Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

323 messages starting Apr 10 08 and ending Apr 04 08
Date index | Thread index | Author index

3APA3A

Re: licq remote DoS? 3APA3A (Apr 10)

Adam Laurie

ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59 Adam Laurie (Apr 02)
ANNOUNCE: RFIDIOt-0.1s release (now available for Windows) Adam Laurie (Apr 18)

admin

Acidcat CMS Multiple Vulnerabilities admin (Apr 21)
Carbon Communities forum Multiple Vulnerabilities. admin (Apr 16)
BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day) admin (Apr 16)

Adrian Pastor

Default key algorithm in Thomson and BT Home Hub routers Adrian Pastor (Apr 22)

ajax

KwsPHP (Upload) Remote Code Execution Exploit ajax (Apr 15)

ak

Oracle - SQL Injection Vulnerability in SDO_UTIL [DB05] ak (Apr 16)
Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13] ak (Apr 16)
Oracle - SQL Injection in package SDO_IDX [DB07] ak (Apr 16)
Oracle - SQL Injection in package SDO_GEOM [DB06] ak (Apr 16)

Albert Sellarès

[CVE-2007-5301] alsaplayer PoC - exploit Albert Sellarès (Apr 09)

Amit Klein

Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) Amit Klein (Apr 08)
Microsoft SWI blog inaccuracies Amit Klein (Apr 28)

Andrea Barisani

project announcement - oCERT - Open Source CERT Andrea Barisani (Apr 14)
[oCERT-2008-003] libpng zero-length chunks incorrect handling Andrea Barisani (Apr 14)
[oCERT-2008-004] multiple speex implementations insufficient boundary checks Andrea Barisani (Apr 17)

anonymous

Re: Hamachi Password Disclosure Vulnerability anonymous (Apr 01)

ap

Re: Default key algorithm in Thomson and BT Home Hub routers ap (Apr 23)

ascii

WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities ascii (Apr 11)

a . westtermann

Re: Alkacon OpenCms sessions.jsp searchfilter XSS a . westtermann (Apr 10)

blacklight

Re: R.I.P. rgod blacklight (Apr 28)

brad . antoniewicz

Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities brad . antoniewicz (Apr 08)

bugtraq

OneSecurityDay 2008 - Web application auditing challenge bugtraq (Apr 14)

Cesar

Token Kidnapping (Microsoft Security Advisory 951306) presentation available Cesar (Apr 19)

Christian Kujau

Re: R.I.P. rgod Christian Kujau (Apr 30)
Re: R.I.P. rgod Christian Kujau (Apr 29)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Apr 03)
Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability Cisco Systems Product Security Incident Response Team (Apr 16)

contact

Re: PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability contact (Apr 16)

CORE Security Technologies Advisories

CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls CORE Security Technologies Advisories (Apr 28)
CORE-2008-0314 - Orbit Downloader "Download failed" buffer overflow CORE Security Technologies Advisories (Apr 04)

crazy_kinq

Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it crazy_kinq (Apr 21)

darkz . gsa

Wikepage Wiki v.2007-2 Cross-Site Scripting darkz . gsa (Apr 18)
LightNEasy v.1.2.2 flat Multiple Vulnerabilities darkz . gsa (Apr 18)

Darth Jedi

RE: Internet explorer 7.0 spoofing Darth Jedi (Apr 02)

david130490

Trillian 3.1.9.0 DTD File Buffer Overflow david130490 (Apr 11)

David Litchfield

A New Class of Vulnerability in Oracle: Lateral SQL Injection David Litchfield (Apr 24)

DeepSec Conference

Announcement - DeepSec Conference 2008, Nov 11-14 2008 DeepSec Conference (Apr 17)

