Mail Thread Index
- Re: Re[4]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers,
John Smith
- GR Board v1.8.6. (theme) Local File Inclusion Vulnerability,
g1xsystem
- Re: Nginx 0.8.35 Space Character Remote Source Disclosure,
abc12345
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera,
MustLive
- Winamp v5.571 malicious AVI file handling DoS Vulnerability,
praveen_recker
- RE: Ghostscript 8.64 executes random code at startup,
Michael Wojcik
- [Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple - Bkis,
Bkis
- DoS vulnerability in Internet Explorer,
MustLive
- SQL injection vulnerability in Ecomat CMS,
advisory
- XSS vulnerability in Ecomat CMS,
advisory
- [ GLSA 201006-01 ] FreeType 1: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-02 ] CamlImages: User-assisted execution of arbitrary code,
Alex Legler
- PuTTY private key passphrase stealing attack,
Jan Schejbal
- [ GLSA 201006-03 ] ImageMagick: User-assisted execution of arbitrary code,
Alex Legler
- Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework,
Onapsis Research Labs
- [ GLSA 201006-04 ] xine-lib: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-05 ] Wireshark: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 201006-06 ] Transmission: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 201006-07 ] SILC: Multiple vulnerabilities,
Tobias Heinlein
- ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability,
ZDI Disclosures
- [ GLSA 201006-08 ] nano: Multiple vulnerabilities,
Tobias Heinlein
- [ GLSA 201006-09 ] sudo: Privilege escalation,
Tobias Heinlein
- Applicure dotDefender 4.0 administrative interface cross site scripting,
Sandro Gauci
- SFCB vulnerabilities,
Nicolas Grégoire
- [20100501] - Core - Joomla! Multiple XSS Vulnerabilities in Back End Administrative Module Core Components,
Riyaz Walikar
- Trend Micro Data Loss Prevention 5.2 Data Leakage,
nitrØus
- Wing FTP Server - Cross Site Scripting Vulnerability,
werew01f
- TEHTRI-Security: Many 0days soon released at SyScan Singapore 2010,
Laurent OUDOT at TEHTRI-Security
- [ GLSA 201006-10 ] multipath-tools: World-writeable socket,
Stefan Behte
- [ GLSA 201006-11 ] BIND: Multiple vulnerabilities,
Stefan Behte
- [ GLSA 201006-12 ] Fetchmail: Multiple vulnerabilities,
Stefan Behte
- [Suspected Spam][USN-946-1] Net-SNMP vulnerability,
Kees Cook
- [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities,
Alex Legler
- [ GLSA 201006-14 ] Newt: User-assisted execution of arbitrary code,
Alex Legler
- [security bulletin] HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [security bulletin] HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access,
security-alert
- [ GLSA 201006-15 ] XEmacs: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-16 ] GD: User-assisted execution of arbitrary code,
Alex Legler
- [ GLSA 201006-17 ] lighttpd: Denial of Service,
Alex Legler
- [security bulletin] HPSBST02536 SSRT100057 rev.1 - HP StorageWorks Storage Mirroring, Remote Unauthorized Access,
security-alert
- [security bulletin] HPSBMA02538 SSRT100136 rev.1 - HP ServiceCenter Running on AIX, HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS),
security-alert
- eFront Multiple Parameter Cross Site Scripting Vulnerabilities,
VUPEN Web Security
- Multiple vulnerabilities in Exim,
Dan Rosenberg
- RSA Key Manager SQL injection Vulnerability ( CVE-2010-1904 ),
Kyle Quest
- [ GLSA 201006-20 ] Asterisk: Multiple vulnerabilities,
Alex Legler
- [USN-948-1] GnuTLS vulnerability,
Jamie Strandboge
- CA20100603-01: Security Notice for CA ARCserve Backup,
Kotas, Kevin J
- [Suspected Spam][USN-947-2] Linux kernel regression,
Kees Cook
- [ GLSA 201006-19 ] Bugzilla: Multiple vulnerabilities,
Alex Legler
- [ GLSA 201006-18 ] Oracle JRE/JDK: Multiple vulnerabilities,
Alex Legler
- Vulnerabilities in Gigya Socialize for WordPress,
MustLive
- [security bulletin] HPSBUX02451 SSRT090137 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- Core FTP mini-sftp-server Several DoS and Directory Traversal Vulnerabilities,
leinakesi
- [SECURITY] [DSA 2055-1] New OpenOffice.org packages fix arbitrary code execution,
Nico Golde
- [SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning,
Florian Weimer
- SQL injection vulnerability in CuteSITE CMS,
advisory
- [SECURITY] [DSA 2056-1] New zonecheck packages fix cross-site scripting,
Sebastien Delafond
- [SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Giuseppe Iuculano
- XSS vulnerability in CuteSITE CMS,
advisory
- Core FTP Server(SFTP module) 'open' and 'stat' Commands Remote Denial of Service Vulnerability,
leinakesi
- XSRF (CSRF) in CuteSITE CMS,
advisory
- XSS vulnerability in boastMachine,
advisory
