Mail Index
- eWebeditor ASP Version Multiple Vulnerabilities
- [SECURITY] [DSA 1841-2] New git-core packages fix build failure
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies
- iPhone certificate flaws
- [SECURITY] [DSA 1982-1] New hybserv packages fix denial of service
- Advisory: jBCrypt < 0.3 character encoding vulnerability
- Cross-Site History Manipulation (XSHM)
- Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies
- {PRL} Xerox Workcenter 4150 Remote Buffer Overflow
- [TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference
- Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies
- VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE
- From: VMware Security Team
- Re: Cross-Site History Manipulation (XSHM)
- iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability
- XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1)
- iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow
- [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection
- From: Core Security Technologies Advisories
- [ MDVSA-2010:030 ] kernel
- Joomla (com_gambling) SQL Injection Vulnerabilities
- From: md . r00t . defacer
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies
- iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability
- [SECURITY] [DSA 1983-1] New Wireshark packages fix several vulnerabilities
- [SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies
- [CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow
- From: CORE Security Technologies Advisories
- RaakCms Multiple Vulnerabilities
- [SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness
- Remote Vulnerability in AIX RPC.cmsd released by iDefense
- From: Rodrigo Rubira Branco (BSDaemon)
- 360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie
- [security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local
- Tinypug Multiple Vulnerabilities
- [SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service
- OpenCart CSRF Vulnerability
- [security bulletin] HPSBUX02479 SSRT090212 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Unauthorized Access
- [SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities
- [security bulletin] HPSBOV02505 SSRT100023 rev.1 - HP OpenVMS RMS, Local Escalation of Privilege
- AST-2010-001: T.38 Remote Crash Vulnerability
- From: Asterisk Security Team
- [SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
- [SECURITY] [DSA-1989-1] New fuse packages fix denial of service
- [ MDVSA-2010:031 ] wireshark
- [CSO10002] Attachment path traversal in Outlook Web Access
- From: Ricardo Martins - Chief Security Officers
- [Suspected Spam]Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
- From: Philippe Mailinglist
- [Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability
- [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS
- CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
- From: Core Security Technologies Advisories
- [security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
- [SECURITY] [DSA-1990-2] New trac-git package fixes regression
- [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
- [SECURITY] [DSA-1990-1] New trac-git packages fix code execution
- [MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
- [ MDVSA-2010:032 ] rootcerts
- Re: Multiple vulnerabilities in XAMPP (advisory #7)
- [SECURITY] [DSA 1992-1] New chrony packages fix denial of service
- CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03
- From: Peter Van Eeckhoutte
- CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL)
- CORE-2010-0104 - LANDesk OS command injection
- From: CORE Security Technologies Advisories
- JAHx101 - Huski retail mulitple SQL injection vulnerabilities
- JAHx102 - HuskiCMS local file inclusion
- Secunia Research: libmikmod Module Parsing Vulnerabilities
- Recon Call for Papers - July 9-11 2010
- Samba Remote Zero-Day Exploit
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies
- Re: Samba Remote Zero-Day Exploit
- [ MDVSA-2010:033 ] squid
- Re: Multiple vulnerabilities in XAMPP (advisory #7)
- [Suspected Spam]Vulnerability in Tagcloud for DataLife Engine
- CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability
- Re: Samba Remote Zero-Day Exploit
- [DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method
- Re: Samba Remote Zero-Day Exploit
- Re: [Full-disclosure] Samba Remote Zero-Day Exploit
- Re: Samba Remote Zero-Day Exploit
- mongoose Space Character Remote File Disclosure Vulnerability
- LDF (Default.asp) Sql Injection Vulnerability
- [MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service
- Re: Samba Remote Zero-Day Exploit
- Re: Samba Remote Zero-Day Exploit
- Re: [Full-disclosure] Samba Remote Zero-Day Exploit
- Re: [Full-disclosure] Samba Remote Zero-Day Exploit
- [ MDVSA-2010:034 ] kernel
- [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access
- [security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other
- RE: Samba Remote Zero-Day Exploit
- Re: Samba Remote Zero-Day Exploit
- Re: Samba Remote Zero-Day Exploit
- Re: Samba Remote Zero-Day Exploit
- [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
- From: CORE Security Technologies Advisories
- [Hacking Event] Night Da Hack 2010 : Call For Proposals
- JDownloader Remote Code Execution
- From: Matthias -apoc- Hecker
- Re: Samba Remote Zero-Day Exploit
- Hacktics Advisory Feb09: XSS in Oracle E-Business Suite
- Re: Samba Remote Zero-Day Exploit
- ACM CCS 2010: Call for Workshop Proposals
- From: Christopher Kruegel
- RE: Samba Remote Zero-Day Exploit
- Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability
- Re: [Full-disclosure] Samba Remote Zero-Day Exploit
- RE: Samba Remote Zero-Day Exploit
- #HITB - Special Report: HITB2009 CTF Weapons of Mass Destruction
- Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow
- CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability
- From: CORE Security Technologies Advisories
- ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
- TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability
- ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability
- ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability
- [USN-898-1] gnome-screensaver vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
- From: Cisco Systems Product Security Incident Response Team
- Windows SMB NTLM Authentication Weak Nonce Vulnerability
- stratsec Security Advisory SS-2010-003 - Microsoft SMB Client Pool Overflow
- Re: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001
- [security bulletin] HPSBMA02484 SSRT090076 rev.1 - HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands
- [USN-897-1] MySQL vulnerabilities
- Trustwave's SpiderLabs Security Advisory TWSL2010-001
- From: Trustwave Advisories
- [security bulletin] HPSBMA02486 SSRT090049 rev.1 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities
- [SECURITY] [DSA 1993-1] New otrs2 packages fix SQL injection
- [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal
- From: Onapsis Research Labs
- [SECURITY] [DSA 1994-1] New ajaxterm packages fix session hijacking
- RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001
- [USN-899-1] Tomcat vulnerabilities
- [ MDVSA-2010:035 ] openoffice.org
- [security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
- [security bulletin] HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information
- SQL injection vulnerability in apemCMS
- ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows
- (resend) RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability
- e-Sentinel Security Advisory - Ref: Session Hijacking iPhone Facebook Application ver 3.1.2
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability
- [security bulletin] HPSBMA02486 SSRT090049 rev.2 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities
- cmsmadesimple Multiple Security Issues : XSS+ LFI
- [ MDVSA-2010:036 ] webmin
- [SECURITY] [DSA-1996-1] New Linux 2.6.26 packages fix several vulnerabilities
- RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001
- [SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
- Joomla (Jw_allVideos) Remote File Download Vulnerability
- [ MDVSA-2010:037 ] fetchmail
- [USN-900-1] Ruby vulnerabilities
- Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0)
- Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)
- [USN-901-1] Squid vulnerabilities
- Multiple Stored XSS in XOOPS 2.4.4 Admin Section
- Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.