Devin Carraway

[SECURITY] [DSA 1542-1] New libcairo packages fix arbitrary code execution Devin Carraway (Apr 09)
[SECURITY] [DSA 1533-2] New exiftags packages fix several vulnerabilities Devin Carraway (Apr 01)
[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities Devin Carraway (Apr 09)
[SECURITY] [DSA 1539-1] New mapserver packages fix multiple vulnerabilities Devin Carraway (Apr 04)
[SECURITY] [DSA 1546-1] New gnumeric packages fix arbitrary code execution Devin Carraway (Apr 11)
[SECURITY] [DSA 1538-1] New alsaplayer packages fix arbitrary code execution Devin Carraway (Apr 04)
[SECURITY] [DSA 1548-1] New xpdf packages fix arbitrary code exitution Devin Carraway (Apr 17)
[SECURITY] [DSA 1537-1] New xpdf packages fix multiple vulnerabilities Devin Carraway (Apr 03)

douchbag

Re: Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities douchbag (Apr 21)

Dragos Ruiu

EUSecWest CFP Closes April 14th (conf May 21/22 2008) Dragos Ruiu (Apr 10)

Enno Rey

Troopers08 Security Conference, April 23/24 (Munich/Germany) Enno Rey (Apr 15)

erdc

[ECHO_ADV_89$2008] Softbiz Web Host Directory Script (search_result.php host_id) Blind Sql Injection Vulnerability erdc (Apr 28)
[ECHO_ADV_88$2008] Prozilla Hosting Index (directory.php cat_id) Blind Sql Injection Vulnerability erdc (Apr 28)

evilcry

TheGreenBowVPN, Login Credentials Disclosure evilcry (Apr 05)

Florian Weimer

[SECURITY] [DSA 1556-1] New perl packages fix denial of service Florian Weimer (Apr 24)
[SECURITY] [DSA 1553-1] New ikiwiki packages fix cross-site request forgery Florian Weimer (Apr 21)
[SECURITY] [DSA 1556-2] New perl packages fix denial of service Florian Weimer (Apr 28)
[SECURITY] [DSA 1544-1] New pdns-recursor packages fix cache poisoning vulnerability Florian Weimer (Apr 09)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-08:05.openssh FreeBSD Security Advisories (Apr 17)

Gianluca Borello

Re: Firefox 3.0 beta 5 crash Gianluca Borello (Apr 22)

Guido Landi

Re: xine-lib NES Sound Format Demuxer Buffer Overflow Guido Landi (Apr 24)

hadihadi_zedehal_2006

Blogator-script 0.95 SQL Injection Vulnerbility hadihadi_zedehal_2006 (Apr 05)
Blogator-script 0.95 Change User Password Vulnerbility hadihadi_zedehal_2006 (Apr 05)

hadikiamarsi

XSS Attack hadikiamarsi (Apr 29)
bug report hadikiamarsi (Apr 28)

Hanno Böck

Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387) Hanno Böck (Apr 22)
Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)) Hanno Böck (Apr 22)
clamav: Endless loop / hang with crafter arj, CVE-2008-1387 Hanno Böck (Apr 15)

houssamix

BosNews 2002-2006 Remote add user admin houssamix (Apr 15)
BosNews v4.0 Remote add user admin houssamix (Apr 15)

hsx

KwsPHP Module ConcoursPhoto XSS hsx (Apr 04)

iDefense Labs

iDefense Security Advisory 04.15.08: Oracle Application Express Privilege Escalation Vulnerability iDefense Labs (Apr 16)
iDefense Security Advisory 04.09.08: EMC DiskXtender MediaStor Format String Vulnerability iDefense Labs (Apr 11)
iDefense Security Advisory 04.09.08: IBM DB2 Universal Database Administration Server File Creation Vulnerability iDefense Labs (Apr 16)
iDefense Security Advisory 04.09.08: IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability iDefense Labs (Apr 16)
iDefense Security Advisory 04.09.08: EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability iDefense Labs (Apr 11)
iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability iDefense Labs (Apr 09)
iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice EMF EMR_BITBLT Record Integer Overflow Vulnerability iDefense Labs (Apr 18)
iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability iDefense Labs (Apr 18)
iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice QPRO File Parsing Integer Underflow Vulnerability iDefense Labs (Apr 18)
iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability iDefense Labs (Apr 04)
iDefense Security Advisory 04.02.08: Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability iDefense Labs (Apr 04)
iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability iDefense Labs (Apr 01)
iDefense Security Advisory 04.08.08: Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability iDefense Labs (Apr 09)
iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability iDefense Labs (Apr 15)
iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice QPRO Multiple Heap Overflow Vulnerabilities iDefense Labs (Apr 18)
iDefense Security Advisory 04.03.08: Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities iDefense Labs (Apr 04)
iDefense Security Advisory 04.09.08: EMC DiskXtender Authentication Bypass Vulnerability iDefense Labs (Apr 11)
iDefense Security Advisory 04.02.08: Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability iDefense Labs (Apr 04)

