Bugtraq: by date

PreviousPrevious period
Next periodNext

228 messages starting Nov 01 08 and ending Nov 29 08
Date index | Thread index | Author index

Saturday, 01 November

[ MDVSA-2008:223 ] kernel security
sharedlog CMS Remote File Includes joseph . giron13

Monday, 03 November

Re: [Full-disclosure] Windows RPC worm (MS08-067) in the wild Juha-Matti Laurio
Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day Adrian P.
Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day Adrian P
Windows RPC worm (MS08-067) in the wild Juha-Matti Laurio
DriveCMS article.php remote sql injection beenudel1986
Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day Adrian P
Re: iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow Vladimir '3APA3A' Dubrovin
Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day Fionnbharr
A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Henri Lindberg - Smilehouse Oy
Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow Bitsec Labs
[ GLSA 200811-01 ] Opera: Multiple vulnerabilities Tobias Heinlein
iDefense Security Advisory 11.03.08: Multiple Vendor CUPS texttops Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 11.03.08: Multiple Vendor CUPS SGI imagetops Heap Overflow Vulnerability iDefense Labs

Tuesday, 04 November

[USN-660-1] enscript vulnerability Kees Cook
[security bulletin] HPSBMA02380 SSRT080121 rev.1 - HP System Management Homepage (SMH) for HP-UX, Local Unauthorized Access security-alert
Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow Secunia Research
CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow CORE Security Technologies Advisories
Aruba Mobility Controller SNMP Community String Disclosure nnposter
rPSA-2008-0311-1 postfix rPath Update Announcements
[Tool] sqlmap 0.6.2 released Bernardo Damele A. G.
Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day Steven M. Christey
[security bulletin] HPSBUX02381 SSRT080083 rev.1 - HP-UX Running Xserver, Remote Execution of Arbitrary Code security-alert
FirmChannel Digital Signage 3.24 Cross-site scripting brad . antoniewicz
Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day sipherr
iDefense Security Advisory 11.04.08: Multiple Vendor NOS Microsystems getPlus Downloader Stack Buffer Overflow Vulnerability iDefense Labs
ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability zdi-disclosures
ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability zdi-disclosures
ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability zdi-disclosures
iDefense Security Advisory 11.04.08: Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability iDefense Labs

Wednesday, 05 November

iDefense Security Advisory 11.04.08: Adobe Acrobat And Reader AcroJS Heap Corruption Vulnerability iDefense Labs
[ MDVSA-2008:224 ] kernel security
Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day unknown . pentester
Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day unknown . pentester
[USN-662-1] Linux kernel vulnerabilities Kees Cook
Applications can open up remote root access on G1 Phone Jim Paris
[USN-663-1] system-tools-backends regression Kees Cook
DFLabs PTK Forensic Local Command Execution Vulnerability luca . carettoni
[ MDVSA-2008:225 ] net-snmp security

Thursday, 06 November

[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass Devin Carraway
Remote access vulnerability using BigDump ver. 0.29b XiaShing
Arab Portal v2.1 Remote File Disclosure (Win32) r3d . w0rm
Re: phpWebSite links.php Sql Injection verdonv
hMAilServer 4.4.2 (PHPWebAdmin) local & remote file inclusion nospam
Re: Applications can open up remote root access on G1 Phone Jim Paris
[TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability Tobias Klein
[USN-664-1] Tk vulnerability Marc Deslauriers
[TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability Tobias Klein
[security bulletin] HPSBTU02383 SSRT080098 rev.1 - HP Tru64 UNIX running AdvFS "showfile" command, Local Gain Extended Privileges security-alert

Friday, 07 November

[USN-665-1] Netpbm vulnerability Marc Deslauriers
[ MDVSA-2008:226 ] ruby security
[USN-662-2] Ubuntu kernel modules vulnerability Kees Cook
VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues VMware Security Team
Re: [WEB SECURITY] countermeasure against attacks through HTML shared files Adrian P.
countermeasure against attacks through HTML shared files fcorella
[ MDVSA-2008:224-1 ] kernel security
Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella
VMware Emulation Flaw x64 Guest Privilege Escalation (2/2) ds . adv . pub
[USN-666-1] Dovecot vulnerability Kees Cook
Re: countermeasure against attacks through HTML shared files Peter Watkins

