Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
263 messages
starting Aug 03 09 and
ending Aug 31 09
Date index |
Thread index |
Author index
Monday, 03 August
[ MDVSA-2009:185 ] firefox security
[ MDVSA-2009:186 ] firebird security
[ MDVSA-2009:187 ] nagios security
[ MDVSA-2009:188 ] php4-eaccelerator security
[ GLSA 200908-01 ] OpenSC: Multiple vulnerabilities Tobias Heinlein
[ MDVSA-2009:189 ] apache-mod_auth_mysql security
[ GLSA 200908-02 ] BIND: Denial of Service Alex Legler
Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) Roee Hay
[SECURITY] [DSA 1848-1] New znc packages fix remote code execution Florian Weimer
[SECURITY] [DSA 1849-1] New xml-security-c packages fix signature forgery Florian Weimer
[ MDVSA-2009:190 ] OpenEXR security
[ MDVSA-2009:191 ] OpenEXR security
AST-2009-004: Remote Crash Vulnerability in RTP stack Asterisk Security Team
[security bulletin] HPSBMA02445 SSRT090058 rev.1 - HP Serviceguard Manager, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert
[security bulletin] HPSBUX02181 SSRT061289 rev.4 - HP-UX Running IPFilter, Remote Denial of Service (DoS) security-alert
Blink Blog System Authentication Bypass Salvatore Fresta aka Drosophila
Cross-Site Scripting vulnerabiliy in Firefox and Opera MustLive
Discloser 0.0.4-rc2 SQL Injection Vulnerability Salvatore Fresta aka Drosophila
Tuesday, 04 August
Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager Shatter
[SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution Steffen Joeris
SAP Business One 2005 Remote Buffer Overflow Vulnerability. mikey27
Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability palmprehacker
[BONSAI] SQL Injection in CS-Cart Bonsai - Information Security
Re: Multiple Flaws in Huawei D100 wojwar
Wednesday, 05 August
[USN-810-1] NSS vulnerabilities Jamie Strandboge
[USN-810-2] NSPR update Jamie Strandboge
[USN-811-1] Firefox and Xulrunner vulnerability Jamie Strandboge
[ MDVSA-2009:192 ] phpmyadmin security
Multiple Flaws in Huawei SmartAX MT880 [was: Multiple Flaws in Huawei D100] jerome . athias
ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability ZDI Disclosures
ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability ZDI Disclosures
ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability ZDI Disclosures
ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability ZDI Disclosures
Thursday, 06 August
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666) ma+bt
[ MDVSA-2009:194 ] wireshark security
[SECURITY] [DSA 1851-1] New gst-plugins-bad0.10 packages fix arbitrary code execution Steffen Joeris
[ MDVSA-2009:193 ] ruby security
[ MDVSA-2009:195 ] apr security
[CSS09-01] SlideShowPro Director File Disclosure Vulnerability Scott Miles
iDefense Security Advisory 08.06.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability iDefense Labs
OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error katie . french
iDefense Security Advisory 08.06.09: IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability iDefense Labs
iDefense Security Advisory 08.06.09: Adobe Flash Player URL Parsing Heap Overflow Vulnerability iDefense Labs
[ MDVSA-2009:195-1 ] apr security
iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability iDefense Labs
Friday, 07 August
CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Kotas, Kevin J
CA20090806-01: Security Notice for Data Transport Services Kotas, Kevin J
CFP: International workshop on Secure Software Engineering secse
[ GLSA 200908-03 ] libTIFF: User-assisted execution of arbitrary code Robert Buchholz
[ GLSA 200908-04 ] Adobe products: Multiple vulnerabilities Robert Buchholz
[security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBOV02452 SSRT090161 rev.1 - HP TCP/IP Services for OpenVMS BIND Server Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service (DoS) security-alert
[SECURITY] [DSA 1852-1] New fetchmail packages fix SSL certificate verification weakness Nico Golde
Subversion heap overflow Matt Lewis
[SECURITY] [DSA 1853-1] New memcached packages fix arbitrary code execution Nico Golde
[ MDVSA-2009:196 ] samba security
iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability iDefense Labs
ASUS Eee PC and other series: BIOS SMM privilege escalation vulnerabilities core collapse
ZDI-09-051: EMC Replication Manager Client Control Service Remove Code Execution Vulnerability ZDI Disclosures
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability ZDI Disclosures
Monday, 10 August
[USN-813-3] apr-util vulnerability Jamie Strandboge
