Mail Thread Index

• Date Index

• [USN-1011-3] Xulrunner vulnerability, Jamie Strandboge
• Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability, Secunia Research
• Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability, Secunia Research
• Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow, Secunia Research
• [security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF), security-alert
• [security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download, security-alert
• [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access, security-alert
• [ MDVSA-2010:219 ] mozilla-thunderbird, security
• [security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF), security-alert
• [security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF), security-alert
• Audacity <= 1.3 Beta Multiple Local Vulnerabilities, Salvatore Fresta aka Drosophila
• H2HC 2010 - Final Speakers List Available, Rodrigo Rubira Branco (BSDaemon)
• [DEMO] Sample videos about IDS/IPS evasions..., Nelson Brito
• [ MDVSA-2010:218 ] php, security
• Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability, Salvatore Fresta aka Drosophila
• [ MDVSA-2010:214 ] kernel, security
• [ MDVSA-2010:215 ] python, security
• [ MDVSA-2010:216 ] python, security
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086, Rodrigo Branco
• cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977, Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088, Rodrigo Branco
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087, Rodrigo Branco
• [ MDVSA-2010:217 ] dovecot, security
• Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089, Rodrigo Branco
• XSS and SQL Injection vulnerabilities in CMS WebManager-Pro, MustLive
• 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006), Mark Stanislav
• Joomla 1.5.21 | Potential SQL Injection Flaws, YGN Ethical Hacker Group
  • Message not available
    • Message not available
      • Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws, YGN Ethical Hacker Group
• Call for Papers -YSTS V - Security Conference, Brazil, Luiz Eduardo
• Call for Papers: The International Conference on Cyber Conflict, Estonia, k g
• [SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses, Florian Weimer
• [SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities, Florian Weimer
• Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability, Nick Freeman
• Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal, advisory
• XSS vulnerability in Kandidat CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Kandidat CMS, advisory
  • XSS vulnerability in Kandidat CMS, advisory
• Stored XSS vulnerability in Webmedia Explorer, advisory
• XSS vulnerability in MemHT Portal, advisory
  • <Possible follow-ups>
  • XSS vulnerability in MemHT Portal, advisory
• [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution, Onapsis Research Labs
• [ MDVSA-2010:202-1 ] krb5, security
• [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation, Onapsis Research Labs
• [Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access, Onapsis Research Labs
• CVE-2010-3863: Apache Shiro information disclosure vulnerability, Les Hazlewood
• Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer, neza0x
  • Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer, Arturo 'Buanzo' Busleiman
• Zen Cart 1.3.9h Local File Inclusion Vulnerability, Salvatore Fresta aka Drosophila
• Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3, Max Kanat-Alexander
• Adsoft Remote Sql Injection Vulnerability, md . r00t . defacer
• BBcode XSS in MiniBB, advisory
• SQL injection in SweetRice CMS, advisory
• RFI in JAF CMS, advisory
• Shell create & command execution in JAF CMS, advisory
• XSS in SweetRice CMS, advisory
• Reset admin password in SweetRice CMS, advisory
• SQL injection in MiniBB, advisory
• XSS in Textpattern CMS, advisory
• LFI in eoCMS, advisory
  • <Possible follow-ups>
  • LFI in eoCMS, advisory
• Path disclosure in eoCMS, advisory
• SQL injection in eoCMS, advisory
• BBcode XSS in eoCMS, advisory
• [ MDVSA-2010:220 ] pam, security
• [USN-1012-1] CUPS vulnerability, Marc Deslauriers
• [USN-1013-1] FreeType vulnerabilities, Marc Deslauriers
• [USN-1014-1] Pidgin vulnerabilities, Marc Deslauriers
• ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player, ACROS Security Lists
• Common consumer routers password disclosure, danieljcrteixeira
• [FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability, xpzhang
• Angel LMS Exploit, Wesley Kerfoot
• Wargame Qualifications - Win a car !!!, Ivan Buetler
• nSense-2010-003: Cisco Unified Communications Manager, Henri Lindberg