info

Zune software - arbitrary file overwrite info (Apr 23)

infocus

[INFIGO-2008-04-08]: ICQ 6 remote buffer overflow vulnerability infocus (Apr 16)

ipsdix

R.I.P. rgod ipsdix (Apr 25)

irancrash

Minibb 2.2a XSS Vulnerability irancrash (Apr 28)
Datalife Engine 6.7 XSRF irancrash (Apr 02)
EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI) irancrash (Apr 01)

I)ruid

CAU-2008-0001 - Slowly Closing Door Race Condition I)ruid (Apr 01)
CAU-2008-0002: Microsoft Windows SharePoint Services Picture Source XSS I)ruid (Apr 09)

jaime . blasco

SAP Netweaver 6.40-7.0 Cross-Site-Scripting jaime . blasco (Apr 09)
New tool released : Syslog Fuzzer jaime . blasco (Apr 08)

Jamie Strandboge

[USN-599-1] Ghostscript vulnerability Jamie Strandboge (Apr 09)
[USN-601-1] Squid vulnerability Jamie Strandboge (Apr 14)
[USN-588-2] MySQL regression Jamie Strandboge (Apr 03)
[USN-602-1] Firefox vulnerabilities Jamie Strandboge (Apr 22)
[USN-598-1] CUPS vulnerabilities Jamie Strandboge (Apr 03)

J. Carlos Nieto

WordPress 2.5 - Salt cracking vulnerability J. Carlos Nieto (Apr 15)

Jeff Williams

Attack Technique: File Download Injection Jeff Williams (Apr 07)

Jessica Hope

WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability Jessica Hope (Apr 08)

john

Re: h2desk helpdesk path disclosure vulnerability john (Apr 29)

J. Oquendo

TCP/IP security vulnerability disclosed J. Oquendo (Apr 01)

jose

openMosix userspace library stack-based buffer overflow jose (Apr 07)

joseph . giron13

cevado technologies real estate CMS SQL injection joseph . giron13 (Apr 01)
Terracotta Personal Edition Multiple vulnerabilities joseph . giron13 (Apr 01)

jplopezy

Curious vulnerability in Excel 2007 jplopezy (Apr 26)
Re: Re: Re: Internet explorer 7.0 spoofing jplopezy (Apr 02)
Trillian 3.1 basic nick crash jplopezy (Apr 24)
GroupWise 7 attached bugs jplopezy (Apr 26)
Re: Curious vulnerability in Excel 2007 jplopezy (Apr 26)
GroupWise 7.0 mailto: scheme buffer overflow jplopezy (Apr 28)
Safari 3.1.1 Multiple Vulnerabilities for windows jplopezy (Apr 22)
Firefox 3.0 beta 5 crash jplopezy (Apr 22)

Juha-Matti Laurio

Re: [Full-disclosure] Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Juha-Matti Laurio (Apr 17)

Justin Ferguson

IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows Justin Ferguson (Apr 11)
IOActive Security Advisory: Buffer overflow in Python zlib extension module Justin Ferguson (Apr 09)

