Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

304 messages starting Jul 21 08 and ending Jul 21 08
Date index | Thread index | Author index

Abe Getchell

RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 21)
RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 19)
Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 18)
RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 21)
RE: Windows Vista Power Management & Local Security Policy Abe Getchell (Jul 23)

admin

MyBlog <=0.9.8 Multiple Vulnerabilities admin (Jul 21)
Pluck Local File inclusion admin (Jul 14)

Adrian Pastor

Re: E-Mail header Injection in HiFriend Adrian Pastor (Jul 29)

adv

[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability adv (Jul 16)

advisories

SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability advisories (Jul 25)

Alberto Trivero

[White Paper] Abusing HTML 5 Structured Client-side Storage Alberto Trivero (Jul 21)

Alexander Klink

Re: Unauthorized reading confirmation from Outlook Alexander Klink (Jul 09)

Alexander Sotirov

Pwnie Awards 2008 Alexander Sotirov (Jul 08)

Alexandr Polyakov

[DSECRG-08-028] File read in Velocity web-server Alexandr Polyakov (Jul 16)

alien

London DEFCON July meet - DC4420 - Thursday 10th July (today!) alien (Jul 10)

Andrea Barisani

[oCERT-2008-009] libxslt heap overflow Andrea Barisani (Jul 31)
[oCERT-2008-007] libpoppler uninitialized pointer Andrea Barisani (Jul 07)

Andrea Purificato

Oracle Portal XSS fixed by CPU July 2008 Andrea Purificato (Jul 17)

Andy Davis

Cisco IOS shellcode explanation - additional Andy Davis (Jul 30)
Cisco IOS shellcode explanation Andy Davis (Jul 30)
Remote Cisco IOS FTP exploit Andy Davis (Jul 29)

a . polyakov

Re: Lateral SQL Injection Revisited - No Special Privs Required a . polyakov (Jul 18)

Asterisk Security Team

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion Asterisk Security Team (Jul 23)
AST-2008-011: Traffic amplification in IAX2 firmware provisioning system Asterisk Security Team (Jul 23)

Augusto Paes de Barros

Unauthorized reading confirmation from Outlook Augusto Paes de Barros (Jul 04)

azzcoder

XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities azzcoder (Jul 25)

Bboyhacks

Security Bypass Vulnerabilities AXESSTEL Bboyhacks (Jul 28)

Brett Moore

Insomnia : ISVA-080709.1 - Microsoft SQL Server - Corrupt Backup File Heap Overflow Brett Moore (Jul 09)

Cesar

Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability Cesar (Jul 09)

Chandrashekhar B

Nessus plugins for recent MS Bulletins Chandrashekhar B (Jul 10)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Cisco Systems Product Security Incident Response Team (Jul 08)

ClubHack

CFP now open for ClubHack2008 - India ClubHack (Jul 15)

cocoruder

RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability cocoruder (Jul 30)

Context IS - Disclosure

Context IS Advisory - MS08-39 OWA XSS Context IS - Disclosure (Jul 10)

Cru3l . b0y

Flip V3.0 final Cru3l . b0y (Jul 21)

dan

Re: [ GLSA 200807-10 ] Bacula: Information disclosure dan (Jul 22)

davee1

Re: Microsoft DNS patch KB951748 incompatible with Zonealarm FIXED davee1 (Jul 10)

David Bryan

Minneapolis DC612 Meeting July 10th, 2008@6pm David Bryan (Jul 08)

David Litchfield

Oracle Application Server PLSQL injection flaw David Litchfield (Jul 16)
RE: Lateral SQL Injection Revisited - No Special Privs Required David Litchfield (Jul 19)
Lateral SQL Injection Revisited - No Special Privs Required David Litchfield (Jul 18)
Re: Pwnie Awards 2008 David Litchfield (Jul 21)

DeepSec 2008

Deepsec Talks 2007 are online - registration for 2008 is open DeepSec 2008 (Jul 01)

DeepSec Conference Vienna

DeepSec 2008 - Last call for submissions DeepSec Conference Vienna (Jul 14)

