Bugtraq: by date

230 messages starting Nov 01 10 and ending Nov 30 10
Date index | Thread index | Author index

Monday, 01 November

[USN-1011-3] Xulrunner vulnerability Jamie Strandboge
Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability Secunia Research
Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability Secunia Research
Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow Secunia Research
[security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download security-alert
[security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access security-alert
[security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF) security-alert
[security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF) security-alert
[security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF) security-alert
[ MDVSA-2010:219 ] mozilla-thunderbird security
H2HC 2010 - Final Speakers List Available Rodrigo Rubira Branco (BSDaemon)
[security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download security-alert
[DEMO] Sample videos about IDS/IPS evasions... Nelson Brito
[security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download security-alert
Audacity <= 1.3 Beta Multiple Local Vulnerabilities Salvatore Fresta aka Drosophila
Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability Salvatore Fresta aka Drosophila
[ MDVSA-2010:214 ] kernel security
[ MDVSA-2010:215 ] python security
[ MDVSA-2010:218 ] php security
[ MDVSA-2010:216 ] python security
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086 Rodrigo Branco
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 Rodrigo Branco
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088 Rodrigo Branco
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087 Rodrigo Branco
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089 Rodrigo Branco
[ MDVSA-2010:217 ] dovecot security
XSS and SQL Injection vulnerabilities in CMS WebManager-Pro MustLive
'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) Mark Stanislav
Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group
Call for Papers -YSTS V - Security Conference, Brazil Luiz Eduardo
Call for Papers: The International Conference on Cyber Conflict, Estonia k g

Tuesday, 02 November

[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses Florian Weimer
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities Florian Weimer
Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability Nick Freeman
Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal advisory
Stored XSS vulnerability in Webmedia Explorer advisory
XSS vulnerability in Kandidat CMS advisory
XSS vulnerability in MemHT Portal advisory
XSS vulnerability in Kandidat CMS advisory
XSS vulnerability in MemHT Portal advisory
XSS vulnerability in Kandidat CMS advisory

Wednesday, 03 November

[ MDVSA-2010:202-1 ] krb5 security
[Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation Onapsis Research Labs
[Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access Onapsis Research Labs
[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution Onapsis Research Labs
CVE-2010-3863: Apache Shiro information disclosure vulnerability Les Hazlewood

Thursday, 04 November

Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer neza0x
Zen Cart 1.3.9h Local File Inclusion Vulnerability Salvatore Fresta aka Drosophila
Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 Max Kanat-Alexander
Adsoft Remote Sql Injection Vulnerability md . r00t . defacer
BBcode XSS in MiniBB advisory
SQL injection in SweetRice CMS advisory
RFI in JAF CMS advisory
Shell create & command execution in JAF CMS advisory
XSS in SweetRice CMS advisory
Reset admin password in SweetRice CMS advisory
SQL injection in MiniBB advisory
XSS in Textpattern CMS advisory
LFI in eoCMS advisory
Path disclosure in eoCMS advisory
SQL injection in eoCMS advisory
LFI in eoCMS advisory
BBcode XSS in eoCMS advisory
[ MDVSA-2010:220 ] pam security
Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer Arturo 'Buanzo' Busleiman
[USN-1012-1] CUPS vulnerability Marc Deslauriers
[USN-1013-1] FreeType vulnerabilities Marc Deslauriers
[USN-1014-1] Pidgin vulnerabilities Marc Deslauriers

Friday, 05 November

Common consumer routers password disclosure danieljcrteixeira
[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability xpzhang
Angel LMS Exploit Wesley Kerfoot
Wargame Qualifications - Win a car !!! Ivan Buetler
ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player ACROS Security Lists
Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group

Monday, 08 November

nSense-2010-003: Cisco Unified Communications Manager Henri Lindberg
[ MDVSA-2010:221 ] openoffice.org security
CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment Konrad Rieck
Vulnerabilities in PHPShop MustLive
some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability) Michal Zalewski
Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978 Rodrigo Branco
Seo Panel 2.1.0 - Critical File Disclosure advisories
Malware Collections and Feed Exchange Rodrigo Rubira Branco (BSDaemon)
[ MDVSA-2010:155-1 ] mysql security
Re: Seo Panel 2.1.0 - Critical File Disclosure Zach C
DIMVA 2011 Call for Workshops Proposals Lorenzo Cavallaro
Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP Philippe Langlois