Kees Cook

[USN-604-1] Gnumeric vulnerability Kees Cook (Apr 22)
[USN-603-2] KOffice vulnerability Kees Cook (Apr 17)
[USN-603-1] poppler vulnerability Kees Cook (Apr 17)
[USN-597-1] OpenSSH vulnerability Kees Cook (Apr 02)
[USN-600-1] rsync vulnerability Kees Cook (Apr 11)

laurent . gaffie

Re: NetClassifieds Sql Injection laurent . gaffie (Apr 23)
xine-lib NES Sound Format Demuxer Buffer Overflow laurent . gaffie (Apr 23)

Layer One

LayerOne 2008 - Final Pre-Con Update Layer One (Apr 23)

Liran Cohen

Re: rPSA-2008-0151-1 libpng Liran Cohen (Apr 30)

Liu Zhen Hua

Borland InterBase 2007 "ibserver.exe" Buffer Overflow Vulnerability POC Liu Zhen Hua (Apr 11)

lpilorz

Vulnerabilities in kses-based HTML filters lpilorz (Apr 03)

Luigi Auriemma

Multiple vulnerabilities in HP OpenView NNM 7.53 Luigi Auriemma (Apr 07)
Directory traversal in LANDesk Management Suite 8.80.1.1 Luigi Auriemma (Apr 02)
Re: Multiple vulnerabilities in HP OpenView NNM 7.53 Luigi Auriemma (Apr 08)
Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53 Luigi Auriemma (Apr 11)
Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Luigi Auriemma (Apr 15)

luke . jennings

ANNOUNCE: Security Implications of Windows Access Tokens Whitepaper luke . jennings (Apr 21)

Major Malfunction

London DEFCON meet - Thursday 1st May - DC4420 Major Malfunction (Apr 28)

marc . deroche

Re: WoltLab(R) Community Framework WCF 1.0.6 marc . deroche (Apr 12)

Mark Crowther

IRM Security Advisory : RedDot CMS SQL injection vulnerability Mark Crowther (Apr 21)

Marshall Eubanks

Re: heanet.dl.sourceforge.net hacked? Marshall Eubanks (Apr 30)

Martin Schulze

[SECURITY] [DSA 1547-1] New OpenOffice.org packages fix arbitrary code execution Martin Schulze (Apr 17)

Matthias Geerdsen

[ GLSA 200804-24 ] DBmail: Data disclosure Matthias Geerdsen (Apr 21)
[ GLSA 200804-30 ] KDE start_kdeinit: Multiple vulnerabilities Matthias Geerdsen (Apr 29)
[ GLSA 200804-23 ] CUPS: Integer overflow vulnerability Matthias Geerdsen (Apr 21)

Mauro Faccenda

Re: Firefox 3.0 beta 5 crash Mauro Faccenda (Apr 26)

Michael . Brooks . SPAM

Deciphering the PHP-Nuke Capthca Michael . Brooks . SPAM (Apr 21)
Deciphering the Simple Machines Forum audio Captcha Michael . Brooks . SPAM (Apr 21)

Michael Scheidell

heanet.dl.sourceforge.net hacked? Michael Scheidell (Apr 30)

Mike Diaz

RE: Internet explorer 7.0 spoofing Mike Diaz (Apr 02)

Milen Rangelov

licq remote DoS? Milen Rangelov (Apr 08)

mirrors

Re: heanet.dl.sourceforge.net hacked? mirrors (Apr 30)

m . memelli

Re: BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day) m . memelli (Apr 17)

Morgan ARMAND

Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability Morgan ARMAND (Apr 15)

