Home page logo
/

341 messages starting May 19 08 and ending May 27 08
Date index | Thread index | Author index

0in . email

Smeego CMS vulnerability 0in . email (May 19)

16 . her0

Flash Blog Sql Injection 16 . her0 (May 29)

admin

[MajorSecurity Advisory #52]ActualAnalyzer family - Cross Site Scripting Issues admin (May 13)
PCPIN Chat 6: potential XSS vulnerability in URL redirection script admin (May 24)
Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability Admin (May 30)

Adrian Pastor

MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub Adrian Pastor (May 22)
Re: MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub Adrian Pastor (May 27)

a . jasbi

Cpanel all version >> root access with a reseller account. a . jasbi (May 19)
Vbulletin 3.7.0 Gold >> Sql injection on faq.php a . jasbi (May 20)
abledating 2.4 >> Sql injection and cross site scripting on search_results.php a . jasbi (May 22)
dzoic handshakes sql injection >> index.php on $fname a . jasbi (May 24)
Ablespace 1.0 'cat_id' Parameter SQL Injection Vulnerability a . jasbi (May 26)

alighieri_m

Re: mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln alighieri_m (May 21)

Alireza Hassani

LokiCMS Multiple Vulnerabilities through Authorization weakness Alireza Hassani (May 31)

Amit Klein

Re: After 6 months - fix available for Microsoft DNS cache poisoning attack Amit Klein (May 08)

andy . huang

Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php andy . huang (May 23)

Arshan Dabirsiaghi

Bypassing URL Authentication and Authorization with HTTP Verb Tampering Arshan Dabirsiaghi (May 28)

ascii

Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities ascii (May 20)

Asterisk Security Team

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised Asterisk Security Team (May 22)

Aviram Jenik

Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem Aviram Jenik (May 26)

Bojan Zdrnja

Re: Exploiting Google MX servers as Open SMTP Relays Bojan Zdrnja (May 12)

brad . antoniewicz

Cisco BBSM Captive Portal Cross-site Scripting brad . antoniewicz (May 13)

Breeeeh

OtherLogic[vocourse.php]SQL Injection Exploit Breeeeh (May 10)

Brett Moore

Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure Brett Moore (May 19)
Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection Brett Moore (May 19)

bugtraq

VisualSentinel 0.7 Cross Agent Scripting Vulnerability bugtraq (May 31)

catalina . danila

Re: [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability catalina . danila (May 08)

Charles Morris

Re: function sleep() in all versions of PHP Charles Morris (May 27)

Charles Vaughn

SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier Charles Vaughn (May 31)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (May 14)
Cisco Security Advisory: Cisco Content Switching Module Memory Leak Vulnerability Cisco Systems Product Security Incident Response Team (May 14)
Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (May 14)
Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Cisco Systems Product Security Incident Response Team (May 21)
Cisco Security Advisory: Cisco Voice Portal Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (May 21)
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (May 28)

Clifton Royston

Re: Exploiting Google MX servers as Open SMTP Relays Clifton Royston (May 12)

cocoruder

[Advisory Update]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability cocoruder (May 07)
Adobe Acrobat Professional Javascript For PDF Security Feature Bypass and Memory Corruption Vulnerabilities cocoruder (May 07)
Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability cocoruder (May 14)

CORE Security Technologies

CORE-2008-0415: Borland Interbase 2007 Integer Overflow CORE Security Technologies (May 20)

CORE Security Technologies Advisories

CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability CORE Security Technologies Advisories (May 05)
CORE-2008-0126: Multiple vulnerabilities in iCal Core Security Technologies Advisories (May 21)

Cr4zY . CrAcKeR

QTOFileManager V 1.0<== Remote File Upload Vulnerability Cr4zY . CrAcKeR (May 06)
Re: QTOFileManager V 1.0<== Remote File Upload Vulnerability Cr4zY . CrAcKeR (May 07)
VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability Cr4zY . CrAcKeR (May 07)

cxib

Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 10)
Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 12)
Re: function sleep() in all versions of PHP cxib (May 27)

dann frazier

[SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (May 01)
[SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service dann frazier (May 13)
[SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (May 27)
[SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (May 31)

dave

Re: Cpanel all version >> root access with a reseller account. dave (May 20)

decoder-bugtraq

Sphider 1.3.4 Cross Site Scripting decoder-bugtraq (May 06)
mvnForum 1.1 Cross Site Scripting decoder-bugtraq (May 06)
xt:Commerce possible DoS decoder-bugtraq (May 23)