Devin Carraway

[SECURITY] [DSA 1616-2] New clamav packages fix denial of service Devin Carraway (Jul 26)
[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities Devin Carraway (Jul 22)
[SECURITY] [DSA 1616-1] new clamav packages fix denial of service Devin Carraway (Jul 24)
[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing Devin Carraway (Jul 28)
[SECURITY] [DSA 1617-1] New refpolicy packages fix incompatible policy Devin Carraway (Jul 25)
[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass Devin Carraway (Jul 14)

Digital Security Research Group

[DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5 Digital Security Research Group (Jul 17)

Digital Security Research Group [DSecRG]

[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC Digital Security Research Group [DSecRG] (Jul 04)
[DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities Digital Security Research Group [DSecRG] (Jul 18)
[DSECRG-08-034] Local File Include Vulnerability in Minishowcase v09b136 Digital Security Research Group [DSecRG] (Jul 29)
[DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities Digital Security Research Group [DSecRG] (Jul 22)
[DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1 Digital Security Research Group [DSecRG] (Jul 21)
[DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1 Digital Security Research Group [DSecRG] (Jul 28)

dwg5901

Re: Re: Microsoft DNS patch KB951748 incompatible with Zonealarm dwg5901 (Jul 16)

ekoparty

ekoparty security trainings (2008) announcement ekoparty (Jul 17)

Fabian Fingerle

Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100 Fabian Fingerle (Jul 28)

Fernando Gont

IETF Internet-Draft on TCP Port randomization Fernando Gont (Jul 16)

Florian Weimer

[SECURITY] [DSA 1604-1] BIND 8 deprecation notice Florian Weimer (Jul 08)
[SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver Florian Weimer (Jul 08)
[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution Florian Weimer (Jul 05)
[SECURITY] [DSA 1603-1] New bind9 packages fix cache poisoning Florian Weimer (Jul 08)
[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness Florian Weimer (Jul 16)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-08:06.bind FreeBSD Security Advisories (Jul 14)

fukami

CFP 25C3 - The 25th Chaos Communication Congress 2008 fukami (Jul 01)

galia

Re: Local vulnerability in WeFi Client v3.2.1.4.1(Update) galia (Jul 08)

Ganbold

Re: [Full-disclosure] CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit Ganbold (Jul 25)

Ghost hacker

phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability Ghost hacker (Jul 10)
gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability Ghost hacker (Jul 10)
HIOX Random Ad 1.3 (hioxRandomAd.php hm) RFI Vulnerability Ghost hacker (Jul 30)
PhpJobScheduler 3.1 Remote File Inclusion Vulnerability Ghost hacker (Jul 29)
[~] Greetz : Me93fg & Mr.SaFa7 Ghost hacker (Jul 31)
shoutbox Remote Database Dawnload Exploit Ghost hacker (Jul 30)
HIOX Star Rating System 1.0 Remote File Inclusion Vulnerability Ghost hacker (Jul 30)
openPro 1.3.1 (LIBPATH) Remote RFI Vulnerability Ghost hacker (Jul 16)
plugin Rss Remote File Inclusion Vulnerability Ghost hacker (Jul 29)
EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability Ghost hacker (Jul 21)
HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability Ghost hacker (Jul 30)

Good Securitypractice

RE: Windows Vista Power Management & Local Security Policy Good Securitypractice (Jul 23)

Greg

RE: Windows Vista Power Management & Local Security Policy Greg (Jul 28)

GulfTech Security Research

JamRoom <= 3.3.8 Authentication Bypass GulfTech Security Research (Jul 28)
ViArt <= 3.5 SQL Injection GulfTech Security Research (Jul 28)
Pligg <= 9.9.0 Multiple Vulnerabilities GulfTech Security Research (Jul 31)
Gregarius <= 0.5.4 SQL Injection GulfTech Security Research (Jul 29)

