Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
286 messages
starting Jan 18 10 and
ending Jan 21 10
Date index |
Thread index |
Author index
Adam Baldwin
Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 18)
Zenoss Multiple Admin CSRF Adam Baldwin (Jan 18)
Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 15)
Aditya K Sood
Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw Aditya K Sood (Jan 05)
Google Chrome 3.0.195.38 | Chrome Frame - Reloading Memory Allocation based Tab Crashing Aditya K Sood (Jan 08)
Re: [WEB SECURITY] Re: Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw Aditya K Sood (Jan 06)
admin
Blaze Apps Multiple Vulnerabilities admin (Jan 19)
ezContents CMS Multiple Vulnerabilities admin (Jan 19)
advisories
[InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability advisories (Jan 27)
advisory
[HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability advisory (Jan 08)
Alex Legler
[ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities Alex Legler (Jan 04)
[ GLSA 201001-09 ] Ruby: Terminal Control Character Injection Alex Legler (Jan 14)
announcements
WASC Announcement: WASC Threat Classification v2.0 Published announcements (Jan 04)
A. Ramos
Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker A. Ramos (Jan 18)
Arian J. Evans
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Arian J. Evans (Jan 29)
Artur Janc
Setting arbitrary Personas without user interaction in Firefox 3.6 Artur Janc (Jan 26)
ascii
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection ascii (Jan 11)
Aurelien Jarno
[SECURITY] [DSA 1973-1] New glibc packages fix information disclosure Aurelien Jarno (Jan 20)
Berend-Jan Wever
Re: Microsoft IE 6&7 Crash Exploit Berend-Jan Wever (Jan 27)
bert hubert
Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2 bert hubert (Jan 06)
Bogdan Calin
e107 latest download link is backdoored Bogdan Calin (Jan 25)
Brian Altenhofel
Re: Major security risk in the unlock pattern for Android devices Brian Altenhofel (Jan 15)
Campus Party EU Spain
Reminder: Campus Party EU 2010 Call For Participants Campus Party EU Spain (Jan 18)
Carsten Eilers
Re: e107 latest download link is backdoored Carsten Eilers (Jan 26)
Christophe dlf
Publique! CMS SQL Injection Vulnerabilities Christophe dlf (Jan 25)
Chris Travers
More information on CVE-2009-3580 Chris Travers (Jan 26)
CVE-2009-3583, confirming problem and adding info Chris Travers (Jan 25)
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities Chris Travers (Jan 25)
Re: e107 latest download link is backdoored Chris Travers (Jan 25)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jan 20)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Cisco Systems Product Security Incident Response Team (Jan 27)
Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability Cisco Systems Product Security Incident Response Team (Jan 20)
CodeScan Labs Advisories
Multiple Vulnerabilities in XOOPS 2.4.3 and earlier CodeScan Labs Advisories (Jan 19)
Insufficient User Input Validation in VP-ASP 6.50 Demo Code CodeScan Labs Advisories (Jan 21)
CORE Security Advisories
[CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption CORE Security Advisories (Jan 13)
cxib
MacOS X 10.5/10.6 libc/strtod(3) buffer overflow cxib (Jan 08)
Dan Dascalescu
Major security risk in the unlock pattern for Android devices Dan Dascalescu (Jan 15)
David Sopas
Re: [Full-disclosure] e107 latest download link is backdoored David Sopas (Jan 26)
ddivulnalert
DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability ddivulnalert (Jan 25)
dlrow1991
Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit dlrow1991 (Jan 28)
