Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
200 messages
starting Nov 02 09 and
ending Nov 13 09
Date index |
Thread index |
Author index
ACROS Lists
ACROS Security: HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1) ACROS Lists (Nov 02)
Adam Laurie
Announce: RFIDIOt-1.0a released - November 2009 Adam Laurie (Nov 30)
advisory
Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability advisory (Nov 12)
Novell eDirectory 8.8 SP5 Denial of Service advisory (Nov 12)
Alex Legler
[ GLSA 200911-02 ] Sun JDK/JRE: Multiple vulnerabilites Alex Legler (Nov 18)
[ GLSA 200911-01 ] Horde: Multiple vulnerabilities Alex Legler (Nov 06)
[ GLSA 200911-06 ] PEAR Net_Traceroute: Command injection Alex Legler (Nov 30)
[ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities Alex Legler (Nov 25)
Andrea Purificato
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others Andrea Purificato (Nov 30)
Andrew Horton
[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News Andrew Horton (Nov 10)
Andrzej Targosz
CONFidence 2.0 schedule online - last time to register Andrzej Targosz (Nov 05)
Asterisk Security Team
AST-2009-009: Cross-site AJAX request vulnerability Asterisk Security Team (Nov 05)
AST-2009-008: SIP responses expose valid usernames Asterisk Security Team (Nov 05)
Bernardo Luis
New vulnerability in Xerox Fiery Webtools Bernardo Luis (Nov 03)
Bkis
[Bkis-13-2009] e107 Multiple Vulnerabilities Bkis (Nov 23)
[Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report Bkis (Nov 05)
Bogdan Calin
PHP "multipart/form-data" denial of service Bogdan Calin (Nov 20)
Bugs NotHugs
Auto Manager admin.cgi Multiple Field XSS Bugs NotHugs (Nov 19)
AssetsSoSimple supplier_admin.php Supplier Field XSS Bugs NotHugs (Nov 19)
Bractus SunTrack Multiple XSS Bugs NotHugs (Nov 04)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Cisco Systems Product Security Incident Response Team (Nov 09)
Claudio Criscione
ToutVirtual VirtualIQ Multiple Vulnerabilities Claudio Criscione (Nov 09)
contact . fingers
Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation contact . fingers (Nov 16)
Context IS - Disclosure
Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox Context IS - Disclosure (Nov 04)
CORE Security Technologies Advisories
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution CORE Security Technologies Advisories (Nov 23)
CORE-2009-1027: IBM SolidDB invalid error code vulnerability CORE Security Technologies Advisories (Nov 18)
CORE-2009-0912: Blender .blend Project Arbitrary Command Execution CORE Security Technologies Advisories (Nov 05)
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution CORE Security Technologies Advisories (Nov 23)
CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability CORE Security Technologies Advisories (Nov 18)
CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution CORE Security Technologies Advisories (Nov 23)
ctu-no-reply
[SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability ctu-no-reply (Nov 12)
[SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability ctu-no-reply (Nov 12)
cxib
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) cxib (Nov 20)
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) cxib (Nov 20)
Opera 10.01 Remote Array Overrun (Arbitrary code execution) cxib (Nov 20)
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) cxib (Nov 20)
Firefox 3.5.3 Remote Array Overrun (UPDATE) cxib (Nov 20)
daniel . crowley
Re: Cherokee Web Server 0.5.4 Denial Of Service daniel . crowley (Nov 03)
dann frazier
[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier (Nov 06)
[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier (Nov 05)
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Nov 06)
Dan Yefimov
Re: /proc filesystem allows bypassing directory permissions on Dan Yefimov (Nov 03)
DeepSec Conference - Announcement
Reminder for DeepSec 2009 Conference DeepSec Conference - Announcement (Nov 02)
ds . adv . pub
Code to mitigate IE STYLE zero-day ds . adv . pub (Nov 23)
