Bugtraq: by date

PreviousPrevious period
Next periodNext

233 messages starting Jun 02 08 and ending Jun 30 08
Date index | Thread index | Author index

Monday, 02 June

[SECURITY] [DSA 1553-2] New ikiwiki packages fix regression Thijs Kinkhorst
rPSA-2008-0180-1 samba samba-client samba-server samba-swat rPath Update Announcements
ARP handler Inspection tool released Andrea Di Pasquale
BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability sys-project
Re: xt:Commerce possible DoS decoder-bugtraq
OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability hadihadi_zedehal_2006
ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability sys-project
[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability erdc
rPSA-2008-0181-1 openssl openssl-scripts rPath Update Announcements

Tuesday, 03 June

DEFCON 16 Updates - Get involved! The Dark Tangent
Advisory: Xerox Workaround & planned patch suzanne . hawley
[SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability Mark Thomas
Windows Installer msiexec GUID Buffer Overflow Patrick Webster
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities Thijs Kinkhorst
[security bulletin] HPSBST02312 SSRT071428 rev.1 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code security-alert
Re: Windows Installer msiexec GUID Buffer Overflow 0xjbrown41
[ GLSA 200806-02 ] libxslt: Execution of arbitrary code Tobias Heinlein
RE: Windows Installer msiexec GUID Buffer Overflow Thor (Hammer of God)
[ GLSA 200806-01 ] mtr: Stack-based buffer overflow Tobias Heinlein
London DEFCON June meet - DC4420 - Thursday 5th June Major Malfunction
[NSG 03-06-2008] C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit ipsdix
AccessMe Tool Release Oliver Lavery
[USN-614-1] Linux kernel vulnerabilities Kees Cook
AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode Asterisk Security Team
[ MDVSA-2008:109 ] - Updated kernel packages fix bugs security

Wednesday, 04 June

QuickerSite Multiple Vulnerabilities Admin
[security bulletin] HPSBMA02326 SSRT071490 rev.1 - HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code security-alert
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability iDefense Labs
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability iDefense Labs
CSIS-RI-0003: Multiple buffer overflow vulnerabilities in HP ActiveX rand
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities iDefense Labs
IMF 2008 - Deadline Extension (2nd try) Oliver Goebel
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities iDefense Labs
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability iDefense Labs
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability iDefense Labs
Akamai Technologies Security Advisory 2008-0001 (Download Manager) Akamai Security Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Cisco Systems Product Security Incident Response Team
VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues VMware Security team
ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability zdi-disclosures
ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability zdi-disclosures
ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow zdi-disclosures
TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability DVLabs
iDefense Security Advisory 06.04.08: Skype File URI Security Bypass Code Execution Vulnerability iDefense Labs
iDefense Security Advisory 06.04.08: Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability iDefense Labs
Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability Luigi Auriemma
CORE-2008-0425 - NASA BigView Stack Buffer Overflow CORE Security Technologies Advisories

Thursday, 05 June

CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities Williams, James K
AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised Asterisk Security Team
e107 Plugin echat MENU Blind SQL Injection Vulnerability hadihadi_zedehal_2006
[security bulletin] HPSBST02312 SSRT071428 rev.2 - HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code security-alert
Remote DoS vulnerability in Linksys WRH54G dubingyao
SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities tan_prathan
Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability cocoruder
AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver Asterisk Security Team
iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability iDefense Labs
iDefense Security Advisory 06.04.08: VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability iDefense Labs
Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability iDefense Labs
F5 FirePass Content Inspection Management XSS nnposter
WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability tan_prathan

Friday, 06 June

[ MDVSA-2008:110 ] - Updated Firefox packages fix vulnerabilities security
Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery Secunia Research
Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software) Akamai Security Team
Vulnerability in Network General/Net Scout product jgrove_2000
Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability iDefense Labs
rPSA-2008-0185-1 vsftpd rPath Update Announcements
SchoolCenter URL Handling Cross Site Scripting Vulnerability DoZ

Saturday, 07 June

[USN-615-1] Evolution vulnerabilities Jamie Strandboge
FreeSSHD 1.2.1 (Post Auth) Remote Seh Overflow Exploit m . memelli

Monday, 09 June

[ GLSA 200806-03 ] Imlib 2: User-assisted execution of arbitrary code Tobias Heinlein
[SECURITY] [DSA 1592-1] New Linux 2.6.18 packages fix overflow conditions dann frazier
XSS - NEXTGEN GALLERY 0.96 WORDPRESS PLUGIN Eduardo Jorge
webTA by kronos - XSS Alex Eden
[SECURITY] [DSA 1592-2] New Linux 2.6.18 packages fix overflow conditions dann frazier
[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting Moritz Muehlenhoff
Further Correction to BID 29112 "Apache Server HTML Injection and UTF-7 XSS Vulnerability" William A. Rowe, Jr.

