Bugtraq: by thread

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: by thread

298 messages starting Jan 01 09 and ending Jan 30 09
Date index | Thread index | Author index

Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit i9p (Jan 01)
- Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit Eugene Teo (Jan 05)
- Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit Shaochun Wang (Jan 09)
- <Possible follow-ups>
- Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit joris (Jan 03)
Re: apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit‎ ms5ote (Jan 01)
A tool to identify the MD5 certs on FF Memisyazici, Aras (Jan 02)
[SECURITY] [DSA 1694-1] New xterm packages fix remote code execution Florian Weimer (Jan 03)
[SECURITY] [DSA 1695-1] New Ruby packages fix denial of service Florian Weimer (Jan 03)
Top 5-ish Threats to Watch for in 2009 Pete Herzog (Jan 05)
PollPro 3.0 XSRF VuLn. b4DchiLd (Jan 05)
Call for papers and trainers - SeacureIT 2009 Stefano Zanero (Jan 05)
Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability. Aditya K Sood (Jan 05)
SolucionWeb (main.php?id_area) Remote SQL injection Vulnerability Ehsan_Hp200 (Jan 05)
php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ l1un (Jan 05)
- Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ Slack Traq (Jan 06)
- <Possible follow-ups>
- Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ a (Jan 05)
- Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ faze0r (Jan 05)
Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit crimson . loyd (Jan 05)
ANNOUNCE: RFIDIOt ver 01.v released - Jan 2009 Adam Laurie (Jan 05)
MSFXDC Metasploit eXploits Development Contest Jerome Athias (Jan 05)
Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal vuln_research (Jan 05)
[USN-702-1] Samba vulnerability Marc Deslauriers (Jan 05)
[Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF Fernando Gont (Jan 06)
- Re: [Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF Jerome Athias (Jan 08)
[SECURITY] [DSA 1694-2] New xterm packages fix regression Florian Weimer (Jan 06)
[USN-703-1] xterm vulnerability Kees Cook (Jan 06)
New WHID web hacking incidents Ofer Shezaf (Jan 06)
VUPLAYER BufferOver flow POC alphanix00 (Jan 06)
Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities Secunia Research (Jan 07)
[oCERT-2008-016] Multiple OpenSSL signature verification API misuses Will Drewry (Jan 07)
PHP-Fusion Mod Members Bewerb Sql Injection r3d . w0rm (Jan 07)
Cisco Security Advisory: Cisco Global Site Selector Appliances DNS Vulnerability Cisco Systems Product Security Incident Response Team (Jan 07)
Plunet BusinessManager failure in access controls and multiple stored cross site scripting Matteo Ignaccolo (Jan 07)
- Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting Stefano Zanero (Jan 09)
- <Possible follow-ups>
- Plunet BusinessManager failure in access controls and multiple stored cross site scripting Matteo Ignaccolo (Jan 07)
CFP: COLSEC 2009 Patrice CLEMENTE (Jan 07)
Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow Secunia Research (Jan 07)
[USN-701-2] Thunderbird vulnerabilities Jamie Strandboge (Jan 07)
PHP-Fusion Mod E-Cart Sql Injection r3d . w0rm (Jan 07)
[USN-701-1] Thunderbird vulnerabilities Jamie Strandboge (Jan 07)
[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities Steffen Joeris (Jan 07)
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities Steffen Joeris (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-09:02.openssl FreeBSD Security Advisories (Jan 07)
FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd FreeBSD Security Advisories (Jan 07)
CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability Williams, James K (Jan 07)
[USN-704-1] OpenSSL vulnerability Jamie Strandboge (Jan 08)
PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability irancrash (Jan 08)
[IBM Datapower XS40] Denial of Service erik (Jan 08)
- <Possible follow-ups>
- Re: [IBM Datapower XS40] Denial of Service terrordactylspam (Jan 08)
CORE-2008-1128: Openfire multiple vulnerabilities CORE Security Technologies Advisories (Jan 08)
LayerOne 2009 Call for Papers LayerOne Call For Papers (Jan 08)
AST-2009-001: Information leak in IAX2 authentication Asterisk Security Team (Jan 08)
[USN-705-1] NTP vulnerability Jamie Strandboge (Jan 08)
[USN-706-1] Bind vulnerability Jamie Strandboge (Jan 09)
[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection Thijs Kinkhorst (Jan 09)
ShakaCon 2009 Call for Papers and Trainers Shakacon (Jan 09)
Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point mad-vaittes (Jan 09)
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)
  - Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Steve Shockley (Jan 09)
    - Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)
Java Runtime UTF-8 Decoder Smuggling Vector William A. Rowe, Jr. (Jan 09)
[ MDVSA-2009:003 ] python security (Jan 10)
[ MDVSA-2009:004 ] pam_mount security (Jan 10)
[ MDVSA-2009:002 ] bind security (Jan 10)
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) security curmudgeon (Jan 10)
- Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) Joxean Koret (Jan 10)
  - RE: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (Oracle CPU April 2008 DB11) Integrigy Alerts (Jan 12)
[ GLSA 200901-01 ] NDISwrapper: Arbitrary remote code execution Robert Buchholz (Jan 12)
[ GLSA 200901-02 ] JHead: Multiple vulnerabilities Robert Buchholz (Jan 12)
Comersus Shopping Cart <= v6 Remote User Pass Exploit ajannhwt (Jan 12)
[ GLSA 200901-03 ] pdnsd: Denial of Service and cache poisoning Robert Buchholz (Jan 12)
[ GLSA 200901-04 ] D-Bus: Denial of Service Robert Buchholz (Jan 12)
Hack Aethra SV 1042 Adsl/Voip Router SmoKe (Jan 12)
[SECURITY] [DSA 1699-1] New zaptel packages fix privilege escalation Florian Weimer (Jan 12)
PHP Buffer Overflow(popen) ew1zz (Jan 12)
[ GLSA 200901-05 ] Streamripper: Multiple vulnerabilities Pierre-Yves Rofes (Jan 12)
[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below Nam Nguyen (Jan 12)
[TKADV2009-001] Sun Solaris aio_suspend() Kernel Integer Overflow Vulnerability Tobias Klein (Jan 12)
[USN-707-1] CUPS vulnerabilities Marc Deslauriers (Jan 12)
[SECURITY] [DSA 1700-1] New lasso packages fix validation bypass Moritz Muehlenhoff (Jan 12)
[TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities Tobias Klein (Jan 12)
[ GLSA 200901-06 ] Tremulous: User-assisted execution of arbitrary code Pierre-Yves Rofes (Jan 12)
[ MDVSA-2009:005 ] xterm security (Jan 12)
SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei organiser () syscan org (Jan 12)
Visuplay CMS SQL injection vulnerability joseph . giron13 (Jan 12)
[security bulletin] HPSBMA02392 SSRT071481 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert (Jan 12)
[SECURITY] [DSA 1701-1] New OpenSSL packages fix cryptographic weakness Florian Weimer (Jan 12)
[ GLSA 200901-07 ] MPlayer: Multiple vulnerabilities Tobias Heinlein (Jan 12)
[SECURITY] [DSA 1702-1] New ntp packages fix cryptographic weakness Florian Weimer (Jan 12)
[SECURITY] [DSA 1703-1] New bind9 packages fix cryptographic weakness Florian Weimer (Jan 12)
Secunia Research: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities Secunia Research (Jan 13)
PDFBuilderX 2.2 Arbitrary File Overwrite fakeperson7 (Jan 13)
[ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code Robert Buchholz (Jan 13)
[ GLSA 200901-08 ] Online-Bookmarks: Multiple vulnerabilities Pierre-Yves Rofes (Jan 13)
[ MDVSA-2009:006 ] openoffice.org security (Jan 13)
ANNOUNCE: DEFCON London - DC4420 - January meet - Thursday 15th Jan 2009 Major Malfunction (Jan 13)