Hernan Ochoa

Release of Pass-The-Hash Toolkit v1.4 Hernan Ochoa (Jul 02)

iDefense Labs

iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability iDefense Labs (Jul 08)
iDefense Security Advisory 07.09.08: Novell eDirectory LDAP Search Request Heap Corruption Vulnerability iDefense Labs (Jul 11)
iDefense Security Advisory 07.28.08: Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability iDefense Labs (Jul 29)
iDefense Security Advisory 07.15.08: Oracle Database Local Untrusted Library Path Vulnerability iDefense Labs (Jul 16)
iDefense Security Advisory 07.15.08: Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability iDefense Labs (Jul 16)
iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability iDefense Labs (Jul 31)
iDefense Security Advisory 07.15.08: Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability iDefense Labs (Jul 16)

irancrash

Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) irancrash (Jul 21)
DEV WMS Multiple Vulnerabilities irancrash (Jul 30)
Maran PHP Blog Xss By Khashayar Fereidani irancrash (Jul 21)
Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani irancrash (Jul 21)
Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani irancrash (Jul 21)
EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) irancrash (Jul 21)
MJGuest 6.8 GT Cross Site Scripting Vulnerability irancrash (Jul 30)

I)ruid

CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit I)ruid (Jul 24)

isec

ISEC 2008(Information Security Conference) Guide isec (Jul 02)

ISecAuditors Security Advisories

[ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution ISecAuditors Security Advisories (Jul 18)

[ISR] - Infobyte Security Research

Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow [ISR] - Infobyte Security Research (Jul 04)
Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations [ISR] - Infobyte Security Research (Jul 28)

James C. Slora Jr.

RE: Windows Vista Power Management & Local Security Policy James C. Slora Jr. (Jul 22)

Jamie Strandboge

[USN-617-2] Samba regression Jamie Strandboge (Jul 01)
[USN-626-1] Firefox and xulrunner vulnerabilities Jamie Strandboge (Jul 29)
[USN-629-1] Thunderbird vulnerabilities Jamie Strandboge (Jul 25)
[USN-628-1] PHP vulnerabilities Jamie Strandboge (Jul 23)
[USN-623-1] Firefox vulnerabilities Jamie Strandboge (Jul 17)
[USN-619-1] Firefox vulnerabilities Jamie Strandboge (Jul 02)
[USN-627-1] Dnsmasq vulnerability Jamie Strandboge (Jul 22)

Jan Minář

Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 Jan Minář (Jul 01)
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jan Minář (Jul 26)
Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jan Minář (Jul 18)
Arbitrary code execution in Netrw version 127, Vim 7.2b Jan Minář (Jul 16)
Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim Jan Minář (Jul 23)
Vim: Improper Implementation of shellescape()/Arbitrary Code Execution Jan Minář (Jul 21)
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jan Minář (Jul 25)

Jeff Martin

RE: New Paper: More than 600 million users surf at high risk Jeff Martin (Jul 11)

Jessica Hope

XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower Jessica Hope (Jul 08)

jgable

Re: Microsoft DNS patch KB951748 incompatible with Zonealarm jgable (Jul 12)

Jim Harrison

RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 19)
RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 21)
RE: Windows Vista Power Management & Local Security Policy Jim Harrison (Jul 22)

jmpascual

Re: Oracle Database Local Untrusted Library Path Vulnerability jmpascual (Jul 21)

Joxean Koret

Oracle Database Local Untrusted Library Path Vulnerability Joxean Koret (Jul 19)

jplopezy

Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities jplopezy (Jul 22)

Juha-Matti Laurio

Re: Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version Juha-Matti Laurio (Jul 07)

Julien Thomas

Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system Julien Thomas (Jul 21)

Kees Cook

[USN-630-1] ffmpeg vulnerability Kees Cook (Jul 29)
[USN-624-1] PCRE vulnerability Kees Cook (Jul 15)
[USN-631-1] poppler vulnerability Kees Cook (Jul 29)
[USN-622-1] Bind vulnerability Kees Cook (Jul 08)

Larry Seltzer

RE: New Paper: More than 600 million users surf at high risk Larry Seltzer (Jul 01)
RE: New Paper: More than 600 million users surf at high risk Larry Seltzer (Jul 01)

lovebug

PHP-NUKE SQL Module's Name 4ndvddb lovebug (Jul 07)