• [ MDVSA-2010:221 ] openoffice.org, security
• CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment, Konrad Rieck
• Vulnerabilities in PHPShop, MustLive
• some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability), Michal Zalewski
• Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978, Rodrigo Branco
• Seo Panel 2.1.0 - Critical File Disclosure, advisories
  • Re: Seo Panel 2.1.0 - Critical File Disclosure, Zach C
• Malware Collections and Feed Exchange, Rodrigo Rubira Branco (BSDaemon)
• [ MDVSA-2010:155-1 ] mysql, security
• DIMVA 2011 Call for Workshops Proposals, Lorenzo Cavallaro
• Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP, Philippe Langlois
• [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch, CORE Security Technologies Advisories
• D-Link DIR-300 authentication bypass, Karol Celiński
  • Re: D-Link DIR-300 authentication bypass, Karol Celiński
  • Re: D-Link DIR-300 authentication bypass, asmo
    • Re: D-Link DIR-300 authentication bypass, Karol Celiński
  • <Possible follow-ups>
  • Re: D-Link DIR-300 authentication bypass, mfardiles
• JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability, Salvatore Fresta aka Drosophila
• IBM OmniFind - several vulnerabilities, Fatih Kilic
• [USN-1008-4] libvirt regression, Jamie Strandboge
• Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability, Secunia Research
• [ MDVSA-2010:223 ] mysql, security
• [ MDVSA-2010:222 ] mysql, security
• Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability, Secunia Research
• [ MDVSA-2010:225 ] libmbfl, security
• iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability, labs-no-reply
• ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010, ACROS Security Lists
• [ MDVSA-2010:224 ] php, security
• [ MDVSA-2010:225-1 ] libmbfl, security
• ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010, ACROS Security Lists
• Kernel 0-day, Dan Rosenberg
  • Re: Kernel 0-day, James Lay
    • Re: Kernel 0-day, Felipe Martins
      • Re: Kernel 0-day, Dan Rosenberg
• ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010, ACROS Security Lists
• [USN-1015-1] libvpx vulnerability, Jamie Strandboge
• Babylon Cross-Application Scripting Code Execution, Roee Hay
• [ MDVSA-2010:226 ] dhcp, security
• eBlog 1.7 Multiple SQL Injection Vulnerabilities, Salvatore Fresta aka Drosophila
• Vulnerability in Google AJAX Search, MustLive
• Apple Directory Services Memory Corruption - CVE-2010-1840, Rodrigo Branco
• Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability, Secunia Research
• [USN-1017-1] MySQL vulnerabilities, Marc Deslauriers
• Additional information on the Microsoft Office 2010 binary planting bugs, ACROS Security Lists
• CORE-2010-1018 - Landesk OS command injection, CORE Security Technologies Advisories
• [TEHTRI-Security] CVE-2010-1752: Update your MacOSX, Laurent OUDOT at TEHTRI-Security
• FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs, FreeBSD Security Advisories
• iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability, labs-no-reply
• [HITB-Announce] HITB Magazine #5 Call for Articles, Hafez Kamal
• [USN-1016-1] libxml2 vulnerability, Jamie Strandboge
• [ MDVSA-2010:227 ] proftpd, security
• [ MDVSA-2010:228 ] xpdf, security
• [ MDVSA-2010:229 ] kdegraphics, security
• [ MDVSA-2010:231 ] poppler, security
• [ MDVSA-2010:230 ] poppler, security
• [SECURITY] [DSA 2038-3] New pidgin packages fix regression, Thijs Kinkhorst
• vBulletin 4.0.8 - Persistent XSS via Profile Customization, advisories
• TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera, Trustwave Advisories
• Saved XSS vulnerability in Internet Explorer, MustLive
  • RE: Saved XSS vulnerability in Internet Explorer, Hans Wolters
    • Re: Saved XSS vulnerability in Internet Explorer, MustLive
  • <Possible follow-ups>
  • Re: Saved XSS vulnerability in Internet Explorer, ecco
• Packet Storm - New Site, bugtraq
• Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability, YGN Ethical Hacker Group
• VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components, VMware Security team
• [ MDVSA-2010:235 ] freetype2, security
• [security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files, security-alert
• [ MDVSA-2010:234 ] cups, security
• LFI and XSS vulnerability in openEngine, SecPod Research
• Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer, Amit Klein
• [ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities, Tobias Heinlein
• [ MDVSA-2010:236 ] freetype2, security
• [ MDVSA-2010:233 ] cups, security
• [ MDVSA-2010:237 ] perl-CGI, security
• [ MDVSA-2010:232 ] cups, security
