Bugtraq
[Prev Page][Next Page]
- Sahana 0.6.2.2 Authentication Bypass,
Christopher
- Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure,
Secunia Research
- Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability,
Secunia Research
- Secunia Research: Quicksilver Forums Backup Information Disclosure,
Secunia Research
- Miranda IM silent TLS failure,
Jan Schejbal
- Vulnerabilities in VXDate for Joomla,
MustLive
- [CORELAN-10-13] - Windisc Local Stack BOF,
Security
- [security bulletin] HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code,
security-alert
- CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability,
CORE Security Technologies Advisories
- CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability,
CORE Security Technologies Advisories
- [USN-913-1] libpng vulnerabilities,
Marc Deslauriers
- ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability,
ZDI Disclosures
- Last Call for Papers, CONFidence 2010, 25-26May, Last Call for Papers,
Andrzej Targosz
- rPSA-2010-0018-1 bind bind-utils caching-nameserver,
rPath Update Announcements
- [SECURITY] [DSA 2017-1] New pulseaudio packages fix insecure temporary directory,
Giuseppe Iuculano
- ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability,
ZDI Disclosures
- [USN-912-1] Audio File Library vulnerability,
Marc Deslauriers
- ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability,
ZDI Disclosures
- SugarCRM Stored XSS vulnerability,
Jeromie Jackson
- rPSA-2010-0022-1 sendmail sendmail-cf,
rPath Update Announcements
- Vulnerability httpdx v1.5.3,
Mehdi Mahdjoub - Sysdream IT Security Services
- QuickZip 0day detailed write-up,
Security
- ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability,
ZDI Disclosures
- New vulnerabilities in Abton,
MustLive
- ZoneAlarm 9 (ForceField) Security Disclosure,
Andrew Barkley
- Multiple DOM-Based XSS in Dojo Toolkit SDK,
labs
- PlumberCon 10 - Call for Papers,
astera
- CVE-2010-0188 Exploit Code,
villys777
- ...because you can't get enough of clickjacking,
Michal Zalewski
- [SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities,
Giuseppe Iuculano
- Zigurrat CMS SQL Injection Vulnerability,
faghani
- Pars CMS SQL Injection Vulnerability,
faghani
- Vulnerability in phpAdsNew, OpenAds and OpenX,
MustLive
- [HITB-Announce] HITBSecConf2010 - Dubai Agenda Released,
Hafez Kamal
- Sun Java System Communication Express CSRF via HPP,
edgard . chammas
- Ananta Gazelle SQL Injection Vulnerability,
admin
- [Tool] sqlmap 0.8 released,
Bernardo Damele A. G.
- SyScan'10 CFP,
thomas@xxxxxxxxxx
- ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability,
ZDI Disclosures
- VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability,
VUPEN Security Research
- ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA 2012-1] New Linux 2.6.26 packages fix several issues,
dann frazier
- [SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities,
Moritz Muehlenhoff
- iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability,
iDefense Labs
- [USN-911-1] MoinMoin vulnerabilities,
Jamie Strandboge
- [ MDVSA-2010:061 ] ncpfs,
security
- [XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface!,
lis cker
- [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities,
Giuseppe Iuculano
- Vulnerabilities in Abton,
MustLive
- Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker,
Luka Milkovic
- [USN-909-1] dpkg vulnerability,
Kees Cook
- [SECURITY] [DSA 2011-1] New dpkg packages fix path traversal,
Nico Golde
- [ MDVSA-2010:060 ] squid,
security
- Skype URI Handler Input Validation,
Paul Craig
- Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability,
lament
- CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio,
Jakob Lell
- [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities,
dann frazier
- iDefense Security Advisory 03.09.10: Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability,
iDefense Labs
- [SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting,
Steffen Joeris
- [USN-908-1] Apache vulnerabilities,
Marc Deslauriers
- Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability,
Secunia Research
- [ MDVSA-2010:059 ] virtualbox,
security
- iDefense Security Advisory 03.09.10: Microsoft Excel MDXSET Record Heap Overflow Vulnerability,
iDefense Labs
- Secunia Research: Employee Timeclock Software Backup Information Disclosure,
Secunia Research
- iDefense Security Advisory 03.09.10: Microsoft Excel Sheet Object Type Confusion Vulnerability,
iDefense Labs
- Vulnerabilities in Hydra Engine,
MustLive
- VUPEN Security Research - Microsoft Office Excel Record Processing Code Execution Vulnerability,
VUPEN Security Research
- Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure,
Secunia Research
- [ MDVSA-2010:058 ] php,
security
- CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability,
CORE Security Technologies Advisories
- CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow,
CORE Security Technologies Advisories
- Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities,
Secunia Research
- iDefense Security Advisory 03.09.10: Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability,
iDefense Labs
- [xss] a xss on "threadid" parameter in BBSMAX,
lis cker
- ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- [security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands,
security-alert
- Croogo CMS 1.2 Cross Site Scripting Vulnerabilities,
Paulino Calderon
- [SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities,
Moritz Muehlenhoff
- IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability,
lament
- SQL injection vulnerability in wILD CMS,
Maciej Gojny
- [ MDVSA-2010:057 ] apache,
security
- rPSA-2010-0013-1 gzip,
rPath Update Announcements
- ZoneAlarm Security Circumvention,
Andrew Barkley
- [USN-907-1] gnome-screensaver vulnerabilities,
Marc Deslauriers
- rPSA-2010-0014-1 mysql mysql-bench mysql-server,
rPath Update Announcements
- rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server,
rPath Update Announcements
- rPSA-2010-0011-1 gnome-ssh-askpass openssh openssh-client openssh-server,
rPath Update Announcements
- "Writing JIT-Spray Shellcode for fun and profit" by DSecRG,
DSecRG
- [XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0,
lis cker
- phpinfo() XSS Vulnerability,
info
- [xss] a xss on "action" parameter in BBSMAX,
lis cker
- Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002,
Lists
- [ MDVSA-2010:056 ] openoffice.org,
security
- [ MDVSA-2010:055 ] poppler,
security
- ncpfs, Multiple Vulnerabilities,
Dan Rosenberg
- Call for Papers: EC2ND 2010,
Konrad Rieck
- SQL injection vulnerability in Natychmiast CMS,
Maciej Gojny
- Juniper SA Series Cross Site Scripting Issue,
Security Lists NL
- iDefense Security Advisory 03.04.10: Autonomy KeyView OLE Document Integer Overflow Vulnerability,
iDefense Labs
- [ MDVSA-2010:054 ] pam_krb5,
security
- [xss] a xss on "ThreadID" parameter in BBSXP 2008 from china,
lis cker
- CA20100304-01: Security Notice for CA SiteMinder,
Williams, James K
- fcrontab Information Disclosure Vulnerability,
Dan Rosenberg
- Unspecified EMC Documentum Remote Code Execution Vulnerability,
dr_ch1na
- Open redirection vulnerability in the Drupal API function drupal_goto (Drupal 6.15 and 5.21),
Martin Barbella
- Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass,
Sabahattin Gucukoglu
- NSOADV-2010-006: Authentium Command Free Scan ActiveX Control buffer overflow,
NSO Research
- IETF effort: Security Assesment of the Internet Protocol,
Fernando Gont
- VMSA-2010-0004 ESX Service Console and vMA third party updates,
VMware Security Team
- [SECURITY] [DSA 2007-1] New cups packages fix arbitrary code execution,
Nico Golde
- [USN-906-1] CUPS vulnerabilities,
Marc Deslauriers
- CORRECTION: CORE-2009-0913 - Luxology Modo 401 .LXO Integer Overflow,
CORE Security Technologies Advisories
- Cisco Security Advisory: Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Digital Media Manager,
Cisco Systems Product Security Incident Response Team
- [ GLSA 201003-01 ] sudo: Privilege escalation,
Alex Legler
- NSOADV-2010-004: McAfee LinuxShield remote/local code execution,
NSO Research
- ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability,
ZDI Disclosures
- Luxology Modo 401 .LXO Integer Overflow,
CORE Security Technologies Advisories
- [SECURITY] [DSA 2006-1] New sudo packages fix several vulnerabilities,
Giuseppe Iuculano
- [ MDVSA-2010:053 ] apache,
security
- [xss] i found a Cross Site Scripting Vulnerability about Discuz! 'uid' Parameter,
lis cker
- iDefense Security Advisory 03.02.10: IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability,
iDefense Labs
- Eshbel Priority MarketGate module Cross Site Scripting Vulnerability,
lament
- Todd Miller Sudo local root exploit discovered by Slouching,
Kingcope
- Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities,
lament
- ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:052 ] sudo,
security
- 1024CMS Blind SQL Injection Vulnerability,
admin
- ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities,
ZDI Disclosures
- [ MDVSA-2010:051 ] mozilla-thunderbird,
security
- [SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities,
dann frazier
- [SECURITY] [DSA 2004-1] New samba packages fix several vulnerabilities,
Moritz Muehlenhoff
- Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability,
lament
- CONFidence 2010 /25-26 May/, CfP,
andrzej . targosz
- Month of PHP Security 2010 - CALL FOR PAPERS,
Stefan Esser
- [USN-905-1] sudo vulnerabilities,
Jamie Strandboge
- ARISg5 (version 5.0) cross site scripting vulnerability,
Yaniv Miron
- [ MDVSA-2010:050 ] apache-mod_security,
security
- getPlus insufficient domain name validation vulnerability,
Akita Software Security
- AST-2010-003: Invalid parsing of ACL rules can compromise security,
Asterisk Security Team
- [ MDVSA-2010:049 ] sudo,
security
- SyScan'10 CALL FOR PAPERS,
thomas@xxxxxxxxxx
- SQL injection vulnerability in WebAdministrator Lite CMS,
Maciej Gojny