Luigi Auriemma

NULL pointer in ZDaemon 1.08.07 Luigi Auriemma (Jul 22)
Memory corruption and NULL pointer in Unreal Tournament III 1.2 Luigi Auriemma (Jul 30)
Endless loop in Soldner 33724 Luigi Auriemma (Jul 01)
NULL pointer in Unreal Tournament 2004 v3369 Luigi Auriemma (Jul 30)

Matthias Geerdsen

[ GLSA 200807-08 ] BIND: Cache poisoning Matthias Geerdsen (Jul 11)
[ GLSA 200807-04 ] Poppler: User-assisted execution of arbitrary code Matthias Geerdsen (Jul 08)

mcalautt

Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method mcalautt (Jul 11)

Meitsec2008 Conference

Call for Papers for the MEITSEC 2008 is now open. Meitsec2008 Conference (Jul 08)

Michal Zalewski

[tool] ratproxy - passive web application security assessment tool Michal Zalewski (Jul 02)

Moritz Muehlenhoff

[SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution Moritz Muehlenhoff (Jul 31)
[SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities Moritz Muehlenhoff (Jul 28)
[SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities Moritz Muehlenhoff (Jul 28)
[SECURITY] [DSA 1607-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff (Jul 11)
[SECURITY] [DSA 1618-1] New ruby1.9 packages fix several vulnerabilities Moritz Muehlenhoff (Jul 26)
[SECURITY] [DSA 1614-1] New iceweasel packages fix several vulnerabilities Moritz Muehlenhoff (Jul 23)
[SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Jul 23)
[SECURITY] [DSA 1623-1] New dnsmasq packages fix cache poisoning Moritz Muehlenhoff (Jul 31)
[SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities Moritz Muehlenhoff (Jul 21)

n3tr00t3r

communitycms-0.1 Remote File Includion n3tr00t3r (Jul 17)

Nahuel C. Riva

[Full-disclosure] [tool] SDT Cleaner 1.0 Nahuel C. Riva (Jul 24)

nelsrob

Re: Re: Microsoft DNS patch KB951748 incompatible with Zonealarm nelsrob (Jul 14)

Netragard Security Advisories

[NETRAGARD SECURITY ADVISORY][Apple Core Image Fun House <= 2.0 OS X -- Arbitrary Code Execution][NETRAGARD-20080711] Netragard Security Advisories (Jul 11)

Nick FitzGerald

RE: New Paper: More than 600 million users surf at high risk Nick FitzGerald (Jul 02)

Nikolai Weibull

Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Nikolai Weibull (Jul 18)

nnposter

F5 FirePass 1200 SNMP daemon DoS nnposter (Jul 04)

otto

Re: Wordpress Malicious File Execution Vulnerability otto (Jul 23)

Pages-Web.com - Services internet

Microsoft DNS patch KB951748 incompatible with Zonealarm Pages-Web.com - Services internet (Jul 09)

Paul Oxman (poxman)

RE: Remote Cisco IOS FTP exploit Paul Oxman (poxman) (Jul 30)

Paul Schmehl

RE: New Paper: More than 600 million users surf at high risk Paul Schmehl (Jul 01)

Pete Herzog

Security Vacation Guide Pete Herzog (Jul 18)

Peter Wiesen

E-Mail header Injection in HiFriend Peter Wiesen (Jul 21)

Pierre-Yves Rofes

[ GLSA 200807-15 ] Pan: User-assisted execution of arbitrary code Pierre-Yves Rofes (Jul 31)
[ GLSA 200807-11 ] PeerCast: Buffer overflow Pierre-Yves Rofes (Jul 21)
[ GLSA 200807-10 ] Bacula: Information disclosure Pierre-Yves Rofes (Jul 21)
[ GLSA 200807-14 ] Linux Audit: Buffer overflow Pierre-Yves Rofes (Jul 31)
[ GLSA 200807-12 ] BitchX: Multiple vulnerabilities Pierre-Yves Rofes (Jul 22)
[ GLSA 200807-05 ] OpenOffice.org: User-assisted execution of arbitrary code Pierre-Yves Rofes (Jul 10)
[ GLSA 200807-13 ] VLC: Multiple vulnerabilities Pierre-Yves Rofes (Jul 31)