rPSA-2009-0006-1 samba samba-client samba-server samba-swat rPath Update Announcements (Jan 13)
iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'symWidths' Heap Overflow Vulnerability iDefense Labs (Jan 13)
ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability zdi-disclosures (Jan 13)
ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability zdi-disclosures (Jan 13)
rPSA-2009-0005-1 git gitweb rPath Update Announcements (Jan 13)
rPSA-2009-0007-1 pam_krb5 rPath Update Announcements (Jan 13)
[USN-708-1] HPLIP vulnerability Marc Deslauriers (Jan 13)
iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'bitmaps' Heap Overflow Vulnerability iDefense Labs (Jan 13)
iDefense Security Advisory 01.13.09: RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability iDefense Labs (Jan 13)
FreeBSD Security Advisory FreeBSD-SA-09:04.bind FreeBSD Security Advisories (Jan 14)
iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability iDefense Labs (Jan 14)
Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability Laurent Butti (Jan 14)
phpList <= 2.10.8 Local File inclusion admin (Jan 14)
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability iDefense Labs (Jan 14)
- Re: iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability security curmudgeon (Jan 15)
- <Possible follow-ups>
- iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability iDefense Labs (Jan 14)
Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2 David Litchfield (Jan 14)
[ MDVSA-2009:007 ] ntp security (Jan 14)
WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible Brian Dowling (Jan 14)
RE: DoS code for Cisco VLAN Trunking Protocol Vulnerability Paul Oxman (poxman) (Jan 14)
- <Possible follow-ups>
- DoS code for Cisco VLAN Trunking Protocol Vulnerability showrun . lee (Jan 14)
Oracle CPU Jan 2009 Advisories. Alexandr Polyakov (Jan 14)
PR08-19: XSS on Cisco IOS HTTP Server ProCheckUp Research (Jan 14)
Cisco Security Advisory: Cisco ONS Platform Crafted Packet Vulnerability Cisco Systems Product Security Incident Response Team (Jan 14)
[ MDVSA-2009:008 ] qemu security (Jan 14)
Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 14)
[ MDVSA-2009:009 ] kvm security (Jan 14)
[ MDVSA-2009:010 ] qemu security (Jan 14)
Call for Papers: Cyber Warfare kgconference (Jan 14)
Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities Cisco Systems Product Security Incident Response Team (Jan 14)
OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit crimson . loyd (Jan 14)
[TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Dereference Thierry Zoller (Jan 14)
[SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities Steffen Joeris (Jan 14)
ZDI-09-003: Oracle Secure Backup exec_qr() Command Injection Vulnerability zdi-disclosures (Jan 14)
ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability zdi-disclosures (Jan 14)
Oracle Secure Backup 10g Remote Code Execution Joxean Koret (Jan 14)
Oracle TimesTen Remote Format String Joxean Koret (Jan 14)
[ GLSA 200901-10 ] GnuTLS: Certificate validation error Pierre-Yves Rofes (Jan 15)
[ GLSA 200901-11 ] Avahi: Denial of Service Pierre-Yves Rofes (Jan 15)
TFTPUtil GUI TFTP Directory Traversal vuln_research (Jan 15)
TFTPUtil GUI TFTP Server Denial of Service Vulnerability vuln_research (Jan 15)
Windows NTP Time Server Syslog Monitor 1.0.000 Denial of Service Vulnerability vuln_research (Jan 15)
Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow security curmudgeon (Jan 15)
[ MDVSA-2009:011 ] virtualbox security (Jan 15)
Oracle Secure Backup Multiple Denial Of Service vulnerabilities noreply-secresearch () fortinet com (Jan 15)
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability noreply-secresearch () fortinet com (Jan 15)
