Mail Thread Index
- eWebeditor ASP Version Multiple Vulnerabilities,
info
- [SECURITY] [DSA 1841-2] New git-core packages fix build failure,
Thijs Kinkhorst
- Re: [Webappsec] Paper: Weaning the Web off of Session Cookies,
Timothy D. Morgan
- iPhone certificate flaws,
cryptopath
- [SECURITY] [DSA 1982-1] New hybserv packages fix denial of service,
Steffen Joeris
- Advisory: jBCrypt < 0.3 character encoding vulnerability,
Damien Miller
- Cross-Site History Manipulation (XSHM),
Alex Roichman
- Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability,
info
- {PRL} Xerox Workcenter 4150 Remote Buffer Overflow,
Francis Provencher
- [TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference,
Tobias Klein
- Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2,
mkanat
- VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE,
VMware Security Team
- iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability,
iDefense Labs
- XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1),
Martin Barbella
- iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow,
iDefense Labs
- [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection,
Core Security Technologies Advisories
- [ MDVSA-2010:030 ] kernel,
security
- Joomla (com_gambling) SQL Injection Vulnerabilities,
md . r00t . defacer
- iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability,
iDefense Labs
- [SECURITY] [DSA 1983-1] New Wireshark packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service,
Giuseppe Iuculano
- [CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow,
CORE Security Technologies Advisories
- RaakCms Multiple Vulnerabilities,
info
- [SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness,
Giuseppe Iuculano
- Remote Vulnerability in AIX RPC.cmsd released by iDefense,
Rodrigo Rubira Branco (BSDaemon)
- 360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie,
qiqiguaiguai
- [security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local,
security-alert
- Tinypug Multiple Vulnerabilities,
admin
- [SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service,
Nico Golde
- OpenCart CSRF Vulnerability,
ben
- [security bulletin] HPSBUX02479 SSRT090212 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Unauthorized Access,
security-alert
- [SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities,
Steffen Joeris
- [security bulletin] HPSBOV02505 SSRT100023 rev.1 - HP OpenVMS RMS, Local Escalation of Privilege,
security-alert
- AST-2010-001: T.38 Remote Crash Vulnerability,
Asterisk Security Team
- [SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities,
Giuseppe Iuculano
- [SECURITY] [DSA-1989-1] New fuse packages fix denial of service,
Giuseppe Iuculano
- [ MDVSA-2010:031 ] wireshark,
security
- [CSO10002] Attachment path traversal in Outlook Web Access,
Ricardo Martins - Chief Security Officers
- [Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability,
karakorsankara
- [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS,
Alexandr Polyakov
- CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities,
Core Security Technologies Advisories
- [security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- [SECURITY] [DSA-1990-2] New trac-git package fixes regression,
Stefan Fritsch
- [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service,
Steffen Joeris
- [SECURITY] [DSA-1990-1] New trac-git packages fix code execution,
Florian Weimer
- [MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service,
david
- [ MDVSA-2010:032 ] rootcerts,
security
- Re: Multiple vulnerabilities in XAMPP (advisory #7),
MustLive
- [SECURITY] [DSA 1992-1] New chrony packages fix denial of service,
Nico Golde
- CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03,
Peter Van Eeckhoutte
- CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL),
Security
- CORE-2010-0104 - LANDesk OS command injection,
CORE Security Technologies Advisories
- JAHx101 - Huski retail mulitple SQL injection vulnerabilities,
noreply
- JAHx102 - HuskiCMS local file inclusion,
noreply
- Secunia Research: libmikmod Module Parsing Vulnerabilities,
Secunia Research
- Recon Call for Papers - July 9-11 2010,
Hugo Fortier
- Samba Remote Zero-Day Exploit,
Kingcope
- [ MDVSA-2010:033 ] squid,
security
- [Suspected Spam]Vulnerability in Tagcloud for DataLife Engine,
MustLive
- CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability,
Security
- [DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method,
Alexandr Polyakov
- mongoose Space Character Remote File Disclosure Vulnerability,