Some more details on IE STYLE zero-day ds . adv . pub (Nov 30)
DSecRG
[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities DSecRG (Nov 16)
dvlabs
TPTI-09-07: Microsoft Windows License Logging Service Heap Corruption Vulnerability dvlabs (Nov 10)
faghani
Eshopbuilde CMS SQL Injection Vulnerability faghani (Nov 30)
Gabor Gombas
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 03)
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 03)
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 04)
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas (Nov 04)
Gadi Evron
NSA Iraqi Computer Attacks And U.S. Defense Gadi Evron (Nov 19)
Announcement: Critical Internet Infrastructure WG is now open to public participation Gadi Evron (Nov 18)
Giuseppe Iuculano
[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities Giuseppe Iuculano (Nov 25)
[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness Giuseppe Iuculano (Nov 17)
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities Giuseppe Iuculano (Nov 17)
golunski
Re: WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution golunski (Nov 13)
WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution golunski (Nov 12)
HD Moore
Metasploit Framework 3.3 Released HD Moore (Nov 17)
iDefense Labs
iDefense Security Advisory 11.10.09: Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability iDefense Labs (Nov 10)
iDefense Security Advisory 11.10.09: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability iDefense Labs (Nov 10)
Inferno
Using Blended Browser Threats involving Chrome to steal files on your computer Inferno (Nov 06)
Millions of PDF invisibly embedded with your internal disk paths Inferno (Nov 23)
info
IE7 info (Nov 20)
QuahogCon Call for Papers info (Nov 03)
Jamie Strandboge
[USN-853-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Nov 02)
[USN-853-2] Firefox and Xulrunner regression Jamie Strandboge (Nov 12)
[USN-860-1] Apache vulnerabilities Jamie Strandboge (Nov 19)
Jerome Athias
Re: FRHACK01 DVDs Jerome Athias (Nov 09)
FRHACK01 DVDs Jerome Athias (Nov 09)
John Dos
Remote Command Execution in dotDefender Site Management John Dos (Nov 30)
k4mr4n_St
Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition k4mr4n_St (Nov 30)
karakorsankara
Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability karakorsankara (Nov 17)
Kees Cook
[USN-859-1] OpenJDK vulnerabilities Kees Cook (Nov 13)
Laurent Butti
Atheros Driver Reserved Frame Vulnerability Laurent Butti (Nov 10)
Marvell Driver Multiple Information Element Overflows Laurent Butti (Nov 10)
laurent . hermelin
Re: New vulnerability in Xerox Fiery Webtools laurent . hermelin (Nov 12)
leinakesi
XM Easy Personal FTP Server Remote DoS Vulnerability leinakesi (Nov 24)
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote DoS Vulnerabilities leinakesi (Nov 24)
Lostmon lords
Fwd: {LostmonĀ“s Group} Re: Wowd search client multiple variable xss (solution) Lostmon lords (Nov 03)
Major Malfunction
DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009 Major Malfunction (Nov 18)
Marc Deslauriers
[USN-856-1] CUPS vulnerability Marc Deslauriers (Nov 10)
[USN-858-1] OpenLDAP vulnerability Marc Deslauriers (Nov 12)
[USN-855-1] libhtml-parser-perl vulnerability Marc Deslauriers (Nov 05)
[USN-857-1] Qt vulnerabilities Marc Deslauriers (Nov 10)
[USN-861-1] libvorbis vulnerabilities Marc Deslauriers (Nov 24)
[USN-850-3] poppler vulnerabilities Marc Deslauriers (Nov 03)
[USN-854-1] GD library vulnerabilities Marc Deslauriers (Nov 05)
[USN-862-1] PHP vulnerabilities Marc Deslauriers (Nov 30)
Mark Thomas
[SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password Mark Thomas (Nov 09)
Martin Rex
Re: /proc filesystem allows bypassing directory permissions on Martin Rex (Nov 02)
Re: /proc filesystem allows bypassing directory permissions on Martin Rex (Nov 03)
Maxim A. Kulakov
Panda Security Software Local Privilege Escalation Maxim A. Kulakov (Nov 12)
Moritz Muehlenhoff
[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities Moritz Muehlenhoff (Nov 30)
