Mail Thread Index
- [security bulletin] HPSBMA02571 SSRT100034 rev.1 - HP Insight Diagnostics Online Edition, Remote Cross Site Scripting (XSS),
security-alert
- Tortoise SVN DLL Hijacking Vulnerability,
nikhil_uitrgpv
- [ MDVSA-2010:166 ] libgdiplus,
security
- ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability,
ZDI Disclosures
- ApPHP Calendar XSS - CSRF,
edgard . chammas
- KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll),
YGN Ethical Hacker Group
- [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities,
Moritz Muehlenhoff
- [ MDVSA-2010:167 ] perl-libwww-perl,
security
- VMSA-2010-0013,
VMware Security Team
- XSS vulnerability in Amiro.CMS FAQ,
advisory
- VMSA-2010-0013 VMware ESX third party updates for Service Console,
VMware Security Team
- XSS vulnerability in Rumba CMS,
advisory
- Online Binary Planting Exposure Test,
ACROS Lists
- XSS vulnerability in ArtGK CMS forum,
advisory
- XSS vulnerability in Rumba CMS tags,
advisory
- XSS vulnerability in ArtGK CMS,
advisory
- {PRL} Novell Netware OpenSSH Remote Stack Overflow,
Francis Provencher
- Vulnerabilities in CMS WebManager-Pro,
MustLive
- [USN-982-1] Wget vulnerability,
Marc Deslauriers
- [ MDVSA-2010:169 ] mozilla-thunderbird,
security
- [ MDVSA-2010:168 ] openssl,
security
- Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll),
YGN Ethical Hacker Group
- [ MDVSA-2010:170 ] wget,
security
- [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution,
Sebastien Delafond
- Rooted CON 2011 - Call for Papers,
Román Ramírez
- [security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code,
security-alert
- [ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code,
Alex Legler
- nullcon Goa dwitiya (2.0) Call For Papers,
nullcon
- VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249),
VUPEN Security Research
- Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?,
steve . povolny
- Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL),
YGN Ethical Hacker Group
- chillyCMS Multiple Vulnerabilities,
admin
- Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities,
sattler
- [SECURITY] [DSA-2104-1] New quagga packages fix denial of service,
Florian Weimer
- Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability,
sattler
- [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf,
Laurent OUDOT at TEHTRI-Security
- nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.,
nikhil_uitrgpv
- Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil,
Rodrigo Rubira Branco (BSDaemon)
- XSS in Horde Application Framework <=3.3.8, icon_browser.php,
Moritz Naumann
- H2HC São Paulo - Capture the Captcha,
Rodrigo Rubira Branco (BSDaemon)
- [ GLSA 201009-03 ] sudo: Privilege Escalation,
Alex Legler
- [SECURITY] [DSA-2103-1] New smbind packages fix sql injection,
Giuseppe Iuculano
- The Zed Attack Proxy (ZAP) version 1.0.0,
psiinon
- [ MDVSA-2010:171 ] lvm2,
security
- [USN-983-1] Sudo vulnerability,
Jamie Strandboge
- Security problems in Zenphoto version 1.3,
Bogdan Calin
- Recent developments in FireWire Attacks,
Freddie Witherden
- [SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities,
Giuseppe Iuculano
- [SECURITY] [DSA 2098-2] New typo3-src packages fix regression,
Thijs Kinkhorst
- Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability,
sattler
- Call for Participation - GameSec 2010 - Berlin, Germany,
Albert Levi
- [USN-984-1] LFTP vulnerability,
Marc Deslauriers
- [security bulletin] HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS),
security-alert
- [ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code,
Stefan Behte
- [ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities,
Stefan Behte
- etax 2010 failure to validate remote ssl certificate properly,
dave b
- [ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities,
Tobias Heinlein
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers,
Cisco Systems Product Security Incident Response Team
- ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSAŽ Access Manager Server under certain conditions.,
Security_Alert
- ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSAŽ Access Manager Agent when working with RSAŽ Adaptive Authentication.,
Security_Alert
- [USN-985-1] mountall vulnerability,
Kees Cook
- ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.,
Security_Alert
- [security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local,
security-alert
- [SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution,
Sebastien Delafond
- ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1),
ACROS Security Lists
- Binary Planting Goes "EXE",
