Home page logo
/

284 messages starting Dec 15 10 and ending Dec 27 10
Date index | Thread index | Author index

ACROS Security Lists

ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book ACROS Security Lists (Dec 15)
Updated online binary planting exposure test continues operation ACROS Security Lists (Dec 16)

Adam Baldwin

Django admin list filter data extraction / leakage Adam Baldwin (Dec 27)

advisory

XSS vulnerability in Zimplit CMS advisory (Dec 08)
XSS vulnerability in Zimplit CMS advisory (Dec 08)
LFI in Exponent CMS advisory (Dec 08)
LFI in Exponent CMS advisory (Dec 08)
XSRF (CSRF) in CMScout advisory (Dec 09)
Cross Site Scripting vulnerability in Diferior advisory (Dec 09)
XSS vulnerability in Diferior advisory (Dec 09)
XSRF (CSRF) in BEdita advisory (Dec 16)
XSS vulnerability in BLOG:CMS advisory (Dec 16)
XSRF (CSRF) in BLOG:CMS advisory (Dec 16)
XSS vulnerability in BEdita advisory (Dec 16)
Stored Cross Site Scripting vulnerability in BEdita advisory (Dec 16)
XSS vulnerability in BLOG:CMS advisory (Dec 16)
cross site scripting vulnerability in BLOG:CMS advisory (Dec 16)
SQL injection in Hycus CMS advisory (Dec 21)
Path disclosure in GetSimple CMS advisory (Dec 21)
XSS vulnerability in Habari advisory (Dec 21)
SQL injection in Injader CMS advisory (Dec 21)
SQL Injection in HTML-EDIT CMS advisory (Dec 21)
Path disclosure in Habari advisory (Dec 21)
XSS vulnerability in Habari advisory (Dec 21)
XSS in HTML-EDIT CMS advisory (Dec 21)
Path disclosure in HTML-EDIT CMS advisory (Dec 21)
XSS vulnerability in ImpressCMS advisory (Dec 21)
XSS vulnerability in Injader CMS advisory (Dec 21)
SQL injection in Hycus CMS advisory (Dec 21)
LFI in Hycus CMS advisory (Dec 21)
SQL injection in Hycus CMS advisory (Dec 21)
XSS vulnerability in Injader CMS advisory (Dec 21)
SQL injection in Hycus CMS advisory (Dec 21)
SQL injection in Injader CMS advisory (Dec 21)
SQL injection in KaiBB advisory (Dec 29)
SQL injection in KaiBB advisory (Dec 29)
Path disclosure in KaiBB advisory (Dec 29)
BBcode XSS in KaiBB advisory (Dec 29)
SQL Injection in LightNEasy advisory (Dec 30)
Information disclosure in LightNEasy advisory (Dec 30)
SQL Injection in LightNEasy advisory (Dec 30)
Path disclousure in OpenCart advisory (Dec 30)
LFI in LightNEasy advisory (Dec 30)
CSRF (Cross-Site Request Forgery) in Open blog advisory (Dec 30)
Path disclosure in LightNEasy advisory (Dec 30)
Path disclousure in Nibbleblog advisory (Dec 30)
Path disclousure in ocPortal advisory (Dec 30)

Amit Klein

New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)" Amit Klein (Dec 02)

Andrea Lee

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Andrea Lee (Dec 13)

Ansgar Wiechers

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Ansgar Wiechers (Dec 13)

Ariel Biener

Re: [Full-disclosure] Linux kernel exploit Ariel Biener (Dec 15)

Attilla de Groot

OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS Attilla de Groot (Dec 30)