[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities Moritz Muehlenhoff (Nov 09)
[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution Moritz Muehlenhoff (Nov 09)
[SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff (Nov 30)
Moritz Naumann
Executing arbitrary PHP code on OpenX <= 2.8.1 Moritz Naumann (Nov 24)
Cacti 0.8.7e: Multiple security issues Moritz Naumann (Nov 30)
MustLive
Vulnerabilities in plugins for WordPress MustLive (Nov 23)
Re: DoS vulnerability in Internet Explorer MustLive (Nov 16)
Vulnerabilities in WP-Cumulus for WordPress MustLive (Nov 25)
DoS vulnerability in Internet Explorer MustLive (Nov 09)
Nam Nguyen
[BMSA-2009-07] Backdoor in PyForum Nam Nguyen (Nov 30)
notdisclosed
Re: Re: DoS vulnerability in Internet Explorer notdisclosed (Nov 09)
NSO Research
NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow NSO Research (Nov 02)
Patrick Webster
Re: Millions of PDF invisibly embedded with your internal disk paths Patrick Webster (Nov 25)
Pavel Kankovsky
Re: /proc filesystem allows bypassing directory permissions on Pavel Kankovsky (Nov 05)
Pavel Machek
Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 02)
Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 04)
Re: /proc filesystem allows bypassing directory permissions on Pavel Machek (Nov 04)
Peter Van Eeckhoutte
RE: Exploit writing tutorials Peter Van Eeckhoutte (Nov 12)
Exploit writing tutorials Peter Van Eeckhoutte (Nov 12)
Protek Research Lab
Re: XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability Protek Research Lab (Nov 12)
{PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability Protek Research Lab (Nov 02)
psz
Re: /proc filesystem allows bypassing directory permissions on psz (Nov 04)
Re: /proc filesystem allows bypassing directory permissions on psz (Nov 04)
r3d . w0rm
Php 5.3.0 pdflib extension open_basedir bypass r3d . w0rm (Nov 06)
RedTeam Pentesting GmbH
New Paper: MitM Attacks against the chipTAN comfort Online Banking System RedTeam Pentesting GmbH (Nov 24)
Robert Buchholz
[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities Robert Buchholz (Nov 25)
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path Robert Buchholz (Nov 25)
rPath Update Announcements
rPSA-2009-0156-1 sun-jdk sun-jre rPath Update Announcements (Nov 25)
rPSA-2009-0155-1 httpd mod_ssl rPath Update Announcements (Nov 25)
rPSA-2009-0142-1 httpd mod_ssl rPath Update Announcements (Nov 13)
rPSA-2009-0154-1 httpd mod_ssl rPath Update Announcements (Nov 25)
rPSA-2009-0144-1 apr-util rPath Update Announcements (Nov 13)
rPSA-2009-0142-2 httpd mod_ssl rPath Update Announcements (Nov 13)
rPSA-2009-0143-1 util-linux util-linux-extras rPath Update Announcements (Nov 13)
rPSA-2009-0145-1 samba samba-client samba-server samba-swat rPath Update Announcements (Nov 13)
r . st
Re: DoS vulnerability in Internet Explorer r . st (Nov 09)
schwartz
Re: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities schwartz (Nov 02)
secu_lab_ir
Xxasp v3.3.2 Sql injection secu_lab_ir (Nov 30)
Secunia Research
Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability Secunia Research (Nov 12)
Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow Secunia Research (Nov 18)
Secunia Research: Gimp PSD Image Parsing Integer Overflow Vulnerability Secunia Research (Nov 17)
Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow Secunia Research (Nov 04)
security
[ MDVSA-2009:300 ] apache-conf security (Nov 16)
[ MDVSA-2009:158-2 ] pango security (Nov 17)
[ MDVSA-2009:297 ] ffmpeg security (Nov 16)
[ MDVSA-2009:296 ] gimp security (Nov 13)
[ MDVSA-2009:294 ] firefox security (Nov 06)
[ MDVSA-2009:292 ] wireshark security (Nov 03)
[ MDVSA-2009:293 ] squidGuard security (Nov 03)
[ MDVSA-2009:306 ] dovecot security (Nov 30)
[ MDVSA-2009:304 ] php security (Nov 30)
[ MDVSA-2009:158-1 ] pango security (Nov 16)
[ MDVSA-2009:305 ] php security (Nov 30)
[ MDVSA-2009:299 ] xine-lib security (Nov 16)
[ MDVSA-2009:298 ] xine-lib security (Nov 16)