ACROS Security Lists
- SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3,
Bogdan Calin
- [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code,
security-alert
- [USN-975-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- [USN-978-1] Thunderbird vulnerabilities,
Jamie Strandboge
- [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll),
YGN Ethical Hacker Group
- [ MDVSA-2010:172 ] kernel,
security
- Medium security flaw in Apache Traffic Server,
Tim Brown
- Internet Download Accelerator 5.8 Remote Buffer Overflow,
g1xsystem
- PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll),
YGN Ethical Hacker Group
- [DCA-00015] YOPS Web Server Remote Command Execution,
Rodrigo Escobar
- International Hacking Conference "POC2001" Call for Paper,
pocadm
- [SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities,
Thijs Kinkhorst
- MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability,
marian . ventuneac
- MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability,
marian . ventuneac
- [ MDVSA-2010:174 ] quagga,
security
- MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities,
marian . ventuneac
- [ MDVSA-2010:175 ] sudo,
security
- [ MDVSA-2010:179 ] libglpng,
security
- [ MDVSA-2010:180 ] rpm,
security
- Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service,
yangdn
- Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities,
Secunia Research
- H2HC 2010 Sao Paulo - Capture the Flag,
Rodrigo Rubira Branco (BSDaemon)
- [ MDVSA-2010:176 ] tomcat5,
security
- Adobe LiveCycle ES DLL Hijacking Exploit (.dll),
admin
- [ MDVSA-2010:177 ] tomcat5,
security
- [ MDVSA-2010:178 ] ocsinventory,
security
- MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities,
marian . ventuneac
- ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- [DCA-00016 - Nokia E72 Keyboard Password bypass],
Ewerson Guimarães (Crash) - Dclabs
- ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability,
ZDI Disclosures
- CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability,
Aditya K Sood
- rPSA-2010-0056-1 httpd mod_ssl,
rPath Update Announcements
- [SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution,
Sébastien Delafond
- Web challenges from RootedCON'2010 CTF - Contest,
Roman Medina-Heigl Hernandez
- [ MDVSA-2010:181 ] ntop,
security
- [security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information,
security-alert
- [USN-987-1] Samba vulnerability,
Marc Deslauriers
- ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability,
ZDI Disclosures
- [FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS),
Lyndon Nerenberg
- [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS),
Lyndon Nerenberg
- [FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS),
Lyndon Nerenberg
- ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:182 ] kdegraphics,
security
- Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability,
Secunia Research
- New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1",
Amit Klein
- [FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS),
Lyndon Nerenberg
- XSS vulnerability in AContent search,
advisory
- XSS vulnerability in Atutor edit content folder,
advisory
- XSS vulnerability in AContent,
advisory
- [Suspected Spam]Directory Traversal in Axigen v7.4.1 running on Windows,
Bogdan Calin
- XSS vulnerability in ATutor,
advisory
- XSS vulnerability in AChecker,
advisory
- XSS (cross site scripting) vulnerability in Serendipity,
advisory
- XSS vulnerability in SantaFox search module,
advisory
- XSRF (CSRF) in SantaFox,
advisory
- ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:183 ] socat,
security
- MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities,
marian . ventuneac
- MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities,
marian . ventuneac
- [security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS),
security-alert
- [SECURITY] [DSA-2109-1] New samba packages fix buffer overflow,
Stefan Fritsch
- [security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities,
security-alert
- [oCERT-2010-003] Free Simple CMS path sanitization errors,
Andrea Barisani
- [ MDVSA-2010:184 ] samba,
security
- [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues,
dann frazier
- [USN-978-2] Thunderbird regression,
Jamie Strandboge
- [security bulletin] HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information,
security-alert
- [USN-975-2] Firefox and Xulrunner regression,
Jamie Strandboge
- Searching for DropBox security contact,
Rebecca Menessec
- SQL injection vulnerability in e107,
advisory
- [security bulletin] HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities,