info
- LDF (Default.asp) Sql Injection Vulnerability,
Arash . Setayeshi
- [MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service,
david
- [ MDVSA-2010:034 ] kernel,
security
- [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access,
security-alert
- [security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other,
security-alert
- [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers,
CORE Security Technologies Advisories
- [Hacking Event] Night Da Hack 2010 : Call For Proposals,
m . mahdjoub
- JDownloader Remote Code Execution,
Matthias -apoc- Hecker
- Hacktics Advisory Feb09: XSS in Oracle E-Business Suite,
Ofer Maor
- ACM CCS 2010: Call for Workshop Proposals,
Christopher Kruegel
- Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability,
Robbie Gill
- #HITB - Special Report: HITB2009 CTF Weapons of Mass Destruction,
Hafez Kamal
- Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow,
Secunia Research
- CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability,
CORE Security Technologies Advisories
- ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability,
ZDI Disclosures
- TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability,
ZDI Disclosures
- [USN-898-1] gnome-screensaver vulnerability,
Marc Deslauriers
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance,
Cisco Systems Product Security Incident Response Team
- Windows SMB NTLM Authentication Weak Nonce Vulnerability,
Hernan Ochoa
- stratsec Security Advisory SS-2010-003 - Microsoft SMB Client Pool Overflow,
stratsec Research
- [security bulletin] HPSBMA02484 SSRT090076 rev.1 - HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands,
security-alert
- [USN-897-1] MySQL vulnerabilities,
Marc Deslauriers
- Trustwave's SpiderLabs Security Advisory TWSL2010-001,
Trustwave Advisories
- [security bulletin] HPSBMA02486 SSRT090049 rev.1 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- [SECURITY] [DSA 1993-1] New otrs2 packages fix SQL injection,
Raphael Geissert
- [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector,
Onapsis Research Labs
- [Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection,
Onapsis Research Labs
- [Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal,
Onapsis Research Labs
- [SECURITY] [DSA 1994-1] New ajaxterm packages fix session hijacking,
Raphael Geissert
- RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001,
David Byrne
- [USN-899-1] Tomcat vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:035 ] openoffice.org,
security
- [security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure,
security-alert
- [security bulletin] HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information,
security-alert
- SQL injection vulnerability in apemCMS,
Maciej Gojny
- ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows,
Paul Craig
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability,
iDefense Labs
- e-Sentinel Security Advisory - Ref: Session Hijacking iPhone Facebook Application ver 3.1.2,
bill . robson
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability,
iDefense Labs
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability,
iDefense Labs
- [security bulletin] HPSBMA02486 SSRT090049 rev.2 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- cmsmadesimple Multiple Security Issues : XSS+ LFI,
beenudel1986
- [ MDVSA-2010:036 ] webmin,
security
- [SECURITY] [DSA-1996-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
- [SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Giuseppe Iuculano
- Joomla (Jw_allVideos) Remote File Download Vulnerability,
info
- [ MDVSA-2010:037 ] fetchmail,
security
- [USN-900-1] Ruby vulnerabilities,
Marc Deslauriers
- Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0),
Martin Barbella
- Chrome Password Manager Cross Origin Weakness (CVE-2010-0556),
VSR Advisories
- [USN-901-1] Squid vulnerabilities,
Marc Deslauriers
- Multiple Stored XSS in XOOPS 2.4.4 Admin Section,
beenudel1986
- Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.,
sam . johnston
- [ MDVSA-2010:038 ] maildrop,
security
- VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities,
VUPEN Security Research
- VMSA-2010-0003 ESX Service Console update for net-snmp,
VMware Security Team
- Pogodny CMS SQL vulnerabilities,
Maciej Gojny
- MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service,
Tom Yu
- Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability,
Brett Moore
- IE address bar characters into a small feature,
info
- Huawei HG510 CSRF, Auth Bypass, DoS,