Tuesday, 09 November

JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability Salvatore Fresta aka Drosophila
IBM OmniFind - several vulnerabilities Fatih Kilic
[CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch CORE Security Technologies Advisories
[USN-1008-4] libvirt regression Jamie Strandboge
D-Link DIR-300 authentication bypass Karol Celiński
[ MDVSA-2010:222 ] mysql security
Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability Secunia Research
[ MDVSA-2010:223 ] mysql security
Re: D-Link DIR-300 authentication bypass Karol Celiński
Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability Secunia Research

Wednesday, 10 November

[ MDVSA-2010:225 ] libmbfl security
ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010 ACROS Security Lists
[ MDVSA-2010:224 ] php security
[ MDVSA-2010:225-1 ] libmbfl security
iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability labs-no-reply
Kernel 0-day Dan Rosenberg
ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 ACROS Security Lists
ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 ACROS Security Lists
[USN-1015-1] libvpx vulnerability Jamie Strandboge
Babylon Cross-Application Scripting Code Execution Roee Hay
[ MDVSA-2010:226 ] dhcp security
eBlog 1.7 Multiple SQL Injection Vulnerabilities Salvatore Fresta aka Drosophila
Re: Kernel 0-day James Lay

Friday, 12 November

Vulnerability in Google AJAX Search MustLive
Apple Directory Services Memory Corruption - CVE-2010-1840 Rodrigo Branco
Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability Secunia Research
[USN-1017-1] MySQL vulnerabilities Marc Deslauriers
CORE-2010-1018 - Landesk OS command injection CORE Security Technologies Advisories
[TEHTRI-Security] CVE-2010-1752: Update your MacOSX Laurent OUDOT at TEHTRI-Security
Additional information on the Microsoft Office 2010 binary planting bugs ACROS Security Lists
iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability labs-no-reply
[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal
[USN-1016-1] libxml2 vulnerability Jamie Strandboge
[ MDVSA-2010:227 ] proftpd security
FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs FreeBSD Security Advisories
Re: D-Link DIR-300 authentication bypass mfardiles
[ MDVSA-2010:228 ] xpdf security
[ MDVSA-2010:229 ] kdegraphics security
[ MDVSA-2010:231 ] poppler security
[ MDVSA-2010:230 ] poppler security

Monday, 15 November

[SECURITY] [DSA 2038-3] New pidgin packages fix regression Thijs Kinkhorst
TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera Trustwave Advisories
vBulletin 4.0.8 - Persistent XSS via Profile Customization advisories
Re: D-Link DIR-300 authentication bypass asmo
Saved XSS vulnerability in Internet Explorer MustLive
Packet Storm - New Site bugtraq

Tuesday, 16 November

Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components VMware Security team
[ MDVSA-2010:235 ] freetype2 security
[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert
[ MDVSA-2010:234 ] cups security
LFI and XSS vulnerability in openEngine SecPod Research
Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer Amit Klein
[ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities Tobias Heinlein
[ MDVSA-2010:233 ] cups security
[ MDVSA-2010:237 ] perl-CGI security
[ MDVSA-2010:236 ] freetype2 security
[ MDVSA-2010:232 ] cups security

Wednesday, 17 November

Information disclosure in IceBB advisory
Path disclosure in IceBB advisory
BBcode XSS in CLANSPHERE advisory
Path disclosure in CLANSPHERE advisory
XSS in CLANSPHERE advisory
SQL Injection in CLANSPHERE advisory
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038 Florent Daigniere
SQL injection in CompactCMS advisory
Information disclosure in IceBB advisory
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products Cisco Systems Product Security Incident Response Team
SQL injection in IceBB advisory
nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November nullcon
AWCM v2.2 Auth Bypass Vulnerabilities eidelweiss