ds . adv . pub
Code to mitigate IE event zero-day (CVE-2010-0249) ds . adv . pub (Jan 18)
Eduardo Romero
Y2K10 spamassassin bug, 2010 year mails discared as spam Eduardo Romero (Jan 04)
erik
[IBM Datapower XS40] Denial of Service erik (Jan 26)
Eyal Udassin
C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers Eyal Udassin (Jan 15)
Fernando Augusto
Re: [Full-disclosure] e107 latest download link is backdoored Fernando Augusto (Jan 26)
flashcreazione
iBoutique v4.0 flashcreazione (Jan 22)
Florian Weimer
[SECURITY] [DSA 1968-2] New pdns-recursor packages fix cache poisoning Florian Weimer (Jan 29)
[SECURITY] [DSA 1968-1] New pdns-recursor packages fix potential code execution Florian Weimer (Jan 11)
Francis, Shannon
RE: Major security risk in the unlock pattern for Android devices Francis, Shannon (Jan 15)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd FreeBSD Security Advisories (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-10:01.bind FreeBSD Security Advisories (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-10:03.zfs FreeBSD Security Advisories (Jan 07)
Gadi Evron
Re: All China, All The Time Gadi Evron (Jan 15)
gat3way
Abusing weak PRNGs in PHP applications gat3way (Jan 25)
Giuseppe Iuculano
[SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution Giuseppe Iuculano (Jan 15)
[SECURITY] [DSA-1969-1] New krb5 packages fix denial of service Giuseppe Iuculano (Jan 13)
[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion Giuseppe Iuculano (Jan 06)
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities Giuseppe Iuculano (Jan 22)
[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities Giuseppe Iuculano (Jan 26)
Gregor Schneider
Re: [Full-disclosure] e107 latest download link is backdoored Gregor Schneider (Jan 27)
Re: [Full-disclosure] e107 latest download link is backdoored Gregor Schneider (Jan 26)
Gynvael Coldwind
GDT and LDT in Windows kernel vulnerability exploitation (paper) Gynvael Coldwind (Jan 18)
Hafez Kamal
HITB Ezine 'Reloaded' - Issue #001 Hafez Kamal (Jan 12)
hanzhengqi
Re: Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC hanzhengqi (Jan 20)
iDefense Labs
iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability iDefense Labs (Jan 13)
ign . sec
Multiple vulnerabilities in LineWeb 1.0.5 ign . sec (Jan 05)
Re: Multiple vulnerabilities in LineWeb 1.0.5 ign . sec (Jan 06)
info
Microsoft IE 6&7 Crash Exploit info (Jan 26)
eWebeditor Directory Traversal Vulnerability info (Jan 21)
httpdx webserver v1.5 Remote Source Disclosure info (Jan 04)
QvodPlayer ColorFilter Codec ActiveX Remote Exec info (Jan 18)
Ivan Buetler
Firefox Observation Plugin Attack Ivan Buetler (Jan 28)
James Landis
Re: [Webappsec] Paper: Weaning the Web off of Session Cookies James Landis (Jan 29)
Jamie Strandboge
[USN-876-1] PostgreSQL vulnerabilities Jamie Strandboge (Jan 04)
[USN-890-3] Python 2.4 vulnerabilities Jamie Strandboge (Jan 22)
[USN-890-4] PyXML vulnerabilities Jamie Strandboge (Jan 26)
[USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression Jamie Strandboge (Jan 08)
[USN-890-1] Expat vulnerabilities Jamie Strandboge (Jan 20)
[USN-877-1] Firefox 3.0 and Xulrunner 1.9 regression Jamie Strandboge (Jan 08)
[USN-890-2] Python 2.5 vulnerabilities Jamie Strandboge (Jan 22)
[USN-885-1] Transmission vulnerabilities Jamie Strandboge (Jan 14)
[USN-803-2] Dhcp vulnerability Jamie Strandboge (Jan 27)
Jim Harrison
RE: All China, All The Time Jim Harrison (Jan 18)
RE: All China, All The Time Jim Harrison (Jan 21)
Joxean Koret
[Tool] DeepToad 1.1.0 Joxean Koret (Jan 04)