Deniz Cevik

ZYWALL Referer Header XSS Vulnerability Deniz Cevik (May 08)
Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability Deniz Cevik (May 09)

Devin Carraway

[SECURITY] [DSA 1567-1] New blender packages fix arbitrary code execution Devin Carraway (May 05)
[SECURITY] [DSA 1579-1] New netpbm-free packages fix arbitrary code execution Devin Carraway (May 19)
[SECURITY] [DSA 1586-1] New xine-lib packages fix several vulnerabilities Devin Carraway (May 22)

Digital Security Research Group

[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability Digital Security Research Group (May 21)
[DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution Digital Security Research Group (May 21)
[DSECRG-08-024] Multiple Security Vulnerabilities (RFI,LFI,XSS) in QuateCMS Digital Security Research Group (May 23)
[DSECRG-08-025] Local File Include in OneCMS 2.5 Digital Security Research Group (May 23)

DoZ

XEROX DocuShare URL XSS Injection Vulnerabilities DoZ (May 29)

Dragos Ruiu

FInal EUSecWest 2008 Speakers Dragos Ruiu (May 09)

DVLabs

TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability DVLabs (May 13)

Eloy Paris

Re: Cisco BBSM Captive Portal Cross-site Scripting Eloy Paris (May 14)

erdc

[ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability erdc (May 05)
[ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability erdc (May 05)
[ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability erdc (May 05)
[ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability erdc (May 05)
[ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability erdc (May 05)
[ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability erdc (May 05)

Felix 'FX' Lindner

Re: IOS Rookit: the sky isn't falling (yet) Felix 'FX' Lindner (May 27)

Ferruh Mavituna

DoS attacks using SQL Wildcards - White Paper Ferruh Mavituna (May 19)

Florian Weimer

[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator Florian Weimer (May 13)
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness Florian Weimer (May 14)
[SECURITY] [DSA 1581-1] New gnutls13 packages fix potential code execution Florian Weimer (May 20)
Re: /home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised Florian Weimer (May 22)
[SECURITY] [DSA 1590-1] New samba packages fix arbitrary code execution Florian Weimer (May 30)

Foresight Linux Essential Announcement Service

FLEA-2008-0008-1 firefox Foresight Linux Essential Announcement Service (May 08)

Gadi Evron

Re: Exploiting Google MX servers as Open SMTP Relays Gadi Evron (May 10)
IOS rootkits Gadi Evron (May 17)
An account of the Estonian Internet War Gadi Evron (May 20)
RE: An account of the Estonian Internet War Gadi Evron (May 20)
Re: IOS rootkits (fwd) Gadi Evron (May 26)

Gerald (Jerry) Carter

[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses Gerald (Jerry) Carter (May 28)

Glynn Clements

Re: function sleep() in all versions of PHP Glynn Clements (May 28)

gogulas

function sleep() in all versions of PHP gogulas (May 26)

GomoR

[TOOL] SSL Capable NetCat (and more) GomoR (May 03)

hackerb

dvbbs8.2(access/sql)version login.asp remote sql injection hackerb (May 29)

hadihadi_zedehal_2006

project alumni v1.0.9 (info.php) SQL Injection Vulnerability hadihadi_zedehal_2006 (May 02)
blur6ex-0.3.462 LOCAL FILE INCLUSION Vulnerbility hadihadi_zedehal_2006 (May 02)
Power Editor LOCAL FILE INCLUSION Vulnerbility hadihadi_zedehal_2006 (May 06)
ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities hadihadi_zedehal_2006 (May 08)
Kostenloses Linkmanagementscript SQL Injection Vulnerabilities hadihadi_zedehal_2006 (May 15)
eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities hadihadi_zedehal_2006 (May 20)
e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability hadihadi_zedehal_2006 (May 23)
RoomPHPlanning 1.5 (weekview.php) SQL Injection Vulnerability hadihadi_zedehal_2006 (May 27)

hadikiamarsi

chicomas.2.0.4 hadikiamarsi (May 02)
SiteXS CMS Remote File Upload Vulnerability hadikiamarsi (May 03)
Multiple XSS In TuxCMS All Version hadikiamarsi (May 07)