- [ MDVSA-2010:048 ] roundcubemail,
security
- Form-based HTTP Authentication Proof of Concept,
Timothy D. Morgan
- Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM,
Ofer Maor
- NSOADV-2010-003: DATEV ActiveX Control remote command execution,
NSO Research
- [USN-904-1] Squid vulnerability,
Marc Deslauriers
- SQL injection vulnerability in LiveChatNow,
Support TEAM
- Rbot Owner Reaction Command Execution,
Matthias -apoc- Hecker
- ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability,
Security_Alert
- iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability,
iDefense Labs
- [ MDVSA-2010:047 ] fuse,
security
- ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability,
ZDI Disclosures
- Kojoney (SSH honeypot) remote DoS,
Nicob
- [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption,
Tobias Klein
- CA20100223-01: Security Notice for CA eHealth Performance Manager,
Kotas, Kevin J
- VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability,
VUPEN Security Research
- [ MDVSA-2010:046 ] ncpfs,
security
- [ MDVSA-2010:045 ] php,
security
- Chuck Norris Botnet and Broadband Routers,
Gadi Evron
- Official Portal 2007 Multiple Vulnerabilities,
info
- [ MDVSA-2010:043 ] libtheora,
security
- Request for feedback on TCP security (IETF effort),
Fernando Gont
- [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.,
Alexandr Polyakov
- ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability,
ZDI Disclosures
- jQuery Validate 1.6.0 Demo Code Advisory,
CodeScan Labs Advisories
- London DEFCON February meet - DC4420 - Wed 24th Feb 2010,
Major Malfunction
- Easy FTP Server 1.7.0.2 Remote BoF,
jonbutler88
- [SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities,
dann frazier
- Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal,
Ofer Maor
- Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities,
Roberto Suggi Liverani
- [USN-902-1] Pidgin vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:044 ] mysql,
security
- CA20100222-01: Security Notice for CA Service Desk,
Kotas, Kevin J
- Secunia Research: Bournal Insecure Temporary Files Security Issue,
Secunia Research
- Secunia Research: Bournal ccrypt Information Disclosure Security Issue,
Secunia Research
- SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface,
SEC Consult Research
- [ MDVSA-2010:042 ] firefox,
security
- [SECURITY] [DSA-2002-1] New polipo packages fix denial of service,
Stefan Fritsch
- [SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities,
Raphael Geissert
- SQL injection vulnerability in Amelia CMS,
Maciej Gojny
- AST-2010-002: Dialplan injection vulnerability,
Asterisk Security Team
- [USN-890-5] XML-RPC for C and C++ vulnerabilities,
Jamie Strandboge
- [SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities,
Moritz Muehlenhoff
- SphereCMS Blind SQL Injection Vulnerability,
admin
- Kusaba X <= 0.9 XSS/CSRF vulnerabilities,
systemx00
- [USN-896-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities,
Jamie Strandboge
- TLS/SSL Hardening & Compatibility Report 2010,
Thierry Zoller
- BugCon 2010 Call For Papers,
saintarmin
- [ MDVSA-2010:034-2 ] kernel,
security
- [SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution,
Moritz Muehlenhoff
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent,
Cisco Systems Product Security Incident Response Team
- [ MDVSA-2010:041 ] pidgin,
security
- Circumventing Critical Security in Windows XP,
barkley
- Pixel Portal Sql Injection Vulnerability,
info
- [USN-895-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities,
Jamie Strandboge
- [ MDVSA-2010:039 ] netpbm,
security
- [ MDVSA-2010:034-1 ] kernel,
security
- [SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities,
Moritz Muehlenhoff
- [ MDVSA-2010:040 ] gnome-screensaver,
security
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: Mozilla Firefox Memory Corruption Vulnerability,
Secunia Research
- Cross-Site Scriting on Portwise SSL VPN v4.6,
research
- ZDI-10-018: IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability,
ZDI Disclosures
- MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service,
Tom Yu
- Trusteer Rapport Security Circumvention,
barkley
- Huawei HG510 CSRF, Auth Bypass, DoS,
ivan . markovic
- Pogodny CMS SQL vulnerabilities,
Maciej Gojny
- IE address bar characters into a small feature,
info
- VMSA-2010-0003 ESX Service Console update for net-snmp,
VMware Security Team
- Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability,
Brett Moore
- [ MDVSA-2010:038 ] maildrop,
security
- VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities,
VUPEN Security Research
- Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.,
sam . johnston
- Multiple Stored XSS in XOOPS 2.4.4 Admin Section,
beenudel1986
- [USN-901-1] Squid vulnerabilities,
Marc Deslauriers
- Chrome Password Manager Cross Origin Weakness (CVE-2010-0556),
VSR Advisories
- Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0),
Martin Barbella
