Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
297 messages
starting Apr 11 09 and
ending Apr 14 09
Date index |
Thread index |
Author index
Aditya K Sood
In Response to Bid 34130 Invalid Aditya K Sood (Apr 11)
[SecNiche Whitepaper] Evading Web XSS Filters with Microsoft Word - WAPT Perspective Aditya K Sood (Apr 01)
Microsoft Internet Explorer 8 - Anti Spoofing is a Myth Aditya K Sood (Apr 01)
admin
SASPCMS Multiple Vulnerabilities admin (Apr 08)
ak
SQL Injection in package DBMS_AQADM_SYS ak (Apr 16)
SQL Injection in package DBMS_AQIN ak (Apr 16)
Unprivileged DB users can see APEX password hashes ak (Apr 16)
Albert Sellarès
skpd: A tool to dump processes to executable ELF files Albert Sellarès (Apr 16)
Remote iodinetd DoS vulnerability on Debian Lenny Albert Sellarès (Apr 27)
Alexander Sotirov
WOOT'09 call for papers Alexander Sotirov (Apr 24)
alphanix00
Exjune Guestbook v2 Remote Database Disclosure Exploit alphanix00 (Apr 09)
OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploit alphanix00 (Apr 08)
Andrew Kuriger
Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Andrew Kuriger (Apr 23)
Andrew L. Davis
Re: security tools list Andrew L. Davis (Apr 28)
Anonymous
Re: [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure Anonymous (Apr 14)
antonia . goodwin
XSS with mod_perl perl_status utility antonia . goodwin (Apr 15)
arvind doraiswamy
Re: Formshield Captcha - Older Version vulnerable to replay attacks arvind doraiswamy (Apr 28)
Formshield Captcha - Older Version vulnerable to replay attacks arvind doraiswamy (Apr 24)
Asterisk Security Team
AST-2009-003: SIP responses expose valid usernames Asterisk Security Team (Apr 03)
Bernardo Damele A. G.
[Tool] sqlmap 0.7rc1 released Bernardo Damele A. G. (Apr 22)
Bernhard Mueller
SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming Bernhard Mueller (Apr 15)
SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure Vulnerability Bernhard Mueller (Apr 15)
Bkis
[Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability Bkis (Apr 08)
[Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities Bkis (Apr 22)
c1c4tr1z
net2ftp <= 0.97 Cross-Site Scripting/Request Forgery c1c4tr1z (Apr 09)
Amaya 11.1 XHTML Parser Buffer Overflow c1c4tr1z (Apr 06)
Carlos Augusto
BugCON '09, Mexico: Call For Papers Carlos Augusto (Apr 14)
Cesar
Opening Intranets to attack by using Internet Explorer [paper] Cesar (Apr 10)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances Cisco Systems Product Security Incident Response Team (Apr 08)
CORE Security Technologies Advisories
CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator CORE Security Technologies Advisories (Apr 21)
Corrado Leita
Reminder: RAID 2009 CFP Corrado Leita (Apr 09)
cxib
PHP 5.2.9 curl safe_mode & open_basedir bypass cxib (Apr 10)
ddivulnalert
DDIVRT-2009-24 Precidia Ether232 Memory Corruption ddivulnalert (Apr 27)
ddvulnalert
DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues ddvulnalert (Apr 16)
Dennis Yurichev
CVE-2009-0991 PoC Dennis Yurichev (Apr 21)
IBM DB2 Dennis Yurichev (Apr 03)
Devin Carraway
[SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities Devin Carraway (Apr 29)
dh
Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 dh (Apr 02)
Digital Security Research Group [DSecRG]
SAP Cfolders Multiple Linked XSS Vulnerabilities Digital Security Research Group [DSecRG] (Apr 22)
SAP Cfolders Multiple Stored XSS Vulnerabilies Digital Security Research Group [DSecRG] (Apr 22)
dontcontactorspamme
[Aria-Security.com] vBulletin multiple XSS dontcontactorspamme (Apr 06)
Dragos Ruiu
EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009) Dragos Ruiu (Apr 02)
DSecRG
[DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities DSecRG (Apr 16)
[DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow DSecRG (Apr 10)
[DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities DSecRG (Apr 14)
[DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download DSecRG (Apr 10)
[DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities DSecRG (Apr 16)
[DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt DSecRG (Apr 16)
dvlabs
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow dvlabs (Apr 07)
TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow dvlabs (Apr 07)
Elazar Broad
Autodesk IDrop ActiveX Control Heap Corruption Vulnerability Elazar Broad (Apr 03)
ew1zz
Miniweb server Multiple Vulnerabilities ew1zz (Apr 16)
Miniweb Buffer Overflow ew1zz (Apr 16)
MonGoose 2.4 Directory Traversal Vulnerability ew1zz (Apr 14)
ewizz
Zervit Webserver Buffer Overflow ewizz (Apr 15)
Florian Weimer
[SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation Florian Weimer (Apr 10)
[SECURITY] [DSA 1772-1] New udev packages fix privilege escalation Florian Weimer (Apr 16)
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution Florian Weimer (Apr 11)
[SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution Florian Weimer (Apr 28)
[SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilities Florian Weimer (Apr 16)
[SECURITY] [DSA 1768-1] New openafs packages potential code execution Florian Weimer (Apr 10)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-09:08.openssl FreeBSD Security Advisories (Apr 22)
FreeBSD Security Advisory FreeBSD-SA-09:07.libc FreeBSD Security Advisories (Apr 22)
gabriel
Linksys WRT54GC - Admin Password Change (POC) gabriel (Apr 20)
Gadi Evron
one shot remote root for linux? Gadi Evron (Apr 28)
Gerardo García Peña
Summer Camp Garrotxa 2009 event Gerardo García Peña (Apr 10)
Henri Lindberg - Smilehouse Oy
IBM BladeCenter Advanced Management Module Multiple vulnerabilities Henri Lindberg - Smilehouse Oy (Apr 09)
iDefense Labs
iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability iDefense Labs (Apr 29)
iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability iDefense Labs (Apr 28)
iDefense Security Advisory 04.15.09: IBM AIX muxatmd Buffer Overflow Vulnerability iDefense Labs (Apr 16)
iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability iDefense Labs (Apr 16)
iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability iDefense Labs (Apr 14)
IrIsT . Ir
MataChat Cross-Site Scripting Vulnerabilities IrIsT . Ir (Apr 27)
Jamie Strandboge
[USN-762-1] APT vulnerabilities Jamie Strandboge (Apr 21)
[USN-754-1] ClamAV vulnerabilities Jamie Strandboge (Apr 07)
[USN-760-1] CUPS vulnerability Jamie Strandboge (Apr 17)
[USN-756-1] ClamAV vulnerability Jamie Strandboge (Apr 13)
[USN-765-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Apr 28)
[USN-764-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Apr 23)
Jeremy Brown
Re: Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) Jeremy Brown (Apr 21)
jplopezy
Trend Micro OfficeScan Client - DOS jplopezy (Apr 21)
Julien TINNES
Massive exploitation of instant messaging applications proved feasible Julien TINNES (Apr 01)
Kees Cook
[USN-758-1] udev vulnerabilities Kees Cook (Apr 15)
[USN-752-1] Linux kernel vulnerabilities Kees Cook (Apr 07)
[USN-755-1] Kerberos vulnerabilities Kees Cook (Apr 08)
k g
Cyber Warfare Conference: Agenda k g (Apr 03)
laurent . desaulniers
OSCommerce Session Fixation Vulnerability laurent . desaulniers (Apr 02)
LayerOne Call For Papers
LayerOne 2009 - Registration Open, Initial Speakers Announced LayerOne Call For Papers (Apr 07)
Marc Deslauriers
[USN-759-1] poppler vulnerabilities Marc Deslauriers (Apr 17)
[USN-757-1] Ghostscript vulnerabilities Marc Deslauriers (Apr 15)
[USN-763-1] xine-lib vulnerabilities Marc Deslauriers (Apr 21)
[USN-767-1] FreeType vulnerability Marc Deslauriers (Apr 28)
[USN-753-1] PostgreSQL vulnerability Marc Deslauriers (Apr 07)
[USN-761-1] PHP vulnerabilities Marc Deslauriers (Apr 21)
[USN-766-1] acpid vulnerability Marc Deslauriers (Apr 28)
[USN-761-2] PHP vulnerabilities Marc Deslauriers (Apr 28)
Marco Mella