hollebcons

Re: GroupWise 7.0 mailto: scheme buffer overflow hollebcons (May 03)

houssamix

Joomla Component xsstream-dm 0.01 Beta SQL Injection houssamix (May 12)

iDefense Labs

iDefense Security Advisory 04.30.08: Akamai Download Manager Arbitrary Program Execution Vulnerability iDefense Labs (May 01)
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability iDefense Labs (May 08)
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability iDefense Labs (May 08)
iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability iDefense Labs (May 08)
iDefense Security Advisory 05.12.08: Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability iDefense Labs (May 13)
iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability iDefense Labs (May 13)
iDefense Security Advisory 05.21.08: Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability iDefense Labs (May 21)
iDefense Security Advisory 05.27.08: EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability iDefense Labs (May 27)
iDefense Security Advisory 05.27.08: EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities iDefense Labs (May 27)

info

Hack.lu 2008 CfP info (May 16)

ipsdix

[NSG_28-5-08] CA Internet Security Suite 2008 (UmxEventCli.dll/SaveToFile()) remote file corruption poc ipsdix (May 28)

irancrash

mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln irancrash (May 01)
vlBook 1.21 (ALL VERSION) irancrash (May 01)
php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS) irancrash (May 01)
BlackBook v1.0 Multiple XSS Vulnerabilities irancrash (May 02)
Lifetype 1.2.7 XSS Vulnerability irancrash (May 02)
Zomplog 3.8.2 XSS Vulnerability irancrash (May 02)
Maian Gallery v2.0 XSS Vulnerability irancrash (May 03)
Maian Cart v1.1 XSS Vulnerabilities irancrash (May 03)
Maian Search v1.1 Multiple Vulnerabilities (XSS/SQL INJECTION) irancrash (May 03)
Maian Guestbook v3.2 XSS Vulnerabilities irancrash (May 03)
Maian Weblog v4.0 XSS Vulnerabilities irancrash (May 03)
Maian Greeting v2.1 Multiple Vulnerabilities (XSS/SQL INJECTION) irancrash (May 03)
Maian Support v1.3 Xss Vulnerabilities irancrash (May 03)
Maian Recipe v1.2 Xss Vulnerabilities irancrash (May 03)
Maian Music v1.1 Multiple Vulnerabilities (Xss/SQL Injection) irancrash (May 03)
Maian Links v3.1 XSS Vulnerabilities irancrash (May 03)
Maian Uploader v4.0 XSS Vulnerabilities irancrash (May 05)
LifeType 1.2.8 irancrash (May 05)
Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability irancrash (May 26)

irvian . info

SunShop Version 3.5.1 Remote Blind Sql Injection irvian . info (May 15)

Jamie Strandboge

[USN-606-1] CUPS vulnerability Jamie Strandboge (May 05)
[USN-608-1] KDE vulnerability Jamie Strandboge (May 06)
[USN-607-1] Emacs vulnerabilities Jamie Strandboge (May 06)
[USN-605-1] Thunderbird vulnerabilities Jamie Strandboge (May 06)
[USN-611-1] Speex vulnerability Jamie Strandboge (May 08)
[USN-611-2] vorbis-tools vulnerability Jamie Strandboge (May 08)
[USN-611-3] GStreamer Good Plugins vulnerability Jamie Strandboge (May 09)
[USN-612-1] OpenSSL vulnerability Jamie Strandboge (May 13)
[USN-612-2] OpenSSH vulnerability Jamie Strandboge (May 13)
[USN-612-5] OpenSSH update Jamie Strandboge (May 14)
[USN-612-6] OpenVPN regression Jamie Strandboge (May 14)
[USN-612-8] openssl-blacklist update Jamie Strandboge (May 21)

Jim Harrison

RE: Bypassing URL Authentication and Authorization with HTTP Verb Tampering Jim Harrison (May 29)

Jon Ribbens

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Jon Ribbens (May 16)

J. Oquendo

Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 05)
Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 07)
Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 07)

josh

Vulnerability Advisory on GnuTLS josh (May 20)
Vulnerability Advisory on OpenSSL josh (May 28)

Josh Bressers

Security, Open Source Style Josh Bressers (May 27)

jplopezy

Re: Re: GroupWise 7.0 mailto: scheme buffer overflow jplopezy (May 05)
Microsoft word javascript execution jplopezy (May 19)