• Path disclosure in IceBB, advisory
• Information disclosure in IceBB, advisory
  • <Possible follow-ups>
  • Information disclosure in IceBB, advisory
• BBcode XSS in CLANSPHERE, advisory
• Path disclosure in CLANSPHERE, advisory
• Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038, Florent Daigniere
• XSS in CLANSPHERE, advisory
• SQL Injection in CLANSPHERE, advisory
• SQL injection in CompactCMS, advisory
• Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products, Cisco Systems Product Security Incident Response Team
• SQL injection in IceBB, advisory
• nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November, nullcon
• AWCM v2.2 Auth Bypass Vulnerabilities, eidelweiss
• [ MDVSA-2010:238 ] openssl, security
• Multiple vulnerabilities in chCounter <= 3.1.3, Soporte CERT
• XSS in CompactCMS, advisory
  • <Possible follow-ups>
  • XSS in CompactCMS, advisory
• [HITB-Announce] HITB2011AMS -- Call For Papers now Open, Hafez Kamal
• VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246), VUPEN Security Research
• H2CSO (Hackers to CSO) debate second edition - Free Live Streaming, Rodrigo Rubira Branco (BSDaemon)
• VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245), VUPEN Security Research
• Vtiger CRM 5.2.0 Multiple Vulnerabilities, ascii
• [eVuln.com] Cookie Auth Bypass in Hot Links SQL, bt
• [eVuln.com] URL and Title XSS in AxsLinks, bt
• [ MDVSA-2010:239 ] php, security
• [USN-1018-1] OpenSSL vulnerability, Steve Beattie
• New vulnerabilities in CMS SiteLogic, MustLive
• vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization, advisories
• Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability, Amit Klein
• 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298), Mark Stanislav
• H2HC Cancun - Free Entrance!, Rodrigo Rubira Branco (BSDaemon)
• [eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version), bt
• [eVuln.com] url XSS in Hot Links Lite, bt
• NGS00015 Patch Notification: ImageIO Memory Corruption, Research@NGSSecure
• [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability, Mark Thomas
• ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162, Security_Alert
• Juniper VPN client rdesktop clickhack, niekt0
• Microsoft Visual Studio vulnerability, jabea
• [eVuln.com] sitename XSS in Hot Links Lite, bt
• ZyXEL P-660R-T1 V2 XSS, Usman Saeed
• [SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow, Stefan Fritsch
• The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness, ACROS Security Lists
• Mozilla Firefox 3.6.12 Denial of Service Vulnerability, info
  • Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability, Michal Zalewski
• [eVuln.com] Multiple XSS in MCG GuestBook, bt
• [eVuln.com] email XSS in SimpLISTic, bt
• [ MDVSA-2010:240 ] mono, security
• [ MDVSA-2010:241 ] gnucash, security
• [USN-1021-1] Apache vulnerabilities, Marc Deslauriers
• [security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized, security-alert
• XSS vulnerability in Wolf CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Wolf CMS, advisory
  • XSS vulnerability in Wolf CMS, advisory
• [USN-1022-1] APR-util vulnerability, Marc Deslauriers
• [eVuln.com] SQL injections in FreeTicket, bt
• TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption, Advisories Toucan-System
• XSRF (CSRF) in Frog CMS, advisory
• XSS vulnerability in Frog CMS, advisory
  • <Possible follow-ups>
  • XSS vulnerability in Frog CMS, advisory
  • XSS vulnerability in Frog CMS, advisory
• CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp, 0kn0ck
• Re: [DCA-00015] YOPS Web Server Remote Command Execution, zed
• NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI), 0kn0ck
  • <Possible follow-ups>
  • Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI), g . maone
• [Suspected Spam]Vulnerabilities in Register Plus for WordPress, MustLive
• [eVuln.com] SQL injection Auth Bypass in Easy Banner Free, bt
• [eVuln.com] URL XSS in Easy Banner Free, bt
• Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(, Dan Rosenberg
• XSRF (CSRF) in Wolf CMS, advisory
• AOL Instant Messenger Insecure Library Loading Vulnerability, apa-iutcert
• Google Desktop Insecure Library Loading Vulnerability, apa-iutcert
• jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload, underground stockholm
• SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X, u6q
• [SECURITY] [DSA-2127-1] New wireshark packages fix denial of service, Stefan Fritsch
• [ MDVSA-2010:242 ] wireshark, security
• Vulnerabilities in Joomla, MustLive
• n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface, security
• [ MDVSA-2010:243 ] libxml2, security