286 messages
starting Jan 04 10 and
ending Jan 29 10
Date index |
Thread index |
Author index
REWTERZ-20100101 - n.player Local Heap Overflow Vulnerability rewterz security team (Jan 05)
REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability rewterz security team (Jan 05)
UPDATE: MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing Tom Yu (Jan 05)
Multiple vulnerabilities in LineWeb 1.0.5 ign . sec (Jan 05)
[ MDVSA-2009:220-1 ] davfs security (Jan 05)
Re: Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow sales (Jan 05)
[ GLSA 201001-03 ] PHP: Multiple vulnerabilities Tobias Heinlein (Jan 05)
{PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS Protek Research Lab (Jan 05)
[USN-879-1] Kerberos vulnerability Kees Cook (Jan 06)
Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2 bert hubert (Jan 06)
[TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!! Nelson Brito (Jan 06)
HTTP Digest Integrity: Another look, in light of recent attacks Timothy D. Morgan (Jan 06)
[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion Giuseppe Iuculano (Jan 06)
FreeBSD Security Advisory FreeBSD-SA-10:01.bind FreeBSD Security Advisories (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd FreeBSD Security Advisories (Jan 07)
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting Steffen Joeris (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-10:03.zfs FreeBSD Security Advisories (Jan 07)
[USN-880-1] GIMP vulnerabilities Marc Deslauriers (Jan 07)
VMSA-2010-0001 ESX Service Console updates for nss and nspr VMware Security team (Jan 07)
[ MDVSA-2009:300-2 ] apache-conf security (Jan 07)
[ MDVSA-2009:300-1 ] apache-conf security (Jan 07)
[SECURITY] [DSA 1967-1] New transmission packages fix directory traversal Moritz Muehlenhoff (Jan 07)
Security contact at Lexmark? Protek Research Lab (Jan 07)
ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability ZDI Disclosures (Jan 08)
[USN-877-1] Firefox 3.0 and Xulrunner 1.9 regression Jamie Strandboge (Jan 08)
[USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression Jamie Strandboge (Jan 08)
Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability Secunia Research (Jan 08)
[HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability advisory (Jan 08)
Google Chrome 3.0.195.38 | Chrome Frame - Reloading Memory Allocation based Tab Crashing Aditya K Sood (Jan 08)
[ MDVSA-2009:316-1 ] expat security (Jan 08)
MacOS X 10.5/10.6 libc/strtod(3) buffer overflow cxib (Jan 08)
TELUS Security Labs VR - ACDSee Systems ACDSee Products XBM File Handling Buffer Overflow noreply (Jan 08)
NSOADV-2010-001: Panda Security Local Privilege Escalation NSO Research (Jan 11)
[CORELAN-10-001] Audiotran 1.4.1 buffer overflow Security (Jan 11)
[SECURITY] [DSA 1968-1] New pdns-recursor packages fix potential code execution Florian Weimer (Jan 11)
Cross-Site Scripting vulnerability in JVClouds3D for Joomla MustLive (Jan 11)
[ MDVSA-2009:316-2 ] expat security (Jan 11)
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection ascii (Jan 11)
[ MDVSA-2009:316-3 ] expat security (Jan 11)
XSS vulnerabilities in 34 millions flash files MustLive (Jan 11)
[ MDVSA-2010:000 ] firefox security (Jan 11)
[ MDVSA-2009:227-1 ] freeradius security (Jan 11)
XSS Vulnerability in Active Calendar 1.2.0 Marty Barbella (Jan 11)
[ MDVSA-2009:293-1 ] squidGuard security (Jan 11)
[ MDVSA-2009:241-1 ] squid security (Jan 11)
[ MDVSA-2010:001 ] pidgin security (Jan 12)
[ MDVSA-2010:002 ] pidgin security (Jan 12)
HITB Ezine 'Reloaded' - Issue #001 Hafez Kamal (Jan 12)
Invitation: nullcon Goa 2010 International Security & Hacking Conference nullcon (Jan 12)
Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability Secunia Research (Jan 13)
ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability ZDI Disclosures (Jan 13)
[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS Security (Jan 13)
Cross Site Identification (CSID) attack. Description and demonstration. Ronen Z (Jan 13)
iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability iDefense Labs (Jan 13)
[USN-882-1] PHP vulnerabilities Marc Deslauriers (Jan 13)
[ MDVSA-2010:003 ] sendmail security (Jan 13)
MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption Tom Yu (Jan 13)
[SECURITY] [DSA-1969-1] New krb5 packages fix denial of service Giuseppe Iuculano (Jan 13)
[USN-881-1] Kerberos vulnerability Kees Cook (Jan 13)
[USN-883-1] network-manager-applet vulnerabilities Marc Deslauriers (Jan 13)
Yoono Firefox Extension - Privileged Code Injection Nick Freeman (Jan 13)
[ MDVSA-2010:004 ] bash security (Jan 13)
[CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption CORE Security Advisories (Jan 13)
[security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS) security-alert (Jan 13)
[SECURITY] [DSA-1970-1] New openssl packages fix denial of service Stefan Fritsch (Jan 13)
[ GLSA 201001-06 ] aria2: Multiple vulnerabilities Stefan Behte (Jan 14)
[ MDVSA-2010:006 ] krb5 security (Jan 14)
RE: All China, All The Time Thor (Hammer of God) (Jan 14)
<Possible follow-ups>
All China, All The Time Thor (Hammer of God) (Jan 14)
Re: All China, All The Time Neil Dickey (Jan 19)
Re: All China, All The Time Lawrence Pingree (Jan 20)
[ MDVSA-2010:005 ] krb5 security (Jan 14)
[ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities Stefan Behte (Jan 14)
Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability karakorsankara (Jan 14)
[ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities Stefan Behte (Jan 14)
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1) Marty Barbella (Jan 14)
[ GLSA 201001-07 ] Blender: Untrusted search path Stefan Behte (Jan 14)
[ GLSA 201001-09 ] Ruby: Terminal Control Character Injection Alex Legler (Jan 14)
[USN-884-1] OpenSSL vulnerability Kees Cook (Jan 14)
[ GLSA 201001-05 ] net-snmp: Authorization bypass Stefan Behte (Jan 14)
[security bulletin] HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, Execution of Arbitrary Code security-alert (Jan 14)
[USN-885-1] Transmission vulnerabilities Jamie Strandboge (Jan 14)
[SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution Giuseppe Iuculano (Jan 15)
C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers Eyal Udassin (Jan 15)
SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS) Lukas Weichselbaum (Jan 15)
Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 15)
Major security risk in the unlock pattern for Android devices Dan Dascalescu (Jan 15)
VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability VUPEN Security Research (Jan 15)
rPSA-2010-0004-1 openssl openssl-scripts rPath Update Announcements (Jan 15)
[security bulletin] HPSBUX02495 SSRT090151 rev.2 - HP-UX Running sendmail, Remote Denial of Service (DoS) security-alert (Jan 15)
[ MDVSA-2010:007 ] php security (Jan 18)
[ MDVSA-2010:008 ] php security (Jan 18)
[ MDVSA-2010:009 ] php security (Jan 18)
[ATHCON2010] CFP/1st Call for Papers - AthCon IT Security Conference Kyprianos Vasilopoulos (Jan 18)
Code to mitigate IE event zero-day (CVE-2010-0249) ds . adv . pub (Jan 18)
GDT and LDT in Windows kernel vulnerability exploitation (paper) Gynvael Coldwind (Jan 18)
Browser Fuzzer 3 krakowlabs (Jan 18)
[USN-886-1] Pidgin vulnerabilities Marc Deslauriers (Jan 18)
[ MDVSA-2010:010 ] libthai security (Jan 18)
AOL 9.5 ActiveX Heap Overflow Vulnerability karakorsankara (Jan 18)
[ MDVSA-2010:011 ] mysql security (Jan 18)
[ MDVSA-2010:012 ] mysql security (Jan 18)
Reminder: Campus Party EU 2010 Call For Participants Campus Party EU Spain (Jan 18)
[ MDVSA-2010:013 ] transmission security (Jan 18)
[ MDVSA-2010:014 ] transmission security (Jan 18)
[USN-887-1] LibThai vulnerability Marc Deslauriers (Jan 18)
[USN-885-1] LibThai vulnerability Marc Deslauriers (Jan 18)
0day vulnerability Sogou input method to obtain system privileges k4mr4n_st (Jan 18)
Zenoss Multiple Admin CSRF Adam Baldwin (Jan 18)
[SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow Stefan Fritsch (Jan 18)
