Mail Thread Index

• Date Index

• [ GLSA 201009-09 ] fence: Multiple symlink vulnerabilites, Stefan Behte
• VMSA-2010-0015 VMware ESX third party updates for Service Console, VMware Security team
• [SECURITY] [DSA-2115-1] New moodle packages fix several vulnerabilities, Florian Weimer
• [security bulletin] HPSBMA02558 SSRT100158 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, security-alert
• ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities, ZDI Disclosures
• ZDI-10-179: IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability, ZDI Disclosures
• JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities, Salvatore Fresta aka Drosophila
  • <Possible follow-ups>
  • Re: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities, joomextensions
• ZDI-10-185: IBM TSM FastBack Server _Eventlog Format String Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-10-187: IBM TSM FastBack Server _DAS_ReadBlockReply Remote Denial of Service Vulnerability, ZDI Disclosures
• ZDI-10-180: IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-10-184: IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability, ZDI Disclosures
• ZDI-10-181: IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-10-183: IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2010:190 ] libtiff, security
• Re: XSS vulnerability in Pluck, security curmudgeon
• THOTCON 0x2 - Call For Papers is Open -> 10.01.10, THOTCON Announce
• [STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities, info
• Re: XSRF (CSRF) in Zimplit, security curmudgeon
• Multiple vulnerabilities in WordPress 2 and 3, MustLive
• NetWin Surgemail XSS vulnerability, kerem . kocaer
• [ MDVSA-2010:191 ] mailman, security
• ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability, ZDI Disclosures
• [ MDVSA-2010:193 ] qt-creator, security
• Another new technique to bypass SEHOP. ( no 'xor pop pop ret' ), geinblues
• [ MDVSA-2010:194 ] git, security
• ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability, ZDI Disclosures
• [ MDVSA-2010:192 ] apr-util, security
• [STANKOINFORMZASCHITA-10-02] ITS SCADA Authorization bypass, info
• [ MDVSA-2010:195 ] libesmtp, security
• OWASP ZAP, psiinon
• [SECURITY] [DSA-2117-1] New apr-util packages fix denial of service, Stefan Fritsch
• [IMF 2011] Call for Papers, Oliver Goebel
• SQL injection vulnerability in Elxis CMS, advisory
• XSS vulnerability in Docebo Announcements, advisory
• [SECURITY] [DSA-2116-1] New freetype packages integer overflow, Stefan Fritsch
• XSS vulnerability in Elxis CMS, advisory
• XSS vulnerability in Elxis CMS (contacts), advisory
• XSS vulnerability in Elxis CMS polls module, advisory
• [ MDVSA-2010:196 ] dovecot, security
• Vulnerabilities in CMS WebManager-Pro, MustLive
• [security bulletin] HPSBTU02496 SSRT090245 rev.1 - HP Tru64 UNIX Running NTP, Denial of Service (DoS), security-alert
• MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling, Tom Yu
• [Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1, Moritz Naumann
• [ MDVSA-2010:197 ] postgresql, security
• [ GLSA 201010-01 ] Libpng: Multiple vulnerabilities, Pierre-Yves Rofes
• [USN-1001-1] LVM2 vulnerability, Marc Deslauriers
• ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability, ZDI Disclosures
• [USN-999-1] Kerberos vulnerability, Kees Cook
• ZDI-10-193: Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability, ZDI Disclosures
• ZDI-10-192: Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability, ZDI Disclosures
• ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator, Security_Alert
• (CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability, CORE Security Technologies Advisories
• Adobe Reader 9.3.4 Multiple Memory Corruption - Security Advisory - SOS-10-003, Sense of Security
• HP Data Protector Manager v6.11 / NULL Pointer Dereference Remote Denial of Service Vulnerabilities, Pepelux
• Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability, Felipe M. Aragon
• [USN-1003-1] OpenSSL vulnerabilities, Marc Deslauriers
• [USN-1002-1] PostgreSQL vulnerability, Marc Deslauriers
• IBWAS'10 CfP - Deadline Extension, Carlos Serrão
• [USN-1002-2] PostgreSQL vulnerability, Marc Deslauriers
• XSS in Oracle default fcgi-bin/echo, paul . szabo
  • <Possible follow-ups>
  • Re: XSS in Oracle default fcgi-bin/echo, paul . szabo
    • RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, Thor (Hammer of God)
      • RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, paul . szabo
        • RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, Thor (Hammer of God)
          • RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, paul . szabo
            • Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, Riyaz Walikar
• Directory Traversal Vulnerability in FilterFTP, advisory
• LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component, Delf Tonder
• Directory Traversal Vulnerability in FTP Voyager, advisory
• XSS vulnerability in Expression CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Expression CMS, advisory
• [ MDVSA-2010:198 ] kernel, security