Juan Miguel - Prisma Virtual -

Re: function sleep() in all versions of PHP Juan Miguel - Prisma Virtual - (May 27)

Kees Cook

[USN-609-1] OpenOffice.org vulnerabilities Kees Cook (May 07)
[USN-610-1] LTSP vulnerability Kees Cook (May 07)
[USN-612-4] ssl-cert vulnerability Kees Cook (May 14)
[USN-612-7] OpenSSH update Kees Cook (May 20)
[USN-613-1] GnuTLS vulnerabilities Kees Cook (May 21)

Ken Schaefer

RE: Microsot DID DISCLOSE potential Backdoor Ken Schaefer (May 06)
RE: Microsot DID DISCLOSE potential Backdoor Ken Schaefer (May 07)

lament hero

Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 09)
Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 15)

Lamont Granquist

Re: Exploiting Google MX servers as Open SMTP Relays Lamont Granquist (May 12)

laurent . gaffie

Novell Client <= 4.91 SP4 Local Stack overflow / B.S.O.D (unauthentificated user) laurent . gaffie (May 08)

linux0day

Vulnerability in Multiple Web Application linux0day (May 07)

LiveCart

Fixed: LiveCart SQL injection vulnerability fixed since version 1.1.2 LiveCart (May 03)

lovebug

PHP-Nuke Module KuraniKerim [sid] SQL Injection lovebug (May 17)

Luigi Auriemma

Denial of Service in Call of Duty 4 1.5 Luigi Auriemma (May 02)
Multiple vulnerabilities in WebMod 0.48 Luigi Auriemma (May 03)

luiswang

Re: netOffice Dwins 1.3 Remote code execution. luiswang (May 02)

Mark Crowther

IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability Mark Crowther (May 22)

Mark Sanders

Re: function sleep() in all versions of PHP Mark Sanders (May 26)

martin . meredith

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php martin . meredith (May 21)

Marvin Simkin

Calcium web calendar: Reflected XSS Marvin Simkin (May 28)

Matias Blanco

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php Matias Blanco (May 21)

Matteo Carli

XSS and CSRF vulnerability on Cpanel 11 Matteo Carli (May 09)

mefisto

FlashBlog Remote File Upload Vulnerability mefisto (May 29)

Michael G. Reed

Re: function sleep() in all versions of PHP Michael G. Reed (May 27)

Michael Scheidell

Re: Exploiting Google MX servers as Open SMTP Relays Michael Scheidell (May 10)

Michael Wojcik

RE: function sleep() in all versions of PHP Michael Wojcik (May 28)

Michal Zalewski

[tool announcement] tmin - a handy fuzzing test case optimizer Michal Zalewski (May 06)

mkanat

Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5 mkanat (May 06)

mm

Debian generated SSH-Keys working exploit mm (May 15)

m . morcote

Re: VisualSentinel 0.7 Cross Agent Scripting Vulnerability m . morcote (May 31)

Moritz Muehlenhoff

[SECURITY] [DSA 1574-1] New icedove packages fix several vulnerabilities Moritz Muehlenhoff (May 12)

my

vuln in WordPress plugin Upload File(UP) my (May 24)

narita.hiroo

rPSA-2008-0157-1 kernel narita.hiroo (May 07)

Nicob

Novell eDirectory DoS via HTTP headers Nicob (May 05)
Novell eDirectory unauthenticated access to SOAP interface Nicob (May 05)

Nicolas FISCHBACH

IOS Rookit: the sky isn't falling (yet) Nicolas FISCHBACH (May 27)

Noah Meyerhans

[SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness Noah Meyerhans (May 16)

none

Re: vuln in WordPress plugin Upload File(UP) none (May 26)

organiser () syscan org

Confirmed Program for SyScan'08 Hong Kong organiser () syscan org (May 12)

output

www file share pro 5.30 insecure multiple output (May 21)

pablo . ximenes

Exploiting Google MX servers as Open SMTP Relays pablo . ximenes (May 07)
Re: Re: Exploiting Google MX servers as Open SMTP Relays pablo . ximenes (May 12)
Re: Re: Re: Exploiting Google MX servers as Open SMTP Relays pablo . ximenes (May 21)

