Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
302 messages
starting May 01 09 and
ending May 29 09
Date index |
Thread index |
Author index
Friday, 01 May
CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities Williams, James K
BLIND SQL INJECTION--Leap CMS 0.1.4--> y3nh4ck3r
[ MDVSA-2009:104 ] udev security
Addonics NAS Adapter FTP Remote Denial of Service mcyr2
[SECURITY] [DSA 1785-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff
[ MDVSA-2009:102 ] apache security
[ MDVSA-2009:103 ] udev security
multiple vendor - PF NULL pointer dereference rembrandt
MULTIPLE SQL INJECTION VULNERABILITIES --MiniTwitter v0.2-Beta--> y3nh4ck3r
Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit Nick FitzGerald
USER OPTIONS CHANGER EXPLOIT --MiniTwitter v0.2-Beta+-> y3nh4ck3r
Re: Security tools list: First Version Ulises2k
Durzosploit v0.1 alpha Benjilenoob
New WebApp security paper: Anti-fraud Image Solutions WebAppSec
BH USA CFP closing next Tuesday jmoss
[SECURITY] [DSA 1784-1] New freetype packages fix arbitrary code execution Nico Golde
[TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP) Thierry Zoller
Saturday, 02 May
about inactive account hijacking innate
[SECURITY] [DSA 1786-1] New acpid packages fix denial of service Steffen Joeris
Monday, 04 May
[ GLSA 200905-01 ] Asterisk: Multiple vulnerabilities Robert Buchholz
Coppermine Photo Gallery 1.4.21 Cross-Site Scripting darkz . gsa
[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier
Call for Papers Hack.lu 2009 hack.lu 2009 info
“Cross-Site Scripting” vulnerability in MyBB 1.4.5 Jacques Copeau
Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows Secunia Research
[SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks Aditya K Sood
Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow Niels Teusink
[ MDVSA-2009:105 ] memcached security
[USN-769-1] libwmf vulnerability Marc Deslauriers
MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta--> y3nh4ck3r
[security bulletin] HPSBMA02425 SSRT080091 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBMA02374 SSRT080046 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert
LayerOne 2009 - Final Announcement LayerOne Call For Papers
[SECURITY] [DSA 1787-1] New quagga packages fix denial of service Florian Weimer
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities Thijs Kinkhorst
Tuesday, 05 May
[RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View RedTeam Pentesting GmbH
[RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content RedTeam Pentesting GmbH
[RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader RedTeam Pentesting GmbH
[USN-770-1] ClamAV vulnerability Jamie Strandboge
[RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component RedTeam Pentesting GmbH
[DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies Digital Security Research Group [DSecRG]
[DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability Digital Security Research Group [DSecRG]
CONFidence 2009 trainings andrzej . targosz
MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3--> y3nh4ck3r
BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3--> y3nh4ck3r
[SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities Noah Meyerhans
[security bulletin] HPSBMA02419 SSRT090060 rev.1 - Insight Control Suite For Linux (ICE-LX) Multiple Remote Vulnerabilities In Nagios security-alert
Wednesday, 06 May
New Browser Security Paper: Why Silent Updates Boost Security Stefan Frei
[ MDVSA-2009:106 ] libwmf security
[SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting Steffen Joeris
[SECURITY] [DSA 1792-1] New drupal6 packages fix multiple vulnerabilities Noah Meyerhans
[SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities Noah Meyerhans
Persistent XSS in Kayako Support Suite pen-test
EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009 Dragos Ruiu
Thursday, 07 May
[SECURITY] [DSA 1794-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
[SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution Devin Carraway
Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass Secunia Research
Update: [TZO-15-2009] Aladdin eSafe generic bypass - Forced release Thierry Zoller
[ MDVSA-2009:107 ] acpid security