• XSS vulnerability in Lantern CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Lantern CMS, advisory
• FIrefox: Bug 602181 – password exposed in memory cache, Sim IJskes
• OverLook Cross-site Scripting Vulnerability, advisory
• Re: Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664, gopherit
• [TOOL RELEASE] Exploit Next Generation SQL Fingerprint v., Nelson Brito
• [WARNING] A fake version of T50!!!, Nelson Brito
• [SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass, Nico Golde
• Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
• JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities, Salvatore Fresta aka Drosophila
• Vulnerabilities in AltConstructor, MustLive
• [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities, Florian Weimer
• [CORE-2010-0624] MS OpenType CFF Parsing Vulnerability, Core Security Technologies Advisories
• [ MDVSA-2010:199 ] subversion, security
  • <Possible follow-ups>
  • [ MDVSA-2010:199 ] subversion, security
• [SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities, Moritz Muehlenhoff
• Collabtive Multiple Vulnerabilities, Advisory
• ubuntu 10.04 xterm heap overflow,can it be exploit ?, watercloud watercloud
  • Re: ubuntu 10.04 xterm heap overflow,can it be exploit ?, Dan Rosenberg
  • <Possible follow-ups>
  • Re: ubuntu 10.04 xterm heap overflow,can it be exploit ?, dickey
• DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509), ddivulnalert
• Secunia Research: Microsoft Excel Ghost Record Type Parsing Vulnerability, Secunia Research
• Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331, Rodrigo Branco
• [SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation, Florian Weimer
• IBWAS'10 CfTraining - Deadline Approaching, Carlos Serrão
• Secunia Research: Microsoft Excel Extra Out of Boundary Record Vulnerability, Secunia Research
• Secunia Research: Microsoft Excel Record Parsing Integer Overflow Vulnerability, Secunia Research
• Secunia Research: Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability, Secunia Research
• XSS vulnerability in Ronny CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Ronny CMS, advisory
  • XSS vulnerability in Ronny CMS, advisory
• XSS vulnerability in PluXml, advisory
  • <Possible follow-ups>
  • XSS vulnerability in PluXml, advisory
  • XSS vulnerability in PluXml, advisory
  • XSS vulnerability in PluXml, advisory
• Directory Traversal Vulnerability in FreshFTP, advisory
• [ MDVSA-2010:200 ] wireshark, security
• Directory Traversal Vulnerability in AnyConnect, advisory
• XSRF (CSRF) in Lara, advisory
• [ MDVSA-2010:202 ] krb5, security
• Directory Traversal Vulnerability in Robo-FTP, advisory
• [ MDVSA-2010:201 ] freetype2, security
• [ MDVSA-2010:203 ] automake, security
• [security bulletin] HPSBUX02351 SSRT080058 rev.5 - HP-UX Running BIND, Remote DNS Cache Poisoning, security-alert
• R7-0037: SAP BusinessObjects Axis2 Default Admin Password, HD Moore
• [security bulletin] HPSBMA02590 SSRT100182 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Arbitrary File Download, security-alert
• USBsploit 0.3b, xpo xpo
• [security bulletin] HPSBPI02398 SSRT080166 rev.6 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files, security-alert
• VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer Vulnerability (CVE-2010-3216), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Formula Substream Memory Corruption (CVE-2010-3234), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel RealTimeData Array Indexing Vulnerability (CVE-2010-3240), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability (CVE-2010-3215), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Record Array Indexing Vulnerability (CVE-2010-3236), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Formula Record Dangling Pointer Vulnerability (CVE-2010-3235), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Heap Overflow Vulnerability (CVE-2010-3218), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing Vulnerability (CVE-2010-3219), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Extra PtgExtraArray Parsing Vulnerability (CVE-2010-3239), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Formula Record Buffer Overflow Vulnerability (CVE-2010-3231), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word LVL Structure Heap Overflow Vulnerability (CVE-2010-3220), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Short Sign Memory Corruption Vulnerability (CVE-2010-3221), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability (CVE-2010-3242), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability (CVE-2010-2748), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Out-of-Bounds Memory Write Vulnerability (CVE-2010-3241), VUPEN Security Research
• VUPEN Security Research - Oracle Products HTTP Request Remote Buffer Overflow Vulnerability (CVE-2010-2390), VUPEN Security Research
• Shmoocon 2011 Call for Papers, Bruce Potter
• VUPEN Security Research - Microsoft Office Excel Negative Future Function Vulnerability (CVE-2010-3238), VUPEN Security Research