Sunday, 09 November

Re: countermeasure against attacks through HTML shared files fcorella
Enthusiast 3 Remote Code Execution admin
[AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...) Andreas Kurtz
Re: [WEB SECURITY] countermeasure against attacks through HTML shared files Amit Klein
Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella
BSOD in Win'2k3, Vista x86 and x64 by nonpriviledged user support
Multiple remote vulnerabilities MoinMoin v1.80 XiaShing
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities Thijs Kinkhorst
Metrica Service Assurance Multiple Cross Site Scripting f . bianchino
ClamAV get_unicode_name() off-by-one buffer overflow Moritz Jodeit

Monday, 10 November

[ GLSA 200811-02 ] Gallery: Multiple vulnerabilities Tobias Heinlein
[ GLSA 200811-03 ] FAAD2: User-assisted execution of arbitrary code Tobias Heinlein
[ GLSA 200811-04 ] Graphviz: User-assisted execution of arbitrary code Tobias Heinlein
Collabtive 0.4.8 Multiple Vulnerabilities ascii
Re: Default key algorithm in Thomson and BT Home Hub routers securityfocus

Tuesday, 11 November

[SECURITY] [DSA 1664-1] New ekg packages fix denial of service Moritz Muehlenhoff
Google Chrome Break Liu Die Yu
Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln. Stephen Argent
Re [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella
[security bulletin] HPSBMA02380 SSRT080121 rev.2 - HP System Management Homepage (SMH) for HP-UX, Local Unauthorized Access security-alert
Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella
ooVoo 1.7.1.35 (URL Protocol) remote unicode buffer overflow poc Pyrokinesis
[USN-669-1] gnome-screensaver vulnerabilities Marc Deslauriers

Wednesday, 12 November

[security bulletin] HPSBMA02385 SSRT080161 rev.1 - HP Service Manager (HPSM), Gain Extended Privileges security-alert
rPSA-2008-0315-1 net-snmp net-snmp-client net-snmp-server net-snmp-utils rPath Update Announcements
Re: Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] Giuseppe Gottardi
[SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution Moritz Muehlenhoff
rPSA-2008-0318-1 initscripts rPath Update Announcements
rPSA-2008-0316-1 kernel rPath Update Announcements

Thursday, 13 November

Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE Shatter
Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager Shatter
Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE Shatter
[ MDVSA-2008:227 ] gnutls security
Team SHATTER Security Advisory: Oracle Database Multiple SQL Injection vulnerabilities in LTADM Shatter
Digital Armaments October-November Hacking Challenge: Linux Local Kernel Exploit (5,000$) info
New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework Erez Metula

Friday, 14 November

Re: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability billy . markette
[USN-670-1] VMBuilder vulnerability Jamie Strandboge
[ MDVSA-2008:228 ] mozilla-firefox security
[ MDVSA-2008:229 ] clamav security

Monday, 17 November

Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] Micheal Cottingham
ANNOUNCE: RFIDIOt release RFIDIOt-0.1u Adam Laurie
Microsoft Windows Server Service (MS08-067) Exploit Debasis Mohanty
Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] Piergiorgio Venuti
[ GLSA 200811-05 ] PHP: Multiple vulnerabilities Tobias Heinlein
[waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1 come2waraxe
rPSA-2008-0321-1 enscript rPath Update Announcements
RE: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] Castigliola, Angelo
Opera 9.6x file:// overflow send9
Exodus v0.10 uri handler arbitrary parameter injection Pyrokinesis
[waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4 come2waraxe
[USN-671-1] MySQL vulnerabilities Marc Deslauriers

