Mail Thread Index
- [USN-934-1] Netpbm vulnerability,
Jamie Strandboge
- Secunia Research: Internet Download Manager FTP Buffer Overflow Vulnerability,
Secunia Research
- SQL Injection in MS Access with backslash escaped input,
gheibi
- RE: STP mitm attack idea,
Williams, Dan
- EUSecWest Amsterdam 2010 Call For Papers (short deadline May 5 - conf June 16/17),
Dragos Ruiu
- BPstyle - Graphic studio SQL Injection Vulnerabilities,
md . r00t . defacer
- [ MDVSA-2010:088 ] kernel,
security
- A vulnerability in Kaspersky Antivirus,
daniel lopez
- Cross-Site Scripting vulnerability in Mango,
MustLive
- [SECURITY] [DSA 2040-1] New squidguard packages fix several vulnerabilities,
Sebastien Delafond
- Puntal (index.php) Remote File Inclusion Vulnerabilities,
eidelweiss
- [ MDVSA-2010:089 ] gnutls,
security
- XSRF (CSRF) in Zikula Application Framework,
advisory
- XSRF (CSRF) in eliteCMS,
advisory
- XSS in Acuity CMS,
advisory
- [SECURITY] [DSA-2041-1] New mediawiki packages fix cross-site request forgery,
Raphael Geissert
- [ MDVSA-2010:090 ] samba,
security
- XSS in ecoCMS,
advisory
- XSS in eliteCMS,
advisory
- [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow,
Core Security Technologies Advisories Team
- REC0N 2010 (MONTREAL) CFP Reminder & Preview,
David Mirza Ahmad
- [ MDVSA-2010:091 ] openoffice.org,
security
- Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit,
eidelweiss
- [security bulletin] HPSBMA02400 SSRT080144 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- SmartCMS v.2 SQL injection vulnerability,
Maciej Gojny
- Vulnerabilities in t3m_cumulus_tagcloud for TYPO3,
MustLive
- [security bulletin] HPSBMA02416 SSRT090008 rev.5 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities,
Core Security Technologies Advisories
- [security bulletin] HPSBMA02483 SSRT090257 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- KHOBE - 8.0 earthquake for Windows desktop security software,
www.matousec.com - Research
- [USN-936-1] dvipng vulnerability,
Marc Deslauriers
- [USN-937-1] TeX Live vulnerabilities,
Marc Deslauriers
- PCRE compile workspace overflow,
Michael Santos
- fetchmail security announcement fetchmail-SA-2010-02 (CVE-2010-1167),
ma+bt
- [SECURITY] [DSA 2042-1] New iscsitarget packages fix arbitrary code execution,
Luciano Bello
- BaoFeng Storm M3U File Processing Buffer Overflow Vulnerability,
lilf
- VMSA-2010-0008 VMware View 3.1.3 addresses an important cross-site scripting vulnerability,
VMware Security team
- [security bulletin] HPSBMA02201 SSRT071328 rev.1 - HP LoadRunner Agent on Windows, Remote Unauthenticated Arbitrary Code Execution,
security-alert
- [USN-919-1] Emacs vulnerability,
Kees Cook
- ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability,
ZDI Disclosures
- New web malwares attacking big hosting providers,
angelo
- Vulnerability with Cisco ACE. A2 3.0 (probably all version),
Alexis Tremblay
- [ MDVSA-2010:092 ] cacti,
security
- REZERVI (root) Remote Command Execution Vulnerability,
eidelweiss
- Injection of ECShop apps.,
lis cker
- XSS vulnerability in Jaws,
advisory
- [Wintercore Research] Consona Products - Multiple vulnerabilities,
vulns
- pmwiki: persistent cross site scripting (XSS), CVE-2010-1481,
Hanno Böck
- CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482,
Hanno Böck
- rPSA-2010-0034-1 ntp ntp-utils,
rPath Update Announcements
- rPSA-2010-0036-1 openssl openssl-scripts,
rPath Update Announcements
- rPSA-2010-0037-1 kernel,
rPath Update Announcements
- [ MDVSA-2010:093 ] mysql,
security
- Vulnerabilities in Sebo - webstore,
MustLive
- XSS vulnerability in EasyPublish CMS,
advisory
- XSS vulnerability in Advanced Poll,
advisory
- SA00001-2010,
Zakar Miklós
- Family Connections 2.2.3 Multiple Remote Vulnerabilities,
Salvatore Fresta aka Drosophila
- Turnkey Innovations SQL Injection Vulnerability,
md . r00t . defacer
- Month of PHP Security - Summary - 1st May - 10th May,
Stefan Esser
- 29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability,
eidelweiss
- XSS in Saurus CMS,
advisory
- [SECURITY] [DSA 2044-1] New mplayer packages fix arbitrary code execution,
Devin Carraway
- [ MDVSA-2010:090-1 ] samba,
security
- [security bulletin] HPSBMA02528 SSRT100106 rev.1 - HP Performance Center Agent on Windows, Remote Unauthenticated Arbitrary Code Execution,