- [USN-900-1] Ruby vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:037 ] fetchmail,
security
- Joomla (Jw_allVideos) Remote File Download Vulnerability,
info
- [SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities,
Giuseppe Iuculano
- [SECURITY] [DSA-1996-1] New Linux 2.6.26 packages fix several vulnerabilities,
dann frazier
- [ MDVSA-2010:036 ] webmin,
security
- cmsmadesimple Multiple Security Issues : XSS+ LFI,
beenudel1986
- [security bulletin] HPSBMA02486 SSRT090049 rev.2 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability,
iDefense Labs
- e-Sentinel Security Advisory - Ref: Session Hijacking iPhone Facebook Application ver 3.1.2,
bill . robson
- iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability,
iDefense Labs
- ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows,
Paul Craig
- SQL injection vulnerability in apemCMS,
Maciej Gojny
- [security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure,
security-alert
- [security bulletin] HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 1994-1] New ajaxterm packages fix session hijacking,
Raphael Geissert
- [ MDVSA-2010:035 ] openoffice.org,
security
- [USN-899-1] Tomcat vulnerabilities,
Marc Deslauriers
- RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001,
David Byrne
- [Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal,
Onapsis Research Labs
- [Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection,
Onapsis Research Labs
- [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector,
Onapsis Research Labs
- [SECURITY] [DSA 1993-1] New otrs2 packages fix SQL injection,
Raphael Geissert
- [security bulletin] HPSBMA02486 SSRT090049 rev.1 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities,
security-alert
- Trustwave's SpiderLabs Security Advisory TWSL2010-001,
Trustwave Advisories
- [USN-898-1] gnome-screensaver vulnerability,
Marc Deslauriers
- stratsec Security Advisory SS-2010-003 - Microsoft SMB Client Pool Overflow,
stratsec Research
- [USN-897-1] MySQL vulnerabilities,
Marc Deslauriers
- [security bulletin] HPSBMA02484 SSRT090076 rev.1 - HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands,
security-alert
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance,
Cisco Systems Product Security Incident Response Team
- Windows SMB NTLM Authentication Weak Nonce Vulnerability,
Hernan Ochoa
- ACM CCS 2010: Call for Workshop Proposals,
Christopher Kruegel
- ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability,
ZDI Disclosures
- TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability,
ZDI Disclosures
- CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability,
CORE Security Technologies Advisories
- Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow,
Secunia Research
- Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability,
Robbie Gill
- Hacktics Advisory Feb09: XSS in Oracle E-Business Suite,
Ofer Maor
- [Hacking Event] Night Da Hack 2010 : Call For Proposals,
m . mahdjoub
- [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers,
CORE Security Technologies Advisories
- JDownloader Remote Code Execution,
Matthias -apoc- Hecker
- [security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other,
security-alert
- [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access,
security-alert
- [ MDVSA-2010:034 ] kernel,
security
- mongoose Space Character Remote File Disclosure Vulnerability,
info
- [MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service,
david
- LDF (Default.asp) Sql Injection Vulnerability,
Arash . Setayeshi
- CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability,
Security
- [DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method,
Alexandr Polyakov
- [Suspected Spam]Vulnerability in Tagcloud for DataLife Engine,
MustLive
- [ MDVSA-2010:033 ] squid,
security
- Samba Remote Zero-Day Exploit,
Kingcope
- Recon Call for Papers - July 9-11 2010,
Hugo Fortier
- Secunia Research: libmikmod Module Parsing Vulnerabilities,
Secunia Research
- JAHx102 - HuskiCMS local file inclusion,
noreply
- JAHx101 - Huski retail mulitple SQL injection vulnerabilities,
noreply
- CORE-2010-0104 - LANDesk OS command injection,
CORE Security Technologies Advisories
- CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL),
Security
- CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03,
Peter Van Eeckhoutte
- [SECURITY] [DSA 1992-1] New chrony packages fix denial of service,
Nico Golde
- [ MDVSA-2010:032 ] rootcerts,
security
- [MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service,
david
- [SECURITY] [DSA-1990-1] New trac-git packages fix code execution,
Florian Weimer
- [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service,
Steffen Joeris
- [SECURITY] [DSA-1990-2] New trac-git package fixes regression,
Stefan Fritsch
- [security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS),
security-alert
- CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities,
Core Security Technologies Advisories
- [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS,