Re: [Full-disclosure] [Tool] DeepToad 1.1.0 Joxean Koret (Jan 05)
Juha-Matti Laurio
Security improvements of Microsoft Silverlight Build 3.0.50106.0? Juha-Matti Laurio (Jan 25)
k4mr4n_st
Re: Microsoft IE 6&7 Crash Exploit k4mr4n_st (Jan 29)
0day vulnerability Sogou input method to obtain system privileges k4mr4n_st (Jan 18)
karakorsankara
Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability karakorsankara (Jan 14)
AOL 9.5 ActiveX Heap Overflow Vulnerability karakorsankara (Jan 18)
OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability karakorsankara (Jan 19)
Kees Cook
[USN-884-1] OpenSSL vulnerability Kees Cook (Jan 14)
[USN-892-1] FUSE vulnerability Kees Cook (Jan 29)
[USN-891-1] lintian vulnerabilities Kees Cook (Jan 28)
[USN-879-1] Kerberos vulnerability Kees Cook (Jan 06)
[USN-881-1] Kerberos vulnerability Kees Cook (Jan 13)
krakowlabs
Browser Fuzzer 3 krakowlabs (Jan 18)
kw3rln
vBulletin nulled (validator.php) files/directories disclosure kw3rln (Jan 20)
Kyprianos Vasilopoulos
[ATHCON2010] CFP/1st Call for Papers - AthCon IT Security Conference Kyprianos Vasilopoulos (Jan 18)
Lawrence Pingree
Re: All China, All The Time Lawrence Pingree (Jan 20)
Lists
TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001 Lists (Jan 21)
Lukas Weichselbaum
SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS) Lukas Weichselbaum (Jan 15)
Major Malfunction
London DEFCON January meet - DC4420 - Wed 27th Jan 2010 Major Malfunction (Jan 25)
Manny Ponce
Re: facebook 'routing flaw'? Manny Ponce (Jan 19)
Marc Deslauriers
[USN-885-1] LibThai vulnerability Marc Deslauriers (Jan 18)
[USN-893-1] Samba vulnerability Marc Deslauriers (Jan 29)
[USN-887-1] LibThai vulnerability Marc Deslauriers (Jan 18)
[USN-883-1] network-manager-applet vulnerabilities Marc Deslauriers (Jan 13)
[USN-888-1] Bind vulnerabilities Marc Deslauriers (Jan 20)
[USN-889-1] gzip vulnerabilities Marc Deslauriers (Jan 20)
[USN-882-1] PHP vulnerabilities Marc Deslauriers (Jan 13)
[USN-880-1] GIMP vulnerabilities Marc Deslauriers (Jan 07)
[USN-886-1] Pidgin vulnerabilities Marc Deslauriers (Jan 18)
Marcello Magnifico
Re: All China, All The Time Marcello Magnifico (Jan 18)
Mark Thomas
[SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration Mark Thomas (Jan 25)
[SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory Mark Thomas (Jan 25)
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy Mark Thomas (Jan 25)
Marty Barbella
XSS Vulnerability in Active Calendar 1.2.0 Marty Barbella (Jan 11)
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1) Marty Barbella (Jan 14)
Matthew Leeds
Re: facebook 'routing flaw'? Matthew Leeds (Jan 19)
Mayank Aggarwal
Study of BlackBerry Proof-of-Concept Malicious Applications (Whitepaper) Mayank Aggarwal (Jan 18)
Michael Scheidell
facebook 'routing flaw'? Michael Scheidell (Jan 18)
Michal Zalewski
Re: Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw Michal Zalewski (Jan 05)
Moritz Muehlenhoff
[SECURITY] [DSA 1967-1] New transmission packages fix directory traversal Moritz Muehlenhoff (Jan 07)
[SECURITY] [DSA 1978-1] New phpgroupware packages fix several vulnerabilities Moritz Muehlenhoff (Jan 26)
Moritz Naumann
Silverstripe <= v2.3.4: two XSS vulnerabilities Moritz Naumann (Jan 25)
MustLive
Multiple vulnerabilities in XAMPP (advisories #1 and #2) MustLive (Jan 29)
Multiple vulnerabilities in XAMPP (advisory #7) MustLive (Jan 29)
Multiple vulnerabilities in XAMPP (advisories #5 and #6) MustLive (Jan 29)
XSS vulnerabilities in 34 millions flash files MustLive (Jan 11)
The future of XSS attacks MustLive (Jan 26)
Multiple vulnerabilities in XAMPP (advisories #3 and #4) MustLive (Jan 29)