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration Marco Mella (Apr 07)
marianiscc
Re: PHP-Revista Multiple vulnerabilities marianiscc (Apr 13)
Mario Alejandro Vilas Jerez
Python winappdbg module v1.0 is out! Mario Alejandro Vilas Jerez (Apr 21)
Mark-David McLaughlin (marmclau)
RE: Cisco ASA5520 Web VPN Host Header XSS Mark-David McLaughlin (marmclau) (Apr 24)
Mark Thomas
[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Mark Thomas (Apr 07)
CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability Mark Thomas (Apr 24)
Matteo Beccati
[OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities Matteo Beccati (Apr 02)
Matthew Dempsky
Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
mcyr2
Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) mcyr2 (Apr 20)
HP Deskjet 6800 XSS in Web Interface mcyr2 (Apr 11)
mefuentes61
Re: Critical SQL Injection PHPNuke <= 7.8 - Your_Account module mefuentes61 (Apr 13)
Memisyazici, Aras
RE: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2--> Memisyazici, Aras (Apr 28)
Michael Wiegand
OpenVAS now beyond 10000 Network Vulnerability Tests Michael Wiegand (Apr 09)
Michal Zalewski
Re: Microsoft Internet Explorer 8 - Anti Spoofing is a Myth Michal Zalewski (Apr 01)
Mobile Security Lab
MSL-2009-001 - Samsung Missing Provisioning Authentication Mobile Security Lab (Apr 24)
Moritz Muehlenhoff
[SECURITY] [DSA 1763-1] New openssl packages fix denial of service Moritz Muehlenhoff (Apr 06)
[SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities Moritz Muehlenhoff (Apr 08)
mozilla
ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service mozilla (Apr 17)
Nam Nguyen
[BMSA 2009-04] Remote DoS in Internet Explorer Nam Nguyen (Apr 11)
Nico Golde
[SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service Nico Golde (Apr 09)
[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities Nico Golde (Apr 09)
[SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting Nico Golde (Apr 22)
[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure Nico Golde (Apr 03)
noreply-secresearch () fortinet com
Microsoft Office Excel Remote Memory Corruption Vulnerability noreply-secresearch () fortinet com (Apr 15)
FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability noreply-secresearch () fortinet com (Apr 09)
nospam
ftpdmin v. 0.96 RNFR remote buffer overflow exploit nospam (Apr 11)
Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit nospam (Apr 09)
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit nospam (Apr 03)
Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability nospam (Apr 09)
Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit nospam (Apr 16)
Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit nospam (Apr 29)
Oliver Goebel
[IMF 2009] 2nd Call for Papers - Submission Open Oliver Goebel (Apr 17)
Patrick Webster
ContentKeeper - Remote command execution and privilege escalation Patrick Webster (Apr 02)
Q2 Solutions ConnX - SQL Injection Vulnerability Patrick Webster (Apr 02)
Asbru Web Content Management Vulnerabilities Patrick Webster (Apr 02)
Pete Herzog
OSSTMM 3 Sample Released Pete Herzog (Apr 07)
Philippe Mailinglist
Hacker Space Fest 2009 CFP: Call For Paper Philippe Mailinglist (Apr 13)
Pierre-Yves Rofes
[ GLSA 200904-20 ] CUPS: Multiple vulnerabilities Pierre-Yves Rofes (Apr 24)
[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code Pierre-Yves Rofes (Apr 17)
[ GLSA 200904-06 ] Eye of GNOME: Untrusted search path Pierre-Yves Rofes (Apr 07)
[ GLSA 200904-05 ] ntp: Certificate validation error Pierre-Yves Rofes (Apr 06)
[ GLSA 200904-13 ] Ventrilo: Denial of Service Pierre-Yves Rofes (Apr 14)
[ GLSA 200904-14 ] F-PROT Antivirus: Denial of Service Pierre-Yves Rofes (Apr 14)
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities Pierre-Yves Rofes (Apr 20)
[ GLSA 200904-01 ] Openfire: Multiple vulnerabilities Pierre-Yves Rofes (Apr 03)
[ GLSA 200904-18 ] udev: Multiple vulnerabilities Pierre-Yves Rofes (Apr 20)