Tuesday, 18 November

Kimson cms cross site scripting vulnerability md . r00t . defacer
rPSA-2008-0322-1 gnutls rPath Update Announcements
Re: Opera 9.6x file:// overflow jplopezy
[ MDVSA-2008:227-1 ] gnutls security
[USN-667-1] Firefox and xulrunner vulnerabilities Jamie Strandboge
[USN-672-1] ClamAV vulnerability Kees Cook
[SECURITY] [DSA 1666-1] New libxml2 packages fix several vulnerabilities Moritz Muehlenhoff
[ MDVSA-2008:230 ] firefox security
[DSECRG-08-039] Local File Include Vulnerability in Pluck CMS 4.5.3 Digital Security Research Group
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software Stefan Kanthak
[security bulletin] HPSBST02386 SSRT080164 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-067 to MS08-069 security-alert
Re: Re: Opera 9.6x file:// overflow jplopezy
Re: Re: Re: Opera 9.6x file:// overflow send9
Black Hat November News: CFPS Now Open, Webinar 5 and Japan on-line. jmoss

Wednesday, 19 November

Firefox cross-domain image theft (CESA-2008-009) Chris Evans
[USN-673-1] libxml2 vulnerabilities Kees Cook
Microsoft VISTA TCP/IP stack buffer overflow Thomas Unterleitner
Metasploit Framework 3.2 Released H D Moore
PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager ProCheckUp Research
Re: Opera 9.6x file:// overflow xiashing
Secunia Research: Streamripper Multiple Buffer Overflows Secunia Research
PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter ProCheckUp Research
[ MDVSA-2008:231 ] libxml2 security
PR07-40: Authentication Bypass, Passwords Leakage and SNMP Injection on 3Com AP 8760 ProCheckUp Research
[SECURITY] [DSA 1667-1] New python2.4 packages fix several vulnerabilities Moritz Muehlenhoff
rPSA-2008-0325-1 libxml2 rPath Update Announcements
Re: [ MDVSA-2008:231 ] libxml2 Eygene Ryabinkin
[USN-674-1] HPLIP vulnerabilities Marc Deslauriers
[ MDVSA-2008:232 ] dovecot security
Re: Re: Re: Re: Opera 9.6x file:// overflow peterjohan () ukr net
Re: [ MDVSA-2008:232 ] dovecot Eygene Ryabinkin
Re: Re: Re: Re: Opera 9.6x file:// overflow Zack Payton

Thursday, 20 November

[ MDVSA-2008:220-1 ] kernel security
Re: Re: Re: Re: Re: Opera 9.6x file:// overflow psy . echo
boastMachine v3.1 Remote Sql Injection r3d . w0rm
[security bulletin] HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS) security-alert
Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani Jan van Niekerk
Social Engine 2.7 CRLF Injection + SQL injection office
SecurityReason : PHP 5.2.6 (error_log) safe_mode bypass cxib
Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani irancrash
Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani dkoston
Re: Re: Re: Re: Re: Opera 9.6x file:// overflow theindigowolf
Re: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow send9
[ MDVSA-2008:233 ] libcdaudio security

Friday, 21 November

ZDI-08-075: EMC Control Center SAN Manager Master SST_CTGTRANS Overflow Vulnerability zdi-disclosures
ZDI-08-076: EMC Control Center SAN Manager SST_SENDFILE Remote File Retrieval Vulnerability zdi-disclosures
KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit Pyrokinesis
OpenSSH security advisory: cbc.adv Damien Miller
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal vulnerabilityresearch

Saturday, 22 November

[ MDVSA-2008:234 ] kernel security
Adobe Flash Multiple Vulnerabilities iSEC Partners
[SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack svrt
Re: Re: MS Internet Explorer 7 Denial Of Service Exploit craig
[SECURITY] [DSA 1668-1] New hf packages fix execution of arbitrary code Steve Kemp
rPSA-2008-0324-1 gvim vim vim-minimal rPath Update Announcements
rPSA-2008-0327-1 httpd mod_ssl rPath Update Announcements
rPSA-2008-0328-1 httpd mod_ssl rPath Update Announcements
Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability zimpel