- SQL injection vulnerability in boastMachine,
advisory
- VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392),
VUPEN Security Research
- Paessler - PRTG Traffic Grapher XSS,
Patrick Webster
- Recon 2010 - Speaker list, new additional capacity for sold-out training, party details,
Hugo Fortier
- Blue Arc Group - IgnitionSuite CMS WebDMailer unsubscribe issue,
Patrick Webster
- ArpON (Arp handler inspectiON) 2.0 released!,
Andrea Di Pasquale
- DoS attacks on email clients via protocol handlers,
MustLive
- The XCon2010 is coming,
xcon
- [ MDVSA-2010:111 ] glibc,
security
- ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-091: Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-095: Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-094: Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-092: Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-106: Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability,
ZDI Disclosures
- IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell,
Cristofaro Mune
- ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability,
ZDI Disclosures
- tool: ref_fuzz (CVE-2010-1259 / MS10-035 and more),
Michal Zalewski
- ZDI-10-105: Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBMA02537 SSRT010027 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [CORE-2010-0415] SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application,
CORE Security Technologies Advisories
- Dlink Di-604 router authenticated user ping tool Xss and DoS,
Ewerson Guimarães (Crash) - Dclabs
- VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel RTD Heap Corruption Vulnerability (CVE-2010-1247),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel SxView Memory Corruption Vulnerability (CVE-2010-1245),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability (CVE-2010-1246),
VUPEN Security Research
- Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability,
Marcus Meissner
- [USN-950-1] MySQL vulnerabilities,
Marc Deslauriers
- [MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery,
david . kurz
- VUPEN Security Research - Microsoft Office Excel WOPT Heap Corruption Vulnerability (CVE-2010-0824),
VUPEN Security Research
- Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center Express,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Application Extension Platform Privilege Escalation Vulnerability,
Cisco Systems Product Security Incident Response Team
- CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls,
Kotas, Kevin J
- [MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting,
david . kurz
- VUPEN Security Research - Microsoft Office Excel HFPicture Buffer Overflow Vulnerability (CVE-2010-1248),
VUPEN Security Research
- [MajorSecurity SA-068]Anantasoft Gazelle CMS - change admin password via Cross-site Request Forgery,
david . kurz
- VUPEN Security Research - Microsoft Windows Kernel "GetDCEx()" Memory Corruption Vulnerability (CVE-2010-0484),
VUPEN Security Research
- VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249),
VUPEN Security Research
- McAfee UTM Firewall Help Reflected Cross-Site Scripting,
Adam Baldwin
- Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly,
Tavis Ormandy
- PR09-17: Juniper Secure Access seriers (Juniper IVE) authenticated XSS & REDIRECTION,
research
- TPTI-10-03: Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:113 ] wireshark,
security
- Awcm Cms Local File Inclusion Vulnerability,
x0 . root
- [SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities,
Aurelien Jarno
- Vulnerabilities in Belavir for WordPress,
MustLive
- [MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues,
david . kurz
- [SECURITY] [DSA 2059-1] New pcsc-lite packages fix privilege escalation,
Thijs Kinkhorst
- iDefense Security Advisory 06.07.10: Multiple Vendor WebKit HTML Caption Use After Free Vulnerability,
iDefense Labs
- ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability,
ZDI Disclosures
- iDefense Security Advisory 06.10.10: Adobe Flash Player Out Of Bounds Memory Indexing Vulnerability,
iDefense Labs
- iDefense Security Advisory 06.10.10: Adobe Flash Player Use-After-Free Vulnerability,
iDefense Labs
- Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow,
Secunia Research
- [ MDVSA-2010:114 ] dhcp,
security
- SQL injection vulnerability in MODx CMS and Application Framework,
advisory
- [ MDVSA-2010:115 ] perl,
security
- SQL injection vulnerability in AneCMS,
advisory
- Cherokee Web Server 0.5.3 Multiple Vulnerabilities,
info
- Stored XSS vulnerability in AneCMS blog module,
advisory
- [ MDVSA-2010:116 ] perl,
security
- [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068,
William A. Rowe Jr.