security-alert
- {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow,
Francis Provencher
- XSS in DynamiXgate Affiliate Store Builder,
advisory
- [SECURITY] [DSA 2043-1] New vlc packages fix arbitrary code execution,
Devin Carraway
- [security bulletin] HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 2045-1] New libtheora packages fix arbitrary code execution,
Sebastien Delafond
- [CORE-2010-0405] Adobe Director Invalid Read,
Core Security Technologies Advisories Team
- Vulnerability in widget Cumulus for BlogEngine.NET,
MustLive
- Multiple memory corruption vulnerabilities in Ghostscript,
Dan Rosenberg
- ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability,
ZDI Disclosures
- CFP for ekoparty 0x10 is now open! [ Buenos Aires, Argentina ],
ekoparty Security Conference
- ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability,
ZDI Disclosures
- Palo Alto Network Vulnerability - Cross-Site Scripting (XSS),
jeromie
- [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability,
Code Audit Labs
- [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability,
Code Audit Labs
- [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite,
Code Audit Labs
- iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability,
iDefense Labs
- Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption,
Secunia Research
- Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability,
Secunia Research
- PolyPager 1.0rc10 (fckeditor) File Upload Security Issue,
eidelweiss
- Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability,
Secunia Research
- [ MDVSA-2010:094 ] tetex,
security
- Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability,
Secunia Research
- Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability,
Secunia Research
- Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow,
Secunia Research
- VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129),
VUPEN Security Research
- VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284),
VUPEN Security Research
- VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280),
VUPEN Security Research
- VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283),
VUPEN Security Research
- [security bulletin] HPSBMA02522 SSRT100086 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS),
security-alert
- [security bulletin] HPSBMA02520 SSRT100071 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data,
security-alert
- Secunia Research: TomatoCMS Script Insertion Vulnerabilities,
Secunia Research
- Secunia Research: TomatoCMS "q" SQL Injection Vulnerability,
Secunia Research
- Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability,
Secunia Research
- Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow,
Secunia Research
- Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch,
Cisco Systems Product Security Incident Response Team
- Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability,
Secunia Research
- [security bulletin] HPSBPI02532 SSRT100111 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access,
security-alert
- Secunia Research: Free Download Manager metalink "name" Directory Traversal,
Secunia Research
- [USN-938-1] KDENetwork vulnerability,
Jamie Strandboge
- Secunia Research: Free Download Manager Four Buffer Overflow Vulnerabilities,
Secunia Research
- Secunia Research: KDE KGet Insecure File Operation Vulnerability,
Secunia Research
- Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability,
Secunia Research
- [ MDVSA-2010:095 ] libxext,
security
- XSS vulnerability in NPDS,
advisory
- Blind SQL injection vulnerability in NPDS REvolution,
advisory
- Joomla Component advertising (com_aardvertiser) File Inclusion Vulnerability,
eidelweiss
- LinksAutomation Multiple Remote Vulnerabilities,
md . r00t . defacer
- [SECURITY] [DSA-2046-1] New phpgroupware packages fix several vulnerabilities,
Giuseppe Iuculano
- Vulnerability in tagcloud for Kasseler CMS,
MustLive
- CfP: GameSec 2010 - Deadline extended to 31 May 2010,
Albert Levi
- phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404),
VUPEN Web Security
- Mathematica on Linux /tmp/MathLink vulnerability,
paul . szabo
- phpvidz Administrative Password Disclosure,