Moritz Muehlenhoff

[SECURITY] [DSA 1545-1] New rsync packages fix arbitrary code execution Moritz Muehlenhoff (Apr 10)
[SECURITY] [DSA 1550-1] New suphp packages fix local privilege escalation Moritz Muehlenhoff (Apr 17)
[SECURITY] [DSA 1534-2] New iceape packages fix regression Moritz Muehlenhoff (Apr 24)
[SECURITY] [DSA 1562-1] New iceape packages fix arbitrary code execution Moritz Muehlenhoff (Apr 28)
[SECURITY] [DSA 1552-1] New mplayer packages fix arbitrary code execution Moritz Muehlenhoff (Apr 19)
[SECURITY] [DSA 1563-1] New asterisk packages fix denial of service Moritz Muehlenhoff (Apr 30)
[SECURITY] [DSA 1558-1] New xulrunner packages fix arbitrary code execution Moritz Muehlenhoff (Apr 25)
[SECURITY] [DSA 1551-1] New python2.4 packages fix several vulnerabilities Moritz Muehlenhoff (Apr 19)
[SECURITY] [DSA 1541-1] New openldap2.3 packages fix denial of service Moritz Muehlenhoff (Apr 09)
[SECURITY] [DSA 1549-1] New clamav packages fix several vulnerabilities Moritz Muehlenhoff (Apr 17)
[SECURITY] [DSA 1555-1] New iceweasel packages fix arbitrary code execution Moritz Muehlenhoff (Apr 23)

mrangelov

Re: Re: licq remote DoS? mrangelov (Apr 10)

nebelfrost23

Writers Block SQL Injection Vulnerabilities nebelfrost23 (Apr 02)

netmantis . com

Pu Arcade component for Joomla - SQL injection netmantis . com (Apr 09)

NGSSoftware Insight Security Research

Critical Vulnerability in SNMPc NGSSoftware Insight Security Research (Apr 30)

nixpanic

Re: openMosix userspace library stack-based buffer overflow nixpanic (Apr 10)

nnposter

Alkacon OpenCms sessions.jsp searchfilter XSS nnposter (Apr 05)
F5 BIG-IP Management Interface Perl Injection nnposter (Apr 05)

Noah Meyerhans

[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability Noah Meyerhans (Apr 22)

no-reply

Joomla Component com_lms SQL Injection no-reply (Apr 03)

noreply

NetClassifieds Sql Injection noreply (Apr 23)
w2b.ru multiple products SQL Injection noreply (Apr 11)
paFileDB 3.1 Remote SQL Injection noreply (Apr 10)
5th avenue Shopping Cart SQL Injection noreply (Apr 18)
Horde Webmail XSS [Aria-Security] noreply (Apr 23)

Oliver Goebel

IMF 2008 - 2nd Call for Papers Oliver Goebel (Apr 26)

organiser () syscan org

SyScan'08 Singapore - Call for Paper organiser () syscan org (Apr 21)

packet

Re: Powered by gCards v1.46 SQL packet (Apr 21)

Pascal Cretain

Wayport Public Access PC Authentication Bypass Weakness Pascal Cretain (Apr 08)

Patrick Webster

Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow Patrick Webster (Apr 07)

Pierre-Yves Rofes

[ GLSA 200804-02 ] bzip2: Denial of Service Pierre-Yves Rofes (Apr 03)
[ GLSA 200804-10 ] Tomcat: Multiple vulnerabilities Pierre-Yves Rofes (Apr 10)
[ GLSA 200804-29 ] Comix: Multiple vulnerabilities Pierre-Yves Rofes (Apr 26)
[ GLSA 200804-09 ] am-utils: Insecure temporary file creation Pierre-Yves Rofes (Apr 10)

Pieter de Boer

Re: heanet.dl.sourceforge.net hacked? Pieter de Boer (Apr 30)

pobore

Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS pobore (Apr 26)

pocadm

POC2008 call for papers pocadm (Apr 03)

poplix

Parallels virtuozzo's VZPP multiple csrf vulnerabilities poplix (Apr 03)

ProCheckUp Research

PR07-44: XSS on RSA Authentication Agent login page ProCheckUp Research (Apr 23)
PR07-43: Cross-domain redirect on RSA Authentication Agent ProCheckUp Research (Apr 23)

Rainer Duffner

Re: heanet.dl.sourceforge.net hacked? Rainer Duffner (Apr 30)

Raphael Marichez

[ GLSA 200804-12 ] gnome-screensaver: Privilege escalation Raphael Marichez (Apr 11)

Razi Shaban

Re: Internet explorer 7.0 spoofing Razi Shaban (Apr 01)

Recon Conference

Recon 2008 CFP last call, early registration open Recon Conference (Apr 03)