- SQL injection vulnerability in MODx CMS,
advisory
- [MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability,
david . kurz
- [security bulletin] HPSBMA02537 SSRT010027 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBPI02532 SSRT100111 rev.2 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access,
security-alert
- [SECURITY] [DSA 2060-1] New cacti packages fix SQL injection,
Nico Golde
- [ GLSA 201006-21 ] UnrealIRCd: Multiple vulnerabilities,
Alex Legler
- [SECURITY] [DSA 2054-2] New bind9 packages fix cache poisoning,
Martin Schulze
- CORE-2010-0514: XnView MBM Processing Heap Overflow,
CORE Security Technologies Advisories
- TitanFTP Server Arbitrary File Disclosure,
bill
- Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit,
g1xsystem
- VUPEN Security Research - Adobe Flash Player "newfunction" Invalid Pointer Vulnerability (CVE-2010-2174),
VUPEN Security Research
- VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities (CVE-2010-2167),
VUPEN Security Research
- VUPEN Security Research - Adobe Flash Player "newclass" Invalid Pointer Vulnerability (CVE-2010-2173),
VUPEN Security Research
- ZDI-10-108: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Remote Code Execution Vulnerability,
ZDI Disclosures
- [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass,
Onapsis Research Labs
- [ MDVSA-2010:117 ] cacti,
security
- [SECURITY] [DSA 2061-1] New samba packages fix arbitrary code execution,
Nico Golde
- [USN-951-1] Samba vulnerability,
Kees Cook
- ZDI-10-110: Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBOV02540 SSRT090249 rev.1 - HP SSL for OpenVMS, Remote Unauthorized Data Injection, Denial of Service(Dos),
security-alert
- iDefense Security Advisory 06.16.10: Samba 3.3.12 Memory Corruption Vulnerability,
iDefense Labs
- [MajorSecurity SA-074]CMS RedAks 2.0 - Multiple Cross-site Scripting issues,
david . kurz
- TurboFTP Server Directory Traversal Vulnerability,
leinakesi
- [SECURITY] [DSA 2062-1] New sudo packages fix environment sanitization bypass vulnerability,
Giuseppe Iuculano
- [ MDVSA-2010:118 ] sudo,
security
- [ MDVSA-2010:119 ] samba,
security
- TEHTRI-Security released 13 0days against web tools used by evil attackers,
Laurent OUDOT at TEHTRI-Security
- Vulnerabilities in Firebook,
MustLive
- [SECURITY] [DSA 2063-1] New pmount packages fix denial of service,
Giuseppe Iuculano
- TitanFTP Server COMB directory traversal,
bill
- [security bulletin] HPSBUX02543 SSRT100152 rev.1 - HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access,,
security-alert
- CVE-2010-1622: Spring Framework execution of arbitrary code,
s2-security
- XCon 2010 XFocus Information Security Conference Call for Paper,
xcon
- NSOADV-2010-008: AnNoText Third-Party ActiveX Control Buffer Overflow,
NSO Research
- NSOADV-2010-009: AnNoText Third-Party ActiveX Control file overwrite vulnerability,
NSO Research
- Vulnerabilities in eSitesBuilder,
MustLive
- [MajorSecurity SA-075]CMS RedAks 2.0 - SQL injection vulnerability,
david . kurz
- Wing FTP Server PORT Command DoS Vulnerability,
sk
- Remote Arbitrary Code Execution Vulnerability in UFO: Alien Invasion,
jason
- XSS vulnerability in Scribe CMS,
advisory
- Stored XSS vulnerability in synType CMS comment text field,
advisory
- XSS vulnerability in the search module of synType CMS,
advisory
- Sysax Multi Server "open", "unlink", "mkdir", "scp_get" Commands DoS Vulnerabilities,
leinakesi