- [ MDVSA-2010:038 ] maildrop
- Re: Joomla (Jw_allVideos) Remote File Download Vulnerability
- VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities
- From: VUPEN Security Research
- VMSA-2010-0003 ESX Service Console update for net-snmp
- From: VMware Security Team
- Pogodny CMS SQL vulnerabilities
- MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service
- Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability
- IE address bar characters into a small feature
- Huawei HG510 CSRF, Auth Bypass, DoS
- Trusteer Rapport Security Circumvention
- Pixel Portal Sql Injection Vulnerability
- ZDI-10-018: IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability
- Cross-Site Scriting on Portwise SSL VPN v4.6
- Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Secunia Research: Mozilla Firefox Memory Corruption Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
- From: Cisco Systems Product Security Incident Response Team
- [ MDVSA-2010:040 ] gnome-screensaver
- [ MDVSA-2010:034-1 ] kernel
- Circumventing Critical Security in Windows XP
- [SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities
- [ MDVSA-2010:039 ] netpbm
- [USN-895-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities
- [ MDVSA-2010:041 ] pidgin
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent
- From: Cisco Systems Product Security Incident Response Team
- Re: Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.
- [SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution
- [ MDVSA-2010:034-2 ] kernel
- RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001
- Re: Re: Joomla (Jw_allVideos) Remote File Download Vulnerability
- BugCon 2010 Call For Papers
- RE: Trusteer Rapport Security Circumvention
- TLS/SSL Hardening & Compatibility Report 2010
- [USN-896-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
- Kusaba X <= 0.9 XSS/CSRF vulnerabilities
- SphereCMS Blind SQL Injection Vulnerability
- [SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities
- [USN-890-5] XML-RPC for C and C++ vulnerabilities
- AST-2010-002: Dialplan injection vulnerability
- From: Asterisk Security Team
- Re: Circumventing Critical Security in Windows XP
- SQL injection vulnerability in Amelia CMS
- [SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities
- Re: [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector
- [SECURITY] [DSA-2002-1] New polipo packages fix denial of service
- [ MDVSA-2010:042 ] firefox
- RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001
- SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface
- From: SEC Consult Research
- CA20100222-01: Security Notice for CA Service Desk
- Secunia Research: Bournal ccrypt Information Disclosure Security Issue
- [USN-902-1] Pidgin vulnerabilities
- Secunia Research: Bournal Insecure Temporary Files Security Issue
- [ MDVSA-2010:044 ] mysql
- Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
- From: Roberto Suggi Liverani
- Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal
- [SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities
- Re: Circumventing Critical Security in Windows XP
- ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
- Easy FTP Server 1.7.0.2 Remote BoF
- jQuery Validate 1.6.0 Demo Code Advisory
- From: CodeScan Labs Advisories
- Request for feedback on TCP security (IETF effort)
- London DEFCON February meet - DC4420 - Wed 24th Feb 2010
- [ MDVSA-2010:043 ] libtheora
- [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.
- Official Portal 2007 Multiple Vulnerabilities
- Chuck Norris Botnet and Broadband Routers
- [ MDVSA-2010:045 ] php
- [ MDVSA-2010:046 ] ncpfs
- CA20100223-01: Security Notice for CA eHealth Performance Manager
- [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption
- ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability
- [ MDVSA-2010:047 ] fuse
- Kojoney (SSH honeypot) remote DoS
- VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability
- From: VUPEN Security Research
- Re: Chuck Norris Botnet and Broadband Routers
- ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability
- iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
- [USN-904-1] Squid vulnerability
- ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability
- Rbot Owner Reaction Command Execution
- From: Matthias -apoc- Hecker
- SQL injection vulnerability in LiveChatNow
- Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM
- NSOADV-2010-003: DATEV ActiveX Control remote command execution
- Form-based HTTP Authentication Proof of Concept
- [ MDVSA-2010:048 ] roundcubemail
- SQL injection vulnerability in WebAdministrator Lite CMS
- SyScan'10 CALL FOR PAPERS
- [ MDVSA-2010:050 ] apache-mod_security
- AST-2010-003: Invalid parsing of ACL rules can compromise security
- From: Asterisk Security Team
- [ MDVSA-2010:049 ] sudo
- ARISg5 (version 5.0) cross site scripting vulnerability
- getPlus insufficient domain name validation vulnerability
- From: Akita Software Security
Mail converted by MHonArc