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability noreply-secresearch () fortinet com (Jan 15)
ANNOUNCE: apache_1.3.41+ssl_1.60 released Adam Laurie (Jan 15)
Errata: [TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Dereference Thierry Zoller (Jan 15)
[TZO-2009-2] Avira Antivir - Priviledge escalation Thierry Zoller (Jan 15)
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1 come2waraxe (Jan 15)
[SECURITY] [DSA 1705-1] New netatalk packages fix arbitrary code execution Nico Golde (Jan 15)
[USN-709-1] tar vulnerability Jamie Strandboge (Jan 15)
[SECURITY] [DSA 1707-1] New iceweasel packages fix several vulnerabilities Steffen Joeris (Jan 15)
[ MDVSA-2009:012 ] mozilla-thunderbird security (Jan 15)
[SECURITY] [DSA 1706-1] New amarok packages fix arbitrary code execution Moritz Muehlenhoff (Jan 15)
[USN-700-2] Perl regression Kees Cook (Jan 15)
Syslserve 1.058 Denial of Service Vulnerability vuln_research (Jan 16)
[ MDVSA-2009:014 ] mplayer security (Jan 16)
[ MDVSA-2009:013 ] mplayer security (Jan 16)
[ MDVSA-2009:015 ] ffmpeg security (Jan 16)
DMXReady Blog Manager (SQL/XSS) pouya . s3rver (Jan 16)
Active Bids pouya . s3rver (Jan 16)
Announce: RSBAC 1.4.0 released Amon Ott (Jan 16)
[ MDVSA-2009:016 ] xen security (Jan 16)
[ MDVSA-2009:017 ] kdebase security (Jan 16)
Excel Viewer OCX 3.1/3.2 Denial of Service PoC alphanix00 (Jan 16)
Sagem router f () st 2404 remote reset poc alphanix00 (Jan 16)
FBI XSS Vulnerability sohrab_behroozian (Jan 17)
[ MDVSA-2009:018 ] tomcat5 security (Jan 17)
53KF Web IM 2009 Cross-Site Scripting Vulnerabilities Heart (Jan 19)
Ralinktech wireless cards drivers vulnerability springsec (Jan 19)
[Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow. vulns (Jan 19)
[ GLSA 200901-12 ] noip-updater: Execution of arbitrary code Pierre-Yves Rofes (Jan 19)
Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability Aditya K Sood (Jan 19)
Web Hacking Incidents update for Jan 19th Ofer Shezaf (Jan 19)
[ MDVSA-2009:019 ] imlib2 security (Jan 19)
[SECURITY] [DSA 1708-1] New Git packages fix remote code execution Florian Weimer (Jan 19)
Secunia Research: EasyHDR Pro Radiance RGBE Buffer Overflow Secunia Research (Jan 20)
Cybershade CMS Remote File include vulnerability security (Jan 20)
[ANNOUNCE] Apache Jackrabbit 1.5.2 released Jukka Zitting (Jan 20)
Microsoft Bluetooth Stack OBEX Directory Traversal alberto . morenot (Jan 20)
Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server Eduardo Vela (Jan 20)
- Message not available
  - Re: [Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server Mark Thomas (Jan 21)
Secunia Research: Trend Micro Network Security Component Vulnerabilities Secunia Research (Jan 20)
[security bulletin] HPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Jan 20)
MoinMoin Wiki Engine XSS Vulnerability swhite (Jan 20)
Re: Remote Cisco IOS FTP exploit security curmudgeon (Jan 20)
- Re: Remote Cisco IOS FTP exploit Russell L. Smoak (Jan 20)
Secunia Research: OpenSG Radiance RGBE Buffer Overflow Vulnerability Secunia Research (Jan 20)
rPSA-2009-0009-1 bind bind-utils rPath Update Announcements (Jan 20)
Videos from HITBSecConf2008 - Malaysia released! Praburaajan (Jan 20)
rPSA-2009-0011-1 perl rPath Update Announcements (Jan 20)
rPSA-2009-0008-1 openssl rPath Update Announcements (Jan 20)
rPSA-2009-0010-1 ntp ntp-utils rPath Update Announcements (Jan 20)
[ GLSA 200901-13 ] Pidgin: Multiple vulnerabilities Pierre-Yves Rofes (Jan 20)
rPSA-2009-0014-1 hplip rPath Update Announcements (Jan 20)
[SECURITY] [DSA 1709-1] New shadow packages fix privilege escalation Thijs Kinkhorst (Jan 21)
[SECURITY] [DSA 1693-2] New phppgadmin packages fix regression Thijs Kinkhorst (Jan 21)
CfP: 16th ACM Conference on Computer and Communications Security (CCS) 2009 Christopher Kruegel (Jan 21)
