Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
236 messages
starting Feb 01 10 and
ending Feb 26 10
Date index |
Thread index |
Author index
Monday, 01 February
eWebeditor ASP Version Multiple Vulnerabilities info
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan
iPhone certificate flaws cryptopath
[SECURITY] [DSA 1841-2] New git-core packages fix build failure Thijs Kinkhorst
[SECURITY] [DSA 1982-1] New hybserv packages fix denial of service Steffen Joeris
Advisory: jBCrypt < 0.3 character encoding vulnerability Damien Miller
Cross-Site History Manipulation (XSHM) Alex Roichman
Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability info
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Arian J. Evans
{PRL} Xerox Workcenter 4150 Remote Buffer Overflow Francis Provencher
[TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference Tobias Klein
VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE VMware Security Team
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan
Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2 mkanat
[SECURITY] [DSA 1983-1] New Wireshark packages fix several vulnerabilities Moritz Muehlenhoff
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan
Re: Cross-Site History Manipulation (XSHM) Michal Zalewski
iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow iDefense Labs
XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1) Martin Barbella
iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability iDefense Labs
[CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection Core Security Technologies Advisories
[ MDVSA-2010:030 ] kernel security
Joomla (com_gambling) SQL Injection Vulnerabilities md . r00t . defacer
iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability iDefense Labs
[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness Giuseppe Iuculano
[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service Giuseppe Iuculano
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Chris Travers
[CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow CORE Security Technologies Advisories
RaakCms Multiple Vulnerabilities info
Tuesday, 02 February
Remote Vulnerability in AIX RPC.cmsd released by iDefense Rodrigo Rubira Branco (BSDaemon)
360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie qiqiguaiguai
[security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local security-alert
Tinypug Multiple Vulnerabilities admin
[SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service Nico Golde
OpenCart CSRF Vulnerability ben
[SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities Steffen Joeris
[security bulletin] HPSBUX02479 SSRT090212 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Unauthorized Access security-alert
Wednesday, 03 February
[security bulletin] HPSBOV02505 SSRT100023 rev.1 - HP OpenVMS RMS, Local Escalation of Privilege security-alert
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities Giuseppe Iuculano
[SECURITY] [DSA-1989-1] New fuse packages fix denial of service Giuseppe Iuculano
[ MDVSA-2010:031 ] wireshark security
[CSO10002] Attachment path traversal in Outlook Web Access Ricardo Martins - Chief Security Officers
AST-2010-001: T.38 Remote Crash Vulnerability Asterisk Security Team
[Suspected Spam]Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP Philippe Mailinglist
[Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability karakorsankara
[DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS Alexandr Polyakov
CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities Core Security Technologies Advisories
Thursday, 04 February
[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) security-alert
[SECURITY] [DSA-1990-2] New trac-git package fixes regression Stefan Fritsch
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service Steffen Joeris
[SECURITY] [DSA-1990-1] New trac-git packages fix code execution Florian Weimer
[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service david
[ MDVSA-2010:032 ] rootcerts security
Re: Multiple vulnerabilities in XAMPP (advisory #7) MustLive
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service Nico Golde
Friday, 05 February
CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03 Peter Van Eeckhoutte
CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL) Security
CORE-2010-0104 - LANDesk OS command injection CORE Security Technologies Advisories
JAHx101 - Huski retail mulitple SQL injection vulnerabilities noreply
JAHx102 - HuskiCMS local file inclusion noreply
Secunia Research: libmikmod Module Parsing Vulnerabilities Secunia Research
Recon Call for Papers - July 9-11 2010 Hugo Fortier
Samba Remote Zero-Day Exploit Kingcope
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan
Re: Samba Remote Zero-Day Exploit Kingcope
[ MDVSA-2010:033 ] squid security
Monday, 08 February
Re: Multiple vulnerabilities in XAMPP (advisory #7) MustLive
CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability Security
Re: Samba Remote Zero-Day Exploit paul . szabo
[Suspected Spam]Vulnerability in Tagcloud for DataLife Engine MustLive
[DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method Alexandr Polyakov
Re: Samba Remote Zero-Day Exploit paul . szabo
Re: [Full-disclosure] Samba Remote Zero-Day Exploit paul . szabo
Re: Samba Remote Zero-Day Exploit Stefan Kanthak
LDF (Default.asp) Sql Injection Vulnerability Arash . Setayeshi
