Mail Thread Index
- FreeBSD Security Advisory FreeBSD-SA-10:10.openssl,
FreeBSD Security Advisories
- [CVE-2010-3449] Apache Archiva CSRF Vulnerability,
Deng Ching
- [eVuln.com] Multiple XSS inj in Wernhart Guestbook,
bt
- 'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313),
Mark Stanislav
- Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities,
Juan Galiana Lara
- [ MDVSA-2010:244 ] phpmyadmin,
security
- [eVuln.com] Multiple SQL injections in Wernhart Guestbook,
bt
- [SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues,
dann frazier
- VMSA-2010-0017 VMware ESX third party update for Service Console kernel,
VMware Security Team
- [USN-1024-1] OpenJDK vulnerability,
Marc Deslauriers
- MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021],
Tom Yu
- CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net,
CORE Security Technologies Advisories
- [ MDVSA-2010:245 ] krb5,
security
- [ MDVSA-2010:246 ] krb5,
security
- Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt,
eidelweiss
- Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow,
Secunia Research
- [eVuln.com] Multiple XSS in Alguest,
bt
- Re: D-Link DIR-300 authentication bypass,
Karol Celiński
- Vulnerabilities in Fabrica Engine,
MustLive
- [USN-1025-1] Bind vulnerabilities,
Marc Deslauriers
- [SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness,
Stefan Fritsch
- [SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution,
Giuseppe Iuculano
- NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration,
Research@NGSSecure
- Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001),
Steno Plasma
- New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)",
Amit Klein
- [security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues,
VMware Security team
- [eVuln.com] PHP Code Execution in Alguest,
bt
- [eVuln.com] Cookie authentication bypass in Alguest,
bt
- [security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS),
security-alert
- Vulnerabilities in Register Plus Redux for WordPress,
MustLive
- [ MDVSA-2010:247 ] kernel,
security
- OWASP Zed Attack Proxy version 1.1.0,
psiinon
- [www.eVuln.com] SQL Injection vulnerability in Alguest,
bt
- 'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330),
Mark Stanislav
- DIMVA 2011 Call for Workshops Proposals,
Lorenzo Cavallaro
- rPSA-2010-0076-1 gnupg,
rPath Update Announcements
- Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET),
Christopher Kruegel
- VMSA-2010-0019 VMware ESX third party updates for Service Console,
VMware Security Team
- www.eVuln.com : XSS vulnerability in WWWThreads (php version),
bt
- XSS vulnerability in Zimplit CMS,
advisory
- LFI in Exponent CMS,
advisory
- [ MDVSA-2010:248 ] openssl,
security
- Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser,
Kryptos Logic Secure
- Multiple XSS in Solarwinds Orion NPM 10.1,
John Blakley
- [ MDVSA-2010:249 ] clamav,
security
- [security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code,
security-alert
- [USN-1026-1] Python Paste vulnerability,
Marc Deslauriers
- www.eVuln.com : HTTP Response Splitting in WWWThreads (php version),
bt
- [USN-1027-1] Quagga vulnerabilities,
Marc Deslauriers
- [USN-1028-1] ImageMagick vulnerability,
Marc Deslauriers
- Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability,
Secunia Research
- Linux kernel exploit,
Dan Rosenberg
- Re: [Full-disclosure] Linux kernel exploit,
Kai
- iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability,
labs-no-reply
- [security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS),
security-alert
- [USN-1029-1] OpenSSL vulnerabilities,
Steve Beattie
- Google Website Optimizer security issue reportedly fixed,
Juha-Matti Laurio
- XSRF (CSRF) in CMScout,
advisory
- [security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS),
security-alert
- www.eVuln.com : Non-persistent XSS in WWWThreads (perl version),
bt
- [USN-1030-1] Kerberos vulnerabilities,
Marc Deslauriers
- Follow-up on HTTP Parameter Pollution,
embyte
- [ MDVSA-2010:250 ] perl-CGI-Simple,
security
- XSS vulnerability in Diferior,
advisory
- Cross Site Scripting vulnerability in Diferior,
advisory
- Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774),
Michal Zalewski
- CA20101209-01: Security Notice for CA XOsoft,
Kotas, Kevin J
- www.eVuln.com : Non-persistent XSS in BizDir,
bt
- [USN-1019-1] Firefox and Xulrunner vulnerabilities,
Jamie Strandboge
- [USN-1020-1] Thunderbird vulnerabilities,
Jamie Strandboge
- Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ www.ExploitDevelopment.com
- [USN-1031-1] ClamAV vulnerabilities,
Steve Beattie
- [ MDVSA-2010:251 ] firefox,
security
- www.eVuln.com : Non-persistent XSS in slickMsg,
bt
- PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow,
cxib
- ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities,
robkraus
- ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability,
robkraus
- [SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution,
Stefan Fritsch
- Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability,
robkraus
- iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability,
labs-no-reply
- LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD,
HI-TECH .