• [security bulletin] HPSBGN02589 SSRT100296 rev.1 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation, security-alert
• CORE-2010-0517 - Microsoft Office HtmlDlgHelper class memory corruption, CORE Security Technologies Advisories
• VUPEN Security Research - Microsoft Office Word Uninitialized Pointer Vulnerability (CVE-2010-2747), VUPEN Security Research
• VUPEN Security Research - Microsoft Office Excel Merge Cell Record Invalid Pointer Vulnerability (CVE-2010-3237), VUPEN Security Research
• [ MDVSA-2010:204 ] avahi, security
• [ MDVSA-2010:205 ] freeciv, security
• H2HC 2009 Videos Available!, Rodrigo Rubira Branco (BSDaemon)
• [USN-1004-1] Django vulnerability, Jamie Strandboge
• Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, an
  • Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, paul . szabo
  • <Possible follow-ups>
  • Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo, paul . szabo
• rPSA-2010-0058-1 bzip2 bzip2-extras, rPath Update Announcements
• rPSA-2010-0059-1 kernel, rPath Update Announcements
• Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1, Paul Lesniewski
  • Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1, Moritz Naumann
• rPSA-2010-0060-1 httpd mod_ssl, rPath Update Announcements
• rPSA-2010-0063-1 perl, rPath Update Announcements
• rPSA-2010-0064-1 libtiff, rPath Update Announcements
• rPSA-2010-0065-1 krb5 krb5-server krb5-services krb5-workstation, rPath Update Announcements
• rPSA-2010-0066-1 samba samba-client samba-server samba-swat, rPath Update Announcements
• Secunia Research: RealPlayer QCP Sample Chunk Parsing Buffer Overflow, Secunia Research
• Accounting Pro 2003 Insecure Library Loading Vulnerability, apa-iutcert
• Rafe 7 Insecure Library Loading Vulnerability, apa-iutcert
• Brilliant Accounting System (59) Insecure Library Loading Vulnerability, apa-iutcert
• Sahar Money Manager Insecure Library Loading Vulnerability, apa-iutcert
• Holoo Insecure Library Loading Vulnerability, apa-iutcert
• Xilisoft Video Converter Ultimate Insecure Library Loading Vulnerability, apa-iutcert
• Antivirus detection after malware execution, jason
• H2HC Cancun - Registrations are open, Rodrigo Rubira Branco (BSDaemon)
• Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Roberto Suggi Liverani
  • Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Mike Duncan
  • Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Michal Zalewski
    • Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Dan Kaminsky
      • Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Michal Zalewski
    • Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Roberto Suggi Liverani
    • Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Early Warning
  • <Possible follow-ups>
  • Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass, Mike Duncan
• [USN-1005-1] poppler vulnerabilities, Marc Deslauriers
• [USN-1006-1] WebKit vulnerabilities, Marc Deslauriers
• The GNU C library dynamic linker expands $ORIGIN in setuid library search path, Tavis Ormandy
• Re: Insecure SMS authorization scheme at LiqPAY micro-payments of PrivatBank (Ukraine), MustLive
• VSR Advisories: Linux RDS Protocol Local Privilege Escalation, VSR Advisories
  • Re: VSR Advisories: Linux RDS Protocol Local Privilege Escalation, Dan Rosenberg
• SQL injection in DeluxeBB, advisory
• [SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities, Florian Weimer
• Path disclosure in Tribiq CMS, advisory
• SQL Injection in 4site CMS, advisory
• XSS vulnerability in sNews, advisory
  • <Possible follow-ups>
  • XSS vulnerability in sNews, advisory
• [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form, CORE Security Technologies Advisories
• [USN-1007-1] NSS vulnerabilities, Jamie Strandboge
• Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities, SecPod Research
• [USN-997-1] Firefox and Xulrunner vulnerabilities, Jamie Strandboge
• [ MDVSA-2010:208 ] pidgin, security
• [SecurityArchitect-009]: Microsoft Windows Mobile Double Free Vulnerability, karakorsankara
• [USN-998-1] Thunderbird vulnerabilities, Jamie Strandboge
• [ MDVSA-2010:207 ] glibc, security
• Micro CMS Persistent XSS Vulnerability., SecPod Research
• [security bulletin] HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Modification, security-alert
• Pecio CMS XSS Vulnerability, SecPod Research
• SEC Consult SA-20101021-0 :: Multiple critical vulnerabilities in Sawmill log analysis software, Johannes Greil
• [security bulletin] HPSBMA02591 SSRT100299 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Privilege Escalation, security-alert
• Java Multiple Issues, Early Warning
• [security bulletin] HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS), security-alert
• [USN-1008-1] libvirt vulnerabilities, Jamie Strandboge
• [USN-1008-2] Virtinst update, Jamie Strandboge
• [security bulletin] HPSBMA02593 SSRT100237 rev.1 - HP Virtual Connect Enterprise Manager (VCEM) for Windows, Remote Arbitrary File Download, security-alert
• [ MDVSA-2010:209 ] libsmi, security
• [SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation, Florian Weimer
• [USN-1008-3] libvirt update, Jamie Strandboge