Alexandr Polyakov
- [Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability,
karakorsankara
- [SECURITY] [DSA-1989-1] New fuse packages fix denial of service,
Giuseppe Iuculano
- [CSO10002] Attachment path traversal in Outlook Web Access,
Ricardo Martins - Chief Security Officers
- [ MDVSA-2010:031 ] wireshark,
security
- [SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities,
Giuseppe Iuculano
- AST-2010-001: T.38 Remote Crash Vulnerability,
Asterisk Security Team
- [security bulletin] HPSBOV02505 SSRT100023 rev.1 - HP OpenVMS RMS, Local Escalation of Privilege,
security-alert
- [SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities,
Steffen Joeris
- [security bulletin] HPSBUX02479 SSRT090212 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Unauthorized Access,
security-alert
- OpenCart CSRF Vulnerability,
ben
- 360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie,
qiqiguaiguai
- Remote Vulnerability in AIX RPC.cmsd released by iDefense,
Rodrigo Rubira Branco (BSDaemon)
- [SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service,
Nico Golde
- Tinypug Multiple Vulnerabilities,
admin
- [security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local,
security-alert
- [SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness,
Giuseppe Iuculano
- RaakCms Multiple Vulnerabilities,
info
- [SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service,
Giuseppe Iuculano
- [CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow,
CORE Security Technologies Advisories
- iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability,
iDefense Labs
- Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2,
mkanat
- Joomla (com_gambling) SQL Injection Vulnerabilities,
md . r00t . defacer
- [ MDVSA-2010:030 ] kernel,
security
- [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection,
Core Security Technologies Advisories
- XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1),
Martin Barbella
- iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability,
iDefense Labs
- iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow,
iDefense Labs
- VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE,
VMware Security Team
- [SECURITY] [DSA 1983-1] New Wireshark packages fix several vulnerabilities,
Moritz Muehlenhoff
- [TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference,
Tobias Klein
- eWebeditor ASP Version Multiple Vulnerabilities,
info
- Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability,
info
- {PRL} Xerox Workcenter 4150 Remote Buffer Overflow,
Francis Provencher
- Cross-Site History Manipulation (XSHM),
Alex Roichman
- Advisory: jBCrypt < 0.3 character encoding vulnerability,
Damien Miller
- [SECURITY] [DSA 1982-1] New hybserv packages fix denial of service,
Steffen Joeris
- iPhone certificate flaws,
cryptopath
- [SECURITY] [DSA 1841-2] New git-core packages fix build failure,
Thijs Kinkhorst
- OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass,
Nicolas DEROUET
- [ MDVSA-2010:029 ] rootcerts,
security
- Multiple vulnerabilities in XAMPP (advisory #7),
MustLive
- Multiple vulnerabilities in XAMPP (advisories #5 and #6),
MustLive
- Multiple vulnerabilities in XAMPP (advisories #3 and #4),
MustLive
- Multiple vulnerabilities in XAMPP (advisories #1 and #2),
MustLive
- [SECURITY] [DSA 1968-2] New pdns-recursor packages fix cache poisoning,
Florian Weimer
- [USN-892-1] FUSE vulnerability,
Kees Cook
- [SECURITY] [DSA 1981-2] New maildrop packages fix regression,
Steffen Joeris
- [USN-893-1] Samba vulnerability,
Marc Deslauriers
- PR09-19: Cross-Site Scripting (XSS) on CommonSpot server,
research
- [SECURITY] [DSA 1981-1] New maildrop packages fix privilege escalation,
Steffen Joeris
- Firefox Observation Plugin Attack,
Ivan Buetler
- Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit,
dlrow1991
- [USN-891-1] lintian vulnerabilities,
Kees Cook
- [SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution,
Steffen Joeris
- [ MDVSA-2010:028 ] kdelibs4,
security
- PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager),
research
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace,
Cisco Systems Product Security Incident Response Team
- [USN-803-2] Dhcp vulnerability,
Jamie Strandboge
- [SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities,
Raphael Geissert
- [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication,
RedTeam Pentesting GmbH
- [RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data,
RedTeam Pentesting GmbH
- [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs,
RedTeam Pentesting GmbH
- [InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability,
advisories
- [ MDVSA-2010:027 ] kdelibs4,
security
- Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.,
pi3
- [security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access,
security-alert
- PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12,
Rolando Fuentes
- [USN-890-4] PyXML vulnerabilities,
Jamie Strandboge
- More information on CVE-2009-3580,
