Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
351 messages
starting Sep 01 08 and
ending Sep 30 08
Date index |
Thread index |
Author index
Monday, 01 September
PoCfix (PoC for Postfix local root vuln - CVE-2008-2936) Roman Medina-Heigl Hernandez
Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges Felix Buenemann
[SECURITY] [DSA 1627-2] New opensc package fix incomplete check Thijs Kinkhorst
Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 Fabian Fingerle
rPSA-2008-0264-1 ruby rPath Update Announcements
[oCERT-2008-014] WordNet stack and heap overflows Rob Holland
Tuesday, 02 September
[SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities Florian Weimer
[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution Thijs Kinkhorst
HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS) security-alert
ToorCon X Lineup & Training Seminars Posted & Pre-Registration Ending h1kari
Postfix Linux-only local denial of service Wietse Venema
[AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability João Antunes
[security bulletin] HPSBMA02362 SSRT080044, SSRT080045 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert
[ MDVSA-2008:182 ] wordnet security
CS-Cart <= 1.3.5 SQL Injection GulfTech Security Research
[Tool] sqlmap 0.6 released Bernardo Damele A. G.
[USN-639-1] tiff vulnerability Kees Cook
[Suspected Spam]New IETF I-D-: Security Assessment of the Internet Protocol version 4 Fernando Gont
In search of examples of malicious source code Steve . Coleman
[ MDVSA-2008:183 ] opensc security
T2´08 Challenge - Free Tickets Available Tomi Tuominen
Exploit Admin
Has anyone implemented "double forward DNS"? Duncan Simpson
Wednesday, 03 September
RUXCON 2008 Final Call For Papers cfp
Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow Secunia Research
[Tool] Distack framework for attack detection and traffic analysis Christoph Mayer
Google Chrome Automatic File Download nerex
Google Chrome Browser (ver.0.2.149.27) Vulnerability psy . echo
Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA Cisco Systems Product Security Incident Response Team
RES: Google Chrome Automatic File Download DIOGO LEAL CHAGAS
Re: Google Chrome Automatic File Download Razi Shaban
Cisco Secure ACS Denial Of Service Vulnerability Cisco Systems Product Security Incident Response Team
TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload admin
Cisco Secure ACS EAP Parsing Vulnerability Laurent Butti
Re: Has anyone implemented "double forward DNS"? The Fungi
FreeBSD Security Advisory FreeBSD-SA-08:08.nmount FreeBSD Security Advisories
[ MDVSA-2008:184 ] libtiff security
RE: Google Chrome Automatic File Download James C. Slora Jr.
[ MDVSA-2008:185 ] python-django security
Re: In search of examples of malicious source code Gabriele Zanoni
Re: Has anyone implemented "double forward DNS"? Ansgar Wiechers
Re: Has anyone implemented "double forward DNS"? Jerry Franz
Re: Has anyone implemented "double forward DNS"? Glynn Clements
Re: Has anyone implemented "double forward DNS"? terry white
FreeBSD Security Advisory FreeBSD-SA-08:09.icmp6 FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-08:07.amd64 FreeBSD Security Advisories
Thursday, 04 September
Marvell Driver EAPoL-Key Length Overflow Laurent Butti
Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 Fabian Fingerle
Marvell Driver Null SSID Association Request Vulnerability Laurent Butti
[USN-640-1] libxml2 vulnerability Kees Cook
Atheros Vendor Specific Information Element Overflow Laurent Butti
Re: Google Chrome Automatic File Download Juha-Matti Laurio
Zen Cart <= 1.3.8a SQL Injection GulfTech Security Research
[ GLSA 200809-04 ] MySQL: Privilege bypass Robert Buchholz
[ GLSA 200809-03 ] RealPlayer: Buffer overflow Robert Buchholz
[ GLSA 200809-01 ] yelp: User-assisted execution of arbitrary code Robert Buchholz
clamav: Crash with crafted chm, CVE-2008-1389 Hanno Böck
Re: Has anyone implemented "double forward DNS"? Ansgar -59cobalt- Wiechers
[ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing Robert Buchholz
Multiple MicroWorld products insecure directory permissions Edi Strosar
Friday, 05 September
[ MDVSA-2008:186 ] python security
[security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure security-alert
other google chrome crash jplopezy
Re: Zen Cart <= 1.3.8a SQL Injection Ian Wilson
rPSA-2008-0268-1 libtiff rPath Update Announcements
Risky Chrome (The perfect cleartext password offering ) quakerdoomer
XCon 2008 Call for Paper Sowhat
Re: XCon 2008 Call for Paper Sowhat
Re: XCon 2008 Call for Paper Sowhat