[ MDVSA-2009:295 ] apache security (Nov 09)
[ MDVSA-2009:302 ] php security (Nov 23)
[ MDVSA-2009:303 ] php security (Nov 30)
[ MDVSA-2009:304 ] bind security (Nov 30)
[ MDVSA-2009:301 ] kernel security (Nov 23)
security-alert
[security bulletin] HPSBUX02409 SSRT080171 rev.2 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege security-alert (Nov 18)
[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert (Nov 19)
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access security-alert (Nov 20)
[security bulletin] HPSBMA02456 SSRT090188 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Execution of Arbitrary Code security-alert (Nov 17)
[security bulletin] HPSBUX02451 SSRT090137 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Nov 17)
[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities security-alert (Nov 10)
[security bulletin] HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of security-alert (Nov 30)
[security bulletin] HPSBMA02417 SSRT090031 rev.2 - HP Data Protector Express and HP Data Protector Express Single Server security-alert (Nov 25)
[security bulletin] HPSBUX02355 SSRT080023 rev.2 - HP-UX Using libc, Remote Denial of Service (DoS) security-alert (Nov 04)
[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service security-alert (Nov 19)
[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Nov 17)
[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Nov 05)
[security bulletin] HPSBMI02473 SSRT080138 rev.1 - Cisco Catalyst Blade Switch 3020/3120, Remote Denial of Service (DoS) security-alert (Nov 18)
s . leberre
Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability s . leberre (Nov 17)
Stefan Fritsch
[SECURITY] [DSA-1940-1] New php5 packages fix several issues Stefan Fritsch (Nov 30)
[SECURITY] [DSA-1934-1] New apache2 packages fix several issues Stefan Fritsch (Nov 16)
Stefan Kanthak
Windows packages for BIND9 contain vulnerable MSVC runtime components Stefan Kanthak (Nov 30)
Steffen Joeris
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting Steffen Joeris (Nov 10)
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting Steffen Joeris (Nov 23)
[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising Steffen Joeris (Nov 23)
[SECURITY] [DSA 1925-1] New proftpd-dfsg packages fix SSL certificate verification weakness Steffen Joeris (Nov 02)
[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities Steffen Joeris (Nov 09)
[SECURITY] [DSA 1924-1] New mahara packages fix several vulnerabilities Steffen Joeris (Nov 02)
Thierry Zoller
TLS / SSLv3 vulnerability explained (DRAFT) Thierry Zoller (Nov 18)
TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) Thierry Zoller (Nov 30)
Thijs Kinkhorst
[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities Thijs Kinkhorst (Nov 05)
Thor (Hammer of God)
RE: Millions of PDF invisibly embedded with your internal disk paths Thor (Hammer of God) (Nov 24)
Vladimir '3APA3A' Dubrovin
Re: {PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability Vladimir '3APA3A' Dubrovin (Nov 02)
VMware Security Team
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components VMware Security Team (Nov 20)
VUPEN Security Research
VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities VUPEN Security Research (Nov 04)
VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities VUPEN Security Research (Nov 12)
ZDI Disclosures
ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability ZDI Disclosures (Nov 23)
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability ZDI Disclosures (Nov 10)
ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability ZDI Disclosures (Nov 10)
ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability ZDI Disclosures (Nov 03)
zhangmc
Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability zhangmc (Nov 16)
Home FTP Server 'MKD' Command Directory Traversal Vulnerability zhangmc (Nov 17)
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability zhangmc (Nov 10)
XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability zhangmc (Nov 13)