SQL INJECTION VULNERABILITIES--ST-Gallery version 0.1 alpha--> y3nh4ck3r
[ MDVSA-2009:108 ] zsh security
[oCERT-2009-001] Pango integer overflow in heap allocation size calculations Will Drewry
[USN-771-1] libmodplug vulnerabilities Marc Deslauriers
[USN-772-1] MPFR vulnerability Marc Deslauriers
[USN-773-1] Pango vulnerability Marc Deslauriers
[SECURITY] [DSA 1796-1] New libwmf packages fix denial of service Nico Golde
[TOOL] moth - vulnerable web application vmware Andres Riancho
Friday, 08 May
Re: [WEB SECURITY] [TOOL] moth - vulnerable web application vmware romain
Claroline v.1.8.11 Cross-Site Scripting darkz . gsa
[security bulletin] HPSBUX02366 SSRT080120 rev.2 - HPUX Running useradd(1M), Local Unauthorized Access security-alert
BLIND SQL INJECTION exploit (GET var 'AlbumID')--RTWebalbum 1.0.462--> y3nh4ck3r
Vpopmail/QmailAdmin User's Quota Multiple Integer Overflows Jacobo Avariento Gimeno
Saturday, 09 May
[TZO-20-2009] AVG ZIP evasion / bypass Thierry Zoller
Universal XSS in all Google Services Inferno
speaker Bill Blunden on Rootkits... Alex Keller
[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff
Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller
[TZO-21-2009] Fprot CAB bypass / evasion Thierry Zoller
Monday, 11 May
TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit travesti
[SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution Steffen Joeris
Insufficient Authentication vulnerability in Acer notebooks MustLive
[ MDVSA-2009:109 ] quagga security
[Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability Bkis
RE: Insufficient Authentication vulnerability in Acer notebooks David Sánchez Martín
Five days left to find the oldest data loss incident Juha-Matti Laurio
Re: TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit michael
Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing Aditya K Sood
[USN-774-1] MoinMoin vulnerability Marc Deslauriers
[oCERT-2009-004] AjaxTerm session id collision Andrea Barisani
(POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release--> y3nh4ck3r
Re: Five days left to find the oldest data loss incident Dragos Ruiu
[security bulletin] HPSBMA02349 SSRT080043 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data security-alert
[security bulletin] HPSBMA02348 SSRT080033 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
[SECURITY] [DSA 1799-1] New qemu packages fix several vulnerabilities Moritz Muehlenhoff
Tuesday, 12 May
Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit nospam
xcon2009 is coming bugdigger
Re: Insufficient Authentication vulnerability in Acer notebooks dpo5003
Security Advisory: Banks in Australia militan . c7
Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities Felipe M. Aragon
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection Inferno
Re: Insufficient Authentication vulnerability in Acer notebooks Øystein Larsen
Re: Insufficient Authentication vulnerability in Acer notebooks Garrett M. Groff
The security tools list, new version with more than 200 new tools! Ying
Sun IDM Arbitrary Commands Execution Vulnerability abb () scanit be
Re: Universal XSS in all Google Services Nam Nguyen
FormMail 1.92 Multiple Vulnerabilities ascii
Re: Five days left to find the oldest data loss incident Elazar Broad
CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities [Updated] Williams, James K
User options changer (SQLi) EXPLOIT --Bigace CMS -stable release- 2.5--> y3nh4ck3r
Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows Secunia Research
Re: The security tools list, new version with more than 200 new tools! Stephen Mullins
ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability ZDI Disclosures
ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability ZDI Disclosures
Re: The security tools list, new version with more than 200 new tools! Ying
iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Heap Corruption Vulnerability iDefense Labs
iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities iDefense Labs
iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities iDefense Labs
iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow iDefense Labs
iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities iDefense Labs