- [ MDVSA-2010:120 ] squirrelmail,
security
- ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability,
ZDI Disclosures
- [USN-954-1] tiff vulnerabilities,
Kees Cook
- [USN-955-1] OPIE vulnerability,
Marc Deslauriers
- [USN-955-2] libpam-opie vulnerability,
Marc Deslauriers
- [USN-953-1] fastjar vulnerability,
Marc Deslauriers
- CSRF in PHPWCMS 1.4.5,
labs
- ZDI-10-111: Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
- [USN-952-1] CUPS vulnerabilities,
Marc Deslauriers
- [scip_Advisory 4142] Skype Client for Mac Chat Unicode Denial of Service,
Marc Ruef
- [ MDVSA-2010:121 ] pango,
security
- [security bulletin] HPSBUX02541 SSRT100145 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File,
Morris, John R. (SSRT)
- [ MDVSA-2010:122 ] fastjar,
security
- IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting,
Cristofaro Mune
- [security bulletin] HPSBMA02439 SSRT080082 rev.2 - HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access,
security-alert
- Microsoft Help Files (.CHM): 'Locked File' Feature Bypass,
Paul Craig
- Apache Axis Session Fixation Vulnerability,
Tiago Ferreira Barbosa
- Weborf DCA-00012 Vulnerability Report,
Ewerson Guimarães (Crash) - Dclabs
- [ MDVSA-2010:123 ] libneon0.27,
security
- ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability,
ZDI Disclosures
- CORE-2010-0316 - Novell iManager Multiple Vulnerabilities,
CORE Security Technologies Advisories
- [ MDVSA-2010:124 ] pulseaudio,
security
- [ MDVSA-2010:125 ] firefox,
security
- SQL injection vulnerability in WebDB,
advisory
- XSS vulnerability in ForumCMS,
advisory
- [ MDVSA-2010:126 ] mozilla-thunderbird,
security
- [Suspected Spam]Vulnerabilities in Cimy Counter for WordPress,
MustLive
- VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel,
VMware Security team
- ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-115: Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution Vulnerability,
ZDI Disclosures
- [SWRX-2010-001] Cisco ASA HTTP Response Splitting Vulnerability,
ctu-no-reply
- [security bulletin] HPSBUX02544 SSRT100107 rev.1 - HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries,
Stefan Kanthak
- [SECURITY] [DSA 2064-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- [SECURITY] [DSA 2065-1] New kvirc packages fix several vulnerabilities,
Moritz Muehlenhoff
- Denial-of-Service Vulnerability in IDA Pro,
jason
- IS-2010-004 - D-Link DAP-1160 Unauthenticated Remote Configuration,
Cristofaro Mune
- New IETF Internet-Drafts on TCP timestamps,
Fernando Gont
- ref_fuzz and other fun bugs,
Michal Zalewski
- London DEFCON June meet - DC4420 - Wed 30th June 2010,
alien DC4420
- SQL injection vulnerability in TomatoCMS,
advisory
- XSS vulnerability in PortalApp,
advisory
- SQL injection vulnerability in Grafik CMS,
advisory
- XSS vulnerability in Grafik CMS,
advisory
- Extended deadline, Call for Papers EC2ND 2010,
Konrad Rieck
- iDefense Security Advisory 06.21.10: Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability,
iDefense Labs
- Secunia Research: TaskFreak "password" SQL Injection Vulnerability,
Secunia Research
- Secunia Research: TaskFreak "tznMessage" Cross-Site Scripting Vulnerability,
Secunia Research
- IS-2010-005 - D-Link DAP-1160 Authentication Bypass,
Cristofaro Mune
- [USN-927-4] nss vulnerability,
Jamie Strandboge
- SAP's web module OLK SQL Injection vulnerability,
salchoman
- [USN-927-5] nspr update,
Jamie Strandboge
Mail converted by MHonArc