Thursday, 18 November

[ MDVSA-2010:238 ] openssl security
Re: Kernel 0-day Felipe Martins
Multiple vulnerabilities in chCounter <= 3.1.3 Soporte CERT
XSS in CompactCMS advisory
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal
XSS in CompactCMS advisory

Friday, 19 November

H2CSO (Hackers to CSO) debate second edition - Free Live Streaming Rodrigo Rubira Branco (BSDaemon)
Re: Saved XSS vulnerability in Internet Explorer ecco
VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246) VUPEN Security Research
Vtiger CRM 5.2.0 Multiple Vulnerabilities ascii
RE: Saved XSS vulnerability in Internet Explorer Hans Wolters
Re: D-Link DIR-300 authentication bypass Karol Celiński
[eVuln.com] Cookie Auth Bypass in Hot Links SQL bt
Re: Kernel 0-day Dan Rosenberg
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245) VUPEN Security Research
[eVuln.com] URL and Title XSS in AxsLinks bt
Re: Saved XSS vulnerability in Internet Explorer MustLive
[ MDVSA-2010:239 ] php security
[USN-1018-1] OpenSSL vulnerability Steve Beattie

Monday, 22 November

New vulnerabilities in CMS SiteLogic MustLive
vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization advisories
Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability Amit Klein
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) Mark Stanislav
H2HC Cancun - Free Entrance! Rodrigo Rubira Branco (BSDaemon)
[eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version) bt
[eVuln.com] url XSS in Hot Links Lite bt
NGS00015 Patch Notification: ImageIO Memory Corruption Research@NGSSecure
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability Mark Thomas

Friday, 26 November

Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :( Dan Rosenberg
Mozilla Firefox 3.6.12 Denial of Service Vulnerability info
[Suspected Spam]Vulnerabilities in Register Plus for WordPress MustLive
XSS vulnerability in Wolf CMS advisory
Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) g . maone
CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp 0kn0ck
XSRF (CSRF) in Frog CMS advisory
[eVuln.com] URL XSS in Easy Banner Free bt
Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability Michal Zalewski
XSS vulnerability in Frog CMS advisory
[security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized security-alert
[eVuln.com] SQL injections in FreeTicket bt
[USN-1022-1] APR-util vulnerability Marc Deslauriers
[eVuln.com] SQL injection Auth Bypass in Easy Banner Free bt
XSS vulnerability in Frog CMS advisory
XSS vulnerability in Frog CMS advisory
[ MDVSA-2010:240 ] mono security
XSRF (CSRF) in Wolf CMS advisory
[ MDVSA-2010:241 ] gnucash security
XSS vulnerability in Wolf CMS advisory
[USN-1021-1] Apache vulnerabilities Marc Deslauriers
XSS vulnerability in Wolf CMS advisory
Re: [DCA-00015] YOPS Web Server Remote Command Execution zed
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption Advisories Toucan-System
NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) 0kn0ck

Monday, 29 November

jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload underground stockholm
AOL Instant Messenger Insecure Library Loading Vulnerability apa-iutcert
Google Desktop Insecure Library Loading Vulnerability apa-iutcert
SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X u6q
[SECURITY] [DSA-2127-1] New wireshark packages fix denial of service Stefan Fritsch
[ MDVSA-2010:242 ] wireshark security
Vulnerabilities in Joomla MustLive
n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface security
[ MDVSA-2010:243 ] libxml2 security

Tuesday, 30 November

FreeBSD Security Advisory FreeBSD-SA-10:10.openssl FreeBSD Security Advisories
[CVE-2010-3449] Apache Archiva CSRF Vulnerability Deng Ching
[eVuln.com] Multiple XSS inj in Wernhart Guestbook bt
'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313) Mark Stanislav
[eVuln.com] Multiple SQL injections in Wernhart Guestbook bt
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities Juan Galiana Lara
[ MDVSA-2010:244 ] phpmyadmin security
[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues dann frazier
VMSA-2010-0017 VMware ESX third party update for Service Console kernel VMware Security Team
[USN-1024-1] OpenJDK vulnerability Marc Deslauriers
MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] Tom Yu

Previous period

Next period