Mail Index
- [security bulletin] HPSBMA02571 SSRT100034 rev.1 - HP Insight Diagnostics Online Edition, Remote Cross Site Scripting (XSS)
- Tortoise SVN DLL Hijacking Vulnerability
- [ MDVSA-2010:166 ] libgdiplus
- ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
- ApPHP Calendar XSS - CSRF
- KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
- From: YGN Ethical Hacker Group
- [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities
- [ MDVSA-2010:167 ] perl-libwww-perl
- VMSA-2010-0013
- From: VMware Security Team
- XSS vulnerability in Amiro.CMS FAQ
- VMSA-2010-0013 VMware ESX third party updates for Service Console
- From: VMware Security Team
- Tortoise SVN DLL Hijacking Vulnerability
- XSS vulnerability in Rumba CMS
- Online Binary Planting Exposure Test
- XSS vulnerability in ArtGK CMS forum
- XSS vulnerability in Rumba CMS tags
- XSS vulnerability in ArtGK CMS
- {PRL} Novell Netware OpenSSH Remote Stack Overflow
- Vulnerabilities in CMS WebManager-Pro
- [USN-982-1] Wget vulnerability
- [ MDVSA-2010:169 ] mozilla-thunderbird
- [ MDVSA-2010:168 ] openssl
- Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll)
- From: YGN Ethical Hacker Group
- [ MDVSA-2010:170 ] wget
- [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
- Rooted CON 2011 - Call for Papers
- [security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code
- [ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code
- nullcon Goa dwitiya (2.0) Call For Papers
- VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
- From: VUPEN Security Research
- Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
- Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL)
- From: YGN Ethical Hacker Group
- chillyCMS Multiple Vulnerabilities
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
- From: YGN Ethical Hacker Group
- Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities
- [SECURITY] [DSA-2104-1] New quagga packages fix denial of service
- Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability
- [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf
- From: Laurent OUDOT at TEHTRI-Security
- nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
- Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil
- From: Rodrigo Rubira Branco (BSDaemon)
- XSS in Horde Application Framework <=3.3.8, icon_browser.php
- H2HC São Paulo - Capture the Captcha
- From: Rodrigo Rubira Branco (BSDaemon)
- [ GLSA 201009-03 ] sudo: Privilege Escalation
- [SECURITY] [DSA-2103-1] New smbind packages fix sql injection
- The Zed Attack Proxy (ZAP) version 1.0.0
- [ MDVSA-2010:171 ] lvm2
- [USN-983-1] Sudo vulnerability
- Security problems in Zenphoto version 1.3
- Recent developments in FireWire Attacks
- Re: etax 2010 failure to validate remote ssl certificate properly
- [SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
- [SECURITY] [DSA 2098-2] New typo3-src packages fix regression
- Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability
- Call for Participation - GameSec 2010 - Berlin, Germany
- [USN-984-1] LFTP vulnerability
- [security bulletin] HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS)
- [ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code
- [ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities
- etax 2010 failure to validate remote ssl certificate properly
- [ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- From: Cisco Systems Product Security Incident Response Team
- ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSAŽ Access Manager Server under certain conditions.
- ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSAŽ Access Manager Agent when working with RSAŽ Adaptive Authentication.
- [USN-985-1] mountall vulnerability
- ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability.
- [security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local
- [SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution
- ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1)
- From: ACROS Security Lists
- Binary Planting Goes "EXE"
- From: ACROS Security Lists
- SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3
- [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
- [USN-975-1] Firefox and Xulrunner vulnerabilities
- [USN-978-1] Thunderbird vulnerabilities
- Re: etax 2010 failure to validate remote ssl certificate properly
- Re: Binary Planting Goes "EXE"
- [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities
- Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)
- From: YGN Ethical Hacker Group
- [ MDVSA-2010:172 ] kernel
- Medium security flaw in Apache Traffic Server
- Internet Download Accelerator 5.8 Remote Buffer Overflow
- Re: Binary Planting Goes "EXE"
- From: Christian Sciberras
- PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)
- From: YGN Ethical Hacker Group
- [DCA-00015] YOPS Web Server Remote Command Execution
- International Hacking Conference "POC2001" Call for Paper
- [SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities
- MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability
- MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability
- [ MDVSA-2010:174 ] quagga
- MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities
- [ MDVSA-2010:175 ] sudo
- [ MDVSA-2010:179 ] libglpng
- [ MDVSA-2010:180 ] rpm
- Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service
- Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities
- H2HC 2010 Sao Paulo - Capture the Flag
- From: Rodrigo Rubira Branco (BSDaemon)
- [ MDVSA-2010:176 ] tomcat5
- Adobe LiveCycle ES DLL Hijacking Exploit (.dll)
- [ MDVSA-2010:177 ] tomcat5
- [ MDVSA-2010:178 ] ocsinventory
- MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities
- ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability
- ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability
- ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
- ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability
- ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
- [DCA-00016 - Nokia E72 Keyboard Password bypass]
- From: Ewerson Guimarães (Crash) - Dclabs
- ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
- CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability
- rPSA-2010-0056-1 httpd mod_ssl
- From: rPath Update Announcements