Robert Buchholz

[ GLSA 200804-15 ] libpng: Execution of arbitrary code Robert Buchholz (Apr 15)
[ GLSA 200804-06 ] UnZip: User-assisted execution of arbitrary code Robert Buchholz (Apr 07)
[ GLSA 200804-21 ] Adobe Flash Player: Multiple vulnerabilities Robert Buchholz (Apr 18)
[ GLSA 200804-19 ] PHP Toolkit: Data disclosure and Denial of Service Robert Buchholz (Apr 18)
[ GLSA 200804-04 ] MySQL: Multiple vulnerabilities Robert Buchholz (Apr 07)
[ GLSA 200804-26 ] Openfire: Denial of Service Robert Buchholz (Apr 23)
[ GLSA 200804-18 ] Poppler: User-assisted execution of arbitrary code Robert Buchholz (Apr 17)
[ GLSA 200804-14 ] Opera: Multiple vulnerabilities Robert Buchholz (Apr 15)
[ GLSA 200804-20 ] Sun JDK/JRE: Multiple vulnerabilities Robert Buchholz (Apr 18)
[ GLSA 200804-13 ] Asterisk: Multiple vulnerabilities Robert Buchholz (Apr 15)
[ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code Robert Buchholz (Apr 23)
[ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning Robert Buchholz (Apr 18)
[ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation Robert Buchholz (Apr 11)
[ GLSA 200804-17 ] Speex: User-assisted execution of arbitrary code Robert Buchholz (Apr 17)
[ GLSA 200804-07 ] PECL APC: Buffer Overflow Robert Buchholz (Apr 09)
[ GLSA 200804-01 ] CUPS: Multiple vulnerabilities Robert Buchholz (Apr 01)
[ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code Robert Buchholz (Apr 07)
[ GLSA 200804-03 ] OpenSSH: Privilege escalation Robert Buchholz (Apr 05)
[ GLSA 200804-16 ] rsync: Execution of arbitrary code Robert Buchholz (Apr 17)

roberto . suggi

SugarCRM Community Edition Local File Disclosure Vulnerability roberto . suggi (Apr 29)

rohit

Re: Yourfreeworld Styleish Text Ads Script rohit (Apr 29)

rPath Update Announcements

rPSA-2008-0149-1 idle python rPath Update Announcements (Apr 26)
rPSA-2008-0138-1 tshark wireshark rPath Update Announcements (Apr 04)
rPSA-2008-0136-1 cups rPath Update Announcements (Apr 04)
rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server rPath Update Announcements (Apr 04)
rPSA-2008-0151-1 libpng rPath Update Announcements (Apr 29)

S21sec labs

S21SEC-043-en:Cezanne SW Blind SQL Injection S21sec labs (Apr 14)
S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required) S21sec labs (Apr 14)
S21SEC-041-en:Cezanne SW Cross-Site Scripting S21sec labs (Apr 14)

Sabun

Koobi Pro 6.25 poll Remote SQL Injection Vulnerability Sabun (Apr 15)

Sebastien gioria

DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2 Sebastien gioria (Apr 14)

Secunia Research

Secunia Research: Autonomy Keyview Applix Graphics Parsing Vulnerabilities Secunia Research (Apr 14)
Secunia Research: Symantec Mail Security Folio Flat File Parsing Buffer Overflows Secunia Research (Apr 14)
Secunia Research: activePDF DocConverter Folio Flat File Parsing Buffer Overflows Secunia Research (Apr 14)
Secunia Research: Symantec Mail Security Applix Graphics Parsing Vulnerabilities Secunia Research (Apr 14)
Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows Secunia Research (Apr 14)
Secunia Research: activePDF DocConverter Applix Graphics Parsing Vulnerabilities Secunia Research (Apr 14)
Secunia Research: HP OpenView Network Node Manager OpenView5.exe Directory Traversal Secunia Research (Apr 14)
Secunia Research: Lotus Notes Applix Graphics Parsing Vulnerabilities Secunia Research (Apr 14)
Secunia Research: Autonomy Keyview Folio Flat File Parsing Buffer Overflows Secunia Research (Apr 14)
Secunia Research: Lotus Notes EML Reader Buffer Overflows Secunia Research (Apr 14)
Secunia Research: Autonomy Keyview EML Reader Buffer Overflows Secunia Research (Apr 14)
Secunia Research: Lotus Notes kvdocve.dll Path Processing Buffer Overflow Secunia Research (Apr 14)
Secunia Research: Internet Explorer Data Stream Handling Vulnerability Secunia Research (Apr 14)
Secunia Research: Adobe Flash Player "Declare Function (V7)" Heap Overflow Secunia Research (Apr 14)
Secunia Research: Lotus Notes htmsr.dll Buffer Overflows Secunia Research (Apr 14)