bt

[eVuln.com] Multiple XSS in Alguest bt (Dec 01)
[eVuln.com] PHP Code Execution in Alguest bt (Dec 03)
[eVuln.com] Cookie authentication bypass in Alguest bt (Dec 03)
[www.eVuln.com] SQL Injection vulnerability in Alguest bt (Dec 06)
www.eVuln.com : XSS vulnerability in WWWThreads (php version) bt (Dec 07)
www.eVuln.com : HTTP Response Splitting in WWWThreads (php version) bt (Dec 08)
www.eVuln.com : Non-persistent XSS in WWWThreads (perl version) bt (Dec 09)
www.eVuln.com : Non-persistent XSS in BizDir bt (Dec 10)
www.eVuln.com : Non-persistent XSS in slickMsg bt (Dec 10)
www.eVuln.com : "url" BBCode XSS in slickMsg bt (Dec 13)
www.eVuln.com : "post" - Non-persistent XSS in slickMsg bt (Dec 15)
www.eVuln.com : BBCode CSS XSS in slickMsg bt (Dec 15)
www.eVuln.com : "error" Non-persistent XSS in slickMsg bt (Dec 16)
www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share bt (Dec 17)
www.eVuln.com : "link" and "linkdescription" XSS in Social Share bt (Dec 17)
www.eVuln.com : "postid" SQL Injection in Social Share bt (Dec 20)
www.eVuln.com : Authentication Bypass by SQL Injection in Social Share bt (Dec 21)
www.eVuln.com : HTTP Response Splitting in Social Share bt (Dec 22)

Cal Leeming [Simplicity Media Ltd]

Re: [Full-disclosure] Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 08)

cheffner

Default SSL Keys in Multiple Routers cheffner (Dec 20)

Christopher Kruegel

Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) Christopher Kruegel (Dec 06)

come2waraxe

[waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34 come2waraxe (Dec 21)
[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0 come2waraxe (Dec 27)
[waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10 come2waraxe (Dec 29)

CORE Security Technologies Advisories

CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net CORE Security Technologies Advisories (Dec 01)
[CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service Core Security Technologies Advisories (Dec 13)

cxib

PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow cxib (Dec 10)

dan . j . rosenberg

Re: [Full-disclosure] Linux kernel exploit dan . j . rosenberg (Dec 14)

Dan Rosenberg

Linux kernel exploit Dan Rosenberg (Dec 08)

David Gillett

RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)

eidelweiss

Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt eidelweiss (Dec 01)

embyte

Follow-up on HTTP Parameter Pollution embyte (Dec 09)

faghani

YEKTAWEB CMS XSS Vulnerability faghani (Dec 29)

Federico Maggi

Call for Papers -- BADGERS 2011 Federico Maggi (Dec 13)

firebits

Re: Re: [Full-disclosure] Linux kernel exploit firebits (Dec 13)

Florian Weimer

[SECURITY] [DSA-2130-1] New BIND packages fix denial of service Florian Weimer (Dec 13)

George Carlson

RE: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) George Carlson (Dec 13)

Giuseppe Iuculano

[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution Giuseppe Iuculano (Dec 01)
[SECURITY] [DSA 2138-1] Security update for wordpress Giuseppe Iuculano (Dec 29)

Henri Lindberg

nSense-2010-005: Winamp Henri Lindberg (Dec 21)
nSense-2010-004: Sybase Afaria Henri Lindberg (Dec 21)

HI-TECH .

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD HI-TECH . (Dec 13)

hpdisclosure

hidden admin user on every HP MSA2000 G3 hpdisclosure (Dec 13)

info

Microsoft Internet Explorer Denial of Service Vulnerability info (Dec 15)
Sigma Portal Denial of Service Vulnerability info (Dec 27)
Asan Portal (IdehPardaz) Multiple Vulnerabilities info (Dec 27)

ipsdix

Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc ipsdix (Dec 27)
Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc ipsdix (Dec 29)
CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc ipsdix (Dec 30)
HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc ipsdix (Dec 31)

Ivan Buetler

Call for Paper @ Swiss Cyber Storm 3 Ivan Buetler (Dec 16)

Jamie Strandboge

[USN-1019-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Dec 10)
[USN-1020-1] Thunderbird vulnerabilities Jamie Strandboge (Dec 10)

jcoyle

Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) jcoyle (Dec 13)

Jeffrey Walton

iwconfig and recent patches? Jeffrey Walton (Dec 13)
Re: OpenBSD CARP Hash Vulnerability Jeffrey Walton (Dec 21)

John Blakley

Multiple XSS in Solarwinds Orion NPM 10.1 John Blakley (Dec 08)

John Jacobs

RE: [Full-disclosure] Linux kernel exploit John Jacobs (Dec 09)

Juha-Matti Laurio

Google Website Optimizer security issue reportedly fixed Juha-Matti Laurio (Dec 09)