• [ MDVSA-2010:212 ] glibc, security
• [ MDVSA-2010:210 ] firefox, security
• IPv6 security myths, Fernando Gont
  • Re: IPv6 security myths, Fernando Gont
• [ MDVSA-2010:211 ] mozilla-thunderbird, security
• The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads., Tavis Ormandy
• Vulnerabilities in W-Agora, MustLive
• Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->, robi
• [USN-1009-1] GNU C Library vulnerabilities, Kees Cook
• Aardvark Topsite XSS vulnerability, Yam Mesicka
• How Visual Studio Makes Your Applications Vulnerable to Binary Planting, ACROS Security Lists
  • RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting, Michael Wojcik
    • Message not available
      • RE: [vonage.com #25400427] RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting, Mitja Kolsek
• [USN-959-2] PAM vulnerability, Kees Cook
• [security bulletin] HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code, security-alert
• RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack, Thor (Hammer of God)
  • RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack, Jann Horn
    • RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack, Thor (Hammer of God)
  • <Possible follow-ups>
  • RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack, ACROS Security Lists
• [security bulletin] HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF)., security-alert
• [security bulletin] HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS), security-alert
• Re: Web challenges from RootedCON'2010 CTF - Contest -> Solutions and Write-ups, Roman Medina-Heigl Hernandez
• [security bulletin] HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access, security-alert
• [security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), security-alert
• SQL injection in BloofoxCMS registration plugin, advisory
• LFI in Novaboard, advisory
• XSRF (CSRF) in Zomplog, advisory
• ACDSee Photo Manager Insecure Library Loading Vulnerability, apa-iutcert
• Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability, Secunia Research
• rPSA-2010-0072-1 curl, rPath Update Announcements
• FlipAlbum Vista Pro Insecure Library Loading Vulnerability, apa-iutcert
• rPSA-2010-0075-1 sudo, rPath Update Announcements
• Internet Download Manager Insecure Library Loading Vulnerability, apa-iutcert
• [DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting, DSecRG
• Nessus Client Insecure Library Loading Vulnerability, apa-iutcert
  • Re: Nessus Client Insecure Library Loading Vulnerability, Renaud Deraison
• Orbit Downloader Insecure Library Loading Vulnerability, apa-iutcert
• SQL injection in Energine, advisory
• rPSA-2010-0073-1 lftp, rPath Update Announcements
• XSS vulnerability in BlogBird platform, advisory
  • <Possible follow-ups>
  • XSS vulnerability in BlogBird platform, advisory
• LFI in DZCP, advisory
• Authentication bypass in phpLiterAdmin, advisory
• [security bulletin] HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access, security-alert
• [DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability, DSecRG
• Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Stored XSS vulnerability in Zomplog, advisory
• rPSA-2010-0070-1 cpio tar, rPath Update Announcements
• AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities, Salvatore Fresta aka Drosophila
• XSS vulnerability in Zomplog, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Zomplog, advisory
• [security bulletin] HPSBMI02580 SSRT100254 rev.1 - Palm webOS, Code execution vulnerability in Palm webOS service API, security-alert
• SQL injection in DBHcms, advisory
• WinMerge Insecure Library Loading Vulnerability, apa-iutcert
• Breaking The SetDllDirectory Protection Against Binary Planting, ACROS Security Lists
• Information disclosure in BloofoxCMS, advisory
  • <Possible follow-ups>
  • Information disclosure in BloofoxCMS, advisory
• CVE-2010-3700: Spring Security bypass of security constraints, s2-security
• USBsploit 0.4b - added: Auto[run|play] USB infection & PDF, xpo xpo
• "Back with another one of those block rockin' beats", Henri Lindberg
• [security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access, security-alert
  • <Possible follow-ups>
  • [security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access, security-alert
• [security bulletin] HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBMA02533 SSRT080049 rev.1 - HP LoadRunner Web Tours 9.10 Remote Denial of Service, security-alert
• Secunia PSI Insecure Library Loading Vulnerability, apa-iutcert
  • Re: Secunia PSI Insecure Library Loading Vulnerability, Jakob Balle
• MyCart 2.0 Multiple Remote Vulnerabilities, Salvatore Fresta aka Drosophila
• Path disclosure in MyBB, advisory
• rPSA-2010-0071-1 automake, rPath Update Announcements
• rPSA-2010-0074-1 ImageMagick, rPath Update Announcements
• XSS in NinkoBB, advisory
• [USN-1011-1] Firefox vulnerability, Jamie Strandboge
• [ MDVSA-2010:213 ] xulrunner, security
• nSense-2010-002: Teamspeak 2 Windows client, Henri Lindberg
• [USN-1011-2] Thunderbird vulnerability, Jamie Strandboge