- [SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- [USN-1032-1] Exim vulnerability,
Kees Cook
- TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities,
Trustwave Advisories
- Exim security issue in historical release,
nigel
- [security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities,
security-alert
- [SECURITY] [DSA-2130-1] New BIND packages fix denial of service,
Florian Weimer
- iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability,
labs-no-reply
- iwconfig and recent patches?,
Jeffrey Walton
- Call for Papers -- BADGERS 2011,
Federico Maggi
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002),
StenoPlasma @ ExploitDevelopment
- [CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service,
Core Security Technologies Advisories
- hidden admin user on every HP MSA2000 G3,
hpdisclosure
- www.eVuln.com : "url" BBCode XSS in slickMsg,
bt
- [SECURITY] [DSA-2133-1] New collectd packages fix denial of service,
Raphael Geissert
- [ MDVSA-2010:252 ] perl-CGI-Simple,
security
- VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004),
VUPEN Security Research
- VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003),
VUPEN Security Research
- VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005),
VUPEN Security Research
- VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30),
VUPEN Security Research
- VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31),
VUPEN Security Research
- Honggfuzz,
Robert Święcki
- [ MDVSA-2010:253 ] bind,
security
- USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb,
xpo xpo
- www.eVuln.com : "post" - Non-persistent XSS in slickMsg,
www.eVuln.com Advisories
- OSSTMM 3 Now Available!,
Pete Herzog
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability,
labs-no-reply
- minor browser UI nitpicking,
Michal Zalewski
- ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book,
ACROS Security Lists
- Microsoft Internet Explorer Denial of Service Vulnerability,
info
- [security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access,
security-alert
- iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability,
labs-no-reply
- Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root,
Kryptos Logic Secure
- [USN-1024-2] OpenJDK regression,
Kees Cook
- OpenBSD's IPSEC is Backdoored,
musnt live
- www.eVuln.com : BBCode CSS XSS in slickMsg,
bt
- [ MDVSA-2010:254 ] php,
security
- [ MDVSA-2010:255 ] php-intl,
security
- OpenBSD Paradox,
musnt live
- [security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure,
security-alert
- [security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041),
VUPEN Security Research
- VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199),
VUPEN Security Research
- [security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code,
security-alert
- Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project,
Solar Designer
- VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200),
VUPEN Security Research
- [security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS),
security-alert
- VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201),
VUPEN Security Research
- [ MDVSA-2010:256 ] git,
security
- [security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access,
security-alert
- www.eVuln.com : "error" Non-persistent XSS in slickMsg,
bt
- VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206),
VUPEN Security Research
- Call for Paper @ Swiss Cyber Storm 3,
Ivan Buetler
- [security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
- [security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
- XSS vulnerability in BLOG:CMS,
advisory
- XSS vulnerability in BEdita,
advisory
- XSRF (CSRF) in BEdita,
advisory
- Updated online binary planting exposure test continues operation,
ACROS Security Lists
- 'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333),
Mark Stanislav
- XSRF (CSRF) in BLOG:CMS,
advisory
- Stored Cross Site Scripting vulnerability in BEdita,
advisory
- 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332),
Mark Stanislav
- PR10-06: Cross-domain redirect on PGP Universal Web Messenger,
research
- cross site scripting vulnerability in BLOG:CMS,
advisory
- [ MDVSA-2010:257 ] kernel,
security
- www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share,
bt
- Re: XSS vulnerability in Lantern CMS,
security curmudgeon
- www.eVuln.com : "link" and "linkdescription" XSS in Social Share,
bt
- Re: XSS vulnerability in Expression CMS,
security curmudgeon
- [ GLSA 201012-01 ] Chromium: Multiple vulnerabilities,
Tobias Heinlein
- Alt-N WebAdmin Source Code Disclosure,
wsn1983
- Making Security Suck Less,
Pete Herzog
- [USN-1033-1] Eucalyptus vulnerability,
Kees Cook
- Apple Quicktime Memory Corruption - CVE-2010-3801,
Rodrigo Branco
- Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277,
