Bugtraq: by date

247 messages starting Feb 02 09 and ending Feb 27 09
Date index | Thread index | Author index

Monday, 02 February

[ MDVSA-2009:031 ] avahi security
VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages VMware Security Team
[SECURITY] [DSA 1716-1] New vnc4 packages fix remote code execution Florian Weimer
BruCON call for papers Filip Waeytens
[ MDVSA-2009:032 ] kernel security
Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows Secunia Research
[Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation vulns
Secunia Research: Free Download Manager Remote Control Server Buffer Overflow Secunia Research
ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability zdi-disclosures

Tuesday, 03 February

Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC xhakerman2006
Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2 mkanat
Web Hacking Incidents update for Feb 3rd Ofer Shezaf
NaviCopa webserver 3.01 Multiple Vulnerabilities ew1zz
SMF 1.1.7 Persistent XSS (requires permision to edit censor) Eduardo Vela
[security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access security-alert
Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit 0in . email
Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART Shatter
Call for papers and trainers - note extended deadline - SeacureIT 2009 Stefano Zanero
Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter) Shatter
CORE-2008-1009 - VNC Multiple Integer Overflows CORE Security Technologies Advisories

Wednesday, 04 February

Euphonics Audio Player v1.0 (.pls) Local BOF POC darkb0x97
Squid Proxy Cache Denial of Service in request handling Amos Jeffries
[security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF) security-alert
[ MDVSA-2009:033 ] sudo security
QIP 2005 Denial of Service Vulnerability ss_contacts
DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal vulnerabilityresearch
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team
rgboard v4 (07.07.27) Multiple Vulnerability make0day
phpslash <= 0.8.1.1 Remote Code Execution Exploit gmdarkfig
metabbs 0.11 Change admin password vulnerability make0day
flatnux Flatnux-2009-01-27 Remote File Include blabla-34
StreamDown v6.4.3 Local Buffer Overflow PoC todor . donev
LCPlayer (.qt file) EOP change PoC (app crash) darkb0x97
Microsoft SDL meets CWE/SANS Top25 Juha-Matti Laurio
[Tool] sqlmap 0.6.4 released Bernardo Damele A. G.
Re: DMXReady Blog Manager (SQL/XSS) support
Cisco IOS XSS/CSRF Vulnerability azask2

Thursday, 05 February

[SECURITY] [DSA 1717-1] New devil packages fix buffer overflow Devin Carraway
[SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability SVRT-Bkis
Nokia N95-8 browser denial of service jplopezy
Re: SMF 1.1.7 Persistent XSS (requires permision to edit censor) metallica48423
C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities Eyal Udassin
dBpowerAMP Audio Player local buffer overflow exploit maroc-anti-connexion
Re: Nokia N95-8 browser denial of service Thierry Zoller
Speaking line up confirmed! uCon Security Conference 2009 - Recife, Brazil uCon Security Conference

Friday, 06 February

SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Daniel Kachakil
[security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files security-alert
RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities noreply-secresearch () fortinet com
[security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS) security-alert
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Razi Shaban
Vulnerable: Ilch CMS Gizmore
iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities iDefense Labs
CamFrog Password Disclosure Vulnerability zigmatn
iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities iDefense Labs

Monday, 09 February

[ GLSA 200902-01 ] sudo: Privilege escalation Tobias Heinlein
[oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding Will Drewry
PHP filesystem attack vectors ascii
[SECURITY] [DSA 1718-1] New boinc packages fix validation bypass Moritz Muehlenhoff
Re: [Full-disclosure] PHP filesystem attack vectors Stefan Esser
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Roman Medina-Heigl Hernandez
[BMSA-2009-02] XML injection in PyBlosxom Nam Nguyen
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Razi Shaban
rooting your own phone: android security Pavel Machek
LFI in Drupal CMS rasool . nasr
Nokia N95-8 JPG crash jplopezy
3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass luca . caretton
ZeroShell <= 1.0beta11 Remote Code Execution Luca Carettoni
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Amit Klein
Trend micro - IWSVA/IWSS - Authorization module password leak david . vorel
London DEFCON DC4420 - February 2009 Meet - Thursday 12th Major Malfunction

Tuesday, 10 February

Re: Nokia N95-8 JPG crash Dmitry Yu. Bolkhovityanov
Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well) tez
[ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability adv
[SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation Florian Weimer
[ MDVSA-2009:034 ] squid security
Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) gat3way
Craft Silicon Banking@Home SQL Injection Francesco Bianchino
Web Hacking Incidents update for Feb 10th Ofer Shezaf
[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code] ivan . sanchez
Nokia Phoenix Service Software 2008.04.007.32837 overflow POC murderskill
Re: PHP filesystem attack vectors cxib
ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability ZDI Disclosures
[SECURITY] [DSA 1720-1] New TYPO3 packages fix several vulnerabilities Nico Golde
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Daniel Mayer
ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption ZDI Disclosures