[DSECRG-09-004] AXIS 70U Network Document Server - Privilege Escalation and XSS Digital Security Research Group (Jan 21)
Cisco Security Advisory: Cisco Security Manager Vulnerability Cisco Systems Product Security Incident Response Team (Jan 21)
Cisco Security Advisory: Cisco Unified Communications Manager CAPF Denial of Service Vulnerability` Cisco Systems Product Security Incident Response Team (Jan 21)
Joomla component beamospetition 1.0.12 Sql Injection vds_s (Jan 21)
[IMF 2009] Call for Papers Oliver Goebel (Jan 21)
Digital Security opens a site of its research center DSec Research Group Digital Security Research Group (Jan 21)
[ GLSA 200901-14 ] Scilab: Insecure temporary file usage Pierre-Yves Rofes (Jan 21)
[ MDVSA-2009:024 ] php4 security (Jan 22)
Asp-project Cookie Handling r3d . w0rm (Jan 22)
[ MDVSA-2009:020 ] xine-lib security (Jan 22)
ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability zdi-disclosures (Jan 22)
ZDI-09-008: Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability zdi-disclosures (Jan 22)
[ MDVSA-2009:022 ] php security (Jan 22)
ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability zdi-disclosures (Jan 22)
[ GLSA 200901-15 ] Net-SNMP: Denial of Service Pierre-Yves Rofes (Jan 22)
VUPlayer 2.49 .ASX local universal BOF exploit maroc-anti-connexion (Jan 22)
[ MDVSA-2009:023 ] php security (Jan 22)
[ MDVSA-2009:021 ] php security (Jan 22)
ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability zdi-disclosures (Jan 22)
- Re: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability security curmudgeon (Jan 26)
[TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities Tobias Klein (Jan 22)
Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow Secunia Research (Jan 23)
PHP-Nuke 8.0 Downloads Blind Sql Injection r3d . w0rm (Jan 23)
[ MDVSA-2009:025 ] pidgin security (Jan 23)
BBSxp Xss vulnerability arashps0 (Jan 23)
[ MDVSA-2009:026 ] phpMyAdmin security (Jan 23)
Oblog XSS valnerability arash . setayeshi (Jan 23)
- <Possible follow-ups>
- Re: Oblog XSS valnerability dan . crowley (Jan 26)
ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability zdi-disclosures (Jan 23)
Problems with syscall filtering technologies on Linux Chris Evans (Jan 26)
VUplayer (.wax file) local buffer overflow crash exploit storms0uth (Jan 26)
MediaMonkey 3.0.6 (.m3u file) Local Buffer Overflow PoC alphanix00 (Jan 26)
[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS office (Jan 26)
Lootan(kedor) Sql Injection vulnerability arash . setayeshi (Jan 26)
SonyEricsson WAP Push Denial of Service Mobile Security Lab (Jan 26)
Nokia Multimedia Player (.AVI File) Null Dereference Pointer Exploit alphanix00 (Jan 26)
LDF Sql injection vulnerability arash . setayeshi (Jan 26)
/bin/login DoS remains after DSA-1709 Paul Szabo (Jan 26)
Re: [Full-disclosure] ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability Juha-Matti Laurio (Jan 26)
Re: munky-bliki lfi security curmudgeon (Jan 26)
Browse3d (.sfs file) Local Stack Overflow Exploit alphanix00 (Jan 26)
Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200 thadeum (Jan 26)
EleCard MPEG PLAYER (.m3u file) Local Stack Overflow Exploit alphanix00 (Jan 26)
[ MDVSA-2009:027 ] cups security (Jan 26)
[SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote code execution Steffen Joeris (Jan 26)
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities Williams, James K (Jan 26)
WB News v2.0.X Remote File include .. security (Jan 26)
Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c) maroc-anti-connexion (Jan 26)
[SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution Nico Golde (Jan 26)
[USN-710-1] xine-lib vulnerabilities Marc Deslauriers (Jan 26)
[USN-711-1] KTorrent vulnerabilities Marc Deslauriers (Jan 26)
Re: FUD Forum < 2.7.1 PHP code injection vurnelability riklaunim (Jan 27)