- [SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
- Web challenges from RootedCON'2010 CTF - Contest
- From: Roman Medina-Heigl Hernandez
- [ MDVSA-2010:181 ] ntop
- [security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information
- [USN-987-1] Samba vulnerability
- ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
- [FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS)
- [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS)
- [FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)
- ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability
- [ MDVSA-2010:182 ] kdegraphics
- Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability
- New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1"
- [FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS)
- XSS vulnerability in AContent search
- XSS vulnerability in Atutor edit content folder
- XSS vulnerability in AContent
- [Suspected Spam]Directory Traversal in Axigen v7.4.1 running on Windows
- XSS vulnerability in AContent
- XSS vulnerability in ATutor
- XSS vulnerability in AChecker
- XSS (cross site scripting) vulnerability in Serendipity
- XSS vulnerability in SantaFox search module
- XSRF (CSRF) in SantaFox
- ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability
- [ MDVSA-2010:183 ] socat
- MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities
- MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities
- [security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)
- [SECURITY] [DSA-2109-1] New samba packages fix buffer overflow
- [security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
- [oCERT-2010-003] Free Simple CMS path sanitization errors
- [ MDVSA-2010:184 ] samba
- [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues
- [USN-978-2] Thunderbird regression
- [security bulletin] HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
- [USN-975-2] Firefox and Xulrunner regression
- Searching for DropBox security contact
- SQL injection vulnerability in e107
- [security bulletin] HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
- [USN-986-1] bzip2 vulnerability
- [USN-986-2] ClamAV vulnerability
- SQL injection vulnerability in e107
- [SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities
- [SECURITY] [DSA 2111-1] New squid3 packages fix denial of service
- [SECURITY] [DSA-2106-2] New xulrunner packages fix regression
- Vulnerabilities in IB Promotion Advanced Business Web Suite
- n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760
- n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server
- n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760
- [SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow
- FreeBSD Security Advisory FreeBSD-SA-10:08.bzip2
- From: FreeBSD Security Advisories
- [ MDVSA-2010:185 ] bzip2
- Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
- Binary Planting Attack Vectors - There's more than one way to skin a cat... or plant a binary, for that matter
- From: ACROS Security Lists
- [USN-986-3] dpkg vulnerability
- Battle.net Mobile Authenticator MITM Vulnerability
- [USN-989-1] PHP vulnerabilities
- Security Contact Allianz IT-Infrastructure - Germany
- [ MDVSA-2010:186 ] phpmyadmin
- Exploit Next Generation® Methodology
- [USN-990-2] Apache vulnerability
- [USN-990-1] OpenSSL vulnerability
- CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability
- [ISecAuditors Security Advisories] Insecure Direct Object Reference in tuenti.com allow to read of any message user
- From: ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0
- From: ISecAuditors Security Advisories
- [ GLSA 201009-08 ] python-updater: Untrusted search path
- [ GLSA 201009-07 ] libxml2: Denial of Service
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS SSL VPN Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities
- From: Salvatore Fresta aka Drosophila
- CONFidence 2.0 2010 - Call for Papers - 29-30.11.2010 Prague
- [ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability
- ESA-2010-017: RSA, The Security Division of EMC, announces a security update for RSA Authentication Agent 7.0 for Web, which addresses a potential directory traversal vulnerability
- [ MDVSA-2010:188 ] kernel
- [ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483
- From: ISecAuditors Security Advisories
- [security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection
- [security bulletin] HPSBMA02585 SSRT100256 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)
- Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
- [security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure
- [ MDVSA-2010:187 ] squid
- [security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection
- Netscape Web Browser (CSS) Cross Domain Vulnerability
- Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
- Re: Netscape Web Browser (CSS) Cross Domain Vulnerability
- Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
- TWSL2010-005: FreePBX recordings interface allows remote code execution
- From: Trustwave Advisories
- VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues
- From: VMware Security team
- [ MDVSA-2010:189 ] pcsc-lite
- [ MDVSA-2010:189-1 ] pcsc-lite
- Vulnerabilities in CMS MYsite
- Exploit Next Generation(R) Example Codes
- Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453
- [SECURITY] [DSA-2114-1] New git-core packages fix regression
- SQL injection vulnerability in e107
- XSS vulnerability in Entrans
- SQL injection vulnerability in Entrans
- SQL injection vulnerability in Entrans
- XSS in Horde IMP <=4.3.7, fetchmailprefs.php
- [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference
- Re: XSS vulnerability in CompuCMS
- From: security curmudgeon
- Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
- XSRF (CSRF) in Zimplit
- [USN-995-1] libMikMod vulnerabilities
- [USN-996-1] Mako vulnerability
- XSS vulnerability in GetSimple CMS
- [USN-994-1] libHX vulnerability
- Re: XSS vulnerability in Auto CMS
- From: security curmudgeon
- [USN-993-1] libgdiplus vulnerability
- XSS vulnerability in Pluck
- [Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service
- From: Onapsis Research Labs
- [security bulletin] HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege Escalation
- [USN-992-1] Avahi vulnerabilities
Mail converted by MHonArc