Re: Has anyone implemented "double forward DNS"? Steven Bakker
Google Chrome 0.2.149.27 'SaveAs' Function Buffer Overflow Vulnerability Security Vulnerability Research Team
Re: Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy dstinbox
[ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability Pierre-Yves Rofes
Saturday, 06 September
Google Chrome Auto download exploit .. security
[ MDVSA-2008:188 ] tomcat5 security
Re: RES: Google Chrome Automatic File Download Nick FitzGerald
Monday, 08 September
xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ) geinblues
phpAdultSite CMS flaws SmOk3
[ GLSA 200809-06 ] VLC: Multiple vulnerabilities Pierre-Yves Rofes
Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks ProCheckUp Research
[scip_Advisory 3808] D-Link DIR-100 long url filter evasion Marc Ruef
DEFCON London - DC4420 - September meet this Thursday 11th Major Malfunction
Re: Re: SECURITY ADVISORY - Level Platforms, Inc. Service Center Install Data HTTP Vulnerability prenaud
Sagem Router F@ST 2404 Remote Denial Of Service Exploit zigma
Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Rotem Kerner
WASC Announcement: 2007 Web Application Security Statistics Published statistics
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit a
[ GLSA 200809-07 ] libTIFF: User-assisted execution of arbitrary code Pierre-Yves Rofes
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Mike Duncan
[ GLSA 200809-08 ] Amarok: Insecure temporary file creation Pierre-Yves Rofes
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Wellington Wagner F. Sarmento
Tuesday, 09 September
Re: Sagem Router F@ST 2404 Remote Denial Of Service Exploit Vladimir '3APA3A' Dubrovin
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit gynvael
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Razi Shaban
[USN-641-1] Racoon vulnerabilities Kees Cook
Stash v1.0.3 Admin bypass / Remote File Disclosure r3d . w0rm
Sun M-class hardware denial of service Theo de Raadt
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Rotem Kerner
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Razi Shaban
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Mike Duncan
Re: Sun M-class hardware denial of service B 650
ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability zdi-disclosures
ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability zdi-disclosures
Re: Sun M-class hardware denial of service Theo de Raadt
Re: Sun M-class hardware denial of service B 650
ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability zdi-disclosures
ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability zdi-disclosures
ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability zdi-disclosures
Re: Sun M-class hardware denial of service Theo de Raadt
SQL Smuggling douglen
Wednesday, 10 September
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated Mark Thomas
DeepSec 2008 - Conference Schedule DeepSec Conference Vienna
Re: SQL Smuggling Marco Ivaldi
RE: Sun M-class hardware denial of service Michael Wojcik
Re: Chrome(0.2.149.27) title(not the tag) Denial of Service(Freeze) exploit Julien Stuby
Re: Sun M-class hardware denial of service Micheal Patterson
ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability zdi-disclosures
ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability zdi-disclosures
Re: Sun M-class hardware denial of service Bob Beck
Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability Brett Moore
Re: SQL Smuggling Tim
iDefense Security Advisory 09.09.08: Apple QuickTime PICT Integer Overflow Vulnerability iDefense Labs
Multiple Vulnerabilities: LedgerSMB < 1.2.15 Chris Travers
[ MDVSA-2008:189 ] clamav security
iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability iDefense Labs
Windows GDI+ GIF memory corruption Ivan Fratric
[oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS) Will Drewry
Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability packet
Re: Sun M-class hardware denial of service Florian Weimer
[ MDVSA-2008:190 ] postfix security
[SECURITY] [DSA 1635-1] New freetype packages fix multiple vulnerabilities Steve Kemp
ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability zdi-disclosures
Re: Sun M-class hardware denial of service terry white
Thursday, 11 September
[USN-642-1] Postfix vulnerabilities Kees Cook
Ezphotogallery 2.1 Multiple Vulnerabilities ( Xss/Login Bypass/Sql injection Exploit/File Disclosure) irancrash
Re: Sun M-class hardware denial of service Brett Lymn
Re: Sun M-class hardware denial of service Curtis Maloney