Monday, 24 November

Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability tecklord
Re: OpenSSH security advisory: cbc.adv Otto Moerbeek
Revised: OpenSSH security advisory: cbc.adv Damien Miller
[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff
Re: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit 0xjbrown41
Re: MS Internet Explorer 7 Denial Of Service Exploit Nick Kirby
[ MDVSA-2008:235 ] mozilla-thunderbird security
Re: Re: MS Internet Explorer 7 Denial Of Service Exploit Glynn Clements
Amaya (URL Bar) Remote Stack Overflow Vulnerability writ3r
Amaya (id) Remote Stack Overflow Vulnerability writ3r
[SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis) svrt
Google Chrome MetaCharacter URI Obfuscation Vulnerability Aditya K Sood
Re: Re: OpenSSH security advisory: cbc.adv Guillaume MULLER
[USN-675-1] Pidgin vulnerabilities Marc Deslauriers
FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random FreeBSD Security Advisories
Re: OpenSSH security advisory: cbc.adv Nick Boyce
[USN-676-1] WebKit vulnerability Marc Deslauriers
[USN-675-2] Gaim vulnerability Marc Deslauriers
[USN-674-2] HPLIP vulnerabilities Marc Deslauriers
[SECURITY] [DSA 1670-1] New enscript packages fix arbitrary code execution Moritz Muehlenhoff
[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff
WebStudio CMS 'pageid' Blind SQL Injection glafkos
Siemens C450IP/C475IP DoS Martin Kluge
Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability zimpel

Tuesday, 25 November

Re: Re: OpenSSH security advisory: cbc.adv dennis jackson
Re: OpenSSH security advisory: cbc.adv Nick Boyce
Re: OpenSSH security advisory: cbc.adv Damien Miller
CanSecWest 2009 CFP (March 18-20 2009, Deadline December 8 2008) Dragos Ruiu
Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis) Eygene Ryabinkin
Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis) Nam Nguyen
Re: OpenSSH security advisory: cbc.adv Fabian Hänsel
MyBB 1.4.3 my_post_key Disclosure Vulnerability nbbn () gmx net
[USN-677-1] OpenOffice.org vulnerabilities Jamie Strandboge
New tool and paper for Oracle forensics... David Litchfield
Re: OpenSSH security advisory: cbc.adv Bob Beck
[security bulletin] HPSBTU02382 SSRT080132 rev.1 - HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary Code Execution security-alert
Re: Microsoft VISTA TCP/IP stack buffer overflow dale
RSA EnVision Remote Password Disclosure nicolas . viot
WordPress XSS vulnerability in RSS Feed Generator Jeremias Reith
Re: Microsoft VISTA TCP/IP stack buffer overflow Edi Strosar
[CFP] FRHACK 01 Call For Papers (save the dates!) Jerome Athias

Wednesday, 26 November

[USN-678-1] GnuTLS vulnerability Jamie Strandboge
Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis) svrt
[USN-668-1] Thunderbird vulnerabilities Jamie Strandboge
Updated: Google Chrome 0.4.154.25 URI Meta Character URL Obfuscation Aditya K Sood
Re: XSS in Internet Explorer 6 and 7 Thierry Zoller
XSS in Internet Explorer 6 and 7 MustLive
WHMCS V3.7.1 Sensible Information Disclosure julianrdz91

Thursday, 27 November

Re: WHMCS V3.7.1 Sensible Information Disclosure julianrdz91
FreeRainbowTables.com has changed generation platform Jerome Athias
[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation office
[USN-680-1] Samba vulnerability Marc Deslauriers
AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability tan_prathan

Friday, 28 November

DC4420 - DEFCON London - Christmas meeting - Tuesday 2nd December 2008 Major Malfunction
SecurityReason : PHP 5.2.6 dba_replace() destroying file cxib
[tool] Exomind v0.2 is out! Jose Orlicki

Saturday, 29 November

[SECURITY] [DSA 1672-1] New imlib2 packages fix arbitrary code execution Moritz Muehlenhoff
PreviousPrevious period
Next periodNext