ProCheckUp Research

PR08-15: Several Webroot Disclosures on Moodle ProCheckUp Research (Jul 22)
PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page ProCheckUp Research (Jul 22)
Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method ProCheckUp Research (Jul 14)
PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title ProCheckUp Research (Jul 22)

Rainer Duffner

Re: New Paper: More than 600 million users surf at high risk Rainer Duffner (Jul 02)

RM-x

Yuhhu Pubs Black Cat Remote SQL Injection Exploit RM-x (Jul 14)

Robert Buchholz

[ GLSA 200807-07 ] NX: User-assisted execution of arbitrary code Robert Buchholz (Jul 10)
[ GLSA 200807-03 ] PCRE: Buffer overflow Robert Buchholz (Jul 07)
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Robert Buchholz (Jul 25)
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Robert Buchholz (Jul 25)
[ GLSA 200807-06 ] Apache: Denial of Service Robert Buchholz (Jul 10)

Rob Thompson

Re: New Paper: More than 600 million users surf at high risk Rob Thompson (Jul 12)
Re: New Paper: More than 600 million users surf at high risk Rob Thompson (Jul 02)

Rotem-BugSec

Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit Rotem-BugSec (Jul 14)

rPath Update Announcements

rPSA-2008-0035-1 httpd mod_ssl rPath Update Announcements (Jul 16)
rPSA-2008-0238-1 firefox rPath Update Announcements (Jul 29)
rPSA-2008-0218-1 ruby rPath Update Announcements (Jul 09)
rPSA-2008-0212-1 tshark wireshark rPath Update Announcements (Jul 03)
rPSA-2008-0236-1 httpd mod_ssl rPath Update Announcements (Jul 29)
rPSA-2008-0223-1 poppler rPath Update Announcements (Jul 10)
rPSA-2008-0217-1 vsftpd rPath Update Announcements (Jul 09)
rPSA-2008-0235-1 fetchmail fetchmailconf rPath Update Announcements (Jul 29)
rPSA-2008-0231-1 bind bind-utils rPath Update Announcements (Jul 19)
rPSA-2008-0211-1 mercurial mercurial-hgk rPath Update Announcements (Jul 03)
rPSA-2008-0237-1 tshark wireshark rPath Update Announcements (Jul 29)
rPSA-2008-0216-1 firefox rPath Update Announcements (Jul 09)

Scanit Labs

[SCANIT-2008-002] Wordtrans-web Remote Command Execution Vulnerability Scanit Labs (Jul 01)
[SCANIT-2008-003] Wordtrans-web Remote Command Execution Vulnerability Scanit Labs (Jul 01)
[SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability Scanit Labs (Jul 01)

Secunia Research

Secunia Research: VLC Media Player WAV Processing Integer Overflow Secunia Research (Jul 02)
Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow Secunia Research (Jul 25)
Secunia Research: Blue Coat K9 Web Protection "Referer" Header Buffer Overflow Secunia Research (Jul 31)
Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows Secunia Research (Jul 31)