[USN-775-1] Quagga vulnerability Kees Cook
[USN-776-1] KVM vulnerabilities Kees Cook
Wednesday, 13 May
[ MDVSA-2009:111 ] firefox security
iDefense Security Advisory 05.12.09: Microsoft PowerPoint Integer Overflow Vulnerability iDefense Labs
[ MDVSA-2009:111-1 ] firefox security
iDefense Security Advisory 05.12.09: Microsoft PowerPoint Build List Memory Corruption Vulnerability iDefense Labs
[ MDVSA-2009:110 ] squirrelmail security
[USN-776-2] KVM regression Marc Deslauriers
iDefense Security Advisory 05.12.09: Microsoft PowerPoint Notes Container Heap Corruption Vulnerability iDefense Labs
Re: FormMail 1.92 Multiple Vulnerabilities David Cantrell
Re: The security tools list, new version with more than 200 new tools! Ying
Re: FormMail 1.92 Multiple Vulnerabilities ascii
maxcms2.0 creat new admin exploit info
Pinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory traversal vulnerability poc ipsdix
(GET var 'member') BLIND SQL INJECTION EXPLOIT --FAMILY CONNECTIONS <= v1.9 --> y3nh4ck3r
[ MDVSA-2009:112 ] ipsec-tools security
Thursday, 14 May
Insufficient Authentication vulnerability in Asus notebook MustLive
Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> robi
Re: Insufficient Authentication vulnerability in Asus notebook Jeremy Brown
Re: Insufficient Authentication vulnerability in Asus notebook Susan Bradley
Re: Insufficient Authentication vulnerability in Asus notebook Mike Vasquez
[security bulletin] HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code security-alert
Re: Insufficient Authentication vulnerability in Asus notebook Bob Fiero
iDefense Security Advisory 05.14.09: Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability iDefense Labs
RE: Insufficient Authentication vulnerability in Asus notebook Mike Wilson
Re: Insufficient Authentication vulnerability in Asus notebook nameless
Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> Tomas Kuliavas
MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN--> y3nh4ck3r
MULTIPLE SQL INJECTION VULNERABILITIES --Shutter v-0.1.1--> y3nh4ck3r
Re: Insufficient Authentication vulnerability in Asus notebook Michael Scheidell
Re: Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> y3nh4ck3r
Re: Insufficient Authentication vulnerability in Asus notebook KF (lists)
Re: Insufficient Authentication vulnerability in Asus notebook Ansgar Wiechers
Re: Insufficient Authentication vulnerability in Asus notebook Susan Bradley
Re: Insufficient Authentication vulnerability in Asus notebook Susan Bradley
RE: Insufficient Authentication vulnerability in Asus notebook Mike Wilson
Re: Insufficient Authentication vulnerability in Asus notebook Daniel Hazelton
Re: Insufficient Authentication vulnerability in Asus notebook nameless
RE: Insufficient Authentication vulnerability in Asus notebook Steve Quan
Tuesday, 19 May
eggdrop/windrop remote crash vulnerability Thomas Sader
(GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta --> y3nh4ck3r
INSECURE COOKIE HANDLING VULNERABILITIES --Dog Pedigree Online Database v1.0.1-Beta--> y3nh4ck3r
[SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities Thijs Kinkhorst
[ MDVSA-2009:117 ] ntp security
[SECURITY] [DSA 1802-1] New squirrelmail packages fix several vulnerabilities Thijs Kinkhorst
HTTP Parameter Pollution Luca.carettoni
Re: POC & exploit for Apache mod_rewrite off-by-one arulvadivel1
Namad Cms Remote File Download info
[security bulletin] HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) security-alert
[TZO-23-2009] Avira antivir generic evasion of heuristics (for PDF) Thierry Zoller
[ MDVSA-2009:118 ] kernel security
[TZO-22-2009] Bitdefender generic evasion of heuristics (for PDF) Thierry Zoller
[ MDVSA-2009:116 ] gnutls security
rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server rPath Update Announcements
ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability ZDI Disclosures
[ MDVSA-2009:115 ] phpMyAdmin security
[ MDVSA-2009:114 ] ipsec-tools security
ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability ZDI Disclosures
Conference on Cyber Warfare: registration open! kgconference
PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case) Piotr Bania
[ MDVSA-2009:113 ] cyrus-sasl security