Paul Craig

Malformed Acrobat Distiller 8 .joboptions Paul Craig (May 14)

Paul Szabo

Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Paul Szabo (May 19)

pi3

Mtr - remote and local stack overflow - uncomment situation in libresolv. pi3 (May 20)

Pierre-Yves Rofes

[ GLSA 200805-01 ] Horde Application Framework: Multiple vulnerabilities Pierre-Yves Rofes (May 06)
[ GLSA 200805-02 ] phpMyAdmin: Information disclosure Pierre-Yves Rofes (May 06)
[ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities Pierre-Yves Rofes (May 08)
[ GLSA 200805-09 ] MoinMoin: Privilege escalation Pierre-Yves Rofes (May 12)
[ GLSA 200805-10 ] Pngcrush: User-assisted execution of arbitrary code Pierre-Yves Rofes (May 12)
[ GLSA 200805-11 ] Chicken: Multiple vulnerabilities Pierre-Yves Rofes (May 13)
[ GLSA 200805-12 ] Blender: Multiple vulnerabilities Pierre-Yves Rofes (May 13)
[ GLSA 200805-13 ] PTeX: Multiple vulnerabilities Pierre-Yves Rofes (May 13)
[ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code Pierre-Yves Rofes (May 13)

Praburaajan

Photos and Presentation Materials from HITBSecConf2008 - Dubai Released Praburaajan (May 03)
CFP for HITBSecConf2008 - Malaysia now open Praburaajan (May 17)

Ricardo Martins - Chief Security Officers

PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script Ricardo Martins - Chief Security Officers (May 23)

rick . a . cook

Re: After 6 months - fix available for Microsoft DNS cache poisoning attack rick . a . cook (May 08)

Robbie (Rupinder) Gill

Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities (Aruba Advisory ID: AID-051408) Robbie (Rupinder) Gill (May 15)

Robert Buchholz

[ GLSA 200805-08 ] InspIRCd: Denial of Service Robert Buchholz (May 09)
[ GLSA 200805-07 ] Linux Terminal Server Project: Multiple vulnerabilities Robert Buchholz (May 09)
[ GLSA 200805-06 ] Firebird: Data disclosure Robert Buchholz (May 09)
[ GLSA 200805-16 ] OpenOffice.org: Multiple vulnerabilities Robert Buchholz (May 14)
[ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities Robert Buchholz (May 20)
[ GLSA 200805-19 ] ClamAV: Multiple vulnerabilities Robert Buchholz (May 20)
[ GLSA 200805-20 ] GnuTLS: Execution of arbitrary code Robert Buchholz (May 22)

rPath Update Announcements

rPSA-2008-0157-1 kernel rPath Update Announcements (May 02)
rPSA-2008-0162-1 kernel rPath Update Announcements (May 07)
rPSA-2008-0174-1 gnutls rPath Update Announcements (May 22)
rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements (May 23)
rPSA-2008-0177-1 emacs emacs-leim rPath Update Announcements (May 27)
rPSA-2008-0178-1 php php-mysql php-pgsql rPath Update Announcements (May 28)
rPSA-2008-0105-1 evolution rPath Update Announcements (May 28)

rwann

Re: [HV-INFO] Enova hardware encryption: false sense of security rwann (May 29)
Re: [HV-INFO] Enova hardware encryption: false sense of security rwann (May 29)

sales

Re: BosNews v4.0 Remote add user admin sales (May 24)

Sebastien Deleersnyder

Invitation - OWASP AppSec Europe May 19-22 2008 - Belgium Sebastien Deleersnyder (May 06)

Secunia Research

Secunia Research: Foxit Reader "util.printf()" Buffer Overflow Secunia Research (May 20)
Secunia Research: Samba "receive_smb_raw()" Buffer Overflow Vulnerability Secunia Research (May 29)
Secunia Research: imlib2 PNM and XPM Buffer Overflow Secunia Research (May 29)

