Mail Thread Index
- [SECURITY] [DSA-1953-2] New expat packages fix regression,
Stefan Fritsch
- [SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities,
Florian Weimer
- [USN-876-1] PostgreSQL vulnerabilities,
Jamie Strandboge
- Secunia Research: PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability,
Secunia Research
- Java vulnerability,
Paul
- Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!,
Stefan Kanthak
- WASC Announcement: WASC Threat Classification v2.0 Published,
announcements
- [ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities,
Alex Legler
- [ GLSA 201001-01 ] NTP: Denial of Service,
Stefan Behte
- httpdx webserver v1.5 Remote Source Disclosure,
info
- [Tool] DeepToad 1.1.0,
Joxean Koret
- Y2K10 spamassassin bug, 2010 year mails discared as spam,
Eduardo Romero
- SyScan'10 Call For Training (CFT),
organiser@xxxxxxxxxx
- REWTERZ-20100102 - Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability,
rewterz security team
- Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw,
Aditya K Sood
- REWTERZ-20100101 - n.player Local Heap Overflow Vulnerability,
rewterz security team
- REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability,
rewterz security team
- UPDATE: MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing,
Tom Yu
- Multiple vulnerabilities in LineWeb 1.0.5,
ign . sec
- [ MDVSA-2009:220-1 ] davfs,
security
- Re: Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow,
sales
- [ GLSA 201001-03 ] PHP: Multiple vulnerabilities,
Tobias Heinlein
- {PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS,
Protek Research Lab
- [USN-879-1] Kerberos vulnerability,
Kees Cook
- Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2,
bert hubert
- [TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!!,
Nelson Brito
- HTTP Digest Integrity: Another look, in light of recent attacks,
Timothy D. Morgan
- [SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion,
Giuseppe Iuculano
- FreeBSD Security Advisory FreeBSD-SA-10:01.bind,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd,
FreeBSD Security Advisories
- [SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting,
Steffen Joeris
- FreeBSD Security Advisory FreeBSD-SA-10:03.zfs,
FreeBSD Security Advisories
- [USN-880-1] GIMP vulnerabilities,
Marc Deslauriers
- VMSA-2010-0001 ESX Service Console updates for nss and nspr,
VMware Security team
- [ MDVSA-2009:300-1 ] apache-conf,
security
- [ MDVSA-2009:300-2 ] apache-conf,
security
- [SECURITY] [DSA 1967-1] New transmission packages fix directory traversal,
Moritz Muehlenhoff
- Security contact at Lexmark?,
Protek Research Lab
- ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability,
ZDI Disclosures
- [USN-877-1] Firefox 3.0 and Xulrunner 1.9 regression,
Jamie Strandboge
- [USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression,
Jamie Strandboge
- Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability,
Secunia Research
- [HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability,
advisory
- Google Chrome 3.0.195.38 | Chrome Frame - Reloading Memory Allocation based Tab Crashing,
Aditya K Sood
- [ MDVSA-2009:316-1 ] expat,
security
- MacOS X 10.5/10.6 libc/strtod(3) buffer overflow,
cxib
- TELUS Security Labs VR - ACDSee Systems ACDSee Products XBM File Handling Buffer Overflow,
noreply
- NSOADV-2010-001: Panda Security Local Privilege Escalation,
NSO Research
- [CORELAN-10-001] Audiotran 1.4.1 buffer overflow,
Security
- [SECURITY] [DSA 1968-1] New pdns-recursor packages fix potential code execution,
Florian Weimer
- Cross-Site Scripting vulnerability in JVClouds3D for Joomla,
MustLive
- [ MDVSA-2009:316-2 ] expat,
security
- Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection,
ascii
- [ MDVSA-2009:316-3 ] expat,
security
- XSS vulnerabilities in 34 millions flash files,
MustLive
- [ MDVSA-2010:000 ] firefox,
security
- [ MDVSA-2009:227-1 ] freeradius,
security
- XSS Vulnerability in Active Calendar 1.2.0,
Marty Barbella
- [ MDVSA-2009:293-1 ] squidGuard,
security
- [ MDVSA-2009:241-1 ] squid,
security
- [ MDVSA-2010:001 ] pidgin,
security
- [ MDVSA-2010:002 ] pidgin,
security
- HITB Ezine 'Reloaded' - Issue #001,
Hafez Kamal
- Invitation: nullcon Goa 2010 International Security & Hacking Conference,
nullcon
- Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability,
Secunia Research
- ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability,
ZDI Disclosures
- [CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS,
Security
- MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption,
Tom Yu
- Cross Site Identification (CSID) attack. Description and demonstration.,
Ronen Z
- iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability,
iDefense Labs
- [USN-882-1] PHP vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:003 ] sendmail,
security
- [SECURITY] [DSA-1969-1] New krb5 packages fix denial of service,
Giuseppe Iuculano
- [USN-881-1] Kerberos vulnerability,
Kees Cook
- [USN-883-1] network-manager-applet vulnerabilities,
Marc Deslauriers
- Yoono Firefox Extension - Privileged Code Injection,