mike
- Vulnerability in 3D user cloud for Joomla,
MustLive
- XSS, SQL injection vulnerability in I-Vision CMS,
Maciej Gojny
- Joomla component SimpleDownload Local File Inclusion,
jerzy . patraszewski
- [oCERT-2010-001] multiple http client unexpected download filename vulnerability,
Daniele Bianco
- CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface,
s2-security
- [ MDVSA-2010:096 ] tetex,
security
- [SECURITY] [DSA 2047-1] New aria2 packages fix directory traversal,
Thijs Kinkhorst
- Call for Papers: EC2ND 2010,
Konrad Rieck
- [security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS),
security-alert
- [security bulletin] HPSBGN02511 SSRT100022 rev.3 - Certain HP Small Form Factor, Microtower and Workstations PC's with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code,
security-alert
- [SECURITY] [DSA 2038-2] New pidgin packages fix regression,
Thijs Kinkhorst
- XSS vulnerability in JComments, Joomla,
advisory
- [ MDVSA-2010:097 ] pidgin,
security
- XSS vulnerability in NPDS REvolution,
advisory
- DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers,
MustLive
- Security Awareness for kids,
Pete Herzog
- [security bulletin] HPSBOV02497 SSRT090245 rev.3 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- Stored XSS vulnerability in NPDS REvolution,
advisory
- [security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS),
security-alert
- MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref,
Tom Yu
- [ MDVSA-2010:099 ] wireshark,
security
- [Suspected Spam][USN-939-1] X.org vulnerabilities,
Kees Cook
- [ MDVSA-2010:098 ] kdenetwork4,
security
- [security bulletin] HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of Service (DoS), Increase in Privilege,
security-alert
- Metasploit Framework 3.4.0 Released,
HD Moore
- Caucho Technology Resin digest.php Cross Site Scripting Vulnerability,
xuanmumu
- The New ISO Hacking Standard,
Pete Herzog
- [ MDVSA-2010:100 ] krb5,
security
- Secunia Research: Orbit Downloader metalink "name" Directory Traversal,
Secunia Research
- [ MDVSA-2010:101 ] mysql,
security
- Linux Mint 8 mintUpdate Insecure Temporary File Creation,
L4teral
- [ MDVSA-2010:102 ] ghostscript,
security
- [Suspected Spam][USN-940-1] Kerberos vulnerabilities,
Kees Cook
- [Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability,
unknown user
- Smart Douran CMS Remote File Download,
info
- [HITB-Announce] HITBSecConf2010 - Malaysia Call for Papers,
Hafez Kamal
- [USN-941-1] MoinMoin vulnerability,
Marc Deslauriers
- XSS bug in US Robotics firmware USR5463-v0_06.bin,
sh4v
- [ MDVSA-2010:082-1 ] clamav,
security
- Multiple vulnerabilities within 3Com* iMC (Intelligent Management Center),
research
- XSS vulnerability in LiSK CMS,
advisory
- Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines,
MustLive
- XSRF (CSRF) in ocPortal,
advisory
- [ MDVSA-2010:104 ] dovecot,
security
- Cacti Multiple Parameter Cross Site Scripting Vulnerabilities,
VUPEN Web Security
- PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities,
VUPEN Web Security
- [USN-942-1] PostgreSQL vulnerabilities,
Jamie Strandboge
- Mastering Trust in Security Assessments,
Pete Herzog
- [ MDVSA-2010:103 ] postgresql,
security
- Month of PHP Security - Summary - 11st May - 21th,
Stefan Esser
- Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability,
praveen_recker
- OSSTMM 3 based Home Security Vacation Guide v.2!,
Pete Herzog
- PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console,
research
- HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039,
Rodrigo Branco
- XSS vulnerability in gpEasy CMS,
advisory
- SQL injection vulnerability in LiSK CMS,
advisory
- XSRF (CSRF) in NPDS REvolution,
advisory
- [Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis,
Bkis
- [SECURITY] [DSA 2049-1] New barnowl packages fix arbitrary code execution,
Steffen Joeris
- [SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution,
Sebastien Delafond
- [ MDVSA-2010:105 ] openoffice.org,
security
- Re: IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability,
security curmudgeon
- [SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities,
Moritz Muehlenhoff
- CompleteFTP Server v 4.x "PORT" command Remote DOS exploit,
eidelweiss