Cross-Site Scripting vulnerability in 3D Cloud for Joomla MustLive (Jan 26)
Cross-Site Scripting vulnerability in JVClouds3D for Joomla MustLive (Jan 11)
Neil Dickey
Re: All China, All The Time Neil Dickey (Jan 19)
Nelson Brito
[TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!! Nelson Brito (Jan 06)
Nick Freeman
Yoono Firefox Extension - Privileged Code Injection Nick Freeman (Jan 13)
Nicolas DEROUET
OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass Nicolas DEROUET (Jan 29)
noreply
TELUS Security Labs VR - ACDSee Systems ACDSee Products XBM File Handling Buffer Overflow noreply (Jan 08)
noreply-secresearch () fortinet com
FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability noreply-secresearch () fortinet com (Jan 22)
NSO Research
NSOADV-2010-001: Panda Security Local Privilege Escalation NSO Research (Jan 11)
[UPDATE] NSOADV-2010-001: Panda Security Local Privilege Escalation NSO Research (Jan 20)
nullcon
Invitation: nullcon Goa 2010 International Security & Hacking Conference nullcon (Jan 12)
Onapsis Research Labs
[Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution Onapsis Research Labs (Jan 20)
organiser () syscan org
SyScan'10 Call For Training (CFT) organiser () syscan org (Jan 05)
Paul
Java vulnerability Paul (Jan 04)
pen-test
Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions) pen-test (Jan 22)
Peter Watkins
Re: Link Injection Redirection Attacks - Exploiting Google Chrome Design Flaw Peter Watkins (Jan 06)
pi3
Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow. pi3 (Jan 27)
Protek Research Lab
Security contact at Lexmark? Protek Research Lab (Jan 07)
{PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS Protek Research Lab (Jan 05)
Raphael Geissert
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities Raphael Geissert (Jan 27)
RedTeam Pentesting GmbH
[RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs RedTeam Pentesting GmbH (Jan 27)
[RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication RedTeam Pentesting GmbH (Jan 27)
[RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data RedTeam Pentesting GmbH (Jan 27)
research
PR09-19: Cross-Site Scripting (XSS) on CommonSpot server research (Jan 29)
PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager) research (Jan 27)
rewterz security team
REWTERZ-20100102 - Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability rewterz security team (Jan 05)
REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability rewterz security team (Jan 05)
REWTERZ-20100101 - n.player Local Heap Overflow Vulnerability rewterz security team (Jan 05)
Rolando Fuentes
PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12 Rolando Fuentes (Jan 27)
Ronen Z
Cross Site Identification (CSID) attack. Description and demonstration. Ronen Z (Jan 13)
rPath Update Announcements
rPSA-2010-0004-1 openssl openssl-scripts rPath Update Announcements (Jan 15)
Rudy Zijlstra
Re: Y2K10 spamassassin bug, 2010 year mails discared as spam Rudy Zijlstra (Jan 05)
Sacks, Cailan C
RE: facebook 'routing flaw'? Sacks, Cailan C (Jan 19)
sales
Re: Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow sales (Jan 05)
Santhosh
RE: Microsoft IE 6&7 Crash Exploit Santhosh (Jan 26)
sdasdasd
Re: RE: Microsoft IE 6&7 Crash Exploit sdasdasd (Jan 27)
Secunia Research
Secunia Research: Adobe Shockwave Player Four Integer Overflow Vulnerabilities Secunia Research (Jan 20)
Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability Secunia Research (Jan 08)
Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability Secunia Research (Jan 20)
Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability Secunia Research (Jan 13)
Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow Secunia Research (Jan 20)
Secunia Research: PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability Secunia Research (Jan 04)
Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow Secunia Research (Jan 20)
Secunia Research: Google Chrome Pop-Up Block Menu Handling Vulnerability Secunia Research (Jan 26)
Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows Secunia Research (Jan 20)
Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal Secunia Research (Jan 20)
Security
[CORELAN-10-001] Audiotran 1.4.1 buffer overflow Security (Jan 11)
[ MDVSA-2009:241-1 ] squid security (Jan 11)
[ MDVSA-2009:316-2 ] expat security (Jan 11)
[ MDVSA-2010:001 ] pidgin security (Jan 12)
[ MDVSA-2010:014 ] transmission security (Jan 18)
[ MDVSA-2009:316-1 ] expat security (Jan 08)
[ MDVSA-2010:022 ] openssl security (Jan 21)
[ MDVSA-2009:300-2 ] apache-conf security (Jan 07)
[ MDVSA-2010:027 ] kdelibs4 security (Jan 27)
[ MDVSA-2010:004 ] bash security (Jan 13)
[ MDVSA-2010:019 ] gzip security (Jan 20)
[ MDVSA-2010:009 ] php security (Jan 18)
[ MDVSA-2010:007 ] php security (Jan 18)
[ MDVSA-2010:025 ] php-pear-Mail security (Jan 25)
[ MDVSA-2010:008 ] php security (Jan 18)
[ MDVSA-2010:026 ] openldap security (Jan 26)
[ MDVSA-2009:220-1 ] davfs security (Jan 05)
[ MDVSA-2010:011 ] mysql security (Jan 18)
[ MDVSA-2010:028 ] kdelibs4 security (Jan 27)
[ MDVSA-2010:017 ] ruby security (Jan 19)
[ MDVSA-2010:010 ] libthai security (Jan 18)
[ MDVSA-2010:000 ] firefox security (Jan 11)
[ MDVSA-2010:006 ] krb5 security (Jan 14)
[CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player Security (Jan 19)
[ MDVSA-2009:300-1 ] apache-conf security (Jan 07)
[ MDVSA-2010:023 ] phpldapadmin security (Jan 21)
[ MDVSA-2010:015 ] roundcubemail security (Jan 19)
[ MDVSA-2010:029 ] rootcerts security (Jan 29)
[ MDVSA-2009:227-1 ] freeradius security (Jan 11)
[ MDVSA-2010:013 ] transmission security (Jan 18)
[ MDVSA-2010:020 ] gzip security (Jan 20)
[ MDVSA-2010:016 ] wireshark security (Jan 19)
[ MDVSA-2010:021 ] bind security (Jan 20)
[ MDVSA-2010:005 ] krb5 security (Jan 14)
[ MDVSA-2010:018 ] phpMyAdmin security (Jan 19)
[ MDVSA-2009:316-3 ] expat security (Jan 11)
[ MDVSA-2010:024 ] coreutils security (Jan 25)
[ MDVSA-2010:002 ] pidgin security (Jan 12)
[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS Security (Jan 13)
[ MDVSA-2009:293-1 ] squidGuard security (Jan 11)
[ MDVSA-2010:012 ] mysql security (Jan 18)
[ MDVSA-2010:003 ] sendmail security (Jan 13)
security-alert
[security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Jan 20)
[security bulletin] HPSBMA02477 SSRT090177 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert (Jan 26)
[security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS) security-alert (Jan 13)
[security bulletin] HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, Execution of Arbitrary Code security-alert (Jan 14)
[security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access security-alert (Jan 28)
[security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access security-alert (Jan 27)
[security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Jan 19)
[security bulletin] HPSBUX02495 SSRT090151 rev.2 - HP-UX Running sendmail, Remote Denial of Service (DoS) security-alert (Jan 15)
Stefan Behte
[ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities Stefan Behte (Jan 14)
[ GLSA 201001-07 ] Blender: Untrusted search path Stefan Behte (Jan 14)
[ GLSA 201001-05 ] net-snmp: Authorization bypass Stefan Behte (Jan 14)