Kai

Re: [Full-disclosure] Linux kernel exploit Kai (Dec 08)

Karol Celiński

Re: D-Link DIR-300 authentication bypass Karol Celiński (Dec 01)
Re: D-Link DIR-300 authentication bypass Karol Celiński (Dec 16)

Kees Cook

[USN-1032-1] Exim vulnerability Kees Cook (Dec 13)
[USN-1024-2] OpenJDK regression Kees Cook (Dec 15)
[USN-1033-1] Eucalyptus vulnerability Kees Cook (Dec 17)

Kotas, Kevin J

CA20101209-01: Security Notice for CA XOsoft Kotas, Kevin J (Dec 09)

Kryptos Logic Secure

Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser Kryptos Logic Secure (Dec 08)
Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root Kryptos Logic Secure (Dec 15)

Kurt Dillard

RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Kurt Dillard (Dec 13)

labs-no-reply

iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability labs-no-reply (Dec 08)
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability labs-no-reply (Dec 13)
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability labs-no-reply (Dec 13)
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability labs-no-reply (Dec 15)
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability labs-no-reply (Dec 15)

Larry Seltzer

RE: [Full-disclosure] OpenBSD Paradox Larry Seltzer (Dec 16)

Lorenzo Cavallaro

DIMVA 2011 Call for Workshops Proposals Lorenzo Cavallaro (Dec 06)

Marc Deslauriers

[USN-1025-1] Bind vulnerabilities Marc Deslauriers (Dec 01)
[USN-1026-1] Python Paste vulnerability Marc Deslauriers (Dec 08)
[USN-1027-1] Quagga vulnerabilities Marc Deslauriers (Dec 08)
[USN-1028-1] ImageMagick vulnerability Marc Deslauriers (Dec 08)
[USN-1030-1] Kerberos vulnerabilities Marc Deslauriers (Dec 09)

Marcus Meissner

Re: [Full-disclosure] Linux kernel exploit Marcus Meissner (Dec 08)

Mark Stanislav

'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330) Mark Stanislav (Dec 06)
'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333) Mark Stanislav (Dec 16)
'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332) Mark Stanislav (Dec 16)

Marsh Ray

Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Marsh Ray (Dec 15)

Michael Bauer

Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 15)

Michael Scheidell

Re: OpenBSD's IPSEC is Backdoored Michael Scheidell (Dec 15)

Michael Wojcik

RE: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Wojcik (Dec 13)

Michal Zalewski

Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774) Michal Zalewski (Dec 09)
minor browser UI nitpicking Michal Zalewski (Dec 15)
Re: [Full-disclosure] minor browser UI nitpicking Michal Zalewski (Dec 15)

mike

Multiple Vulnerabilities in OpenClassifieds 1.7.0.3 mike (Dec 27)
Pligg XSS and SQL Injection mike (Dec 27)

Moritz Muehlenhoff

[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Dec 13)
[SECURITY] [DSA 2134-1] Upcoming changes in advisory format Moritz Muehlenhoff (Dec 20)
[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities Moritz Muehlenhoff (Dec 22)
[SECURITY] [DSA 2137-1] Security update for libxml2 Moritz Muehlenhoff (Dec 27)

musnt live

OpenBSD's IPSEC is Backdoored musnt live (Dec 15)
OpenBSD Paradox musnt live (Dec 15)

MustLive

Vulnerabilities in Fabrica Engine MustLive (Dec 01)
Vulnerabilities in Register Plus Redux for WordPress MustLive (Dec 03)

MyDoom2009

Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability MyDoom2009 (Dec 27)

Narendra Choyal

Re: D-Link DIR-300 authentication bypass Narendra Choyal (Dec 17)

nigel

Exim security issue in historical release nigel (Dec 13)

nightfighter

Re: hidden admin user on every HP MSA2000 G3 nightfighter (Dec 15)

niklas|brueckenschlaeger

Re: [Full-disclosure] Linux kernel exploit niklas|brueckenschlaeger (Dec 09)

non customers

HotWeb Rentals "PageId" SQL Injection Vulnerability non customers (Dec 29)
Pre Jobo .NET "Password" SQL Injection Vulnerability non customers (Dec 29)