- Denial of Dervice vulnerability in Helix Mobile Server (RealNetworks) (14.0.0.348) with long string to PluginDirectory in rmserver.cfg file,
praveen_recker
- [SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities,
Moritz Muehlenhoff
- [ MDVSA-2010:106 ] aria2,
security
- Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities,
Secunia Research
- [SECURITY] [DSA 2052-1] New krb5 packages fix denial of service,
Sebastien Delafond
- Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities,
Dan Rosenberg
- [SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues,
dann frazier
- Webby Webserver v1.01 - Buffer overflow vulnerability with overwritten structured exception handler (SEH),
michael . messner
- Sun Solaris 10 libc/*convert (*cvt) buffer overflow,
cxib
- Ghostscript 8.64 executes random code at startup,
ne01026
- Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service,
cxib
- Sun Solaris 10 ftpd Cross-site request forgery,
cxib
- Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue,
eidelweiss
- Vulnerabilities in DS-Syndicate for Joomla,
MustLive
- Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vulnerability,
yicong2010
- JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability,
eidelweiss
- New vulnerabilities in plugin DS-Syndicate for Joomla,
MustLive
- rPSA-2010-0039-1 openssl openssl-scripts,
rPath Update Announcements
- London DEFCON May meet - DC4420 - Wed 26th May 2010,
Major Malfunction
- OSSTMM 3 STAR Released!,
Pete Herzog
- Arbitrary UNC file read in IE 8,
Tim Starling
- SQL injection vulnerability in Zabbix <= 1.8.1,
David Guimaraes
- XSS vulnerability in razorCMS,
advisory
- XSS vulnerability in GetSimple CMS,
advisory
- XSS vulnerability in RuubikCMS,
advisory
- SQL injection vulnerability in 360 Web Manager,
advisory
- XSS vulnerability in 360 Web Manager,
advisory
- Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit,
g1xsystem
- [ MDVSA-2010:107 ] mysql,
security
- [Suspected Spam][USN-944-1] GNU C Library vulnerabilities,
Kees Cook
- CfP: GameSec 2010 - 5 days left to the deadline,
Albert Levi
- Cyberoam SSL VPN Client - Plain-text Storage of Username and Password,
Wasim Halani
- [ MDVSA-2010:108 ] kolab-horde-framework,
security
- ESA-2010-007: EMC Avamar Denial Of Service Vulnerability,
Security_Alert
- [security bulletin] HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access,
security-alert
- [security bulletin] HPSBMA02442 SSRT090108 rev.1 - HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS),
security-alert
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator,
Cisco Systems Product Security Incident Response Team
- Static analysis tool exposition (SATE) 2010 Call for participation,
Vadim Okun
- FreeBSD Security Advisory FreeBSD-SA-10:04.jail,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:05.opie,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient,
FreeBSD Security Advisories
- Cross Site URL Hijacking by using Error Object in Mozilla Firefox,
subs
- EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30),
Dragos Ruiu
- [ MDVSA-2010:110 ] clamav,
security
- [ MDVSA-2010:109 ] gtk+2.0,
security
- clearsite Remote File Include Vulnerability,
admin
- [USN-945-1] ClamAV vulnerabilities,
Jamie Strandboge
- VMSA-2010-0009 ESXi ntp and ESX Service Console third party updates,
VMware Security team
- [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera,
MustLive
- SQL injection in OSCommerce Add-On Visitor Web Stats,
Christopher Schramm
- Administrivia: Real domain names in PoC/exploit examples,
dm
- CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities,
Patroklos Argyroudis
- SQL injection vulnerability in ImpressPages CMS,
advisory
- Groone's Simple Contact Form (abspath) Remote File Inclusion Vulnerability,
g1xsystem
- Nginx 0.8.35 Space Character Remote Source Disclosure,
info
- [security bulletin] HPSBUX02523 SSRT100036 rev.2 - HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege,
security-alert
- [Suspected Spam]Vulnerability in ArtDesign CMS,
MustLive
- DM Database Server Memory Corruption Vulnerability,
wsn1983
- IS-2010-001 - Netgear WG602v4 Saved Pass Stack Overflow,
Cristofaro Mune
- GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability,
g1xsystem
Mail converted by MHonArc