[SECURITY] [DSA 1857-1] New camlimages packages fix arbitrary code execution Steffen Joeris
[ MDVSA-2009:161-1 ] squid security
[ MDVSA-2009:198 ] firefox security
[NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite Adam Baldwin
[USN-813-1] apr vulnerability Jamie Strandboge
[SECURITY] [DSA 1854-1] New APR packages fix arbitrary code execution Florian Weimer
[RT-SA-2009-005] Papoo CMS: Authenticated Arbitrary Code Execution RedTeam Pentesting GmbH
[USN-813-2] Apache vulnerability Jamie Strandboge
[SECURITY] [DSA 1855-1] New subversion packages fix arbitrary code execution Florian Weimer
[USN-812-1] Subversion vulnerability Jamie Strandboge
[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF) Adam Baldwin
XSS in SqLiteManager hadikiamarsi
[SECURITY] [DSA 1856-1] New mantis packages fix information leak Thijs Kinkhorst
[ MDVSA-2009:199 ] subversion security
[ MDVSA-2009:197 ] nss security
[SECURITY] [DSA 1843-2] New squid3 packages fix regression Nico Golde
[SECURITY] [DSA 1858-1] New imagemagick packages fix several vulnerabilities Luciano Bello
[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues Nico Golde
Tuesday, 11 August
[USN-814-1] openjdk-6 vulnerabilities Kees Cook
[security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS) security-alert
AST-2009-005: Remote Crash Vulnerability in SIP channel driver Asterisk Security Team
IE7 Script James C. Slora Jr.
TPTI-09-06: Microsoft Windows Workstation Service NetrGetJoinInformation Heap Corruption Vulnerability dvlabs
Sql injection in OCS Inventory NG Server 1.2.1 gmcbr0 gmcbr0
[USN-815-1] libxml2 vulnerabilities Marc Deslauriers
ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability ZDI Disclosures
ZDI-09-057: Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability ZDI Disclosures
ZDI-09-053: Microsoft Windows WINS Service Heap Overflow Vulnerability ZDI Disclosures
ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability ZDI Disclosures
ZDI-09-056: Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability ZDI Disclosures
[security bulletin] HPSBTU02454 SSRT080172 rev.1 - HP Internet Express for Tru64 UNIX Running Samba, Remote Information Disclosure security-alert
Wednesday, 12 August
Re: Multiple vulnerabilities in several ATEN IP KVM Switches starchang
[PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability Valery Marchuk
Chavoosh CMS SQL Injection Vulnerability faghani
2WIRE Gateway Authentication Bypass & Password Reset hkm
Plume CMS Multiple SQL Injection Vulnerabilities - Security Advisory - SOS-09-006 Lists
[security bulletin] HPSBUX02437 SSRT090038 rev.2 - HP-UX Running XNTP, Remote Execution of Arbitrary Code security-alert
Hijacking Safari 4 Top Sites with Phish Bombs Inferno
JibberBook GuestBook 2.3 Multiple Vulnerabilities contact
[DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability Alexandr Polyakov
[ MDVSA-2009:200 ] libxml security
Microsoft Wordpad Memory Exhaustion (msftedit) murderkey
[ MDVSA-2009:201 ] fetchmail security
[SECURITY] [DSA 1860-1] New Ruby packages fix several issues Florian Weimer
Thursday, 13 August
[USN-816-1] fetchmail vulnerability Kees Cook
Elkapax CMS Cross site scripting vulnerability faghani
Authentication Bypass of Snom Phone Web Interface Walter Sprenger
Windows 7 Firewire Attacks - and Defense Techniques Security Research Publications
[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities security-alert
Static analysis tool exposition (SATE) 2009 - call for participation Vadim Okun
Chris Paget Defcon RFID Presentation Slides Now Online Timothy (Thor) Mullen
Fwd: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down Jeffrey Walton
Re: Re: Re: Back door trojan in acajoom-3.2.6 for joomla elkekas
KIWICON ]|[ - 2009 Call For Papers Kiwicon <3
Linux NULL pointer dereference due to incorrect proto_ops initializations Tavis Ormandy
[IMF 2009] Call for Participation Oliver Goebel
[SECURITY] [DSA 1861-1] New libxml packages fix several issues Nico Golde
Friday, 14 August
Re: Linux NULL pointer dereference due to incorrect proto_ops initializations Przemyslaw Frasunek
new vulnerability founded by ostoure ostoure . sazan
ICQ 6.5 HTML-injection vulnerability ss_contacts
ClubHack2009: Call for Papers/Speakers ClubHack
[ MDVSA-2009:202 ] memcached security
[SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation dann frazier
Monday, 17 August
[SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution Nico Golde
[ MDVSA-2009:203 ] curl security
DUgallery 3.0 / Remote Admin Bug spymeta
[DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies research
[SECURITY] [DSA 1864-1] New Linux 2.6.24 packages fix privilege escalation dann frazier
Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit ostoure . sazan
Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Lists
DeepSec 2009 - Preliminary Schedule is online DeepSec Conference
[DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities research
[DSECRG-09-051] Adobe JRun 4 Multiple XSS research
[ MDVSA-2009:204 ] wxgtk security
[SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local contact . fingers
Tuesday, 18 August
[ MDVSA-2009:205 ] kernel security
Vtiger CRM 5.0.4 Multiple Vulnerabilities ascii
Safari buffer overflow Leon Juranic
Re: [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies Mike Duncan
Re: Multiple vulnerabilities in several ATEN IP KVM Switches Glenn Rossi
Re: common dns misconfiguration can lead to "same site" scripting saik0pod
[USN-818-1] curl vulnerability Kees Cook
ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service brad . antoniewicz
Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability Cisco Systems Product Security Incident Response Team
(Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service dm
[security bulletin] HPSBMA02448 SSRT061231 rev.1 - HP Network Node Manager (NNM) Remote Console Running on Windows, Local Execution of Arbitrary Code, Denial of Service (DoS) security-alert
[ GLSA 200908-07 ] Perl Compress::Raw modules: Denial of Service Alex Legler
CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System Kotas, Kevin J
[ GLSA 200908-05 ] Subversion: Remote execution of arbitrary code Alex Legler
[ GLSA 200908-08 ] ISC DHCP: dhcpd Denial of Service Alex Legler
[ GLSA 200908-10 ] Dillo: User-assisted execution of arbitrary code Alex Legler
CA20090818-02: Security Notice for CA Internet Security Suite Kotas, Kevin J
[ GLSA 200908-06 ] CDF: User-assisted execution of arbitrary code Alex Legler
[ GLSA 200908-09 ] DokuWiki: Local file inclusion Alex Legler
Wednesday, 19 August
CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability CORE Security Technologies Advisories
[SECURITY] [DSA 1868-1] New kde4libs packages fix several vulnerabilities Steffen Joeris
rPSA-2009-0118-1 mod_dav_svn subversion rPath Update Announcements
[SECURITY] [DSA 1867-1] New kdelibs packages fix several vulnerabilities Steffen Joeris
rPSA-2009-0119-1 apr apr-util rPath Update Announcements
[SECURITY] [DSA 1866-1] New kdegraphics packages fix several vulnerabilities Steffen Joeris
rPSA-2009-0121-1 kernel open-vm-tools rPath Update Announcements
ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability ZDI Disclosures
ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities ZDI Disclosures
[ MDVSA-2009:206 ] wget security
Re: Elkapax CMS Cross site scripting vulnerability security curmudgeon
[USN-802-2] Apache regression Marc Deslauriers
Cisco Security Advisory: Firewall Services Module Crafted ICMP Message Vulnerability Cisco Systems Product Security Incident Response Team
Adobe Flex 3.3 SDK DOM-Based XSS labs
iDefense Security Advisory 08.11.09: Microsoft Office Web Components 2000 Buffer Overflow Vulnerability iDefense Labs
[SECURITY] [DSA 1869-1] New curl packages fix SSL certificate verification weakness Nico Golde
Thursday, 20 August
[ MDVSA-2009:207 ] perl-Compress-Raw-Bzip2 security
[SECURITY] [DSA 1870-1] New pidgin packages fix arbitrary code execution Nico Golde
[Bkis-11-2009] ProShow Gold Buffer Overflow Vulnerabilities Bkis
[USN-809-1] GnuTLS vulnerabilities Jamie Strandboge
iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability iDefense Labs
[USN-820-1] Pidgin vulnerability Marc Deslauriers
Bypassing OWASP ESAPI XSS Protection inside Javascript Inferno
iDefense Security Advisory 08.11.09: Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability iDefense Labs
iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability iDefense Labs
RE: Bypassing OWASP ESAPI XSS Protection inside Javascript Schmidt, Chris
t2?09 Challenge - Free Tickets Available Tomi Tuominen
SQL Injection vulnerabilities in Subdreamer CMS itweb
[ MDVSA-2009:208 ] libgadu security
Friday, 21 August
[USN-817-1] Thunderbird vulnerabilities Jamie Strandboge
[ MDVSA-2009:209 ] java-1.6.0-openjdk security
[ MDVSA-2009:210 ] gnutls security
VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server VMware Security team
Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier ryan . wessels
Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities gamr-14
Re: Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier Eloy Paris
Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability hever
DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome MustLive
Monday, 24 August
FreeBSD <= 6.1 kqueue() NULL pointer dereference Przemyslaw Frasunek
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities Steffen Joeris
Local Kernel Buffer Overflow vulnerability in Avast! s . leberre
[ MDVSA-2009:211 ] expat security
Radvision's Scopia Cross Site Scripting Vulnerabilities Francesco Bianchino
[ MDVSA-2009:212 ] python security
[ MDVSA-2009:212 ] python security
CoolPreviews - Firefox Extension - Chrome Privileged Code Injection Roberto Suggi Liverani
[ MDVSA-2009:213 ] wxgtk security
WM Downloader (.Smi/ .Ram/ .pls/ .smil/ .wax/ .wpl File) Local Buffer Overflow Exploit the_3dit0r
[ MDVSA-2009:213 ] wxgtk security
[ MDVSA-2009:214 ] python-celementtree security
[ MDVSA-2009:215 ] audacity security
[ MDVSA-2009:216 ] mozilla-thunderbird security
[ MDVSA-2009:217 ] mozilla-thunderbird security
Feed Sidebar Firefox Extension - Privileged Code Injection Nick Freeman
ScribeFire Firefox Extension - Privileged Code Injection Nick Freeman
WizzRSS Firefox Extension - Privileged Code Injection Nick Freeman
AiO ( All into One) Flash Mixer 3 (.afp File) Crash Vulnerability Exploit the_3dit0r
FLIP Flash Album Deluxe 1.8.407.1 (.fft File) Crash Vulnerability Exploit the_3dit0r
Update Scanner - Firefox Extension - Chrome Privileged Code Injection Roberto Suggi Liverani
DoS vulnerability in Google Chrome MustLive
Packet Storm is back online. Packet Storm
Re: SQL Injection vulnerabilities in Subdreamer CMS ziad
[ MDVSA-2009:218 ] w3c-libwww security
[ MDVSA-2009:219 ] kompozer security
[SECURITY] [DSA 1872-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
[USN-822-1] KDE-Libs vulnerabilities Marc Deslauriers
rPSA-2009-0122-1 idle python rPath Update Announcements
[ MDVSA-2009:220 ] davfs security
[USN-823-1] KDE-Graphics vulnerabilities Marc Deslauriers
rPSA-2009-0124-1 curl rPath Update Announcements
[USN-824-1] PHP vulnerability Marc Deslauriers
rPSA-2009-0123-1 apr-util rPath Update Announcements
[USN-825-1] libvorbis vulnerability Marc Deslauriers
Tuesday, 25 August
[ MDVSA-2009:221 ] libneon0.27 security
Xerox WorkCentre multiple models Denial of Service Henri Lindberg - Smilehouse Oy
CONFidence 2009, November, CfP Andrzej Targosz
RE: DoS vulnerability in Google Chrome advisories
EesySec Personal Firewall Remote Buffer Overflow Exploit the_3dit0r
Re: DoS vulnerability in Google Chrome MustLive
HyperVM File Permissions Local Vulnerability XiaShing
Re: [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage phcoder
[security bulletin] HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS) security-alert
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution Florian Weimer
iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability iDefense Labs
Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC David Litchfield
Bypassing DBMS_ASSERT in certain situations David Litchfield
Oracle 11g (11.1.0.6) Password Policy and Compliance David Litchfield
H4RDW4RE presentations updated Thor (Hammer of God)
Wednesday, 26 August
Re: DoS vulnerability in Google Chrome advisories
[PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability Valery Marchuk
RE: H4RDW4RE presentations updated Thor (Hammer of God)
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
[MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9 Andrew Horton
[SECURITY] [DSA 1873-1] New xulrunner packages fix spoofing vulnerabilities Moritz Muehlenhoff
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities Moritz Muehlenhoff
[USN-826-1] Mono vulnerabilities Marc Deslauriers
Thursday, 27 August
[SECURITY] [DSA 1871-2] New wordpress packages fix regression Steffen Joeris
Friday, 28 August
Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter Shatter
Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon MustLive
[ MDVSA-2009:222 ] squirrelmail security
Monday, 31 August
[ MDVSA-2009:223 ] xerces-c security
[ MDVSA-2009:224 ] postfix security
Writeup by Amit Klein (Trusteer): "Google Chrome 3.0 (Beta) Math.random vulnerability" Amit Klein
Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture Ramon de Carvalho Valle
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows Stefan Kanthak
[SECURITY] [DSA 1875-1] New ikiwiki packages fix information disclosure Moritz Muehlenhoff