Chris Travers
- The future of XSS attacks,
MustLive
- [SECURITY] [DSA 1978-1] New phpgroupware packages fix several vulnerabilities,
Moritz Muehlenhoff
- Netsupport gateway remote DoS,
watcher60
- Cross-Site Scripting vulnerability in 3D Cloud for Joomla,
MustLive
- Paper: Weaning the Web off of Session Cookies,
Timothy D. Morgan
- [ MDVSA-2010:026 ] openldap,
security
- [security bulletin] HPSBMA02477 SSRT090177 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS),
security-alert
- Microsoft IE 6&7 Crash Exploit,
info
- Setting arbitrary Personas without user interaction in Firefox 3.6,
Artur Janc
- Secunia Research: Google Chrome Pop-Up Block Menu Handling Vulnerability,
Secunia Research
- [SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities,
Giuseppe Iuculano
- FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities,
Chris Travers
- Security improvements of Microsoft Silverlight Build 3.0.50106.0?,
Juha-Matti Laurio
- [ MDVSA-2010:025 ] php-pear-Mail,
security
- DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability,
ddivulnalert
- [ MDVSA-2010:024 ] coreutils,
security
- CVE-2009-3583, confirming problem and adding info,
Chris Travers
- [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy,
Mark Thomas
- Safari 4.0.4 Crash,
systemx00
- [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory,
Mark Thomas
- [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration,
Mark Thomas
- e107 latest download link is backdoored,
Bogdan Calin
- London DEFCON January meet - DC4420 - Wed 27th Jan 2010,
Major Malfunction
- Abusing weak PRNGs in PHP applications,
gat3way
- Publique! CMS SQL Injection Vulnerabilities,
Christophe dlf
- Silverstripe <= v2.3.4: two XSS vulnerabilities,
Moritz Naumann
- [USN-890-2] Python 2.5 vulnerabilities,
Jamie Strandboge
- iBoutique v4.0,
flashcreazione
- Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions),
pen-test
- [USN-890-3] Python 2.4 vulnerabilities,
Jamie Strandboge
- [SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities,
Giuseppe Iuculano
- IdeaCMS v1.0 (fck) Remote Arbitrary File Upload,
whh_iran
- FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability,
noreply-secresearch@xxxxxxxxxxxx
- ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability,
ZDI Disclosures
- Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack,
Tavis Ormandy
- ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-004: Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability,
ZDI Disclosures
- ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability,
ZDI Disclosures
- [SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow,
Stefan Fritsch
- [ MDVSA-2010:023 ] phpldapadmin,
security
- ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability,
ZDI Disclosures
- [ MDVSA-2010:022 ] openssl,
security
- eWebeditor Directory Traversal Vulnerability,
info
- TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001,
Lists
- ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability,
ZDI Disclosures
- Insufficient User Input Validation in VP-ASP 6.50 Demo Code,
CodeScan Labs Advisories
- [SECURITY] [DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th,
Stefan Fritsch
- [ MDVSA-2010:021 ] bind,
security
- [UPDATE] NSOADV-2010-001: Panda Security Local Privilege Escalation,
NSO Research
- [USN-890-1] Expat vulnerabilities,
Jamie Strandboge
- [ MDVSA-2010:020 ] gzip,
security
- [USN-889-1] gzip vulnerabilities,
Marc Deslauriers
- [USN-888-1] Bind vulnerabilities,
Marc Deslauriers
- [ MDVSA-2010:019 ] gzip,
security
- [SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution,
Steffen Joeris
- Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal,
Secunia Research
- Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability,
Cisco Systems Product Security Incident Response Team
- Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow,
Secunia Research
- [Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution,
Onapsis Research Labs
- Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows,
Secunia Research
- Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability,
Secunia Research
- vBulletin nulled (validator.php) files/directories disclosure,
kw3rln
- [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
- Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities,
Secunia Research
- Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow,
Secunia Research
- Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 1973-1] New glibc packages fix information disclosure,
Aurelien Jarno
- [CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player,
Security
- [ MDVSA-2010:016 ] wireshark,
security
- [ MDVSA-2010:018 ] phpMyAdmin,
security
- [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code,
security-alert
- [ MDVSA-2010:017 ] ruby,
security
- [ MDVSA-2010:015 ] roundcubemail,
security
- Blaze Apps Multiple Vulnerabilities,
admin
- ezContents CMS Multiple Vulnerabilities,
admin
- Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC,