security

[ MDVSA-2008:132 ] - Updated gnome-screensaver packages fix authentication vulnerability security (Jul 05)
[ MDVSA-2008:156 ] - Updated libpng packages fix vulnerability security (Jul 29)
[ MDVSA-2008:128 ] - Updated PHP packages fix multiple vulnerabilities security (Jul 04)
[ MDVSA-2008:133 ] - Updated sympa packages fix DoS vulnerability security (Jul 05)
[ MDVSA-2008:138 ] - Updated OpenOffice.org packages fix vulnerability security (Jul 09)
[ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability security (Jul 16)
[ MDVSA-2008:158 ] silc-toolkit security (Jul 30)
[ MDVSA-2008:134 ] - Updated squid packages fix DoS vulnerability security (Jul 05)
[ MDVSA-2008:149 ] - Updated mysql packages fix vulnerabilities security (Jul 21)
[ MDVSA-2008:140 ] - Updated ruby packages fix vulnerabilities security (Jul 10)
[ MDVSA-2008:154 ] - Updated xemacs packages fix vulnerability security (Jul 24)
ezContents CMS Renote File inclusion security (Jul 25)
[ MDVSA-2008:150 ] - Updated mysql packages fix vulnerabilities security (Jul 21)
[ MDVSA-2008:125 ] - Updated PHP packages fix multiple vulnerabilities security (Jul 04)
[ MDVSA-2008:143 ] - Updated pidgin packages fix MSN protocol handler vulnerability security (Jul 11)
n.runs-SA-2008.002 - F-Prot Out-of-Bound Memory Access DoS (remote) security (Jul 16)
[ MDVSA-2008:130 ] - Updated PHP packages fix multiple vulnerabilities security (Jul 04)
[ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability security (Jul 10)
[ MDVSA-2008:138-1 ] - Updated OpenOffice.org packages fix vulnerability security (Jul 12)
n.runs-SA-2008.004 - AVG Anti-Virus Divide by Zero - DoS (remote) security (Jul 29)
[ MDVSA-2008:155-1 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Jul 28)
[ MDVSA-2008:129 ] - Updated PHP packages fix multiple vulnerabilities security (Jul 04)
[ MDVSA-2008:137 ] - Updated OpenOffice.org fix vulnerability, and a few other bugs security (Jul 09)
[ MDVSA-2008:131 ] - Updated phpMyAdmin packages fix multiple vulnerabilities security (Jul 04)
[ MDVSA-2008:146 ] - Updated poppler packages fix arbitrary code execution vulnerability security (Jul 16)
[ MDVSA-2008:141 ] - Updated ruby packages fix vulnerabilities security (Jul 10)
[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability security (Jul 23)
[ MDVSA-2008:159 ] licq security (Jul 31)
[ MDVSA-2008:142 ] - Updated ruby packages fix vulnerabilities security (Jul 10)
[ MDVSA-2008:136 ] - Updated Firefox packages fix vulnerabilities security (Jul 08)
[ MDVSA-2008:152 ] - Updated wireshark packages fix denial of service vulnerability security (Jul 23)
[ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability security (Jul 15)
[ MDVSA-2008:148 ] - Updated Firefox packages fix vulnerabilities security (Jul 18)
[ MDVSA-2008:127 ] - Updated PHP packages fix multiple vulnerabilities security (Jul 04)
[ MDVSA-2008:144 ] - Updated openldap packages fix slapd DoS vulnerability security (Jul 12)
[ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability security (Jul 22)
[ MDVSA-2008:157 ] - ffmpeg security (Jul 29)
[ MDVSA-2008:155 ] - Updated Thunderbird packages fix multiple vulnerabilities security (Jul 26)
[ MDVSA-2008:135 ] - Updated gnome-screensaver packages fix authentication vulnerability security (Jul 05)
[ MDVSA-2008:126 ] - Updated PHP packages fix multiple vulnerabilities security (Jul 04)

security-alert

[security bulletin] HPSBMA02353 SSRT080066 rev.1 - HP OpenView Internet Services Running Probe Builder, Remote Denial of Service (DoS) security-alert (Jul 28)
[security bulletin] HPSBMA02133 SSRT061201 rev.9 - HP Oracle for OpenView (OfO) Critical Patch Update security-alert (Jul 16)
HPSBMA02346 SSRT080097 rev.2 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access security-alert (Jul 17)
[security bulletin] HPSBUX02351 SSRT080058 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert (Jul 19)
[security bulletin] HPSBMA02349 SSRT080043 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data security-alert (Jul 08)
[security bulletin] HPSBMA02346 SSRT080097 rev.1 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access security-alert (Jul 16)
[security bulletin] HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM), Unintended Remote Access security-alert (Jul 31)
[security bulletin] HPSBMA02346 SSRT080097 rev.3 - HP OpenView Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access security-alert (Jul 22)
[security bulletin] HPSBMA02345 SSRT080039 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) security-alert (Jul 01)
HPSBST02350 SSRT080102 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040 security-alert (Jul 15)
[security bulletin] HPSBUX02351 SSRT080058 rev.1 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert (Jul 17)
[security bulletin] HPSBMA02348 SSRT080033 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Jul 08)

snagg

Vuln name: Ruby rb_ary_fill() DOS snagg (Jul 01)