Positron Security
Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness Positron Security (Apr 29)
prabhup
Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 prabhup (Apr 10)
publists
OpenX 2.6.4 multiple vulnerabilities publists (Apr 01)
rembrandt
OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic) rembrandt (Apr 13)
reportback
Sungard Banner System XSS reportback (Apr 20)
research
Phorum < 5.2.10 Cross-Site Scripting/Request Forgery research (Apr 16)
Robbie Gill
Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication Robbie Gill (Apr 24)
Robert Buchholz
[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code Robert Buchholz (Apr 20)
[ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities Robert Buchholz (Apr 09)
[ GLSA 200904-11 ] Tor: Multiple vulnerabilities Robert Buchholz (Apr 09)
[ GLSA 200904-07 ] Xpdf: Untrusted search path Robert Buchholz (Apr 07)
[ GLSA 200904-08 ] OpenSSL: Denial of Service Robert Buchholz (Apr 07)
[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code Robert Buchholz (Apr 17)
[ GLSA 200904-10 ] Avahi: Denial of Service Robert Buchholz (Apr 09)
[ GLSA 200904-02 ] GLib: Execution of arbitrary code Robert Buchholz (Apr 03)
[ GLSA 200904-03 ] Gnumeric: Untrusted search path Robert Buchholz (Apr 03)
rPath Update Announcements
rPSA-2009-0061-1 cups rPath Update Announcements (Apr 17)
rPSA-2009-0060-1 ghostscript rPath Update Announcements (Apr 17)
rPSA-2009-0062-1 tshark wireshark rPath Update Announcements (Apr 17)
rPSA-2009-0063-1 udev rPath Update Announcements (Apr 17)
rPSA-2009-0057-1 m2crypto openssl openssl-scripts rPath Update Announcements (Apr 03)
rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (Apr 08)
rPSA-2009-0064-1 icu rPath Update Announcements (Apr 17)
rPSA-2009-0059-1 poppler rPath Update Announcements (Apr 17)
sales
Re: [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities sales (Apr 23)
Salvatore "drosophila" Fresta
Loggix Project 9.4.5 Blind SQL Injection Salvatore "drosophila" Fresta (Apr 10)
Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Apr 10)
Creasito e-commerce content manager Authentication Bypass Salvatore "drosophila" Fresta (Apr 20)
Joomla Component com_bookjoomlas SQL Injection Vulnerability Salvatore "drosophila" Fresta (Apr 06)
Family Connections 1.8.2 Arbitrary File Upload Salvatore "drosophila" Fresta (Apr 03)
AdaptBB 1.0 Beta Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Apr 09)
Tiny Blogr 1.0.0 rc4 Authentication Bypass Salvatore "drosophila" Fresta (Apr 17)
Family Connections 1.8.2 Blind SQL Injection (Correct Version) Salvatore "drosophila" Fresta (Apr 03)
Family Connections <= 1.8.2 - Remote Shell Upload Exploit Salvatore "drosophila" Fresta (Apr 03)
Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Apr 20)
Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities Salvatore "drosophila" Fresta (Apr 24)
PHP-agenda <= 2.2.5 Remote File Overwriting Salvatore "drosophila" Fresta (Apr 10)
Malleo 1.2.3 Local File Inclusion Vulnerability Salvatore "drosophila" Fresta (Apr 17)
SEC Consult Research
Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 SEC Consult Research (Apr 29)
Secunia Research
Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow Secunia Research (Apr 15)
Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow Secunia Research (Apr 15)
Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability Secunia Research (Apr 17)
Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow Secunia Research (Apr 17)
Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Secunia Research (Apr 09)
Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow Secunia Research (Apr 07)
Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities Secunia Research (Apr 01)
Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities Secunia Research (Apr 01)
Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow Secunia Research (Apr 16)
Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method Secunia Research (Apr 15)
Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow Secunia Research (Apr 15)
Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow Secunia Research (Apr 28)
secure
Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit secure (Apr 30)
security
[ MDVSA-2009:097 ] clamav security (Apr 27)
[ MDVSA-2009:101 ] xpdf security (Apr 29)
[ MDVSA-2009:089 ] opensc security (Apr 10)
[ MDVSA-2009:087 ] openssl security (Apr 06)
[ MDVSA-2009:086 ] gstreamer-plugins security (Apr 06)
[ MDVSA-2009:099 ] openafs security (Apr 28)
Re: [Aria-Security.com] vBulletin multiple XSS security (Apr 08)
[ MDVSA-2009:096 ] printer-drivers security (Apr 24)
[ MDVSA-2009:097 ] clamav security (Apr 27)
[ MDVSA-2009:096-1 ] printer-drivers security (Apr 27)
[ MDVSA-2009:093 ] mpg123 security (Apr 22)
[ MDVSA-2009:084 ] firefox security (Apr 01)
[ MDVSA-2009:088 ] wireshark security (Apr 09)
[ MDVSA-2009:098 ] krb5 security (Apr 27)
[ MDVSA-2009:090 ] php security (Apr 10)
[ MDVSA-2009:095 ] ghostscript security (Apr 24)
[ MDVSA-2009:094 ] mysql security (Apr 22)
[ MDVSA-2009:092 ] ntp security (Apr 13)
Juniper Advisory security (Apr 24)
[ MDVSA-2009:083 ] mozilla-thunderbird security (Apr 01)
Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass security (Apr 28)
[ MDVSA-2009:085 ] gstreamer0.10-plugins-base security (Apr 02)
[ MDVA-2009:057 ] usermode security (Apr 29)
[ MDVSA-2009:091 ] mod_perl security (Apr 13)
security-alert
[security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Apr 07)
[security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code security-alert (Apr 09)
[security bulletin] HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access security-alert (Apr 01)
[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Apr 27)
[security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access security-alert (Apr 20)
[security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Apr 29)
[security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access security-alert (Apr 07)
[security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges security-alert (Apr 20)
[security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access security-alert (Apr 28)
[security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data security-alert (Apr 09)
S. Praburaajan
HITBSecConf2009 - Malaysia: Call for Papers S. Praburaajan (Apr 15)
Stefan Kanthak
Windows Update (re-)installs outdated Flash ActiveX on Windows XP Stefan Kanthak (Apr 20)
Steffen Joeris
[SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution Steffen Joeris (Apr 29)
[SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting Steffen Joeris (Apr 17)
[SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution Steffen Joeris (Apr 29)
[SECURITY] [DSA 1762-1] New icu packages fix cross site scripting Steffen Joeris (Apr 02)
[SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution Steffen Joeris (Apr 17)
[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting Steffen Joeris (Apr 13)
[SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities Steffen Joeris (Apr 08)
[SECURITY] [DSA 1775-1] New php-json-ext packages fix denial of service Steffen Joeris (Apr 20)
Steve Shockley
Re: ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability Steve Shockley (Apr 30)
Tavis Ormandy
Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities Tavis Ormandy (Apr 22)
tech107
Re: OSCommerce Session Fixation Vulnerability tech107 (Apr 14)
Thierry Zoller
[TZO-08-2009] Bitdefender generic bypass/evasion Thierry Zoller (Apr 17)
[TZO-05-2009] Clamav 0.94 and below - Evasion /bypass Thierry Zoller (Apr 02)
[TZO-15-2009] Aladdin eSafe generic bypass - Forced release Thierry Zoller (Apr 27)
Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller (Apr 29)
[TZO-12-2009] SUN / Oracle JVM Remote code execution Thierry Zoller (Apr 22)
