Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
297 messages
starting Apr 01 09 and
ending Apr 30 09
Date index |
Thread index |
Author index
Wednesday, 01 April
Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities Secunia Research
[security bulletin] HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access security-alert
VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim VMware Security team
[ MDVSA-2009:084 ] firefox security
Microsoft Internet Explorer 8 - Anti Spoofing is a Myth Aditya K Sood
Massive exploitation of instant messaging applications proved feasible Julien TINNES
[SecNiche Whitepaper] Evading Web XSS Filters with Microsoft Word - WAPT Perspective Aditya K Sood
[ MDVSA-2009:083 ] mozilla-thunderbird security
Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities Secunia Research
Re: Microsoft Internet Explorer 8 - Anti Spoofing is a Myth Michal Zalewski
OpenX 2.6.4 multiple vulnerabilities publists
Thursday, 02 April
EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009) Dragos Ruiu
[OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities Matteo Beccati
OSCommerce Session Fixation Vulnerability laurent . desaulniers
Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 dh
Remote access vulnerability using File Thingie v2.5.4 xiashing
Asbru Web Content Management Vulnerabilities Patrick Webster
Q2 Solutions ConnX - SQL Injection Vulnerability Patrick Webster
[SECURITY] [DSA 1762-1] New icu packages fix cross site scripting Steffen Joeris
ContentKeeper - Remote command execution and privilege escalation Patrick Webster
[TZO-05-2009] Clamav 0.94 and below - Evasion /bypass Thierry Zoller
[TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details) Thierry Zoller
[TZO-07-2009] F-PROT ZIP Method evasion Thierry Zoller
[ MDVSA-2009:085 ] gstreamer0.10-plugins-base security
Friday, 03 April
Autodesk IDrop ActiveX Control Heap Corruption Vulnerability Elazar Broad
[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure Nico Golde
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit nospam
IBM DB2 Dennis Yurichev
rPSA-2009-0057-1 m2crypto openssl openssl-scripts rPath Update Announcements
[ GLSA 200904-02 ] GLib: Execution of arbitrary code Robert Buchholz
Family Connections 1.8.2 Arbitrary File Upload Salvatore "drosophila" Fresta
Family Connections <= 1.8.2 - Remote Shell Upload Exploit Salvatore "drosophila" Fresta
[ GLSA 200904-03 ] Gnumeric: Untrusted search path Robert Buchholz
Cyber Warfare Conference: Agenda k g
AST-2009-003: SIP responses expose valid usernames Asterisk Security Team
[ GLSA 200904-01 ] Openfire: Multiple vulnerabilities Pierre-Yves Rofes
Family Connections 1.8.2 Blind SQL Injection (Correct Version) Salvatore "drosophila" Fresta
Monday, 06 April
[ MDVSA-2009:086 ] gstreamer-plugins security
VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues VMware Security Team
Joomla Component com_bookjoomlas SQL Injection Vulnerability Salvatore "drosophila" Fresta
[ MDVSA-2009:087 ] openssl security
[ GLSA 200904-04 ] WeeChat: Denial of Service Tobias Heinlein
[Aria-Security.com] vBulletin multiple XSS dontcontactorspamme
Amaya 11.1 XHTML Parser Buffer Overflow c1c4tr1z
[ GLSA 200904-05 ] ntp: Certificate validation error Pierre-Yves Rofes
[TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow Tobias Klein
[SECURITY] [DSA 1763-1] New openssl packages fix denial of service Moritz Muehlenhoff
Tuesday, 07 April
[security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow dvlabs
ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability ZDI Disclosures
[ GLSA 200904-07 ] Xpdf: Untrusted search path Robert Buchholz
Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow Secunia Research
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow dvlabs
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration Marco Mella
[USN-753-1] PostgreSQL vulnerability Marc Deslauriers
OSSTMM 3 Sample Released Pete Herzog
[ GLSA 200904-06 ] Eye of GNOME: Untrusted search path Pierre-Yves Rofes
[ GLSA 200904-08 ] OpenSSL: Denial of Service Robert Buchholz
[USN-752-1] Linux kernel vulnerabilities Kees Cook
MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] Tom Yu
LayerOne 2009 - Registration Open, Initial Speakers Announced LayerOne Call For Papers
[security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access security-alert
MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] Tom Yu
[USN-754-1] ClamAV vulnerabilities Jamie Strandboge
[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Mark Thomas
Wednesday, 08 April
[SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities Moritz Muehlenhoff
Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky
[SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities Steffen Joeris
Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky
[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability Bkis
Re: [Aria-Security.com] vBulletin multiple XSS security
rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements
[USN-755-1] Kerberos vulnerabilities Kees Cook
Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky
SASPCMS Multiple Vulnerabilities admin
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances Cisco Systems Product Security Incident Response Team
OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploit alphanix00
Thursday, 09 April
net2ftp <= 0.97 Cross-Site Scripting/Request Forgery c1c4tr1z
[ GLSA 200904-11 ] Tor: Multiple vulnerabilities Robert Buchholz
OpenVAS now beyond 10000 Network Vulnerability Tests Michael Wiegand
AdaptBB 1.0 Beta Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta
FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability noreply-secresearch () fortinet com
Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability nospam
Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit nospam
Exjune Guestbook v2 Remote Database Disclosure Exploit alphanix00
[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities Nico Golde
[security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code security-alert
[ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities Robert Buchholz
IBM BladeCenter Advanced Management Module Multiple vulnerabilities Henri Lindberg - Smilehouse Oy
[SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service Nico Golde
[ GLSA 200904-10 ] Avahi: Denial of Service Robert Buchholz
Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Secunia Research
[security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data security-alert
[ MDVSA-2009:088 ] wireshark security
Reminder: RAID 2009 CFP Corrado Leita
Friday, 10 April
[ MDVSA-2009:089 ] opensc security
[DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow DSecRG
Bid 34130 Invalid vpandey
PHP-agenda <= 2.2.5 Remote File Overwriting Salvatore "drosophila" Fresta
Loggix Project 9.4.5 Blind SQL Injection Salvatore "drosophila" Fresta
PHP 5.2.9 curl safe_mode & open_basedir bypass cxib
[SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation Florian Weimer
Summer Camp Garrotxa 2009 event Gerardo García Peña
[SECURITY] [DSA 1768-1] New openafs packages potential code execution Florian Weimer
[DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download DSecRG
[ MDVSA-2009:090 ] php security
Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 prabhup
[ GLSA 200904-12 ] Wicd: Information disclosure Tobias Heinlein
Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta
VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability VMware Security Team
Opening Intranets to attack by using Internet Explorer [paper] Cesar
Saturday, 11 April
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution Florian Weimer
[BMSA 2009-04] Remote DoS in Internet Explorer Nam Nguyen
In Response to Bid 34130 Invalid Aditya K Sood
HP Deskjet 6800 XSS in Web Interface mcyr2
ftpdmin v. 0.96 RNFR remote buffer overflow exploit nospam
Re: In Response to Bid 34130 Invalid vpandey
Monday, 13 April
[ MDVSA-2009:091 ] mod_perl security
Hacker Space Fest 2009 CFP: Call For Paper Philippe Mailinglist
Re: Critical SQL Injection PHPNuke <= 7.8 - Your_Account module mefuentes61
[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting Steffen Joeris
[Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities Valery Marchuk
OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic) rembrandt
[USN-756-1] ClamAV vulnerability Jamie Strandboge
[ MDVSA-2009:092 ] ntp security
Re: PHP-Revista Multiple vulnerabilities marianiscc
Tuesday, 14 April
MonGoose 2.4 Directory Traversal Vulnerability ew1zz
Re: [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure Anonymous
BugCON '09, Mexico: Call For Papers Carlos Augusto
Re: OSCommerce Session Fixation Vulnerability tech107
[DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities DSecRG
iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability iDefense Labs
[ GLSA 200904-13 ] Ventrilo: Denial of Service Pierre-Yves Rofes
ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability ZDI Disclosures
[ GLSA 200904-14 ] F-PROT Antivirus: Denial of Service Pierre-Yves Rofes
Wednesday, 15 April
Zervit Webserver Buffer Overflow ewizz
Microsoft Office Excel Remote Memory Corruption Vulnerability noreply-secresearch () fortinet com
Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow Secunia Research
Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method Secunia Research
[USN-757-1] Ghostscript vulnerabilities Marc Deslauriers
Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow Secunia Research
SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming Bernhard Mueller
HITBSecConf2009 - Malaysia: Call for Papers S. Praburaajan
Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow Secunia Research
XSS with mod_perl perl_status utility antonia . goodwin
SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure Vulnerability Bernhard Mueller
[USN-758-1] udev vulnerabilities Kees Cook
Thursday, 16 April
[SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilities Florian Weimer
SQL Injection in package DBMS_AQIN ak
Unprivileged DB users can see APEX password hashes ak
Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow Secunia Research
Phorum < 5.2.10 Cross-Site Scripting/Request Forgery research
Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit nospam
iDefense Security Advisory 04.15.09: IBM AIX muxatmd Buffer Overflow Vulnerability iDefense Labs
[SECURITY] [DSA 1772-1] New udev packages fix privilege escalation Florian Weimer
SQL Injection in package DBMS_AQADM_SYS ak
webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY-- y3nh4ck3r
iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability iDefense Labs
DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues ddvulnalert
skpd: A tool to dump processes to executable ELF files Albert Sellarès
[DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities DSecRG
[DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt DSecRG
[DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities DSecRG
Miniweb server Multiple Vulnerabilities ew1zz
Miniweb Buffer Overflow ew1zz
Friday, 17 April
[USN-760-1] CUPS vulnerability Jamie Strandboge
rPSA-2009-0062-1 tshark wireshark rPath Update Announcements
ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service mozilla
[TZO-08-2009] Bitdefender generic bypass/evasion Thierry Zoller
[TZO-09-2009] Avast bypass / evasion (Limited details) Thierry Zoller
[USN-759-1] poppler vulnerabilities Marc Deslauriers
[SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution Steffen Joeris
rPSA-2009-0061-1 cups rPath Update Announcements
rPSA-2009-0063-1 udev rPath Update Announcements
[IMF 2009] 2nd Call for Papers - Submission Open Oliver Goebel
rPSA-2009-0064-1 icu rPath Update Announcements
Tiny Blogr 1.0.0 rc4 Authentication Bypass Salvatore "drosophila" Fresta
[SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting Steffen Joeris
[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code Robert Buchholz
[TZO-11-2009] Fortinet bypass / evasion (Limited details) Thierry Zoller
Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow Secunia Research
rPSA-2009-0060-1 ghostscript rPath Update Announcements
[TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details) Thierry Zoller
Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability Secunia Research
rPSA-2009-0059-1 poppler rPath Update Announcements
[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code Pierre-Yves Rofes
CLAN TIGER CMS--(module custompage.php) BLIND SQL INJECTION--> y3nh4ck3r
CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES--> y3nh4ck3r
CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)--> y3nh4ck3r
Malleo 1.2.3 Local File Inclusion Vulnerability Salvatore "drosophila" Fresta
Monday, 20 April
[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code Robert Buchholz
[ GLSA 200904-18 ] udev: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities Pierre-Yves Rofes
[SECURITY] [DSA 1775-1] New php-json-ext packages fix denial of service Steffen Joeris
CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION y3nh4ck3r
Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007 XiaShing
Linksys WRT54GC - Admin Password Change (POC) gabriel
Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta
Sungard Banner System XSS reportback
WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit--> y3nh4ck3r
Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI--> y3nh4ck3r
Creasito e-commerce content manager Authentication Bypass Salvatore "drosophila" Fresta
Windows Update (re-)installs outdated Flash ActiveX on Windows XP Stefan Kanthak
Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details) Thierry Zoller
[security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges security-alert
[security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access security-alert
Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) mcyr2
Tuesday, 21 April
[USN-761-1] PHP vulnerabilities Marc Deslauriers
[USN-762-1] APT vulnerabilities Jamie Strandboge
[USN-763-1] xine-lib vulnerabilities Marc Deslauriers
CVE-2009-0991 PoC Dennis Yurichev
[SECURITY] [DSA 1777-1] New git-core packages fix privilege escalation Thijs Kinkhorst
Trend Micro OfficeScan Client - DOS jplopezy
[SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalation Thijs Kinkhorst
Re: Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) Jeremy Brown
Re: Trend Micro OfficeScan Client - DOS Thierry Zoller
MixedCMS 1.0--Multiple Remote Vulnerabilities--> y3nh4ck3r
Python winappdbg module v1.0 is out! Mario Alejandro Vilas Jerez
CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator CORE Security Technologies Advisories
Wednesday, 22 April
SAP Cfolders Multiple Linked XSS Vulnerabilities Digital Security Research Group [DSecRG]
SAP Cfolders Multiple Stored XSS Vulnerabilies Digital Security Research Group [DSecRG]
[TZO-12-2009] SUN / Oracle JVM Remote code execution Thierry Zoller
FreeBSD Security Advisory FreeBSD-SA-09:08.openssl FreeBSD Security Advisories
[Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities Bkis
[Tool] sqlmap 0.7rc1 released Bernardo Damele A. G.