BugCON '09 has swine influenza!! Carlos Augusto
NetDecision TFTP Server 4.2 TFTP Directory Traversal vuln_research
[TKADV2009-006] libsndfile/Winamp VOC Processing Heap Buffer Overflow Tobias Klein
WinAppDbg module v1.1 is out! Mario Alejandro Vilas Jerez
rPSA-2009-0084-1 kernel rPath Update Announcements
Fwd: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009 Thierry Zoller
n.runs-SA-2009.001 - OS X CFNetwork advisory security
[security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access security-alert
[security bulletin] HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software (RGS) Sender Running Easy Login, Remote Unauthorized Access security-alert
MULTIPLE REMOTE VULNERABILITIES --my-colex 1.4.2--> y3nh4ck3r
MULTIPLE REMOTE VULNERABILITIES --my-Gesuad 0.9.14--> y3nh4ck3r
[SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier
iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities iDefense Labs
iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Spreadsheet Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Spreadsheet Buffer Overflow Vulnerabilities iDefense Labs
Re: Insufficient Authentication vulnerability in Acer notebooks MustLive
Re: Insufficient Authentication vulnerability in Asus notebook Bob Fiero
Re: Insufficient Authentication vulnerability in Asus notebook Susan Bradley
Re: Insufficient Authentication vulnerability in Asus notebook Ansgar Wiechers
RE: Insufficient Authentication vulnerability in Asus notebook Jim Harrison
Re: Insufficient Authentication vulnerability in Asus notebook Just1n T1mberlake
[ MDVSA-2009:119 ] kernel security
Wednesday, 20 May
Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1803-1] New nsd packages fix denial of service Thijs Kinkhorst
Shakacon Security Conference - Trainers and Speakers Finalized Shakacon
[SECURITY] [DSA 1804-1] New ipsec-tools packages fix denial of service Nico Golde
[USN-777-1] Ntp vulnerabilities Jamie Strandboge
Re: Insufficient Authentication vulnerability in Acer notebooks Susan Bradley
DMXReady Registration Manager Arbitrary File Upload Vulnerability info
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities. publists
Re: [security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access Steve Shockley
CORE-2009-0109 - Multiple XSS in Sun Communications Express CORE Security Technologies Advisories
[security bulletin] HPSBPI02398 SSRT080166 rev.3 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files security-alert
(GET vars 'x' & 'y') ADMIN FUNCTION EXECUTION--Jorp v-1.3.05.09--> y3nh4ck3r
iDefense Security Advisory 05.20.09: IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability iDefense Labs
Thursday, 21 May
DDIVRT-2009-25 IPsession SQL Injection Vulnerability ddvulnalert
Novell GroupWise Web Access Multiple XSS swhite
MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2--> y3nh4ck3r
[ MDVSA-2009:120 ] openssl security
Friday, 22 May
[ MDVSA-2009:121 ] lcms security
DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability Ben Hawkes
Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities VUPEN Security Research
[SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix Thijs Kinkhorst
Serena Dimensions CM Desktop Client does not validate the server SSL certificate roland . gruber . extern
LxBlog info
[TZO-24-2009] Panda generic evasion (CAB) Thierry Zoller
[TZO-25-2009] Panda generic evasion (TAR) Thierry Zoller
[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities Moritz Muehlenhoff
Monday, 25 May
Secunia Research: Sun Solaris "sadmind" Integer Overflow Vulnerability Secunia Research
MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta--> y3nh4ck3r
ChinaGames (CGAgent.dll) ActiveX Remote Code Execution Exploit info
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities security
[ GLSA 200905-06 ] acpid: Denial of Service Pierre-Yves Rofes
[ GLSA 200905-03 ] IPSec Tools: Denial of Service Alex Legler
[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code Pierre-Yves Rofes
[oCERT-2009-006] Android improper package verification when using shared uids Will Drewry
[ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities Alex Legler
[ MDVSA-2009:122 ] squirrelmail security
MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component 'Boy Scout Advancement' <= v-0.3 (com_bsadv)--> y3nh4ck3r
[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution Moritz Muehlenhoff
Re: FUD Forum < 2.7.1 PHP code injection vurnelability naudefj
Secunia Research: Sun Solaris "sadmind" Buffer Overflow Vulnerability Secunia Research
[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities Alex Legler
Hardening OSX against CVE-2008-5353 Marc Schoenefeld
PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs Piotr Bania
Arcade Trade Script XSS SmOk3
Tuesday, 26 May
Backdoor in com_rsgallery2 gallery extension for joomla Jan van Niekerk
[TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller
Multiple vulnerabilities in several ATEN IP KVM Switches Jakob Lell
SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability Bernhard Mueller
[ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities Alex Legler
COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit nospam
SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability Bernhard Mueller
SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability Bernhard Mueller
SEC Consult SA-20090525-3 :: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability Bernhard Mueller
SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability Bernhard Mueller
[ GLSA 200905-08 ] NTP: Remote execution of arbitrary code Alex Legler
Wednesday, 27 May
Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller
[IMF 2009] 3rd Call - Deadline Extended Oliver Goebel
W3af ninja training class in NYC Michelangelo Sidagni
Re: Backdoor in com_rsgallery2 gallery extension for joomla Jonah Braun
PHP Nuke v.8.0 (referer) SQL Injection darkz . gsa
Vanilla v.1.1.7 Cross-Site Scripting darkz . gsa
[security bulletin] HPSBUX02429 SSRT090058 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert
Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Jim Parkhurst
[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code Alex Legler
Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller
Re: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Michal Zalewski
Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Vladimir '3APA3A' Dubrovin
Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller
[ MDVSA-2009:123 ] opensc security
[InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities security
New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln Steve Friedl
Thursday, 28 May
MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1--> y3nh4ck3r
rPSA-2009-0092-1 ntp ntp-utils rPath Update Announcements
rPSA-2009-0095-1 tshark wireshark rPath Update Announcements
[Bkis-09-2009] XSS vulnerability in 'Monitor_Bandwidth' - PRTG Traffic Grapher Bkis
rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server rPath Update Announcements
Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts Jacques Copeau
ecshop 2.6.2 info
Re: [TZO-27-2009] Firefox Denial of Service (Keygen) Tavis Ormandy
[TZO-27-2009] Firefox Denial of Service (Keygen) Thierry Zoller
Re: [InterN0T] AMember 3.1.7 - Multiple Vulnerabilities TK147
ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability ZDI Disclosures
Call For Papers – ACM CCS 2009 Workshops Christopher Kruegel
Re: Insufficient Authentication vulnerability in Acer notebooks MustLive
Re[2]: [TZO-27-2009] Firefox Denial of Service (Keygen) Thierry Zoller
Re: Insufficient Authentication vulnerability in Acer notebooks Susan Bradley
CORE-2009-0401 - StoneTrip S3DPlayers remote command injection CORE Security Technologies Advisories
[InterN0T] Achievo 1.3.4 - XSS Vulnerability security
Novell Groupwise fails to properly sanitize emails. c3rb3r
Friday, 29 May
[TZO-28-2009] - Avira Antivir generic RAR,CAB,ZIP Thierry Zoller
Re: PHP Nuke v.8.0 (referer) SQL Injection a
(whitepaper) Microsoft WPAD Technology Weaknesses [PTResearch Team] srublev
Re: [InterN0T] Achievo 1.3.4 - XSS Vulnerability security
Re: Re: [InterN0T] AMember 3.1.7 - Multiple Vulnerabilities security
Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities support
VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues VMware Security team
SonicWALL SSL-VPN Appliance Format String Vulnerability Patrick Webster
Whitepaper Jared DeMott