engine, Williams, James K
• [USN-847-2] devscripts vulnerability, Jamie Strandboge
• [ MDVSA-2009:260 ] imagemagick, security
• Docebo Multiple SQL-Injection Vulnerabilities, Andrea Fabrizi
• [ MDVSA-2009:262 ] netpbm, security
• [SECURITY] [DSA 1904-1] New wget packages fix SSL certificate verification weakness, Giuseppe Iuculano
• [ MDVSA-2009:263 ] sympa, security
• [ MDVSA-2009:265 ] egroupware, security
• [ MDVSA-2009:264 ] gd, security
• [SECURITY] [DSA 1895-2] New opensaml2 and shibboleth-sp2 packages fix regression, Florian Weimer
• [ MDVSA-2009:266 ] awstats, security
• [ MDVSA-2009:275 ] python-django, security
• [G-SEC 46-2009] Computer Associates multiple products arbritary code execution, Thierry Zoller
• [ MDVSA-2009:267 ] xmlsec1, security
• [SECURITY] [DSA 1905-1] New python-django packages fix denial of service, Nico Golde
• [SECURITY] [DSA 1906-1] End-of-life announcement for clamav in stable and oldstable, Steffen Joeris
• DEDECMS v5.1 Sql Injection Vulnerability, info
• [ MDVSA-2009:268 ] mono, security
• [ MDVSA-2009:269 ] mono, security
• [ MDVSA-2009:271 ] libnasl, security
• [ MDVSA-2009:270 ] wireshark, security
• [ MDVSA-2009:272 ] libmikmod, security
• [ MDVSA-2009:273 ] strongswan, security
• Quick Heal Local Privilege Escalation Vulnerability, ss_contacts
• Palm Pre WebOS version <= 1.1 Floating Point Exception, PalmPreHacker
• [SECURITY] [DSA 1907-1] New kvm packages fix several vulnerabilities, Giuseppe Iuculano
• [ MDVSA-2009:274 ] phpmyadmin, security
• [BONSAI] SQL Injection in Achievo, Bonsai - Information Security
• [BONSAI] XSS in Achievo - Customized XSS payload included, Bonsai - Information Security
• [ MDVSA-2009:276 ] python-django, security
• ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability, ZDI Disclosures
• iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability, iDefense Labs
• ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability, ZDI Disclosures
• ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability, ZDI Disclosures
• ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability, ZDI Disclosures
• ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability, ZDI Disclosures
• iDefense Security Advisory 10.13.09: Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability, iDefense Labs
• iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability, iDefense Labs
• iDefense Security Advisory 10.13.09: Microsoft Office Drawing Format Shape Properties Memory Corruption Vulnerability, iDefense Labs
• [SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities, Nico Golde
• Windows GDI+ TIFF memory corruption, Ivan Fratric
• Windows Media Audio Voice remote code execution, Ivan Fratric
• [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities, Michele Orru
• [AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS, Michele Orru
• [ MDVSA-2009:277 ] samba, security
• Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow, Secunia Research
• DEFCON London - DC4420 October 2009 Meet - This Thursday 15th, Major Malfunction
• Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• [USN-848-1] Zope vulnerabilities, Marc Deslauriers
• [ MDVSA-2009:278 ] compiz-fusion-plugins-main, security
• [SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping, Steffen Joeris
• [SECURITY] [DSA 1910-1] New mysql-ocaml packages provide secure escaping, Steffen Joeris
• [SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure escaping, Steffen Joeris
• Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities, Andrea Fabrizi
• [ MDVSA-2009:279 ] ocaml-mysql, security
• [USN-849-1] libsndfile vulnerabilities, Jamie Strandboge
• Re: Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit, support
• NSFOCUS SA2009-01 : UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability, NSFOCUS Security Team
• NSFOCUS SA2009-02 : IBM DB2 JDBC Applet Server Remote DoS Vulnerability, NSFOCUS Security Team
• NSFOCUS SA2009-03 : Windows Kernel Malformed PE File Remote DoS Vulnerability, NSFOCUS Security Team
• n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution, security
• [SECURITY] [DSA 1912-1] New camlimages fix arbitrary code execution, Steffen Joeris
• DWebPro allow an invader to execute any program at server side, rafa . de . sousa
• WASC Announcement: 2008 Web Application Security Statistics Published, announcements
• VMSA-2009-0014 VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues, VMware Security Team
• VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities, VUPEN Security Research
• CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections, Dragos Ruiu
• [SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection, Giuseppe Iuculano
• Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce., adam
• 3Com OfficeConnect Firewall/Router multiple remote Vulnerabilities, Andrea Fabrizi
• In-depth research on the recent PDF zero-day exploit (CVE-2009-3459), cocoruder
• Vulnerability in Zoiper softphone version 2.22 - Denial Of Service, Inj3ct0r.com
• McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords, foo
• phpcms 2008 Remote File Disclosure Vulnerability, info
• Overland Guardian OS CLI command line bug - let you get uid 0 shell, trompele
• [ MDVSA-2009:283 ] cups, security
• [CVE-2009-1479] Boxalino - Directory Traversal Vulnerability, Axel Neumann