securfrog

DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT ) securfrog (Apr 15)

security

[ MDVSA-2008:089 ] - Updated poppler packages fix vulnerability security (Apr 18)
[ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability security (Apr 15)
[ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability security (Apr 12)
[ MDVSA-2008:091 ] - Updated wireshark packages fix denial of service vulnerabilities security (Apr 25)
[ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability security (Apr 15)
[ MDVSA-2008:085 ] - Updated python packages fix arbitrary code execution vulnerability security (Apr 15)
[ MDVSA-2008:087 ] - Updated policykit package fixes format string vulnerability security (Apr 17)
[ MDVSA-2008:090 ] - Updated OpenOffice.org packages fix vulnerabilities security (Apr 21)
Webwasher Denial of Service Vulnerability security (Apr 03)
[ MDVSA-2008:093 ] - Updated vorbis-tools packages fix vulnerabilities security (Apr 29)
[ MDVSA-2008:092 ] - Updated gstreamer-plugins-good packages fix vulnerabilities security (Apr 29)
[ MDVSA-2008:081 ] - Updated CUPS packages fix multiple vulnerabilities security (Apr 02)
[ MDVSA-2008:083 ] - Updated audit packages fix vulnerability security (Apr 10)
[ MDVSA-2008:082 ] - Updated php-apc packages fix vulnerability security (Apr 09)
[ MDVSA-2008:088 ] - Updated clamav packages fix multiple vulnerabilities security (Apr 18)

security-alert

[security bulletin] HPSBMA02331 SSRT080000 rev.1 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges security-alert (Apr 30)
[security bulletin] HPSBMA02328 SSRT071293 rev.2 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code security-alert (Apr 17)
[security bulletin] HPSBST02329 SSRT080048 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025 security-alert (Apr 17)
HPSBTU02325 SSRT080006 rev.1 - HP Internet Express for Tru64 UNIX running PostgreSQL, Arbitrary Code Execution, Privilege Elevation, or Denial of Service (DoS) security-alert (Apr 02)
[security bulletin] HPSBMA02242 SSRT061260 rev.3 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution security-alert (Apr 08)
HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code security-alert (Apr 24)
[security bulletin] [security bulletin] HPSBST02318 SSRT080018 rev.1 - HP Storage Essentials Software, Remote Unauthorized Access to Data security-alert (Apr 08)
[security bulletin] HPSBMA02327 SSRT071455 rev.1 - HP Integrity Servers iLO-2 Management Processors (iLO-2 MP), Denial of Service (DoS) security-alert (Apr 08)
[security bulletin] HPSBMA02323 SSRT080032 rev.1 - HP USB Floppy Drive Key (Option) for ProLiant Servers, Local Virus Infection security-alert (Apr 04)
HPSBMA02317 SSRT080026 rev.1 - HP Select Identity Software, Gain Unauthorized Access security-alert (Apr 02)
[security bulletin] HPSBMA02133 SSRT061201 rev.8 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert (Apr 17)

securityfocus . com

Re: Re: heanet.dl.sourceforge.net hacked? securityfocus . com (Apr 30)

Security Officer

AST-2008-006 - 3-way handshake in IAX2 incomplete Security Officer (Apr 23)