Stefan Frei

New Paper: More than 600 million users surf at high risk Stefan Frei (Jul 01)

Steve Kemp

[SECURITY] [DSA 1609-1] New lighttpd packages fix multiple DOS issues Steve Kemp (Jul 15)
[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code Steve Kemp (Jul 09)
[SECURITY] [DSA 1610-1] New gaim packages fix execution of arbitrary code Steve Kemp (Jul 15)
[SECURITY] [DSA 1560-1] New sympa packages fix denial of service Steve Kemp (Jul 01)

Steven M. Christey

Re: how to request a cve id? Steven M. Christey (Jul 28)
Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Steven M. Christey (Jul 25)

Steve Shockley

Re: Microsoft DNS patch KB951748 incompatible with Zonealarm Steve Shockley (Jul 12)

super

Tool: PorkBind Nameserver Security Scanner super (Jul 30)

supportrup

Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02 supportrup (Jul 28)

tan_prathan

Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities tan_prathan (Jul 18)

Tester

Re: SchoolCenter URL Handling Cross Site Scripting Vulnerability Tester (Jul 21)

Thijs Kinkhorst

[SECURITY] [DSA 1622-1] New newsx packages fix arbitrary code execution Thijs Kinkhorst (Jul 31)
[SECURITY] [DSA 1611-1] New afuse packages fix privilege escalation Thijs Kinkhorst (Jul 16)
[SECURITY] [DSA 1601-1] New wordpress packages fix several vulnerabilities Thijs Kinkhorst (Jul 04)
[SECURITY] [DSA 1569-3] New cacti packages fix regression Thijs Kinkhorst (Jul 16)
[SECURITY] [DSA 1540-3] New lighttpd packages fix regression Thijs Kinkhorst (Jul 23)

Thor (Hammer of God)

RE: Windows Vista Power Management & Local Security Policy Thor (Hammer of God) (Jul 21)

Tim Loshak

Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw Tim Loshak (Jul 22)

Tobias Heinlein

[ GLSA 200807-01 ] Python: Multiple integer overflows Tobias Heinlein (Jul 01)
[ GLSA 200807-02 ] Motion: Execution of arbitrary code Tobias Heinlein (Jul 01)
[ GLSA 200807-09 ] Mercurial: Directory traversal Tobias Heinlein (Jul 16)

Tuc at T-B-O-H.NET

Re: [bugtraq] Re: [Full-disclosure] CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Tuc at T-B-O-H.NET (Jul 25)

VMware Security team

VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix VMware Security team (Jul 29)

wargame89

Re: Rhythmbox Vulnerability wargame89 (Jul 01)

Wendel Guglielmetti Henrique

Citrix MetaFrame Privilege Escalation Wendel Guglielmetti Henrique (Jul 30)

XiaShing

Local vulnerability in WeFi Client v3.2.1.4.1(Update) XiaShing (Jul 04)
Local information disclosure in WeFi Client v3.3.3.0 XiaShing (Jul 09)

xpzhang

how to request a cve id? xpzhang (Jul 28)

zdi-disclosures

ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow zdi-disclosures (Jul 17)
ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability zdi-disclosures (Jul 25)
ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability zdi-disclosures (Jul 17)
ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability zdi-disclosures (Jul 11)
ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability zdi-disclosures (Jul 25)
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability zdi-disclosures (Jul 17)
http://www.zerodayinitiative.com/advisories/ZDI-08-046 zdi-disclosures (Jul 25)

zhliu

FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability zhliu (Jul 21)
FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability zhliu (Jul 21)
FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability zhliu (Jul 22)
EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability zhliu (Jul 21)

Previous period

Next period