ZoneAlarm Security Suite buffer overflow jplopezy
PhpWebGallery 1.3.4 Multiple Vulnerabilities (XSS/LFI) irancrash
sqlvdir.dll ActiveX Remote Buffer Overflow Exploit beenudel1986
PhsBlog v0.2 Bypass Sql injection Filtering Exploit irancrash
minb Remote Code Execution Exploit r3d . w0rm
[security bulletin] HPSBOV02364 SSRT080078 rev.1 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access security-alert
Nooms 1.1 irancrash
Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability Stefan Esser
RE: SQL Smuggling Gary Oleary-Steele
[SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier
[TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences Tobias Klein
Friday, 12 September
[USN-643-1] FreeType vulnerabilities Kees Cook
Server termination in the Unreal engine 3 Luigi Auriemma
[USN-644-1] libxml2 vulnerabilities Kees Cook
[ MDVSA-2008:192 ] libxml2 security
Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability Stefan Esser
[ MDVSA-2008:191 ] rsh security
Clients format strings in the Unreal engine Luigi Auriemma
Re: OpenWiki<--v0.78 Cross-Site Scripting DJeep
Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow Secunia Research
[scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting Marc Ruef
community real-time BGP hijack notification service Gadi Evron
Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit Guns
CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service Core Security Technologies Advisories
Saturday, 13 September
Baidu Hi IM software parsing plaintext stack overflow Li Gen
Monday, 15 September
[ MDVSA-2008:193 ] kolab-server security
[ MDVSA-2008:194 ] apache2 security
[ MDVSA-2008:195 ] apache security
Baidu Hi IM client software DoS bug, div zero make client crash Li Gen
Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS j . v . vallejo
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow Devin Carraway
Critical Vulnerability in Apple Quicktime’s Indeo Codec NGSSoftware Insight Security Research
Tuesday, 16 September
TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow dvlabs
[ MDVSA-2008:196 ] mplayer security
[ MDVSA-2008:182-1 ] wordnet security
Security flaw in Airtel DSL modems shr
[ MDVSA-2008:197 ] koffice security
InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely. Brian Dowling
Failed assertion in the Unreal engine Luigi Auriemma
Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio Shatter
Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS Shatter
[SECURITY] [DSA 1638-1] New openssh packages fix denial of service Florian Weimer
[NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure John Cobb
[Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC Albert Sellarès
[ MDVSA-2008:198 ] R-base security
[ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities adv
[NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting John Cobb
Wednesday, 17 September
[NOBYTES.COM: #13] Quick.Cart v3.1 Freeware - Cross Site Scripting John Cobb
[ MDVSA-2008:197-1 ] koffice security
Skype IM Client Password Disclosure Vulnerability. Aditya K Sood
Miranda IM Client Password Disclosure Vulnerability. Aditya K Sood
Pidgin IM Client Password Disclosure Vulnerability. Aditya K Sood
[AJECT] SurgeMail IMAP 3.9e vulnerability João Antunes
Microsoft Internet Explorer DoS in Rendering Malicious PNG Files. Aditya K Sood
ShmooCon 2009 CFP Bruce Potter
[security bulletin] HPSBMA02369 SSRT080115 rev.1 - HP ProLiant Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris Deployment Solution, Remote SQL Injection, Remote or Local Gain Extended Privileges, Local Denial of Service (DoS) security-alert
rPSA-2008-0278-1 tshark wireshark rPath Update Announcements
rPSA-2008-0276-1 mercurial mercurial-hgk rPath Update Announcements
[ MDVSA-2008:189-1 ] clamav security
Thursday, 18 September
[security bulletin] HPSBOV02364 SSRT080078 rev.2 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access security-alert
Hi Two Points to consider Aditya K Sood
Re: Pidgin IM Client Password Disclosure Vulnerability. Aditya K Sood
RE: Pidgin IM Client Password Disclosure Vulnerability. Quark IT - Hilton Travis
Sama XSS Bug Lagon666
RE: Pidgin IM Client Password Disclosure Vulnerability. Memisyazici, Aras
vi can run arbitrary commands via 'tags' file Eli the Bearded
Friday, 19 September
LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities xsp
PHP pro bid v 6.04 SQL injection Jan van Niekerk
Re: Pidgin IM Client Password Disclosure Vulnerability. John Bailey
Re: Pidgin IM Client Password Disclosure Vulnerability. Steve Shockley
