Mail Index
- [USN-1011-3] Xulrunner vulnerability
- Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability
- Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability
- Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow
- [security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF)
- [security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download
- [security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download
- [security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download
- [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access
- [ MDVSA-2010:219 ] mozilla-thunderbird
- [security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF)
- [security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF)
- Audacity <= 1.3 Beta Multiple Local Vulnerabilities
- From: Salvatore Fresta aka Drosophila
- H2HC 2010 - Final Speakers List Available
- From: Rodrigo Rubira Branco (BSDaemon)
- [DEMO] Sample videos about IDS/IPS evasions...
- [ MDVSA-2010:218 ] php
- Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability
- From: Salvatore Fresta aka Drosophila
- [ MDVSA-2010:214 ] kernel
- [ MDVSA-2010:215 ] python
- [ MDVSA-2010:216 ] python
- Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086
- cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977
- Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088
- Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087
- [ MDVSA-2010:217 ] dovecot
- Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089
- XSS and SQL Injection vulnerabilities in CMS WebManager-Pro
- 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)
- Joomla 1.5.21 | Potential SQL Injection Flaws
- From: YGN Ethical Hacker Group
- Call for Papers -YSTS V - Security Conference, Brazil
- Call for Papers: The International Conference on Cyber Conflict, Estonia
- [SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
- [SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
- Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability
- Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal
- XSS vulnerability in Kandidat CMS
- Stored XSS vulnerability in Webmedia Explorer
- XSS vulnerability in Kandidat CMS
- XSS vulnerability in MemHT Portal
- XSS vulnerability in MemHT Portal
- XSS vulnerability in Kandidat CMS
- [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution
- From: Onapsis Research Labs
- [ MDVSA-2010:202-1 ] krb5
- [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access
- From: Onapsis Research Labs
- CVE-2010-3863: Apache Shiro information disclosure vulnerability
- Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
- Zen Cart 1.3.9h Local File Inclusion Vulnerability
- From: Salvatore Fresta aka Drosophila
- Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
- From: Max Kanat-Alexander
- Adsoft Remote Sql Injection Vulnerability
- From: md . r00t . defacer
- BBcode XSS in MiniBB
- SQL injection in SweetRice CMS
- RFI in JAF CMS
- Shell create & command execution in JAF CMS
- XSS in SweetRice CMS
- Reset admin password in SweetRice CMS
- SQL injection in MiniBB
- XSS in Textpattern CMS
- LFI in eoCMS
- Path disclosure in eoCMS
- SQL injection in eoCMS
- LFI in eoCMS
- BBcode XSS in eoCMS
- [ MDVSA-2010:220 ] pam
- Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
- From: Arturo 'Buanzo' Busleiman
- [USN-1012-1] CUPS vulnerability
- [USN-1013-1] FreeType vulnerabilities
- [USN-1014-1] Pidgin vulnerabilities
- ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player
- From: ACROS Security Lists
- Common consumer routers password disclosure
- [FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability
- Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
- From: YGN Ethical Hacker Group
- Angel LMS Exploit
- Wargame Qualifications - Win a car !!!
- nSense-2010-003: Cisco Unified Communications Manager
- [ MDVSA-2010:221 ] openoffice.org
- CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment
- Vulnerabilities in PHPShop
- some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)
- Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978
- Seo Panel 2.1.0 - Critical File Disclosure
- Malware Collections and Feed Exchange
- From: Rodrigo Rubira Branco (BSDaemon)
- [ MDVSA-2010:155-1 ] mysql
- Re: Seo Panel 2.1.0 - Critical File Disclosure
- DIMVA 2011 Call for Workshops Proposals
- Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP
- [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
- From: CORE Security Technologies Advisories
- D-Link DIR-300 authentication bypass
- JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability
- From: Salvatore Fresta aka Drosophila
- IBM OmniFind - several vulnerabilities
- [USN-1008-4] libvirt regression
- Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability
- [ MDVSA-2010:223 ] mysql
- [ MDVSA-2010:222 ] mysql
- Re: D-Link DIR-300 authentication bypass
- Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability
- [ MDVSA-2010:225 ] libmbfl
- iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability
- ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010
- From: ACROS Security Lists
- [ MDVSA-2010:224 ] php
- [ MDVSA-2010:225-1 ] libmbfl
- ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010
- From: ACROS Security Lists
- Kernel 0-day
- ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010
- From: ACROS Security Lists
- [USN-1015-1] libvpx vulnerability
- Babylon Cross-Application Scripting Code Execution
- [ MDVSA-2010:226 ] dhcp
- eBlog 1.7 Multiple SQL Injection Vulnerabilities
- From: Salvatore Fresta aka Drosophila
- Re: Kernel 0-day
- Vulnerability in Google AJAX Search
- Apple Directory Services Memory Corruption - CVE-2010-1840
- Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability
- [USN-1017-1] MySQL vulnerabilities
- Additional information on the Microsoft Office 2010 binary planting bugs
- From: ACROS Security Lists
- CORE-2010-1018 - Landesk OS command injection
- From: CORE Security Technologies Advisories
- [TEHTRI-Security] CVE-2010-1752: Update your MacOSX
- From: Laurent OUDOT at TEHTRI-Security
- FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs
- From: FreeBSD Security Advisories
- iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability
- [HITB-Announce] HITB Magazine #5 Call for Articles
- [USN-1016-1] libxml2 vulnerability
- [ MDVSA-2010:227 ] proftpd
- Re: D-Link DIR-300 authentication bypass
- [ MDVSA-2010:228 ] xpdf
- [ MDVSA-2010:229 ] kdegraphics
- [ MDVSA-2010:231 ] poppler
- [ MDVSA-2010:230 ] poppler
- [SECURITY] [DSA 2038-3] New pidgin packages fix regression
- vBulletin 4.0.8 - Persistent XSS via Profile Customization
- TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera
- From: Trustwave Advisories
- Re: D-Link DIR-300 authentication bypass
- Saved XSS vulnerability in Internet Explorer
- Packet Storm - New Site
- Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability
- From: YGN Ethical Hacker Group
- VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components
- From: VMware Security team
- [ MDVSA-2010:235 ] freetype2
- [security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
- [ MDVSA-2010:234 ] cups
- LFI and XSS vulnerability in openEngine
- Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer
- [ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities
- [ MDVSA-2010:236 ] freetype2
- [ MDVSA-2010:233 ] cups
- [ MDVSA-2010:237 ] perl-CGI
- [ MDVSA-2010:232 ] cups
- Path disclosure in IceBB
- Information disclosure in IceBB
- BBcode XSS in CLANSPHERE
- Path disclosure in CLANSPHERE
- Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
- XSS in CLANSPHERE
- SQL Injection in CLANSPHERE
- SQL injection in CompactCMS
- Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
- From: Cisco Systems Product Security Incident Response Team
- Information disclosure in IceBB
- SQL injection in IceBB
- nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November
- AWCM v2.2 Auth Bypass Vulnerabilities
- [ MDVSA-2010:238 ] openssl
- Re: Kernel 0-day
- Multiple vulnerabilities in chCounter <= 3.1.3
- XSS in CompactCMS
- XSS in CompactCMS
- [HITB-Announce] HITB2011AMS -- Call For Papers now Open
- VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246)
- From: VUPEN Security Research
- H2CSO (Hackers to CSO) debate second edition - Free Live Streaming
- From: Rodrigo Rubira Branco (BSDaemon)
- Re: Kernel 0-day
- Re: Saved XSS vulnerability in Internet Explorer
- VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245)
- From: VUPEN Security Research
- Vtiger CRM 5.2.0 Multiple Vulnerabilities
- [eVuln.com] Cookie Auth Bypass in Hot Links SQL
- [eVuln.com] URL and Title XSS in AxsLinks
- RE: Saved XSS vulnerability in Internet Explorer
- Re: D-Link DIR-300 authentication bypass
- Re: Saved XSS vulnerability in Internet Explorer
- [ MDVSA-2010:239 ] php
- [USN-1018-1] OpenSSL vulnerability
- New vulnerabilities in CMS SiteLogic
- vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization
- Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability
- 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)
- H2HC Cancun - Free Entrance!
- From: Rodrigo Rubira Branco (BSDaemon)
- [eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version)
- [eVuln.com] url XSS in Hot Links Lite
- NGS00015 Patch Notification: ImageIO Memory Corruption
- [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
- ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162
- Juniper VPN client rdesktop clickhack
- Microsoft Visual Studio vulnerability
- [eVuln.com] sitename XSS in Hot Links Lite
- ZyXEL P-660R-T1 V2 XSS
- [SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow
- The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness
- From: ACROS Security Lists
- Mozilla Firefox 3.6.12 Denial of Service Vulnerability
- [eVuln.com] Multiple XSS in MCG GuestBook
- [eVuln.com] email XSS in SimpLISTic
- Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability
- [ MDVSA-2010:240 ] mono
- [ MDVSA-2010:241 ] gnucash
- [USN-1021-1] Apache vulnerabilities
- [security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized
- XSS vulnerability in Wolf CMS
- [USN-1022-1] APR-util vulnerability
- [eVuln.com] SQL injections in FreeTicket
- XSS vulnerability in Wolf CMS
- TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
- From: Advisories Toucan-System
- XSRF (CSRF) in Frog CMS
- XSS vulnerability in Frog CMS
- XSS vulnerability in Frog CMS
- XSS vulnerability in Wolf CMS
- CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp
- Re: [DCA-00015] YOPS Web Server Remote Command Execution
- NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)
- [Suspected Spam]Vulnerabilities in Register Plus for WordPress
- Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)
- [eVuln.com] SQL injection Auth Bypass in Easy Banner Free
- [eVuln.com] URL XSS in Easy Banner Free
- Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(
- XSRF (CSRF) in Wolf CMS
- XSS vulnerability in Frog CMS
- AOL Instant Messenger Insecure Library Loading Vulnerability
- Google Desktop Insecure Library Loading Vulnerability
- jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
- From: underground stockholm
- SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X
- [SECURITY] [DSA-2127-1] New wireshark packages fix denial of service
- [ MDVSA-2010:242 ] wireshark
- Vulnerabilities in Joomla
- n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface
- [ MDVSA-2010:243 ] libxml2
Mail converted by MHonArc