Nick Freeman
- [ MDVSA-2010:004 ] bash,
security
- [CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption,
CORE Security Advisories
- [security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS),
security-alert
- [SECURITY] [DSA-1970-1] New openssl packages fix denial of service,
Stefan Fritsch
- [ GLSA 201001-06 ] aria2: Multiple vulnerabilities,
Stefan Behte
- [ MDVSA-2010:006 ] krb5,
security
- RE: All China, All The Time,
Thor (Hammer of God)
- [ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities,
Stefan Behte
- Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability,
karakorsankara
- [ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities,
Stefan Behte
- XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1),
Marty Barbella
- [ GLSA 201001-09 ] Ruby: Terminal Control Character Injection,
Alex Legler
- [ GLSA 201001-07 ] Blender: Untrusted search path,
Stefan Behte
- [ MDVSA-2010:005 ] krb5,
security
- [USN-884-1] OpenSSL vulnerability,
Kees Cook
- [ GLSA 201001-05 ] net-snmp: Authorization bypass,
Stefan Behte
- [USN-885-1] Transmission vulnerabilities,
Jamie Strandboge
- [security bulletin] HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution,
Giuseppe Iuculano
- SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS),
Lukas Weichselbaum
- Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker,
Adam Baldwin
- Major security risk in the unlock pattern for Android devices,
Dan Dascalescu
- rPSA-2010-0004-1 openssl openssl-scripts,
rPath Update Announcements
- VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability,
VUPEN Security Research
- C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers,
Eyal Udassin
- [security bulletin] HPSBUX02495 SSRT090151 rev.2 - HP-UX Running sendmail, Remote Denial of Service (DoS),
security-alert
- [ MDVSA-2010:007 ] php,
security
- [ MDVSA-2010:008 ] php,
security
- [ MDVSA-2010:009 ] php,
security
- GDT and LDT in Windows kernel vulnerability exploitation (paper),
Gynvael Coldwind
- Code to mitigate IE event zero-day (CVE-2010-0249),
ds . adv . pub
- [ATHCON2010] CFP/1st Call for Papers - AthCon IT Security Conference,
Kyprianos Vasilopoulos
- [ MDVSA-2010:010 ] libthai,
security
- Browser Fuzzer 3,
krakowlabs
- [USN-886-1] Pidgin vulnerabilities,
Marc Deslauriers
- [USN-885-1] LibThai vulnerability,
Marc Deslauriers
- AOL 9.5 ActiveX Heap Overflow Vulnerability,
karakorsankara
- Reminder: Campus Party EU 2010 Call For Participants,
Campus Party EU Spain
- [ MDVSA-2010:012 ] mysql,
security
- [ MDVSA-2010:011 ] mysql,
security
- [ MDVSA-2010:013 ] transmission,
security
- [ MDVSA-2010:014 ] transmission,
security
- [USN-887-1] LibThai vulnerability,
Marc Deslauriers
- Zenoss Multiple Admin CSRF,
Adam Baldwin
- [SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow,
Stefan Fritsch
- QvodPlayer ColorFilter Codec ActiveX Remote Exec,
info
- 0day vulnerability Sogou input method to obtain system privileges,
k4mr4n_st
- facebook 'routing flaw'?,
Michael Scheidell
- Study of BlackBerry Proof-of-Concept Malicious Applications (Whitepaper),
Mayank Aggarwal
- JBroFuzz 1.9 Fuzzer Released!,
subere
- OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability,
karakorsankara
- Multiple Vulnerabilities in XOOPS 2.4.3 and earlier,
CodeScan Labs Advisories
- Xunlei XPPlayer ActiveX Remote Exec 0day POC,
superli
- Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC,
superli
- Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC,
superli
- ezContents CMS Multiple Vulnerabilities,
admin
- Blaze Apps Multiple Vulnerabilities,
admin
- [ MDVSA-2010:015 ] roundcubemail,
security
- [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2010:017 ] ruby,
security
- [ MDVSA-2010:018 ] phpMyAdmin,
security
- [ MDVSA-2010:016 ] wireshark,
security
- [CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player,
Security
- [SECURITY] [DSA 1973-1] New glibc packages fix information disclosure,
Aurelien Jarno
- Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities,
Secunia Research
- Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow,
Secunia Research
- [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
- Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability,
Secunia Research
- Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows,
Secunia Research
- vBulletin nulled (validator.php) files/directories disclosure,
kw3rln
- [Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution,
Onapsis Research Labs
- Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow,
Secunia Research
- [SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution,
Steffen Joeris
- Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal,
Secunia Research
- [ MDVSA-2010:019 ] gzip,
security
- [USN-888-1] Bind vulnerabilities,
Marc Deslauriers
- [USN-889-1] gzip vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:020 ] gzip,
security
- [USN-890-1] Expat vulnerabilities,
Jamie Strandboge
- [UPDATE] NSOADV-2010-001: Panda Security Local Privilege Escalation,
NSO Research
- [ MDVSA-2010:021 ] bind,
security