[USN-646-1] rdesktop vulnerabilities Jamie Strandboge
RE: Pidgin IM Client Password Disclosure Vulnerability. Memisyazici, Aras
Re: Pidgin IM Client Password Disclosure Vulnerability. John Bailey
VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman VMware Security Team
Annutel - Annuaire Téléphonique v1.0 Sensetive Files (MDP) sn0oPy . team
RE: Pidgin IM Client Password Disclosure Vulnerability. Quark IT - Hilton Travis
[ GLSA 200809-09 ] Postfix: Denial of Service Pierre-Yves Rofes
[ MDVSA-2008:199 ] wireshark security
[SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code Steve Kemp
Saturday, 20 September
[SECURITY] [DSA 1642-1] New horde3 packages fix cross site scripting Thijs Kinkhorst
[SECURITY] [DSA 1640-1] New python-django packages fix cross site request forgery Thijs Kinkhorst
[SECURITY] [DSA 1634-2] New wordnet packages fix regression Thijs Kinkhorst
[SECURITY] [DSA 1641-1] New phpmyadmin packages fix several issues Thijs Kinkhorst
Advanced Electron Forum <= 1.0.6 Remote Code Execution GulfTech Security Research
MyFWB 1.0 Remote SQL Injection Guns
Monday, 22 September
drupal: Session hijacking vulnerability, CVE-2008-3661 Hanno Böck
MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection Guns
Blue Coat xss jplopezy
"Exploit creation - The random approach" or "Playing with random to build exploits" Nelson Brito
[ GLSA 200809-10 ] Mantis: Multiple vulnerabilities Pierre-Yves Rofes
[ GLSA 200809-11 ] HAVP: Denial of Service Pierre-Yves Rofes
[security bulletin] HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service (DoS) security-alert
Directory traversal in the webadmin of Unreal Tournament 3 1.3 Luigi Auriemma
[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues admin
[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin
[SECURITY] [DSA-1619-2] New python-dns package fixes regression Devin Carraway
Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098 Fabian Fingerle
Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin
Tuesday, 23 September
[ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200809-13 ] R: Insecure temporary file creation Pierre-Yves Rofes
[ MDVSA-2008:200 ] ed security
[ MDVSA-2008:201 ] pan security
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 Hanno Böck
Aruba Mobility Controller Shared Default Certificate nnposter
Xss In Datalife Engine CMS 7.2 hadikiamarsi
[ MDVSA-2008:202 ] phpMyAdmin security
[ MDVSA-2008:203 ] awstats security
menalto gallery: Session hijacking vulnerability, CVE-2008-3102 Hanno Böck
Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks Robbie (Rupinder) Gill
Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues Philipp Hagemeister
Re: Blue Coat xss Hugo van der Kooij
Wednesday, 24 September
mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102) Hanno Böck
[ GLSA 200809-14 ] BitlBee: Security bypass Pierre-Yves Rofes
[ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code Pierre-Yves Rofes
Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos. Aditya K Sood
[USN-645-1] Firefox and xulrunner vulnerabilities Jamie Strandboge
[USN-645-2] Firefox vulnerabilities Jamie Strandboge
Internet Information Service remote set password hamedata
IAS Helper COM Component (iashlpr.dll) activex remote DOS hamedata
Internet Information Service (adsiis.dll) activex remote DOS hamedata
Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Firewall Application Inspection Control Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Multicast Vulnerabilities in Cisco IOS Software Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS IPS Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Re: Advisory : Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos. LIUDIEYU dot COM
Drupal Brilliant Gallery module SQL injection vulnerability Justin C. Klein Keane
Drupal Ajax Checklist Module SQL Injection Vulnerability Justin C. Klein Keane
[ MDVSA-2008:204 ] blender security
Thursday, 25 September
[security bulletin] HPSBOV02364 SSRT080078 rev.3 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access security-alert
php create_function commond injection vulnerability root
Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities alfredo . melloni
[security bulletin] HPSBST02372 SSRT080133 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-052 to MS08-055 security-alert
Re: php create_function commond injection vulnerability lmfao
C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow Idan Ofrat
Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120 Fabian Fingerle