Tuesday, 10 June

[web-app] Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability unohope
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing Andrea Barisani
[web-app] ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability unohope
[web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability unohope
[web-app] yBlog 0.2.2.2 Multiple Remote Vulnerabilities unohope
[web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities unohope
Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow Secunia Research
[security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability iDefense Labs
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities Cisco Systems Product Security Incident Response Team
iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities iDefense Labs
XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) Eduardo Jorge
iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability iDefense Labs
ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability zdi-disclosures
ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution zdi-disclosures
[ MDVSA-2008:111 ] - Updated Evolution packages fix vulnerabilities security
Many bugs on CMS system Piugame Psymera
ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability zdi-disclosures
ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability zdi-disclosures

Wednesday, 11 June

[security bulletin] HPSBUX02342 SSRT080063 rev.1 - HP-UX Running Apache or Tomcat with PHP, Remote Execution of Arbitrary Code security-alert
TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core lars
PHPEasyData 1.5.4 Multiple Vulnerabilities Sylvain
Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS Secunia Research
CORE-2008-0125: CitectSCADA ODBC service vulnerability CORE Security Technologies Advisories
Flat Calendar v1.1 Remote Permission Bypass Vulnerability none
phpRaider <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable none
[security bulletin] HPSBMA02340 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
[SECURITY] [DSA 1594-1] New imlib2 packages fix arbitrary code execution Moritz Muehlenhoff
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability iDefense Labs
Xigla Multiple Products - Multiple Vulnerabilities Admin
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities iDefense Labs
iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability iDefense Labs

Thursday, 12 June

rPSA-2008-0189-1 kernel xen rPath Update Announcements
[SECURITY] [DSA 1595-1] New xorg-server packages fix several vulnerabilities Thijs Kinkhorst
ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability sys-project
SNMPv3 Authentication Bypass - CVE-2008-0960 inode
DEFCON Switzerland looking for DEFCON visitors DEF CON Switzerland
Pooya Site Builder (PSB) SQL Injection Vulnerabilities Admin
[ MDVSA-2008:112 ] - Updated kernel packages fix security issues security
[SECURITY] [DSA 1596-1] New typo3 packages fix several vulnerabilities Thijs Kinkhorst
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities Devin Carraway

Friday, 13 June

[USN-616-1] X.org vulnerabilities Kees Cook
AS/400 Vulnerabilities Jon Kibler
Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10) Jessica Hope
[USN-612-10] OpenVPN regression Jamie Strandboge
Securify bulletin: Microsoft Active Directory Denial-of-service Securify Bulletins
[USN-612-9] openssl-blacklist update Jamie Strandboge
RE: AS/400 Vulnerabilities Michael Wojcik
RE: Securify bulletin: Microsoft Active Directory Denial-of-service Michael Wojcik

Saturday, 14 June

Technical Details of Security Issues Regarding Safari for Windows LIUDIEYU dot COM
[ MDVSA-2008:114 ] - Updated util-linux-ng packages fix log injection issue security
[ MDVSA-2008:113 ] - Updated kernel packages fix security issue security
Re: AS/400 Vulnerabilities security curmudgeon
Collection of Vulnerabilities in Fully Patched Vim 7.1 Jan Minář
Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 Bram Moolenaar
GSC Privilege Escalation Exploit Moose
[ GLSA 200806-04 ] rdesktop: Multiple vulnerabilities Pierre-Yves Rofes

Monday, 16 June

Re: AS/400 Vulnerabilities Marco Ivaldi
Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) Eduardo Jorge
E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability sys-project
DUC NO-IP Local Password Information Disclosure Vulnerability glafkos
Denial of Service in S.T.A.L.K.E.R. 1.0006 Luigi Auriemma
[ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability erdc
PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability sys-project
[ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability erdc
Returnil Virtual System 2008 - Password Disclosure Issue mikuvoli
[DSECRG-08-026] LFI in Open Azimyt CMS 0.22 Digital Security Research Group
VistaReseller Panel BETA Xss Vulnerability irancrash
[ MDVSA-2008:116 ] - Updated x11-server packages fix several vulnerabilities security
[ MDVSA-2008:115 ] - Updated x11-server packages fix several vulnerabilities security

Tuesday, 17 June

NULL pointer in the HTTP/XML-RPC service of Crysis 1.21 Luigi Auriemma
Hacking Coffee Makers. Craig Wright
[ GLSA 200806-06 ] Evolution: User-assisted execution of arbitrary code Pierre-Yves Rofes
Server freezed in Skulltag 0.97d2-RC2 Luigi Auriemma
S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS) S21sec labs
fetchmail security announcement fetchmail-SA-2008-01 (CVE-2008-2711) ma+bt
[ GLSA 200806-05 ] cbrPager: User-assisted execution of arbitrary code Pierre-Yves Rofes
fetchmail security announcement fetchmail-SA-2007-02 (CVE-2007-4565) ma+bt
iPhoneDbg Toolkit Nicolas A. Economou