QvodPlayer ColorFilter Codec ActiveX Remote Exec info (Jan 18)
Study of BlackBerry Proof-of-Concept Malicious Applications (Whitepaper) Mayank Aggarwal (Jan 18)
facebook 'routing flaw'? Michael Scheidell (Jan 18)
JBroFuzz 1.9 Fuzzer Released! subere (Jan 19)
OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability karakorsankara (Jan 19)
Multiple Vulnerabilities in XOOPS 2.4.3 and earlier CodeScan Labs Advisories (Jan 19)
[ MDVSA-2010:015 ] roundcubemail security (Jan 19)
Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC superli (Jan 19)
Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC superli (Jan 19)
ezContents CMS Multiple Vulnerabilities admin (Jan 19)
Blaze Apps Multiple Vulnerabilities admin (Jan 19)
[security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Jan 19)
[ MDVSA-2010:017 ] ruby security (Jan 19)
[ MDVSA-2010:018 ] phpMyAdmin security (Jan 19)
[ MDVSA-2010:016 ] wireshark security (Jan 19)
[CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player Security (Jan 19)
Xunlei XPPlayer ActiveX Remote Exec 0day POC superli (Jan 19)
Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities Secunia Research (Jan 20)
[SECURITY] [DSA 1973-1] New glibc packages fix information disclosure Aurelien Jarno (Jan 20)
Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jan 20)
Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow Secunia Research (Jan 20)
[security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Jan 20)
Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability Secunia Research (Jan 20)
Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows Secunia Research (Jan 20)
vBulletin nulled (validator.php) files/directories disclosure kw3rln (Jan 20)
[Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution Onapsis Research Labs (Jan 20)
Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow Secunia Research (Jan 20)
[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution Steffen Joeris (Jan 20)
Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Jan 20)
Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal Secunia Research (Jan 20)
[ MDVSA-2010:019 ] gzip security (Jan 20)
[USN-888-1] Bind vulnerabilities Marc Deslauriers (Jan 20)
[USN-889-1] gzip vulnerabilities Marc Deslauriers (Jan 20)
[ MDVSA-2010:020 ] gzip security (Jan 20)
[USN-890-1] Expat vulnerabilities Jamie Strandboge (Jan 20)
[UPDATE] NSOADV-2010-001: Panda Security Local Privilege Escalation NSO Research (Jan 20)
[ MDVSA-2010:021 ] bind security (Jan 20)
[SECURITY] [DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th Stefan Fritsch (Jan 21)
Insufficient User Input Validation in VP-ASP 6.50 Demo Code CodeScan Labs Advisories (Jan 21)
ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability ZDI Disclosures (Jan 21)
TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001 Lists (Jan 21)
eWebeditor Directory Traversal Vulnerability info (Jan 21)
[ MDVSA-2010:022 ] openssl security (Jan 21)
ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
[ MDVSA-2010:023 ] phpldapadmin security (Jan 21)
ZDI-10-004: Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
[SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow Stefan Fritsch (Jan 21)
ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Tavis Ormandy (Jan 21)
ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability noreply-secresearch () fortinet com (Jan 22)
[USN-890-3] Python 2.4 vulnerabilities Jamie Strandboge (Jan 22)
[USN-890-2] Python 2.5 vulnerabilities Jamie Strandboge (Jan 22)
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities Giuseppe Iuculano (Jan 22)
IdeaCMS v1.0 (fck) Remote Arbitrary File Upload whh_iran (Jan 22)
iBoutique v4.0 flashcreazione (Jan 22)
Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions) pen-test (Jan 22)
Silverstripe <= v2.3.4: two XSS vulnerabilities Moritz Naumann (Jan 25)
Abusing weak PRNGs in PHP applications gat3way (Jan 25)
London DEFCON January meet - DC4420 - Wed 27th Jan 2010 Major Malfunction (Jan 25)