superli
- Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC,
superli
- Xunlei XPPlayer ActiveX Remote Exec 0day POC,
superli
- Multiple Vulnerabilities in XOOPS 2.4.3 and earlier,
CodeScan Labs Advisories
- OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability,
karakorsankara
- JBroFuzz 1.9 Fuzzer Released!,
subere
- Study of BlackBerry Proof-of-Concept Malicious Applications (Whitepaper),
Mayank Aggarwal
- QvodPlayer ColorFilter Codec ActiveX Remote Exec,
info
- facebook 'routing flaw'?,
Michael Scheidell
- 0day vulnerability Sogou input method to obtain system privileges,
k4mr4n_st
- [SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow,
Stefan Fritsch
- Zenoss Multiple Admin CSRF,
Adam Baldwin
- [ MDVSA-2010:013 ] transmission,
security
- [ MDVSA-2010:014 ] transmission,
security
- [USN-886-1] Pidgin vulnerabilities,
Marc Deslauriers
- [USN-887-1] LibThai vulnerability,
Marc Deslauriers
- [ MDVSA-2010:011 ] mysql,
security
- [ATHCON2010] CFP/1st Call for Papers - AthCon IT Security Conference,
Kyprianos Vasilopoulos
- [ MDVSA-2010:012 ] mysql,
security
- Reminder: Campus Party EU 2010 Call For Participants,
Campus Party EU Spain
- AOL 9.5 ActiveX Heap Overflow Vulnerability,
karakorsankara
- GDT and LDT in Windows kernel vulnerability exploitation (paper),
Gynvael Coldwind
- [USN-885-1] LibThai vulnerability,
Marc Deslauriers
- Code to mitigate IE event zero-day (CVE-2010-0249),
ds . adv . pub
- [ MDVSA-2010:010 ] libthai,
security
- Browser Fuzzer 3,
krakowlabs
- [ MDVSA-2010:009 ] php,
security
- [ MDVSA-2010:008 ] php,
security
- [ MDVSA-2010:007 ] php,
security
- [security bulletin] HPSBUX02495 SSRT090151 rev.2 - HP-UX Running sendmail, Remote Denial of Service (DoS),
security-alert
- C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers,
Eyal Udassin
- VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability,
VUPEN Security Research
- Major security risk in the unlock pattern for Android devices,
Dan Dascalescu
- rPSA-2010-0004-1 openssl openssl-scripts,
rPath Update Announcements
- Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker,
Adam Baldwin
- SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS),
Lukas Weichselbaum
- [SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution,
Giuseppe Iuculano
- [USN-885-1] Transmission vulnerabilities,
Jamie Strandboge
- [security bulletin] HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, Execution of Arbitrary Code,
security-alert
- [ GLSA 201001-05 ] net-snmp: Authorization bypass,
Stefan Behte
- [USN-884-1] OpenSSL vulnerability,
Kees Cook
- [ GLSA 201001-07 ] Blender: Untrusted search path,
Stefan Behte
- [ GLSA 201001-09 ] Ruby: Terminal Control Character Injection,
Alex Legler
- XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1),
Marty Barbella
- [ GLSA 201001-06 ] aria2: Multiple vulnerabilities,
Stefan Behte
- [ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities,
Stefan Behte
- Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability,
karakorsankara
- [ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities,
Stefan Behte
- [ MDVSA-2010:005 ] krb5,
security
- RE: All China, All The Time,
Thor (Hammer of God)
- [ MDVSA-2010:006 ] krb5,
security
- [SECURITY] [DSA-1970-1] New openssl packages fix denial of service,
Stefan Fritsch
- [USN-882-1] PHP vulnerabilities,
Marc Deslauriers
- [security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS),
security-alert
- [ MDVSA-2010:004 ] bash,
security
- [CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption,
CORE Security Advisories
- Yoono Firefox Extension - Privileged Code Injection,
Nick Freeman
- [USN-883-1] network-manager-applet vulnerabilities,
Marc Deslauriers
- [USN-881-1] Kerberos vulnerability,
Kees Cook
- [SECURITY] [DSA-1969-1] New krb5 packages fix denial of service,
Giuseppe Iuculano
- [ MDVSA-2010:003 ] sendmail,
security
- iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability,
iDefense Labs
- Cross Site Identification (CSID) attack. Description and demonstration.,
Ronen Z
- Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability,
Secunia Research
- MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption,
Tom Yu
- [CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS,
Security
- ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability,
ZDI Disclosures
- Invitation: nullcon Goa 2010 International Security & Hacking Conference,
nullcon
- HITB Ezine 'Reloaded' - Issue #001,
Hafez Kamal
- [ MDVSA-2010:002 ] pidgin,
security
- [ MDVSA-2010:001 ] pidgin,
security
- [ MDVSA-2009:241-1 ] squid,
security
- [ MDVSA-2009:293-1 ] squidGuard,
security
- XSS Vulnerability in Active Calendar 1.2.0,
Marty Barbella
- [ MDVSA-2009:227-1 ] freeradius,
security
- [ MDVSA-2010:000 ] firefox,
security
- XSS vulnerabilities in 34 millions flash files,
MustLive
- [ MDVSA-2009:316-3 ] expat,
security
- Cross-Site Scripting vulnerability in JVClouds3D for Joomla,
MustLive
- Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection,
ascii
- [ MDVSA-2009:316-2 ] expat,
security
- NSOADV-2010-001: Panda Security Local Privilege Escalation,
NSO Research
- [SECURITY] [DSA 1968-1] New pdns-recursor packages fix potential code execution,
Florian Weimer
- [CORELAN-10-001] Audiotran 1.4.1 buffer overflow,
Security
- TELUS Security Labs VR - ACDSee Systems ACDSee Products XBM File Handling Buffer Overflow,
noreply
- MacOS X 10.5/10.6 libc/strtod(3) buffer overflow,
cxib
- [ MDVSA-2009:316-1 ] expat,
security
- Google Chrome 3.0.195.38 | Chrome Frame - Reloading Memory Allocation based Tab Crashing,
Aditya K Sood
- [HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability,
advisory
- Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability,
Secunia Research
- [USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression,
Jamie Strandboge
- [USN-877-1] Firefox 3.0 and Xulrunner 1.9 regression,
Jamie Strandboge
- ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability,
ZDI Disclosures
- Security contact at Lexmark?,
Protek Research Lab
- [SECURITY] [DSA 1967-1] New transmission packages fix directory traversal,
Moritz Muehlenhoff
- VMSA-2010-0001 ESX Service Console updates for nss and nspr,
VMware Security team
- [USN-880-1] GIMP vulnerabilities,
Marc Deslauriers
- [SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting,
Steffen Joeris
- [ MDVSA-2009:300-2 ] apache-conf,
security
- [ MDVSA-2009:300-1 ] apache-conf,
security
- FreeBSD Security Advisory FreeBSD-SA-10:03.zfs,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-10:01.bind,
FreeBSD Security Advisories
- [SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion,
Giuseppe Iuculano
- HTTP Digest Integrity: Another look, in light of recent attacks,
Timothy D. Morgan
- [TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!!,
Nelson Brito
- Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2,
bert hubert
- [USN-879-1] Kerberos vulnerability,
Kees Cook
- {PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS,
Protek Research Lab
- [ GLSA 201001-03 ] PHP: Multiple vulnerabilities,
Tobias Heinlein
- [ MDVSA-2009:220-1 ] davfs,
security
- Multiple vulnerabilities in LineWeb 1.0.5,
ign . sec
- SyScan'10 Call For Training (CFT),
organiser@xxxxxxxxxx
- REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability,
rewterz security team
- REWTERZ-20100101 - n.player Local Heap Overflow Vulnerability,
rewterz security team
- Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw,
Aditya K Sood
- REWTERZ-20100102 - Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability,
rewterz security team
- Y2K10 spamassassin bug, 2010 year mails discared as spam,
Eduardo Romero
- httpdx webserver v1.5 Remote Source Disclosure,
info
- [ GLSA 201001-01 ] NTP: Denial of Service,
Stefan Behte
- [Tool] DeepToad 1.1.0,
Joxean Koret
- Java vulnerability,
Paul
- [ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities,
Alex Legler
- [USN-876-1] PostgreSQL vulnerabilities,
Jamie Strandboge
- Secunia Research: PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability,
Secunia Research
- WASC Announcement: WASC Threat Classification v2.0 Published,
announcements
- Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!,
Stefan Kanthak
- [SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities,
Florian Weimer
- [SECURITY] [DSA-1953-2] New expat packages fix regression,
Stefan Fritsch
- [ MDVSA-2009:346 ] kde,
security
- [SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation,
Raphael Geissert
- Secunia Research: AproxEngine Multiple Vulnerabilities,
Secunia Research
- FreeWebshop.org: multiple vulnerabilities,
Akita Software Security
- [ MDVSA-2009:345 ] acl,
security
- Tests about semicolon zero-day (BID 37460),
Crash - DcLabs
- [ MDVSA-2009:146-1 ] imap,
security
- MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing,
Tom Yu
- [ MDVSA-2009:189-1 ] apache-mod_auth_mysql,
security
- Code to mitigate IIS semicolon zero-day,
ds . adv . pub
- [ MDVSA-2009:344 ] perl-DBD-Pg,
security
- [ MDVSA-2009:244-1 ] xfig,
security
- [SECURITY] [DSA 1957-1] New aria2 packages fix arbitrary code execution,
Steffen Joeris
- Sheedravi CMS SQL Injection Vulnerability,
faghani
- DBHCMS Web Content Management System v1.1.4 RFI Vulnerability,
info
- [InterN0T] LiveZilla - XSS Vulnerability,
advisories
- [SECURITY] [DSA 1963-1] New unbound packages fix DNSSEC validation,
Florian Weimer
- [ MDVSA-2009:343 ] acpid,
security
- [ MDVSA-2009:342 ] acpid,
security
- Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug),
bugreport
- [tools] hostmap-0.2.1 released,
Alessandro Tanasi
- [ MDVSA-2009:341 ] dstat,
security
- [ MDVSA-2009:340 ] jpgraph,
security
- ClubHack2009 presentations are now online,
ClubHack
- Vulnerability in Joomulus for Joomla,
MustLive
- XSS Vulnerability in JpGraph 3.0.6,
Martin Barbella
- [SECURITY] [DSA-1962-1] New kvm packages fix several vulnerabilities,
Giuseppe Iuculano
[Home]
[Netfilter]
[Linux Security]
[Linux]
[Kernel]
[Photo]