• [ MDVSA-2009:281 ] cups, security
• [ MDVSA-2009:282 ] cups, security
• EMC RepliStor Server (rep_serv.exe) 6.3.1.3 remote denial of service, nospam
• South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges, nospam
• [ MDVSA-2009:280 ] cups, security
• [ MDVSA-2009:284 ] gd, security
• NSOADV-2009-002: Websense Email Security Web Administrator DoS, NSO Research
• NSOADV-2009-003: Websense Email Security Cross Site Scripting, NSO Research
  • RE: [Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting, Hubbard, Dan
• [ MDVSA-2009:285 ] php, security
• turbodiff v1.01 beta released, Nicolas A. Economou
• [ GLSA 200910-01 ] Wget: Certificate validation error, Alex Legler
• [USN-850-1] poppler vulnerabilities, Marc Deslauriers
• [ MDVSA-2009:286 ] ocaml-camlimages, security
• [waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1, come2waraxe
• Anonymous Remote Arbitrary Code Execution in Alien Arena 7.30, jason
• [USN-851-1] Elinks vulnerabilities, Jamie Strandboge
• TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities, Davide Canali
• [oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation, Will Drewry
• Call for Papers: Conference on Cyber Conflict, Estonia, k g
• Everfocus EDR1600 remote authentication bypass, Andrea Fabrizi
• [ MDVSA-2009:287 ] xpdf, security
• Avast! Multiple Vulnerabilities, ss_contacts
• {PRL} Eureka Mail client BoF, Protek Research Lab
• {PRL} Pegasus Mail client BoF, Protek Research Lab
• [ GLSA 200910-02 ] Pidgin: Multiple vulnerabilities, Tobias Heinlein
• [security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access, security-alert
• [security bulletin] HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access, security-alert
• [SECURITY] [DSA 1914-1] New mapserver packages fix serveral vulnerabilities, Nico Golde
• HP Quality Centre Weak password Obfuscation, jason
• [USN-850-2] poppler regression, Marc Deslauriers
• [SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities, dann frazier
• /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
  • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
          • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
            • Re: /proc filesystem allows bypassing directory permissions on Linux, Stephen Harris
              • Re: /proc filesystem allows bypassing directory permissions on Linux, Vincent Zweije
                • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                    • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
                      • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Jim Paris
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Marco Verschuur
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Marco Verschuur
                        • Message not available
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Jim Paris
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Marco Verschuur
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, Vincent Zweije
          • Re: /proc filesystem allows bypassing directory permissions on Linux, Joel Maslak
      • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
          • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
            • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
              • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
                • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                    • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
                      • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                        • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
              • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Derek Martin
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Ansgar Wiechers
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Derek Martin
          • Re: /proc filesystem allows bypassing directory permissions on Linux, CaT
  • Message not available
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Arturo 'Buanzo' Busleiman
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
          • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
            • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
            • Re: /proc filesystem allows bypassing directory permissions on Linux, Tamber Penketh
              • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
            • Re: /proc filesystem allows bypassing directory permissions on Linux, Glynn Clements
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Casper . Dik
          • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
            • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
              • Re: /proc filesystem allows bypassing directory permissions on Linux, Marco Verschuur
                • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, Marco Verschuur
                    • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                      • Re: /proc filesystem allows bypassing directory permissions on, Martin Rex
                        • Re: /proc filesystem allows bypassing directory permissions on, Pavel Machek
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Anton Ivanov
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