security

[ MDVSA-2008:095 ] - Updated OpenOffice.org packages fix vulnerabilities security (May 02)
[ MDVSA-2008:097 ] - Updated kdelibs packages fix vulnerability in start_kdeinit security (May 07)
[ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff security (May 07)
[ MDVSA-2008:098 ] - Updated openssh packages fix vulnerability security (May 07)
[ MDVSA-2008:099 ] - Updated ImageMagick packages fix vulnerabilities security (May 09)
[ MDVSA-2008:100 ] - Updated perl packages fix denial of service vulnerability security (May 12)
[ MDVSA-2008:102 ] - Updated libvorbis packages fix vulnerabilities security (May 16)
[ MDVSA-2008:101 ] - Updated rdesktop packages fix vulnerabilities security (May 16)
[ MDVSA-2008:103 ] - Updated libid3tag packages fix denial of service vulnerability security (May 20)
[ MDVSA-2008:105 ] - Updated kernel packages fix vulnerabilities security (May 21)
[ MDVSA-2008:106 ] - Updated gnutls packages fix denial of service vulnerabilities security (May 24)
[ MDVSA-2008:107 ] - Updated openssl package fixes denial of service vulnerabilities security (May 28)
[ MDVSA-2008:108 ] - Updated samba packages fix arbitrary code execution vulnerability security (May 29)

security-alert

HPSBUX02324 SSRT080034 rev.1 - HP-UX Running Netscape Directory Server (NDS), Local Gain Extended Privileges security-alert (May 06)
HPSBUX02332 SSRT080056 rev.1 - HP-UX running Apache with PHP, Remote Denial of Service (DoS), Gain Extended Privileges security-alert (May 06)
[security bulletin] HPSBMA02331 SSRT080000 rev.2 - HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges security-alert (May 06)
[security bulletin] HPSBUX02334 SSRT071403 rev.1 - HP-UX Running ftp, Remote Denial of Service (DoS) security-alert (May 12)
[security bulletin] HPSBST02336 SSRT080071 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029 security-alert (May 20)
[security bulletin] HPSBUX02335 SSRT071454 rev.1 - HP-UX Running useradd(1M), Local Unauthorized Access security-alert (May 20)
[security bulletin] HPSBUX02332 SSRT080056 rev.2 - HP-UX Running Apache With PHP, Remote Denial of Service (DoS), Gain Extended Privileges security-alert (May 20)
[security bulletin] HPSBUX02337 SSRT080072 rev.1 - HP-UX Running HP-UX Secure Shell, Local Unauthorized Access and Denial of Service (DoS) security-alert (May 22)
[security bulletin] HPSBUX02335 SSRT071454 rev.2 - HP-UX Running useradd(1M), Local Unauthorized Access security-alert (May 27)
[security bulletin] HPSBUX02334 SSRT071403 rev.2 - HP-UX Running ftp, Remote Denial of Service (DoS) security-alert (May 28)

security curmudgeon

Re: CORE-2008-0126: Multiple vulnerabilities in iCal security curmudgeon (May 27)

securityfocus

Re: Lifetype 1.2.7 XSS Vulnerability securityfocus (May 05)

Security Objectives, Inc.

SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability Security Objectives, Inc. (May 26)

skyline

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php skyline (May 27)

sohotguy

Re: Apple iPhone 1.1.3 remote DoS exploit sohotguy (May 19)

Stefan Esser

Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability Stefan Esser (May 06)
Advisory SE-2008-03: PHP Multibyte Shell Command Escaping Bypass Vulnerability Stefan Esser (May 06)

Stefano Zanero

CFP: European Conference on Computer Network Defense Stefano Zanero (May 14)

Steffen Wendzel

XSS in AstroCam Steffen Wendzel (May 01)

Steve Kemp

[SECURITY] [DSA 1566-1] New cpio packages fix denial of service Steve Kemp (May 02)
[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code Steve Kemp (May 06)
[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code Steve Kemp (May 21)
[SECURITY] [DSA 1587-1] New mtr packages fix execution of arbitrary code Steve Kemp (May 26)

Steven M. Christey

Re: CORE-2008-0126: Multiple vulnerabilities in iCal Steven M. Christey (May 28)

sys-project

Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit sys-project (May 05)
SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit sys-project (May 09)
StanWeb.CMS (default.asp id) Remote SQL Injection Exploit sys-project (May 17)

tan_prathan

Wordpress Malicious File Execution Vulnerability tan_prathan (May 19)
AppServ Open Project < = 2.5.10 Remote XSS Vulnerability tan_prathan (May 20)
Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability tan_prathan (May 20)
PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability tan_prathan (May 22)
phpSQLiteCMS Multiple Remote XSS Vulnerability tan_prathan (May 22)
Exteen Blog XSS Remote Cookie Disclosure Exploit tan_prathan (May 22)
BMForum Remote 5.6 Miltiple XSS Vulnerability tan_prathan (May 22)
Mini-CWB <= 2.1.1 Remote XSS Vulnerability tan_prathan (May 26)