Publique! CMS SQL Injection Vulnerabilities Christophe dlf (Jan 25)
e107 latest download link is backdoored Bogdan Calin (Jan 25)
Safari 4.0.4 Crash systemx00 (Jan 25)
[SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration Mark Thomas (Jan 25)
CVE-2009-3583, confirming problem and adding info Chris Travers (Jan 25)
[SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory Mark Thomas (Jan 25)
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy Mark Thomas (Jan 25)
[ MDVSA-2010:025 ] php-pear-Mail security (Jan 25)
Security improvements of Microsoft Silverlight Build 3.0.50106.0? Juha-Matti Laurio (Jan 25)
[ MDVSA-2010:024 ] coreutils security (Jan 25)
DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability ddivulnalert (Jan 25)
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities Chris Travers (Jan 25)
[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities Giuseppe Iuculano (Jan 26)
Secunia Research: Google Chrome Pop-Up Block Menu Handling Vulnerability Secunia Research (Jan 26)
Setting arbitrary Personas without user interaction in Firefox 3.6 Artur Janc (Jan 26)
Microsoft IE 6&7 Crash Exploit info (Jan 26)
[IBM Datapower XS40] Denial of Service erik (Jan 26)
[security bulletin] HPSBMA02477 SSRT090177 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert (Jan 26)
Netsupport gateway remote DoS watcher60 (Jan 26)
[ MDVSA-2010:026 ] openldap security (Jan 26)
Paper: Weaning the Web off of Session Cookies Timothy D. Morgan (Jan 26)
Cross-Site Scripting vulnerability in 3D Cloud for Joomla MustLive (Jan 26)
The future of XSS attacks MustLive (Jan 26)
More information on CVE-2009-3580 Chris Travers (Jan 26)
[SECURITY] [DSA 1978-1] New phpgroupware packages fix several vulnerabilities Moritz Muehlenhoff (Jan 26)
[USN-890-4] PyXML vulnerabilities Jamie Strandboge (Jan 26)
[InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability advisories (Jan 27)
PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12 Rolando Fuentes (Jan 27)
[security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access security-alert (Jan 27)
[ MDVSA-2010:027 ] kdelibs4 security (Jan 27)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Cisco Systems Product Security Incident Response Team (Jan 27)
[ MDVSA-2010:028 ] kdelibs4 security (Jan 27)
Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow. pi3 (Jan 27)
[RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs RedTeam Pentesting GmbH (Jan 27)
[RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data RedTeam Pentesting GmbH (Jan 27)
[USN-803-2] Dhcp vulnerability Jamie Strandboge (Jan 27)
[RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication RedTeam Pentesting GmbH (Jan 27)
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities Raphael Geissert (Jan 27)
PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager) research (Jan 27)
[SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution Steffen Joeris (Jan 27)
Firefox Observation Plugin Attack Ivan Buetler (Jan 28)
[USN-891-1] lintian vulnerabilities Kees Cook (Jan 28)
Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit dlrow1991 (Jan 28)
[SECURITY] [DSA 1981-1] New maildrop packages fix privilege escalation Steffen Joeris (Jan 29)
PR09-19: Cross-Site Scripting (XSS) on CommonSpot server research (Jan 29)
[USN-893-1] Samba vulnerability Marc Deslauriers (Jan 29)
[SECURITY] [DSA 1981-2] New maildrop packages fix regression Steffen Joeris (Jan 29)
[USN-892-1] FUSE vulnerability Kees Cook (Jan 29)
[SECURITY] [DSA 1968-2] New pdns-recursor packages fix cache poisoning Florian Weimer (Jan 29)
Multiple vulnerabilities in XAMPP (advisories #1 and #2) MustLive (Jan 29)
Multiple vulnerabilities in XAMPP (advisories #3 and #4) MustLive (Jan 29)
Multiple vulnerabilities in XAMPP (advisories #5 and #6) MustLive (Jan 29)
Multiple vulnerabilities in XAMPP (advisory #7) MustLive (Jan 29)
[ MDVSA-2010:029 ] rootcerts security (Jan 29)
OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass Nicolas DEROUET (Jan 29)