security-alert
- [USN-986-1] bzip2 vulnerability,
Jamie Strandboge
- [USN-986-2] ClamAV vulnerability,
Jamie Strandboge
- [SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities,
Steffen Joeris
- [SECURITY] [DSA 2111-1] New squid3 packages fix denial of service,
Steffen Joeris
- [SECURITY] [DSA-2106-2] New xulrunner packages fix regression,
Stefan Fritsch
- Vulnerabilities in IB Promotion Advanced Business Web Suite,
MustLive
- n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760,
security
- n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server,
security
- [SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow,
Stefan Fritsch
- FreeBSD Security Advisory FreeBSD-SA-10:08.bzip2,
FreeBSD Security Advisories
- [ MDVSA-2010:185 ] bzip2,
security
- Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall,
Stefan Kanthak
- Binary Planting Attack Vectors - There's more than one way to skin a cat... or plant a binary, for that matter,
ACROS Security Lists
- [USN-986-3] dpkg vulnerability,
Jamie Strandboge
- Battle.net Mobile Authenticator MITM Vulnerability,
yawninglol
- [USN-989-1] PHP vulnerabilities,
Marc Deslauriers
- Security Contact Allianz IT-Infrastructure - Germany,
Stefan Bauer
- [ MDVSA-2010:186 ] phpmyadmin,
security
- Exploit Next Generation® Methodology,
Nelson Brito
- [USN-990-2] Apache vulnerability,
Marc Deslauriers
- [USN-990-1] OpenSSL vulnerability,
Marc Deslauriers
- CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability,
sk
- [ISecAuditors Security Advisories] Insecure Direct Object Reference in tuenti.com allow to read of any message user,
ISecAuditors Security Advisories
- [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0,
ISecAuditors Security Advisories
- [ GLSA 201009-08 ] python-updater: Untrusted search path,
Stefan Behte
- [ GLSA 201009-07 ] libxml2: Denial of Service,
Stefan Behte
- Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS SSL VPN Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities,
Salvatore Fresta aka Drosophila
- CONFidence 2.0 2010 - Call for Papers - 29-30.11.2010 Prague,
Andrzej Targosz
- [ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability,
adv
- ESA-2010-017: RSA, The Security Division of EMC, announces a security update for RSA Authentication Agent 7.0 for Web, which addresses a potential directory traversal vulnerability,
Security_Alert
- [ MDVSA-2010:188 ] kernel,
security
- [ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483,
ISecAuditors Security Advisories
- [security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection,
security-alert
- [security bulletin] HPSBMA02585 SSRT100256 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
- Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability,
info
- [security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure,
security-alert
- [ MDVSA-2010:187 ] squid,
security
- [security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection,
security-alert
- Netscape Web Browser (CSS) Cross Domain Vulnerability,
info
- TWSL2010-005: FreePBX recordings interface allows remote code execution,
Trustwave Advisories
- VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues,
VMware Security team
- [ MDVSA-2010:189 ] pcsc-lite,
security
- [ MDVSA-2010:189-1 ] pcsc-lite,
security
- Vulnerabilities in CMS MYsite,
MustLive
- Exploit Next Generation(R) Example Codes,
Nelson Brito
- Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453,
Rodrigo Branco
- [SECURITY] [DSA-2114-1] New git-core packages fix regression,
Stefan Fritsch
- XSS vulnerability in Entrans,
advisory
- SQL injection vulnerability in Entrans,
advisory
- XSS in Horde IMP <=4.3.7, fetchmailprefs.php,
Moritz Naumann
- [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference,
Andrea Barisani
- Re: XSS vulnerability in CompuCMS,
security curmudgeon
- Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS,
Yam Mesicka
- XSRF (CSRF) in Zimplit,
advisory
- [USN-995-1] libMikMod vulnerabilities,
Marc Deslauriers
- [USN-996-1] Mako vulnerability,
Marc Deslauriers
- XSS vulnerability in GetSimple CMS,
advisory
- [USN-994-1] libHX vulnerability,
Marc Deslauriers
- Re: XSS vulnerability in Auto CMS,
security curmudgeon
- [USN-993-1] libgdiplus vulnerability,
Marc Deslauriers
- XSS vulnerability in Pluck,
advisory
- [Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service,
Onapsis Research Labs
- [security bulletin] HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege Escalation,
security-alert
- [USN-992-1] Avahi vulnerabilities,
Marc Deslauriers
Mail converted by MHonArc