Rodrigo Branco
- [SECURITY] [DSA 2134-1] Upcoming changes in advisory format,
Moritz Muehlenhoff
- MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability,
YGN Ethical Hacker Group
- Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability,
Secunia Research
- Default SSL Keys in Multiple Routers,
cheffner
- Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability,
Secunia Research
- www.eVuln.com : "postid" SQL Injection in Social Share,
bt
- Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004,
Sense of Security
- Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability,
Secunia Research
- Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow,
Secunia Research
- OpenBSD CARP Hash Vulnerability,
Sam Banks
- Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow,
Secunia Research
- SQL injection in Hycus CMS,
advisory
- SQL injection in Injader CMS,
advisory
- Path disclosure in GetSimple CMS,
advisory
- Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability,
Secunia Research
- XSS vulnerability in Habari,
advisory
- SQL Injection in HTML-EDIT CMS,
advisory
- Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows,
Secunia Research
- nSense-2010-005: Winamp,
Henri Lindberg
- Path disclosure in Habari,
advisory
- XSS in HTML-EDIT CMS,
advisory
- XSS vulnerability in Injader CMS,
advisory
- Path disclosure in HTML-EDIT CMS,
advisory
- nSense-2010-004: Sybase Afaria,
Henri Lindberg
- XSS vulnerability in ImpressCMS,
advisory
- www.eVuln.com : Authentication Bypass by SQL Injection in Social Share,
bt
- Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability,
Secunia Research
- [security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code,
security-alert
- [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34,
come2waraxe
- PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing),
research
- LFI in Hycus CMS,
advisory
- Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows,
Secunia Research
- [ MDVSA-2010:258 ] mozilla-thunderbird,
security
- Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability,
Secunia Research
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04,
research
- [SECURITY] [DSA-2136-1] New tor packages fix potential code execution,
Raphael Geissert
- VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw,
VMware Security Team
- VSR Advisories: Citrix Access Gateway Command Injection Vulnerability,
VSR Advisories
- [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities,
Moritz Muehlenhoff
- www.eVuln.com : HTTP Response Splitting in Social Share,
bt
- Sigma Portal Denial of Service Vulnerability,
info
- [security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2010:251-2 ] firefox,
security
- Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability,
Secunia Research
- [waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0,
come2waraxe
- Asan Portal (IdehPardaz) Multiple Vulnerabilities,
info
- [SECURITY] [DSA 2137-1] Security update for libxml2,
Moritz Muehlenhoff
- MyBB 1.6 <= SQL Injection Vulnerability,
YGN Ethical Hacker Group
- Django admin list filter data extraction / leakage,
Adam Baldwin
- [ MDVSA-2010:259 ] pidgin,
security
- Multiple Vulnerabilities in OpenClassifieds 1.7.0.3,
mike
- Pligg XSS and SQL Injection,
mike
- Security Advisory - FlexVision Listener Vulnerability,
Victor Ribeiro Hora
- [IMF 2011] 2nd Call - Deadline Extended,
Oliver Goebel
- Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc,
ipsdix
- Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability,
MyDoom2009
- [ MDVSA-2010:251-1 ] firefox,
security
- HotWeb Rentals "PageId" SQL Injection Vulnerability,
non customers
- YEKTAWEB CMS XSS Vulnerability,
faghani
- [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10,
come2waraxe
- [security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access,
security-alert
- BBcode XSS in KaiBB,
advisory
- SQL injection in KaiBB,
advisory
- Path disclosure in KaiBB,
advisory
- Fedora 14 - Format string attack in allegro-tools package,
rafaldworaczek
- Pre Jobo .NET "Password" SQL Injection Vulnerability,
non customers
- Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc,
ipsdix
- [SECURITY] [DSA 2138-1] Security update for wordpress,
Giuseppe Iuculano
- OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS,
Attilla de Groot
- SQL Injection in LightNEasy,
advisory
- CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc,
ipsdix
- [ MDVSA-2010:260 ] libxml2,
security
- Path disclousure in OpenCart,
advisory
- Information disclosure in LightNEasy,
advisory
- Path disclousure in ocPortal,
advisory
- CSRF (Cross-Site Request Forgery) in Open blog,
advisory
- LFI in LightNEasy,
advisory
- Path disclosure in LightNEasy,
advisory
- Path disclousure in Nibbleblog,
advisory
Mail converted by MHonArc