Simon Ryeo

CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities Simon Ryeo (Apr 07)

Skratz0r

Re: Firefox 3.0 beta 5 crash (Slightly unrelated) Skratz0r (Apr 26)

Stefano Zanero

CFP: Workshop on Open Source Software for Computer and Network Forensics Stefano Zanero (Apr 30)

Steve Kemp

[SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service Steve Kemp (Apr 15)
[SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service Steve Kemp (Apr 07)

Steven J. Murdoch

Wordpress 2.5 Cookie Integrity Protection Vulnerability Steven J. Murdoch (Apr 26)

sys-project

Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities sys-project (Apr 15)
Classifieds Caffe (index.php cat_id) Remote SQL Injection sys-project (Apr 16)

Team SHATTER

Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures Team SHATTER (Apr 18)
Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures Team SHATTER (Apr 18)
Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure Team SHATTER (Apr 18)

th3 . r00k . nospam

Sea-Surfing on the Motorola Surfboard th3 . r00k . nospam (Apr 21)
BitTorrent Clients and CSRF th3 . r00k . nospam (Apr 18)

The Dark Tangent

DEF CON 16 Retro Announcement! Back to Bang! The Dark Tangent (Apr 14)
DEF CON 16 Retro Announcement! Back to Bang! The Dark Tangent (Apr 12)

Thijs Kinkhorst

[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities Thijs Kinkhorst (Apr 24)
[SECURITY] [DSA 1561-1] New ldm packages fix information disclosure Thijs Kinkhorst (Apr 28)
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities Thijs Kinkhorst (Apr 01)
[SECURITY] [DSA 1560-1] New kronolith2 packages fix cross site scripting Thijs Kinkhorst (Apr 28)

Thomas Pollet

Lotus expeditor rcplauncher uri handler vulnerability Thomas Pollet (Apr 25)

Tim Brown

Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron Tim Brown (Apr 04)

Tobias Heinlein

[ GLSA 200804-27 ] SILC: Multiple vulnerabilities Tobias Heinlein (Apr 24)
[ GLSA 200804-08 ] lighttpd: Multiple vulnerabilities Tobias Heinlein (Apr 10)
[ GLSA 200804-28 ] JRockit: Multiple vulnerabilities Tobias Heinlein (Apr 24)

turkish-warriorr

Powered by gCards v1.46 SQL turkish-warriorr (Apr 21)
Fones Clinic Mart SQL turkish-warriorr (Apr 14)

virangar_nml

Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility virangar_nml (Apr 07)

VMware Security team

VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus VMware Security team (Apr 16)

vulnerabilityresearch

DDIVRT-2008-11 BadBlue uninst.exe DoS vulnerabilityresearch (Apr 24)

vulns

[W01-0408] Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation vulns (Apr 23)

w0lfd33m

Re: Re: Internet explorer 7.0 spoofing w0lfd33m (Apr 01)

Williams, James K

CA DSM gui_cm_ctrls ActiveX Control Vulnerability Williams, James K (Apr 16)
CA Alert Notification Server Multiple Vulnerabilities Williams, James K (Apr 04)
CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities Williams, James K (Apr 04)

win32 . exe

remote file include win32 . exe (Apr 15)
remote file include win32 . exe (Apr 15)

wsn1983

Microsoft Works 7 WkImgSrv.dll crash POC wsn1983 (Apr 17)

yeppy

Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility yeppy (Apr 08)

zdi-disclosures

ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability zdi-disclosures (Apr 08)
ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability zdi-disclosures (Apr 16)
ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability zdi-disclosures (Apr 04)
ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability zdi-disclosures (Apr 04)
ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability zdi-disclosures (Apr 09)
ZDI-08-015: Apple QuickTime Clipping Region Heap Overflow Vulnerability zdi-disclosures (Apr 04)
ZDI-08-014: Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities zdi-disclosures (Apr 04)
ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability zdi-disclosures (Apr 04)
ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability zdi-disclosures (Apr 04)

Previous period

Next period