NewsCMSlite Insecure Cookie Handling admin (Jan 27)
ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1) ACROS Security (Jan 27)
[USN-712-1] Vim vulnerabilities Marc Deslauriers (Jan 27)
Secunia Research: OpenX Multiple Vulnerabilities Secunia Research (Jan 27)
- <Possible follow-ups>
- Re: Secunia Research: OpenX Multiple Vulnerabilities scott . switzer (Jan 29)
OpenX 2.6.3 - Local File Inclusion admin (Jan 27)
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) Williams, James K (Jan 27)
JetAudio Basic 7.0.3 BufferOverFlow PoC alphanix00 (Jan 27)
SAP NetWeaver XSS Vulnerability Martin Suess (Jan 27)
Total video player 1.3.7 local buffer overflow universal exploit maroc-anti-connexion (Jan 27)
CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities Williams, James K (Jan 27)
Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability Salvatore \"drosophila\" Fresta (Jan 27)
[ MDVSA-2009:030 ] amarok security (Jan 27)
Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability Salvatore \"drosophila\" Fresta (Jan 27)
Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass Salvatore \"drosophila\" Fresta (Jan 28)
[USN-713-1] openjdk-6 vulnerabilities Kees Cook (Jan 28)
CONFidence 2009, Final CfP Andrzej Targosz (Jan 28)
Web Hacking Incidents update for Jan 28th Ofer Shezaf (Jan 28)
Internet explorer 7.0 stack overflow jplopezy (Jan 28)
- <Possible follow-ups>
- Re: Internet explorer 7.0 stack overflow jplopezy (Jan 29)
  - Re[2]: Internet explorer 7.0 stack overflow Vladimir '3APA3A' Dubrovin (Jan 30)
Re: DoS attacks on MIME-capable software via complex MIME emails Dave English (Jan 28)
CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities Core Security Technologies Advisories (Jan 28)
Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability. Aditya K Sood (Jan 28)
- Re: Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability. Michal Zalewski (Jan 29)
[SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 28)
[TKADV2009-004] FFmpeg Type Conversion Vulnerability Tobias Klein (Jan 28)
[SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution Moritz Muehlenhoff (Jan 28)
[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising Devin Carraway (Jan 29)
[security bulletin] HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert (Jan 29)
dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit alphanix00 (Jan 29)
[security bulletin] HPSBMP02404 SSRT090014 rev.1 - MPE/iX Running BIND/iX, Remote DNS Cache Poisoning security-alert (Jan 29)
Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet) DoZ (Jan 29)
Oracle Application Server 10g Cross Site Scripting Vulnerability DoZ (Jan 29)
Motorola Wimax Modem CPEi300 Multiple Vulnerabilities usman (Jan 29)
rPSA-2009-0021-1 sudo rPath Update Announcements (Jan 29)
[SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service Nico Golde (Jan 29)
PerlSoft Guestbook v1.7b Bruteforcer + RCE! Perforin (Jan 29)
Re: XSS vulnerabilty in ASP.Net [with details] m . rajeshpawar (Jan 29)
[OPENX-SA-2009-001] OpenX 2.4.10 and 2.6.4 fix multiple vulnerabilities Matteo Beccati (Jan 30)
ANNOUNCE - RFIDIOt 0.1w released - January 2009 Adam Laurie (Jan 30)
Bugs Online v2.14 Sql Injection r3d . w0rm (Jan 30)
CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities Sam Johnston (Jan 30)
[USN-715-1] Linux kernel vulnerabilities Kees Cook (Jan 30)
[USN-716-1] MoinMoin vulnerabilities Jamie Strandboge (Jan 30)
PR08-22: Persistent XSS on Novell GroupWise WebAccess ProCheckUp Research (Jan 30)
PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks ProCheckUp Research (Jan 30)
PR08-23: XSS on Novell GroupWise WebAccess ProCheckUp Research (Jan 30)
Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC come2waraxe (Jan 30)

Previous period

Next period