Oliver Goebel

[IMF 2011] 2nd Call - Deadline Extended Oliver Goebel (Dec 27)
Re: [IMF 2011] 2nd Call - Deadline Extended - Addenunm Oliver Goebel (Dec 27)

Pavel Kankovsky

Re: hidden admin user on every HP MSA2000 G3 Pavel Kankovsky (Dec 15)

Pavel Machek

Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) Pavel Machek (Dec 13)

Pete Herzog

OSSTMM 3 Now Available! Pete Herzog (Dec 15)
Making Security Suck Less Pete Herzog (Dec 17)

psiinon

OWASP Zed Attack Proxy version 1.1.0 psiinon (Dec 06)

rafaldworaczek

Fedora 14 - Format string attack in allegro-tools package rafaldworaczek (Dec 29)

Raphael Geissert

[SECURITY] [DSA-2133-1] New collectd packages fix denial of service Raphael Geissert (Dec 14)
[SECURITY] [DSA-2136-1] New tor packages fix potential code execution Raphael Geissert (Dec 22)

research

PR10-06: Cross-domain redirect on PGP Universal Web Messenger research (Dec 16)
PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing) research (Dec 21)
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04 research (Dec 22)

Research () NGSSecure

NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration Research () NGSSecure (Dec 02)

Robert Święcki

Honggfuzz Robert Święcki (Dec 14)

robkraus

ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities robkraus (Dec 10)
ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability robkraus (Dec 10)
Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability robkraus (Dec 10)

Rodrigo Branco

Apple Quicktime Memory Corruption - CVE-2010-3801 Rodrigo Branco (Dec 17)
Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277 Rodrigo Branco (Dec 17)

rPath Update Announcements

rPSA-2010-0076-1 gnupg rPath Update Announcements (Dec 06)

Ryan Sears

Re: [Full-disclosure] Linux kernel exploit Ryan Sears (Dec 08)
Re: [Full-disclosure] Linux kernel exploit Ryan Sears (Dec 15)

Sam Banks

OpenBSD CARP Hash Vulnerability Sam Banks (Dec 20)

sato-san

Re: XSS vulnerability in ImpressCMS sato-san (Dec 27)

Secunia Research

Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow Secunia Research (Dec 01)
Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability Secunia Research (Dec 08)
Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability Secunia Research (Dec 20)
Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability Secunia Research (Dec 20)
Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability Secunia Research (Dec 20)
Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow Secunia Research (Dec 20)
Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow Secunia Research (Dec 21)
Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability Secunia Research (Dec 21)
Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows Secunia Research (Dec 21)
Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability Secunia Research (Dec 21)
Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows Secunia Research (Dec 21)
Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability Secunia Research (Dec 21)
Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability Secunia Research (Dec 27)

security

[ MDVSA-2010:246 ] krb5 security (Dec 01)
[ MDVSA-2010:245 ] krb5 security (Dec 01)
[ MDVSA-2010:247 ] kernel security (Dec 03)
[ MDVSA-2010:248 ] openssl security (Dec 08)
[ MDVSA-2010:249 ] clamav security (Dec 08)
[ MDVSA-2010:250 ] perl-CGI-Simple security (Dec 09)
[ MDVSA-2010:251 ] firefox security (Dec 10)
[ MDVSA-2010:252 ] perl-CGI-Simple security (Dec 14)
[ MDVSA-2010:253 ] bind security (Dec 14)
[ MDVSA-2010:254 ] php security (Dec 15)
[ MDVSA-2010:255 ] php-intl security (Dec 15)
[ MDVSA-2010:256 ] git security (Dec 16)
[ MDVSA-2010:257 ] kernel security (Dec 17)
[ MDVSA-2010:258 ] mozilla-thunderbird security (Dec 21)
[ MDVSA-2010:251-2 ] firefox security (Dec 27)
[ MDVSA-2010:259 ] pidgin security (Dec 27)
[ MDVSA-2010:251-1 ] firefox security (Dec 27)
[ MDVSA-2010:260 ] libxml2 security (Dec 30)