Wednesday, 11 February

[USN-717-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge
Local vulnerability in suexec + FastCGI + PHP configurations security . 432
ProFTPd with mod_mysql Authentication Bypass Exploit alphanix00
Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) gat3way
[ MDVSA-2009:035 ] gstreamer0.10-plugins-good security
[USN-717-3] Firefox vulnerabilities Jamie Strandboge
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Shino
Full Path Disclosure In Photolibrary 1.009 XiaShing
[USN-717-2] Firefox vulnerabilities Jamie Strandboge
[security bulletin] HPSBMA02331 SSRT080000 rev.3 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges security-alert
Web Hacking Incidents update for Feb 10th (Links corrected) Ofer Shezaf
Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver) dejan . levaja
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Sergio Aguayo
[SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation Moritz Muehlenhoff
pam-krb5 security advisory (3.12 and earlier) Russ Allbery
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Edward Bjarte Fjellskål
Re: pam-krb5 security advisory (3.12 and earlier) Tim Skirvin
BackTrack 4 Beta Released Mati Aharoni
[SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation Moritz Muehlenhoff

Thursday, 12 February

Full Path Disclosure In Photolibrary 1.009(Update) XiaShing
SEP(Symantec) Bug Sandeep Cheema
Re: LFI in Drupal CMS security
Denial of Service using Partial GET Request in Mozilla Firefox 3.06 XiaShing
RE: SEP(Symantec) Bug James C. Slora Jr.
[ MDVSA-2009:036 ] python security
[USN-719-1] pam-krb5 vulnerabilities Marc Deslauriers
[USN-720-1] PHP vulnerabilities Marc Deslauriers
Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06 Rolphin
[ GLSA 200902-03 ] Valgrind: Untrusted search path Robert Buchholz
[ GLSA 200902-02 ] OpenSSL: Certificate validation error Robert Buchholz

Friday, 13 February

Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06 XiaShing
[ GLSA 200902-04 ] xterm: User-assisted arbitrary commands execution Pierre-Yves Rofes
Re: RE: SEP(Symantec) Bug steve . fowler
[security bulletin] HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF) security-alert
Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06 XiaShing
Nokia N95 browser "setAttributeNode" method crash jplopezy
Security Assessment of the Transmission Control Protocol (TCP) Fernando Gont
Enomaly ECP/Enomalism: Silent update remote command execution vulnerability Sam Johnston
Re: SEP(Symantec) Bug Sandeep Cheema
Cross-site scripting in Samizdat 0.6.1 Dmitry Borodaenko
SEPKILL /im SMC.EXE /f Sandeep Cheema
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
RE: SEP(Symantec) Bug Jon Kloske
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability sc0ttbeardsley
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
RE: SEPKILL /im SMC.EXE /f David Calabro
ACM CCS '09: Call for Workshop Proposals Christopher Kruegel
Re: Local vulnerability in suexec + FastCGI + PHP configurations Martijn Vernooij
RainbowCrack 1.3 is released, the new generation of time-memory tradeoff hash cracker shuanglei
cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian Pierre Dinh-van
Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06 Mike Duncan

Monday, 16 February

Re: Enomaly ECP/Enomalism: Silent update remote command execution vulnerability lars
Re: SEP(Symantec) Bug secure
[security bulletin] HPSBPI02398 SSRT080166 rev.2 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files security-alert
Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux) Sam Johnston
[SECURITY] [DSA 1725-1] New websvn packages fix information leak Thijs Kinkhorst
[UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues Ubuntu Privacy Remix Team
[waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 come2waraxe
[ MDVSA-2009:037 ] bind security
RFI Bug Dr . linux
[ MDVSA-2009:038 ] blender security
[ MDVSA-2009:039 ] gedit security

Tuesday, 17 February

FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd FreeBSD Security Advisories
[ MDVSA-2009:040 ] dia security
Re: RFI Bug Francesco Laurita
[security bulletin] HPSBMA02406 SSRT080100 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Unauthorized Access to Data security-alert
[ MDVSA-2009:041 ] jhead security
[USN-721-1] fglrx-installer vulnerability Kees Cook
[USN-722-1] sudo vulnerability Kees Cook