[ GLSA 201001-01 ] NTP: Denial of Service Stefan Behte (Jan 04)
[ GLSA 201001-06 ] aria2: Multiple vulnerabilities Stefan Behte (Jan 14)
[ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities Stefan Behte (Jan 14)
Stefan Fritsch
[SECURITY] [DSA-1972-2] New audiofile packages fix buffer overflow Stefan Fritsch (Jan 21)
[SECURITY] [DSA-1970-1] New openssl packages fix denial of service Stefan Fritsch (Jan 13)
[SECURITY] [DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th Stefan Fritsch (Jan 21)
[SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow Stefan Fritsch (Jan 18)
Stefan Kanthak
Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime! Stefan Kanthak (Jan 04)
Steffen Joeris
[SECURITY] [DSA 1981-1] New maildrop packages fix privilege escalation Steffen Joeris (Jan 29)
[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution Steffen Joeris (Jan 20)
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting Steffen Joeris (Jan 07)
[SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution Steffen Joeris (Jan 27)
[SECURITY] [DSA 1981-2] New maildrop packages fix regression Steffen Joeris (Jan 29)
Steven J. Koch
Re: All China, All The Time Steven J. Koch (Jan 18)
Steve Shockley
Re: TELUS Security Labs VR - ACDSee Systems ACDSee Products XBM File Handling Buffer Overflow Steve Shockley (Jan 11)
Re: Y2K10 spamassassin bug, 2010 year mails discared as spam Steve Shockley (Jan 04)
subere
JBroFuzz 1.9 Fuzzer Released! subere (Jan 19)
superli
Xunlei XPPlayer ActiveX Remote Exec 0day POC superli (Jan 19)
Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC superli (Jan 19)
Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC superli (Jan 19)
Suramya Tomar
Re: facebook 'routing flaw'? Suramya Tomar (Jan 19)
systemx00
Safari 4.0.4 Crash systemx00 (Jan 25)
Tavis Ormandy
Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Tavis Ormandy (Jan 21)
T Biehn
Re: [Full-disclosure] [Tool] DeepToad 1.1.0 T Biehn (Jan 05)
Re: [Full-disclosure] [Tool] DeepToad 1.1.0 T Biehn (Jan 05)
Thor (Hammer of God)
All China, All The Time Thor (Hammer of God) (Jan 14)
RE: All China, All The Time Thor (Hammer of God) (Jan 15)
RE: All China, All The Time Thor (Hammer of God) (Jan 14)
Tim Mullen
RE: All China, All The Time Tim Mullen (Jan 20)
Timothy D. Morgan
Paper: Weaning the Web off of Session Cookies Timothy D. Morgan (Jan 26)
HTTP Digest Integrity: Another look, in light of recent attacks Timothy D. Morgan (Jan 06)
Tobias Heinlein
[ GLSA 201001-03 ] PHP: Multiple vulnerabilities Tobias Heinlein (Jan 05)
Tom Yu
MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption Tom Yu (Jan 13)
UPDATE: MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing Tom Yu (Jan 05)
track
Re: Re: e107 latest download link is backdoored track (Jan 26)
Valery Marchuk
Re: e107 latest download link is backdoored Valery Marchuk (Jan 25)
VMware Security team
VMSA-2010-0001 ESX Service Console updates for nss and nspr VMware Security team (Jan 07)
VUPEN Security Research
VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability VUPEN Security Research (Jan 15)
watcher60
Netsupport gateway remote DoS watcher60 (Jan 26)
whh_iran
IdeaCMS v1.0 (fck) Remote Arbitrary File Upload whh_iran (Jan 22)
ZDI Disclosures
ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability ZDI Disclosures (Jan 08)
ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-004: Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability ZDI Disclosures (Jan 13)
ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)
ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability ZDI Disclosures (Jan 21)