security-alert

[security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Dec 03)
[security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Dec 03)
[security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code security-alert (Dec 08)
[security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS) security-alert (Dec 08)
[security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS) security-alert (Dec 09)
[security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 13)
[security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access security-alert (Dec 15)
[security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure security-alert (Dec 15)
[security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS) security-alert (Dec 15)
[security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code security-alert (Dec 16)
[security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS) security-alert (Dec 16)
[security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access security-alert (Dec 16)
[security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert (Dec 16)
[security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code security-alert (Dec 21)
[security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code security-alert (Dec 27)
[security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access security-alert (Dec 29)

security curmudgeon

Re: XSS vulnerability in Lantern CMS security curmudgeon (Dec 17)
Re: XSS vulnerability in Expression CMS security curmudgeon (Dec 17)

Sense of Security

Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 Sense of Security (Dec 20)

Solar Designer

Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project Solar Designer (Dec 16)

Stefan Fritsch

[SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness Stefan Fritsch (Dec 01)
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution Stefan Fritsch (Dec 10)

Stefan Kanthak

Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 10)
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 13)
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 15)
Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalatePrivileges and Login as Cached Domain Admin Accounts(2010-M$-002) Stefan Kanthak (Dec 15)

Stefan Roas

Re: [Full-disclosure] Linux kernel exploit Stefan Roas (Dec 10)
Re: Linux kernel exploit Stefan Roas (Dec 14)

Steno Plasma

Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) Steno Plasma (Dec 02)

StenoPlasma @ ExploitDevelopment

Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) StenoPlasma @ ExploitDevelopment (Dec 03)
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ ExploitDevelopment (Dec 13)

StenoPlasma @ www.ExploitDevelopment.com

Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ www.ExploitDevelopment.com (Dec 10)
Re: RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ www.ExploitDevelopment.com (Dec 15)

Steve Beattie

[USN-1029-1] OpenSSL vulnerabilities Steve Beattie (Dec 08)
[USN-1031-1] ClamAV vulnerabilities Steve Beattie (Dec 10)

Theo de Raadt

Re: OpenBSD Paradox Theo de Raadt (Dec 15)

Thijs Kinkhorst

[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities Thijs Kinkhorst (Dec 31)

Thor (Hammer of God)

RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 15)

Tobias Heinlein

[ GLSA 201012-01 ] Chromium: Multiple vulnerabilities Tobias Heinlein (Dec 17)

Trustwave Advisories

TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities Trustwave Advisories (Dec 13)

Vadim Grinco

Re: [Full-disclosure] Linux kernel exploit Vadim Grinco (Dec 09)

Victor Ribeiro Hora

Security Advisory - FlexVision Listener Vulnerability Victor Ribeiro Hora (Dec 27)

VMware Security team

VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues VMware Security team (Dec 03)
VMSA-2010-0019 VMware ESX third party updates for Service Console VMware Security Team (Dec 07)
VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw VMware Security Team (Dec 22)

VSR Advisories

VSR Advisories: Citrix Access Gateway Command Injection Vulnerability VSR Advisories (Dec 22)

VUPEN Security Research

VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004) VUPEN Security Research (Dec 14)
VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003) VUPEN Security Research (Dec 14)
VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005) VUPEN Security Research (Dec 14)
VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30) VUPEN Security Research (Dec 14)
VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31) VUPEN Security Research (Dec 14)
VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041) VUPEN Security Research (Dec 16)
VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199) VUPEN Security Research (Dec 16)
VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200) VUPEN Security Research (Dec 16)
VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201) VUPEN Security Research (Dec 16)
VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206) VUPEN Security Research (Dec 16)

Williams, James K

CA20101231-01: Security Notice for CA ARCserve D2D Williams, James K (Dec 31)

Wolf

Re: Linux kernel exploit Wolf (Dec 13)

wsn1983

Alt-N WebAdmin Source Code Disclosure wsn1983 (Dec 17)

www.eVuln.com Advisories

www.eVuln.com : "post" - Non-persistent XSS in slickMsg www.eVuln.com Advisories (Dec 15)

xpo xpo

USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb xpo xpo (Dec 14)

YGN Ethical Hacker Group

MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Dec 20)
MyBB 1.6 <= SQL Injection Vulnerability YGN Ethical Hacker Group (Dec 27)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]