ivan . markovic
- Trusteer Rapport Security Circumvention,
barkley
- Pixel Portal Sql Injection Vulnerability,
info
- ZDI-10-018: IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability,
ZDI Disclosures
- Cross-Site Scriting on Portwise SSL VPN v4.6,
research
- Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: Mozilla Firefox Memory Corruption Vulnerability,
Secunia Research
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2010:040 ] gnome-screensaver,
security
- [ MDVSA-2010:034-1 ] kernel,
security
- Circumventing Critical Security in Windows XP,
barkley
- [SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- [ MDVSA-2010:039 ] netpbm,
security
- [USN-895-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities,
Jamie Strandboge
- [ MDVSA-2010:041 ] pidgin,
security
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution,
Moritz Muehlenhoff
- [ MDVSA-2010:034-2 ] kernel,
security
- BugCon 2010 Call For Papers,
saintarmin
- TLS/SSL Hardening & Compatibility Report 2010,
Thierry Zoller
- [USN-896-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities,
Jamie Strandboge
- Kusaba X <= 0.9 XSS/CSRF vulnerabilities,
systemx00
- SphereCMS Blind SQL Injection Vulnerability,
admin
- [SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities,
Moritz Muehlenhoff
- [USN-890-5] XML-RPC for C and C++ vulnerabilities,
Jamie Strandboge
- AST-2010-002: Dialplan injection vulnerability,
Asterisk Security Team
- SQL injection vulnerability in Amelia CMS,
Maciej Gojny
- [SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities,
Raphael Geissert
- [SECURITY] [DSA-2002-1] New polipo packages fix denial of service,
Stefan Fritsch
- [ MDVSA-2010:042 ] firefox,
security
- SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface,
SEC Consult Research
- CA20100222-01: Security Notice for CA Service Desk,
Kotas, Kevin J
- Secunia Research: Bournal ccrypt Information Disclosure Security Issue,
Secunia Research
- [USN-902-1] Pidgin vulnerabilities,
Marc Deslauriers
- Secunia Research: Bournal Insecure Temporary Files Security Issue,
Secunia Research
- [ MDVSA-2010:044 ] mysql,
security
- Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities,
Roberto Suggi Liverani
- Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal,
Ofer Maor
- [SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
- ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability,
ZDI Disclosures
- Easy FTP Server 1.7.0.2 Remote BoF,
jonbutler88
- jQuery Validate 1.6.0 Demo Code Advisory,
CodeScan Labs Advisories
- Request for feedback on TCP security (IETF effort),
Fernando Gont
- London DEFCON February meet - DC4420 - Wed 24th Feb 2010,
Major Malfunction
- [ MDVSA-2010:043 ] libtheora,
security
- [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.,
Alexandr Polyakov
- Official Portal 2007 Multiple Vulnerabilities,
info
- Chuck Norris Botnet and Broadband Routers,
Gadi Evron
- [ MDVSA-2010:045 ] php,
security
- [ MDVSA-2010:046 ] ncpfs,
security
- CA20100223-01: Security Notice for CA eHealth Performance Manager,
Kotas, Kevin J
- [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption,
Tobias Klein
- ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:047 ] fuse,
security
- Kojoney (SSH honeypot) remote DoS,
Nicob
- VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability,
VUPEN Security Research
- ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability,
ZDI Disclosures
- iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability,
iDefense Labs
- [USN-904-1] Squid vulnerability,
Marc Deslauriers
- ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability,
Security_Alert
- Rbot Owner Reaction Command Execution,
Matthias -apoc- Hecker
- SQL injection vulnerability in LiveChatNow,
Support TEAM
- Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM,
Ofer Maor
- NSOADV-2010-003: DATEV ActiveX Control remote command execution,
NSO Research
- Form-based HTTP Authentication Proof of Concept,
Timothy D. Morgan
- [ MDVSA-2010:048 ] roundcubemail,
security
- SQL injection vulnerability in WebAdministrator Lite CMS,
Maciej Gojny
- SyScan'10 CALL FOR PAPERS,
thomas@xxxxxxxxxx
- [ MDVSA-2010:050 ] apache-mod_security,
security
- AST-2010-003: Invalid parsing of ACL rules can compromise security,
Asterisk Security Team
- [ MDVSA-2010:049 ] sudo,
security
- ARISg5 (version 5.0) cross site scripting vulnerability,
Yaniv Miron
- getPlus insufficient domain name validation vulnerability,
Akita Software Security
Mail converted by MHonArc