Wednesday, 18 June

[security bulletin] HPSBST02344 SSRT080087 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036 security-alert
[USN-617-1] Samba vulnerabilities Jamie Strandboge
Announcement && CFP: ISOI 5, Tallinn Estonia Gadi Evron
Secunia Research: TorrentTrader Multiple SQL Injection Vulnerabilities Secunia Research
CA ARCserve Backup Discovery Service Denial of Service Vulnerability Williams, James K
A more detailed description of the Jura F90 vulnerability. Craig Wright
Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service Cisco Systems Product Security Incident Response Team
RE: A more detailed description of the Jura F90 vulnerability. Thor (Hammer of God)

Thursday, 19 June

[USN-612-11] openssl-blacklist update Jamie Strandboge
eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities Admin
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities Admin
vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1: XSS in modcp index Jessica Hope
CSW Security Advisory 0002: Oral B SmartMonitor Information Disclosure Vulnerability and DoS craigswright
RE: A more detailed description of the Jura F90 vulnerability. Thor (Hammer of God)
RE: A more detailed description of the Jura F90 vulnerability. Craig Wright
[ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities Matthias Geerdsen
An Apology. cwrigh20
Re: RFI ====> vBulletin v3.6.5 hh-ua

Friday, 20 June

[ MDVSA-2008:117 ] - Updated fetchmail packages fix DoS vulnerability security
Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow Secunia Research
[SECURITY] [DSA 1598-1] New libtk-img packages fix arbitrary code execution Thijs Kinkhorst
BackTrack 3 Final has been released Max Moser
Diigo Toolbar - Global XSS and Information Leakage in SSL URLs Ferruh Mavituna
[ MDVSA-2008:118 ] - Updated net-snmp/ucd-snmp packages fix vulnerabilities security

Saturday, 21 June

[ MDVSA-2008:119 ] - Updated exiv2 packages fix vulnerability security
rPSA-2008-0200-1 xorg-server rPath Update Announcements
rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs rPath Update Announcements

Monday, 23 June

[ MDVSA-2008:120 ] - Updated nasm packages fix vulnerability security
Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities tan_prathan
n.runs-SA-2008.001 - Jscape Secure FTP Applet security
Trust Testing and Metrics Pete Herzog
Firefox 3.0 security bug: Extensions can STILL hide themselves azurIt
Double Denial of Service in Call of Duty 4 1.6 Luigi Auriemma
Re: Summary of AS/400 Vulnerability Information Jon Kibler
[ MDVSA-2008:121 ] - Updated freetype2 packages fix vulnerabilities security
NULL pointer in World in Conflict 1.008 Luigi Auriemma

Tuesday, 24 June

[ GLSA 200806-08 ] OpenSSL: Denial of Service Robert Buchholz
[ GLSA 200806-09 ] libvorbis: Multiple vulnerabilities Robert Buchholz
[ GLSA 200806-10 ] FreeType: User-assisted execution of arbitrary code Robert Buchholz
fetchmail REVISED security announcement fetchmail-SA-2008-01 (CVE-2008-2711) ma+bt
[ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability security

Wednesday, 25 June

[ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities Tobias Heinlein
RSS-aggregator (display) Remote File Inclusion Vulnerability Ghost hacker
IdeBox (include) Remote File Inclusion Vulnerability Ghost hacker
[BMSA 2008-07] Format string vulnerability in 5th street Nam Nguyen
ERRATA - n.runs-SA-2008.001 - Jscape Secure FTP Applet security
mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability Ghost hacker
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Cisco Systems Product Security Incident Response Team
[ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability adv
[ MDVSA-2008:123 ] - Updated imlib2 packages fix vulnerabilities security
Re: IdeBox (include) Remote File Inclusion Vulnerability Vladimir '3APA3A' Dubrovin

Thursday, 26 June

Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version "842 Procapita 840SP1" pelzi
Rhythmbox Vulnerability jplopezy
The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities tan_prathan
Pidgin 2.4.1 Vulnerability jplopezy
Evolution Vulnerability jplopezy
[USN-620-1] OpenSSL vulnerabilities Jamie Strandboge
rPSA-2008-0206-1 ruby rPath Update Announcements
[SECURITY] [DSA 1599-1] New dbus packages fix privilege escalation Moritz Muehlenhoff
WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy the_3dit0r

Friday, 27 June

[USN-621-1] Ruby vulnerabilities Jamie Strandboge
[ MDVSA-2008:124 ] - Updated xine-lib packages fix vulnerability in Speex decoder security
New Release of 'Unhide' (20080519) yago jesus
rPSA-2008-0207-1 kernel rPath Update Announcements
[security bulletin] HPSBUX02342 SSRT080063 rev.2 - HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code security-alert
BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008) Dragos Ruiu
[security bulletin] HPSBUX02341 SSRT080075 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code security-alert

Saturday, 28 June

[Tool] PktAnon packet trace anonymization tool released Christoph Mayer

Monday, 30 June

Remote SQL Injection saidmoftakhar
Re: Double Denial of Service in Call of Duty 4 1.6 Luigi Auriemma
Endless loop in Halo 1.07 Luigi Auriemma
Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006 Luigi Auriemma
Security and Hacking Papers - Updated! ork
Re: Remote SQL Injection packet
RSS-aggregator Multiple vulnerabilities Sylvain
[security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
PreviousPrevious period
Next periodNext