Team SHATTER

Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15) Team SHATTER (May 01)
Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02) Team SHATTER (May 01)
Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) Team SHATTER (May 01)

Thijs Kinkhorst

[SECURITY] [DSA 1564-1] New wordpress packages fix several vulnerabilities Thijs Kinkhorst (May 01)
[SECURITY] [DSA 1568-1] New b2evolution packages fix cross site scripting Thijs Kinkhorst (May 05)
[SECURITY] [DSA 1569-1] New cacti packages fix multiple vulnerabilities Thijs Kinkhorst (May 05)
[SECURITY] [DSA 1569-2] New cacti packages fix regression Thijs Kinkhorst (May 06)
[SECURITY] [DSA 1554-2] New roundup packages fix regression Thijs Kinkhorst (May 06)
[SECURITY] [DSA 1573-1] New rdesktop packages fix several vulnerabilities Thijs Kinkhorst (May 12)
[SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities Thijs Kinkhorst (May 12)
[SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities Thijs Kinkhorst (May 12)
[SECURITY] [DSA 1577-1] New gforge packages fix insecure temporary files Thijs Kinkhorst (May 14)
[SECURITY] [DSA 1578-1] New php4 packages fix several vulnerabilities Thijs Kinkhorst (May 17)
[SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation Thijs Kinkhorst (May 20)
[SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution Thijs Kinkhorst (May 20)
[SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities Thijs Kinkhorst (May 20)

Tim

Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tim (May 19)

Tobias Heinlein

[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation Tobias Heinlein (May 07)
[ GLSA 200805-15 ] libid3tag: Denial of Service Tobias Heinlein (May 14)
[ GLSA 200805-17 ] Perl: Execution of arbitrary code Tobias Heinlein (May 20)
[ GLSA 200805-21 ] Roundup: Permission bypass Tobias Heinlein (May 27)
[ GLSA 200805-23 ] Samba: Heap-based buffer overflow Tobias Heinlein (May 29)
[ GLSA 200805-22 ] MPlayer: User-assisted execution of arbitrary code Tobias Heinlein (May 29)

Todd T. Fries

Re: Exploiting Google MX servers as Open SMTP Relays Todd T. Fries (May 10)
Re: Exploiting Google MX servers as Open SMTP Relays Todd T. Fries (May 10)

Tom . Donovan

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 15)
Re: Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 19)

Tomi Tuominen

T2'08: Call for Papers 2008 (Helsinki / Finland) Tomi Tuominen (May 26)

unohope

Excuse Online (pwd) SQL Injection Vulnerability unohope (May 26)
phpFix v2 Multiple SQL Injection Vulnerability unohope (May 26)
Class System v2.3 Multiple Remote Vulnerabilities unohope (May 26)
Campus Bulletin Board v3.4 Multiple Remote Vulnerabilities unohope (May 26)
Repair Online v1.2 (sentout) Create Admin Vulnerability unohope (May 26)

Viktor Larionov

RE: An account of the Estonian Internet War Viktor Larionov (May 20)

VMware Security team

VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues VMware Security team (May 30)

Walker, Theresa A CIV DISA CSD

RE: Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities (UNCLASSIFIED) Walker, Theresa A CIV DISA CSD (May 15)

William A. Rowe, Jr.

Correction to BID 29112 "Apache Server HTML Injection and UTF-7 XSS Vulnerability" William A. Rowe, Jr. (May 14)
Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability William A. Rowe, Jr. (May 19)

Williams, James K

CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities Williams, James K (May 20)

yos20053

Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 12)
Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 17)

zdi-disclosures

ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability zdi-disclosures (May 13)
ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability zdi-disclosures (May 15)
ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability zdi-disclosures (May 15)
ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability zdi-disclosures (May 20)
ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow zdi-disclosures (May 20)
ZDI-08-028: IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability zdi-disclosures (May 22)
ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability zdi-disclosures (May 22)
ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability zdi-disclosures (May 22)
ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability zdi-disclosures (May 22)
ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerability zdi-disclosures (May 27)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]