Wednesday, 18 February

Re: SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei organiser () syscan org
Re: LFI in Drupal CMS security
DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability ddvulnalert
RE: hello bug in windows live messenger rasod korad
[ MDVSA-2009:042 ] samba security
[USN-723-1] Git vulnerabilities Marc Deslauriers
Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection Packet Storm

Thursday, 19 February

Weekly Web Hacking Incidents update for Feb 19th Ofer Shezaf
Apache directory traversal on shared hosting environment. davec
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
Re: Apache directory traversal on shared hosting environment. dave
Re: Apache directory traversal on shared hosting environment. Ben M. Thomas

Friday, 20 February

Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART security curmudgeon
[ MDVA-2009:027 ] kernel security
[ MDVSA-2009:043 ] gnumeric security
[ MDVSA-2009:046 ] dia security
[ MDVSA-2009:044 ] firefox security
PHCDownload 1.1.0 Vulnerabilities contact
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
Re: SEPKILL /im SMC.EXE /f Sandeep Cheema
[ MDVSA-2009:047 ] vim security
[ MDVSA-2009:045 ] php security
Re: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06 node

Monday, 23 February

[ MDVSA-2009:048 ] epiphany security
[ MDVSA-2009:049 ] pycrypto security
[ MDVSA-2009:050 ] python-pycrypto security
gigCalendar Joomla Component 1.0 SQL Injection Salvatore "drosophila" Fresta
gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection Salvatore "drosophila" Fresta
XSS Attack using SMS to Optus/Huawei E960 HSDPA Router rizki . wicaksono
gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection Salvatore "drosophila" Fresta
HP Quality Center vulnerability info
[ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability adv
[ MDVSA-2009:050-1 ] python-pycrypto security
[ GLSA 200902-05 ] KTorrent: Multiple vulnerabilitites Pierre-Yves Rofes
[ MDVSA-2009:051 ] libpng security
[ GLSA 200902-06 ] GNU Emacs, XEmacs: Multiple vulnerabilities Pierre-Yves Rofes

Tuesday, 24 February

[ MDVSA-2009:049-1 ] pycrypto security
VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27 VMware Security team
[ MDVSA-2009:048-1 ] epiphany security
[ MDVSA-2009:047-1 ] vim security
[ MDVSA-2009:047-1 ] vim security
iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability iDefense Labs
[ MDVSA-2009:052 ] php-smarty security

Wednesday, 25 February

[ MDVSA-2009:053 ] squirrelmail security
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Benjamin Milde
Re: HP Quality Center vulnerability Pavel Kankovsky
pPIM Multiple Vulnerabilities Justin C. Klein Keane
[ MDVSA-2009:054 ] nagios security
Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow Secunia Research
[security bulletin] HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS) security-alert
[BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1 Nam Nguyen
Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability Trancer
Secunia Research: SHOUTcast DNAS Relay Server Buffer Overflow Secunia Research
[DSECRG-09-008] JOnAS(4.10.3) - Linked XSS Vulnerability Digital Security Research Group
Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows Secunia Research
Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service Moritz Muehlenhoff
[ MDVSA-2009:055 ] audacity security

Thursday, 26 February

Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability security . assurance
Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc nospam
[ MDVSA-2009:057 ] valgrind security
Golabi CMS Remote File Inclusion Vulnerability rezazahfaran
[SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites Steffen Joeris
[ MDVSA-2009:056 ] net-snmp security
[DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Digital Security Research Group
[USN-724-1] Squid vulnerability Jamie Strandboge
[SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability Mark Thomas
[security bulletin] HPSBGN02410 SSRT080135 rev.1 - HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code security-alert
[ MDVSA-2009:048-2 ] epiphany security
[ MDVSA-2009:026-1 ] phpMyAdmin security
Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin
BitDefender Internet Security XSS jplopezy
[ MDVSA-2009:056 ] net-snmp security
ANNOUNCE: RFIDIOt-0.1x release - February 2009 Adam Laurie
Re: New site about security conferences : www.security-briefings.com John
Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers

Friday, 27 February

Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin
VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed VMware Security team
Re: BitDefender Internet Security XSS rbedy
Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Alexandr Polyakov
djbdns misformats some long response packets; patch and example attack Matthew Dempsky
[ MDVSA-2009:058 ] wireshark security
Drupal Local File Inclusion Vulnerability (Windows) Bogdan Calin
Hex Workshop <= v6 (.hex) File Local Code xhakerman2008
HTC Touch vCard over IP Denial of Service PoC Code Mobile Security Lab
[SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service Florian Weimer
On the implementation of TCP urgent data (IETF Internet Draft) Fernando Gont
POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Vulnerability Krakow Labs

Previous period

Next period