adnforum <= 1.0b / Insecure Cookie Handling Vulnerability Pepelux
Fwd: Returned post for bugtraq () securityfocus com Jose Luis
[USN-645-3] Firefox and xulrunner regression Jamie Strandboge
SQL Injection in EasyRealtorPRO 2008 SmOk3
[ GLSA 200809-16 ] Git: User-assisted execution of arbitrary code Pierre-Yves Rofes
[ GLSA 200809-17 ] Wireshark: Multiple Denials of Service Pierre-Yves Rofes
[ GLSA 200809-18 ] ClamAV: Multiple Denials of Service Pierre-Yves Rofes
Friday, 26 September
[ MDVSA-2008:205 ] mozilla-firefox security
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration Teh Kotak
[USN-647-1] Thunderbird vulnerabilities Jamie Strandboge
Estonian Cyber Security Strategy document -- now available online Gadi Evron
CA Service Desk Multiple Cross-Site Scripting Vulnerabilities Williams, James K
DATAC RealWin 2.0 SCADA Software - Remote PreaAuth Exploit Reversemode
RPG.Board <= 0.0.8Beta2 Remote SQL Injection Guns
The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability Pepelux
multiple vendor ftpd - Cross-site request forgery cxib
Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability Pepelux
Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below) Kenneth Ng
Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector) quakerdoomer
FtitzBox biglowbird
Re: "Exploit creation - The random approach" or "Playing with random to build exploits" Stefano Zanero
[ MDVSA-2008:206 ] mozilla-thunderbird security
Saturday, 27 September
xss in hackmeeting.org wiky
Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC Satan_HackerS
ASP News Remote Password Disclouse Vulnerability Ghost hacker
csphonebook 1.02 Remote XSS Vulnerabilitiy Ghost hacker
shoutbox Remote Password Disclouse Vulnerability Ghost hacker
hyBook Remote Password Disclouse Vulnerability Ghost hacker
Login Password Sample Remote Password Disclouse Vulnerability Ghost hacker
Monday, 29 September
PHP Calendar Script Remote XSS (Permanent) Vulnerabilities tan_prathan
ParsaWeb CMS SQL Injection admin
Verizon FIOS (and DSL?) wireless access point insecure default WEP key Paul
Re: php create_function commond injection vulnerability bzhbfzj3001
RE: Verizon FIOS (and DSL?) wireless access point insecure default WEP key Larry Seltzer
Re: php create_function commond injection vulnerability mnapier
[oCERT-2008-013] MPlayer Real demuxer heap overflow Andrea Barisani
Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. Aditya K Sood
Advisory : Opera Window Object Suppressing Remote Denial of Service Aditya K Sood
Re: php create_function commond injection vulnerability Steven M. Christey
[security bulletin] HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files security-alert
Re: Sun M-class hardware denial of service Florian Weimer
Re: Sun M-class hardware denial of service Theo de Raadt
Re: Sun M-class hardware denial of service Florian Weimer
Re: Sun M-class hardware denial of service Theo de Raadt
Re: Sun M-class hardware denial of service Theo de Raadt
Re: Sun M-class hardware denial of service Brett Lymn
Re: Sun M-class hardware denial of service Theo de Raadt
[ MDVSA-2008:207 ] openafs security
Re: Sun M-class hardware denial of service Theo de Raadt
Re: Sun M-class hardware denial of service Brett Lymn
Re: Sun M-class hardware denial of service Brett Lymn
Re: Sun M-class hardware denial of service Brett Lymn
Re: Sun M-class hardware denial of service Brett Lymn
MS Internet Explorer 7 Denial Of Service Exploit UniquE
Re: Sun M-class hardware denial of service Theo de Raadt
Advisory: Google Chrome Window Object Suppressing Remote Denial of Service. Aditya K Sood
Tuesday, 30 September
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues admin
White Wolf Labs #080922-1: Exploitation Through ActiveSync 4.x Seth Fogie
rPSA-2008-0286-1 mono rPath Update Announcements
Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. Philippe Devallois
[ MDVSA-2008:208 ] pam_mount security
Re: MS Internet Explorer 7 Denial Of Service Exploit Jan van Niekerk
Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit ipsdix
Re: Sun M-class hardware denial of service Bob Beck
Remote File Inclusion Vulnerability Pepelux
MySQL command-line client HTML injection vulnerability Thomas Henlich
International Hacking & Security Conference "POC2008" pocadm
WordPress MU < 2.6 wpmu-blogs.php Crose Site Scrpting vulnerability Juan Galiana
Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service. redb0ne
Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service. ian
[USN-648-1] nasm vulnerability Kees Cook