          • Re: /proc filesystem allows bypassing directory permissions on Linux, Anton Ivanov
            • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
              • Re: /proc filesystem allows bypassing directory permissions on Linux, Anton Ivanov
                • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, Anton Ivanov
                    • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
                  • Re: /proc filesystem allows bypassing directory permissions on Linux, Ivan Jager
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Klaus Lichtenwalder
  • Re: /proc filesystem allows bypassing directory permissions on Linux, Daryl Tester
  • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Kankovsky
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Kankovsky
  • Re: /proc filesystem allows bypassing directory permissions on Linux, Tony Finch
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Matthew Dempsky
      • Re: /proc filesystem allows bypassing directory permissions on Linux, Tony Finch
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Matthew Dempsky
        • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
          • Re: /proc filesystem allows bypassing directory permissions on Linux, Glynn Clements
    • Re: /proc filesystem allows bypassing directory permissions on Linux, psz
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
  • <Possible follow-ups>
  • Re: Re: /proc filesystem allows bypassing directory permissions on Linux, nomail
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Kinzel, David
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
      • Re: /proc filesystem allows bypassing directory permissions on Linux, CaT
        • Re: /proc filesystem allows bypassing directory permissions on Linux, Pavel Machek
          • Re: /proc filesystem allows bypassing directory permissions on Linux, CaT
  • Re: /proc filesystem allows bypassing directory permissions on Linux, Isara Beaumont
    • Re: /proc filesystem allows bypassing directory permissions on Linux, Dan Yefimov
• [ MDVSA-2009:288 ] proftpd, security
• [SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution, Steffen Joeris
• [SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness, Giuseppe Iuculano
• [SECURITY] [DSA 1917-1] New mimetex packages fix several vulnerabilities, Giuseppe Iuculano
• Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability, karakorsankara
• RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit, nospam
• SharePoint 2007 ASP.NET Source Code Disclosure, Daniel Martin
• squidGuard 1.3 & 1.4 : buffer overflow, majinboo
• Jetty 6.x and 7.x Multiple Vulnerabilities, ascii
• [SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities, Thijs Kinkhorst
• [SECURITY] [DSA 1919-1] New smarty packages fix several vulnerabilities, Thijs Kinkhorst
• [ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities, Alex Legler
• [DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection, DSecRG
• [SECURITY] [DSA-1920-1] New nginx packages fix denial of service, Stefan Fritsch
• Cherokee Web Server 0.5.4 Denial Of Service, usman
• AST-2009-007: ACL not respected on SIP INVITE, Asterisk Security Team
• Rising Multiple Products Local Privilege Escalation Vulnerability, ss_contacts
• {PRL} Rising Firewall 2009 Privilege Escalation, Protek Research Lab
• Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow., adam
• {PRL} Rising Antivirus 2009 Privilege Escalation, Protek Research Lab
• Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point, Robbie Gill
• [oCERT-2009-015] KDE multiple issues, Andrea Barisani
• [ MDVSA-2009:289 ] kernel, security
• PHP168 v6.0 rc, info
• Mariposa Botnet C&C decryption plugin for wireshark, megumi1990
• [G-SEC 47-2009] Symantec generic PDF detection bypass, Thierry Zoller
• Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability, Secunia Research
• [SECURITY] [DSA 1921-1] New expat packages fix denial of service, Giuseppe Iuculano
• [G-SEC 49-2009] McAfee generic PDF detection bypass, Thierry Zoller
• VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues, VMware Security Team
• Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation, Tavis Ormandy
• [G-SEC 48-2009] F-SECURE - Generic PDF detection bypass, Thierry Zoller
• Fwd: Wowd search client multiple variable xss, Lostmon lords
• ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability, ZDI Disclosures
• [SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities, Moritz Muehlenhoff
• iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability, iDefense Labs
• Hijacking Opera's Native Page using malicious RSS payloads, Inferno
• [ MDVSA-2009:290 ] firefox, security
• 2wire Remote Denial of Service, Pedro Joaquin
• SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008, Lists
• [SECURITY] [DSA 1923-1] New libhtml-parser-perl packages fix denial of service, Nico Golde
• com_jumi / jumi 2.0.5 for joomla 1.5 backdoored, Jan van Niekerk
• [ MDVSA-2009:291 ] jetty5, security
• CubeCart 4 Session Management Bypass, Bogdan Calin
• PSAtr v1.2 Sql Injection, info
• Windows Media Player Plugin: Local File Detection Vulnerability, renard-volant
• CVE-2009-1979 (Oracle RDBMS), Dennis Yurichev
• {PRL} My Remote File Server Privilege Escalation, Protek Research Lab