[TZO-16-2009] Nod32 CAB bypass/evasion Thierry Zoller (Apr 29)
[TZO-14-2009] Comodo Antivirus RAR evasion Thierry Zoller (Apr 27)
Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypass Thierry Zoller (Apr 28)
[TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller (Apr 29)
[TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details) Thierry Zoller (Apr 17)
[TZO-09-2009] Avast bypass / evasion (Limited details) Thierry Zoller (Apr 17)
[TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details) Thierry Zoller (Apr 02)
Re: Trend Micro OfficeScan Client - DOS Thierry Zoller (Apr 21)
[TZO-07-2009] F-PROT ZIP Method evasion Thierry Zoller (Apr 02)
[TZO-13-2009] Avira Antivir generic CAB evasion / bypass Thierry Zoller (Apr 27)
Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details) Thierry Zoller (Apr 20)
[TZO-11-2009] Fortinet bypass / evasion (Limited details) Thierry Zoller (Apr 17)
Thijs Kinkhorst
[SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalation Thijs Kinkhorst (Apr 21)
[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities Thijs Kinkhorst (Apr 27)
[SECURITY] [DSA 1777-1] New git-core packages fix privilege escalation Thijs Kinkhorst (Apr 21)
Tobias Heinlein
[ GLSA 200904-04 ] WeeChat: Denial of Service Tobias Heinlein (Apr 06)
[ GLSA 200904-12 ] Wicd: Information disclosure Tobias Heinlein (Apr 10)
Tobias Klein
[TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow Tobias Klein (Apr 06)
Tomi Tuominen
T2'09: Call for Papers 2009 (Helsinki / Finland) Tomi Tuominen (Apr 27)
Tom Yu
MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] Tom Yu (Apr 07)
MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] Tom Yu (Apr 07)
Valery Marchuk
[Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities Valery Marchuk (Apr 13)
Vladimir '3APA3A' Dubrovin
Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Vladimir '3APA3A' Dubrovin (Apr 22)
VMware Security team
VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim VMware Security team (Apr 01)
VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability VMware Security Team (Apr 10)
VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues VMware Security Team (Apr 06)
vpandey
Re: In Response to Bid 34130 Invalid vpandey (Apr 11)
Bid 34130 Invalid vpandey (Apr 10)
xiashing
Remote access vulnerability using File Thingie v2.5.4 xiashing (Apr 02)
Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007 XiaShing (Apr 20)
y3nh4ck3r
CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES--> y3nh4ck3r (Apr 17)
CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION y3nh4ck3r (Apr 20)
MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> y3nh4ck3r (Apr 28)
CLAN TIGER CMS--(module custompage.php) BLIND SQL INJECTION--> y3nh4ck3r (Apr 17)
webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY-- y3nh4ck3r (Apr 16)
MixedCMS 1.0--Multiple Remote Vulnerabilities--> y3nh4ck3r (Apr 21)
CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)--> y3nh4ck3r (Apr 17)
WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit--> y3nh4ck3r (Apr 20)
SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2--> y3nh4ck3r (Apr 27)
MULTIPLE REMOTE VULNERABILITIES--Leap CMS 0.1.4--> y3nh4ck3r (Apr 30)
REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30--> y3nh4ck3r (Apr 24)
Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI--> y3nh4ck3r (Apr 20)
SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final--> y3nh4ck3r (Apr 29)
FOWLCMS 1.1--Multiple Remote Vulnerabilities--> y3nh4ck3r (Apr 23)
Ying
security tools list Ying (Apr 28)
Security tools list: First Version Ying (Apr 30)
ZDI Disclosures
ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability ZDI Disclosures (Apr 29)
ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability ZDI Disclosures (Apr 07)
ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability ZDI Disclosures (Apr 14)