mongoose Space Character Remote File Disclosure Vulnerability info
[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service david
Re: Samba Remote Zero-Day Exploit paul . szabo
Re: Samba Remote Zero-Day Exploit Dan Kaminsky
Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller
Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller
[ MDVSA-2010:034 ] kernel security
[security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access security-alert
[security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other security-alert
Re: Samba Remote Zero-Day Exploit paul . szabo
RE: Samba Remote Zero-Day Exploit Michael Wojcik
Re: Samba Remote Zero-Day Exploit Kingcope
Re: Samba Remote Zero-Day Exploit Dan Kaminsky
Re: Samba Remote Zero-Day Exploit Stefan Kanthak
JDownloader Remote Code Execution Matthias -apoc- Hecker
[Hacking Event] Night Da Hack 2010 : Call For Proposals m . mahdjoub
[CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers CORE Security Technologies Advisories
Tuesday, 09 February
Hacktics Advisory Feb09: XSS in Oracle E-Business Suite Ofer Maor
RE: Samba Remote Zero-Day Exploit Michael Wojcik
ACM CCS 2010: Call for Workshop Proposals Christopher Kruegel
Re: Samba Remote Zero-Day Exploit Stefan Kanthak
Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability Robbie Gill
Re: [Full-disclosure] Samba Remote Zero-Day Exploit Krzysztof Halasa
RE: Samba Remote Zero-Day Exploit David Jacoby
#HITB - Special Report: HITB2009 CTF Weapons of Mass Destruction Hafez Kamal
Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow Secunia Research
ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability ZDI Disclosures
TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability ZDI Disclosures
ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability ZDI Disclosures
CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability CORE Security Technologies Advisories
Wednesday, 10 February
[USN-898-1] gnome-screensaver vulnerability Marc Deslauriers
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance Cisco Systems Product Security Incident Response Team
Windows SMB NTLM Authentication Weak Nonce Vulnerability Hernan Ochoa
Re: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 Arian J. Evans
[security bulletin] HPSBMA02484 SSRT090076 rev.1 - HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands security-alert
[USN-897-1] MySQL vulnerabilities Marc Deslauriers
stratsec Security Advisory SS-2010-003 - Microsoft SMB Client Pool Overflow stratsec Research
Trustwave's SpiderLabs Security Advisory TWSL2010-001 Trustwave Advisories
[security bulletin] HPSBMA02486 SSRT090049 rev.1 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert
Thursday, 11 February
[SECURITY] [DSA 1993-1] New otrs2 packages fix SQL injection Raphael Geissert
[Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection Onapsis Research Labs
[Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector Onapsis Research Labs
[Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal Onapsis Research Labs
[SECURITY] [DSA 1994-1] New ajaxterm packages fix session hijacking Raphael Geissert
[USN-899-1] Tomcat vulnerabilities Marc Deslauriers
[ MDVSA-2010:035 ] openoffice.org security
RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001 David Byrne
[security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure security-alert
[security bulletin] HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information security-alert
Friday, 12 February
SQL injection vulnerability in apemCMS Maciej Gojny
ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows Paul Craig
iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability iDefense Labs
(resend) RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 Chris Weber
e-Sentinel Security Advisory - Ref: Session Hijacking iPhone Facebook Application ver 3.1.2 bill . robson
iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability iDefense Labs
iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability iDefense Labs
[security bulletin] HPSBMA02486 SSRT090049 rev.2 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert
cmsmadesimple Multiple Security Issues : XSS+ LFI beenudel1986
Tuesday, 16 February
[ MDVSA-2010:036 ] webmin security
[SECURITY] [DSA-1996-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier
RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001 David Byrne
[SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Giuseppe Iuculano
Joomla (Jw_allVideos) Remote File Download Vulnerability info
[ MDVSA-2010:037 ] fetchmail security
[USN-900-1] Ruby vulnerabilities Marc Deslauriers
Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0) Martin Barbella
Chrome Password Manager Cross Origin Weakness (CVE-2010-0556) VSR Advisories
[USN-901-1] Squid vulnerabilities Marc Deslauriers
Multiple Stored XSS in XOOPS 2.4.4 Admin Section beenudel1986
Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. sam . johnston
[ MDVSA-2010:038 ] maildrop security
Re: Joomla (Jw_allVideos) Remote File Download Vulnerability lafrancevi
VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities VUPEN Security Research
MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service Tom Yu
VMSA-2010-0003 ESX Service Console update for net-snmp VMware Security Team
Pogodny CMS SQL vulnerabilities Maciej Gojny
Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability Brett Moore
IE address bar characters into a small feature info
Huawei HG510 CSRF, Auth Bypass, DoS ivan . markovic
Trusteer Rapport Security Circumvention barkley
Thursday, 18 February
Pixel Portal Sql Injection Vulnerability info
Cross-Site Scriting on Portwise SSL VPN v4.6 research
ZDI-10-018: IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability ZDI Disclosures
Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
Secunia Research: Mozilla Firefox Memory Corruption Vulnerability Secunia Research
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances Cisco Systems Product Security Incident Response Team
[ MDVSA-2010:040 ] gnome-screensaver security
[ MDVSA-2010:034-1 ] kernel security
Circumventing Critical Security in Windows XP barkley
[SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff
[ MDVSA-2010:039 ] netpbm security
[USN-895-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities Jamie Strandboge
[ MDVSA-2010:041 ] pidgin security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent Cisco Systems Product Security Incident Response Team
Re: Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. lars
[SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution Moritz Muehlenhoff
[ MDVSA-2010:034-2 ] kernel security
RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 Ivan Buetler
Re: Re: Joomla (Jw_allVideos) Remote File Download Vulnerability info
BugCon 2010 Call For Papers saintarmin
RE: Trusteer Rapport Security Circumvention Amit Klein
TLS/SSL Hardening & Compatibility Report 2010 Thierry Zoller
[USN-896-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities Jamie Strandboge
Kusaba X <= 0.9 XSS/CSRF vulnerabilities systemx00
SphereCMS Blind SQL Injection Vulnerability admin
Friday, 19 February
[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities Moritz Muehlenhoff
[USN-890-5] XML-RPC for C and C++ vulnerabilities Jamie Strandboge
AST-2010-002: Dialplan injection vulnerability Asterisk Security Team
Re: Circumventing Critical Security in Windows XP Ansgar Wiechers
SQL injection vulnerability in Amelia CMS Maciej Gojny
[SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities Raphael Geissert
Re: [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector david . durham
[SECURITY] [DSA-2002-1] New polipo packages fix denial of service Stefan Fritsch
[ MDVSA-2010:042 ] firefox security
Tuesday, 23 February
RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 David Byrne
SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface SEC Consult Research
CA20100222-01: Security Notice for CA Service Desk Kotas, Kevin J
Secunia Research: Bournal ccrypt Information Disclosure Security Issue Secunia Research
[USN-902-1] Pidgin vulnerabilities Marc Deslauriers
Secunia Research: Bournal Insecure Temporary Files Security Issue Secunia Research
[ MDVSA-2010:044 ] mysql security
Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities Roberto Suggi Liverani
Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal Ofer Maor
[SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
Re: Circumventing Critical Security in Windows XP Jeroen
ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability ZDI Disclosures
Easy FTP Server 1.7.0.2 Remote BoF jonbutler88
jQuery Validate 1.6.0 Demo Code Advisory CodeScan Labs Advisories
Request for feedback on TCP security (IETF effort) Fernando Gont
[ MDVSA-2010:043 ] libtheora security
[DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. Alexandr Polyakov
Official Portal 2007 Multiple Vulnerabilities info
London DEFCON February meet - DC4420 - Wed 24th Feb 2010 Major Malfunction
Chuck Norris Botnet and Broadband Routers Gadi Evron
[ MDVSA-2010:045 ] php security
[ MDVSA-2010:046 ] ncpfs security
[TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption Tobias Klein
ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability ZDI Disclosures
CA20100223-01: Security Notice for CA eHealth Performance Manager Kotas, Kevin J
VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability VUPEN Security Research
Kojoney (SSH honeypot) remote DoS Nicob
ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability ZDI Disclosures
Re: Chuck Norris Botnet and Broadband Routers Adrian P.
[ MDVSA-2010:047 ] fuse security
Wednesday, 24 February
iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability iDefense Labs
[USN-904-1] Squid vulnerability Marc Deslauriers
ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability Security_Alert
Rbot Owner Reaction Command Execution Matthias -apoc- Hecker
SQL injection vulnerability in LiveChatNow Support TEAM
Thursday, 25 February
Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM Ofer Maor
SQL injection vulnerability in WebAdministrator Lite CMS Maciej Gojny
NSOADV-2010-003: DATEV ActiveX Control remote command execution NSO Research
Form-based HTTP Authentication Proof of Concept Timothy D. Morgan
[ MDVSA-2010:048 ] roundcubemail security
Friday, 26 February
SyScan'10 CALL FOR PAPERS thomas () syscan org
[ MDVSA-2010:050 ] apache-mod_security security
AST-2010-003: Invalid parsing of ACL rules can compromise security Asterisk Security Team
[ MDVSA-2010:049 ] sudo security
ARISg5 (version 5.0) cross site scripting vulnerability Yaniv Miron
getPlus insufficient domain name validation vulnerability Akita Software Security