- [SECURITY] [DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th,
Stefan Fritsch
- Insufficient User Input Validation in VP-ASP 6.50 Demo Code,
CodeScan Labs Advisories
- ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability,
ZDI Disclosures
- TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001,
Lists
- eWebeditor Directory Traversal Vulnerability,
info
- ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:022 ] openssl,
security
- ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:023 ] phpldapadmin,
security
- ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow,
Stefan Fritsch
- ZDI-10-004: Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability,
ZDI Disclosures
- Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack,
Tavis Ormandy
- FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability,
noreply-secresearch@xxxxxxxxxxxx
- [USN-890-3] Python 2.4 vulnerabilities,
Jamie Strandboge
- IdeaCMS v1.0 (fck) Remote Arbitrary File Upload,
whh_iran
- [USN-890-2] Python 2.5 vulnerabilities,
Jamie Strandboge
- [SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities,
Giuseppe Iuculano
- iBoutique v4.0,
flashcreazione
- Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions),
pen-test
- Silverstripe <= v2.3.4: two XSS vulnerabilities,
Moritz Naumann
- Abusing weak PRNGs in PHP applications,
gat3way
- London DEFCON January meet - DC4420 - Wed 27th Jan 2010,
Major Malfunction
- Publique! CMS SQL Injection Vulnerabilities,
Christophe dlf
- e107 latest download link is backdoored,
Bogdan Calin
- Safari 4.0.4 Crash,
systemx00
- [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration,
Mark Thomas
- CVE-2009-3583, confirming problem and adding info,
Chris Travers
- [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory,
Mark Thomas
- [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy,
Mark Thomas
- [ MDVSA-2010:024 ] coreutils,
security
- Security improvements of Microsoft Silverlight Build 3.0.50106.0?,
Juha-Matti Laurio
- [ MDVSA-2010:025 ] php-pear-Mail,
security
- DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability,
ddivulnalert
- FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities,
Chris Travers
- [SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities,
Giuseppe Iuculano
- Secunia Research: Google Chrome Pop-Up Block Menu Handling Vulnerability,
Secunia Research
- Setting arbitrary Personas without user interaction in Firefox 3.6,
Artur Janc
- Microsoft IE 6&7 Crash Exploit,
info
- [IBM Datapower XS40] Denial of Service,
erik
- [security bulletin] HPSBMA02477 SSRT090177 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
- Cross-Site Scripting vulnerability in 3D Cloud for Joomla,
MustLive
- Netsupport gateway remote DoS,
watcher60
- [ MDVSA-2010:026 ] openldap,
security
- Paper: Weaning the Web off of Session Cookies,
Timothy D. Morgan
- The future of XSS attacks,
MustLive
- [SECURITY] [DSA 1978-1] New phpgroupware packages fix several vulnerabilities,
Moritz Muehlenhoff
- More information on CVE-2009-3580,
Chris Travers
- [USN-890-4] PyXML vulnerabilities,
Jamie Strandboge
- [InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability,
advisories
- PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12,
Rolando Fuentes
- [security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access,
security-alert
- Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.,
pi3
- [ MDVSA-2010:027 ] kdelibs4,
security
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2010:028 ] kdelibs4,
security
- [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs,
RedTeam Pentesting GmbH
- [RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data,
RedTeam Pentesting GmbH
- [USN-803-2] Dhcp vulnerability,
Jamie Strandboge
- [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication,
RedTeam Pentesting GmbH
- [SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities,
Raphael Geissert
- PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager),
research
- [SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution,
Steffen Joeris
- Firefox Observation Plugin Attack,
Ivan Buetler
- [USN-891-1] lintian vulnerabilities,
Kees Cook
- Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit,
dlrow1991
- [SECURITY] [DSA 1981-1] New maildrop packages fix privilege escalation,
Steffen Joeris
- PR09-19: Cross-Site Scripting (XSS) on CommonSpot server,
research
- [USN-893-1] Samba vulnerability,
Marc Deslauriers
- [SECURITY] [DSA 1981-2] New maildrop packages fix regression,
Steffen Joeris
- [USN-892-1] FUSE vulnerability,
Kees Cook
- [SECURITY] [DSA 1968-2] New pdns-recursor packages fix cache poisoning,
Florian Weimer
- Multiple vulnerabilities in XAMPP (advisories #1 and #2),
MustLive
- Multiple vulnerabilities in XAMPP (advisories #3 and #4),
MustLive
- Multiple vulnerabilities in XAMPP (advisories #5 and #6),
MustLive
- Multiple vulnerabilities in XAMPP (advisory #7),
MustLive
- [ MDVSA-2010:029 ] rootcerts,
security
- OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass,
Nicolas DEROUET
Mail converted by MHonArc