FreeBSD Security Advisory FreeBSD-SA-09:07.libc FreeBSD Security Advisories
[ MDVSA-2009:093 ] mpg123 security
Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities Tavis Ormandy
[SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting Nico Golde
[ MDVSA-2009:094 ] mysql security
Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Vladimir '3APA3A' Dubrovin
Thursday, 23 April
[USN-764-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge
FOWLCMS 1.1--Multiple Remote Vulnerabilities--> y3nh4ck3r
Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Andrew Kuriger
Re: [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities sales
Friday, 24 April
[ GLSA 200904-20 ] CUPS: Multiple vulnerabilities Pierre-Yves Rofes
WOOT'09 call for papers Alexander Sotirov
CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability Mark Thomas
Formshield Captcha - Older Version vulnerable to replay attacks arvind doraiswamy
RE: Cisco ASA5520 Web VPN Host Header XSS Mark-David McLaughlin (marmclau)
Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities Salvatore "drosophila" Fresta
REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30--> y3nh4ck3r
Juniper Advisory security
[ MDVSA-2009:095 ] ghostscript security
MSL-2009-001 - Samsung Missing Provisioning Authentication Mobile Security Lab
[ MDVSA-2009:096 ] printer-drivers security
Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication Robbie Gill
Monday, 27 April
[ MDVSA-2009:097 ] clamav security
[ MDVSA-2009:097 ] clamav security
Remote iodinetd DoS vulnerability on Debian Lenny Albert Sellarès
T2'09: Call for Papers 2009 (Helsinki / Finland) Tomi Tuominen
MataChat Cross-Site Scripting Vulnerabilities IrIsT . Ir
[TZO-13-2009] Avira Antivir generic CAB evasion / bypass Thierry Zoller
[TZO-15-2009] Aladdin eSafe generic bypass - Forced release Thierry Zoller
[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities Thijs Kinkhorst
SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2--> y3nh4ck3r
[TZO-14-2009] Comodo Antivirus RAR evasion Thierry Zoller
[ MDVSA-2009:096-1 ] printer-drivers security
DDIVRT-2009-24 Precidia Ether232 Memory Corruption ddivulnalert
[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
[ MDVSA-2009:098 ] krb5 security
Tuesday, 28 April
[ MDVSA-2009:099 ] openafs security
Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass security
Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypass Thierry Zoller
[security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access security-alert
security tools list Ying
Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow Secunia Research
Re: Formshield Captcha - Older Version vulnerable to replay attacks arvind doraiswamy
[USN-767-1] FreeType vulnerability Marc Deslauriers
[USN-761-2] PHP vulnerabilities Marc Deslauriers
RE: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2--> Memisyazici, Aras
one shot remote root for linux? Gadi Evron
MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> y3nh4ck3r
[USN-766-1] acpid vulnerability Marc Deslauriers
[USN-765-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge
iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability iDefense Labs
[SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution Florian Weimer
Re: security tools list Andrew L. Davis
Wednesday, 29 April
[SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution Steffen Joeris
[ MDVA-2009:057 ] usermode security
[ MDVSA-2009:101 ] xpdf security
Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness Positron Security
[SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution Steffen Joeris
[SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities Devin Carraway
Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 SEC Consult Research
Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit nospam
Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller
SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final--> y3nh4ck3r
ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability ZDI Disclosures
[TZO-16-2009] Nod32 CAB bypass/evasion Thierry Zoller
[security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
[TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller
iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability iDefense Labs
Thursday, 30 April
Security tools list: First Version Ying
Re: ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability Steve Shockley
MULTIPLE REMOTE VULNERABILITIES--Leap CMS 0.1.4--> y3nh4ck3r
Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit secure