236 messages starting Feb 01 10 and ending Feb 26 10 Date index | Thread index | Author index
eWebeditor ASP Version Multiple Vulnerabilities info Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan iPhone certificate flaws cryptopath [SECURITY] [DSA 1841-2] New git-core packages fix build failure Thijs Kinkhorst [SECURITY] [DSA 1982-1] New hybserv packages fix denial of service Steffen Joeris Advisory: jBCrypt < 0.3 character encoding vulnerability Damien Miller Cross-Site History Manipulation (XSHM) Alex Roichman Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability info Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Arian J. Evans {PRL} Xerox Workcenter 4150 Remote Buffer Overflow Francis Provencher [TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference Tobias Klein VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE VMware Security Team Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2 mkanat [SECURITY] [DSA 1983-1] New Wireshark packages fix several vulnerabilities Moritz Muehlenhoff Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan Re: Cross-Site History Manipulation (XSHM) Michal Zalewski iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow iDefense Labs XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1) Martin Barbella iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability iDefense Labs [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection Core Security Technologies Advisories [ MDVSA-2010:030 ] kernel security Joomla (com_gambling) SQL Injection Vulnerabilities md . r00t . defacer iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability iDefense Labs [SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness Giuseppe Iuculano [SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service Giuseppe Iuculano Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Chris Travers [CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow CORE Security Technologies Advisories RaakCms Multiple Vulnerabilities info
Remote Vulnerability in AIX RPC.cmsd released by iDefense Rodrigo Rubira Branco (BSDaemon) 360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie qiqiguaiguai [security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local security-alert Tinypug Multiple Vulnerabilities admin [SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service Nico Golde OpenCart CSRF Vulnerability ben [SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities Steffen Joeris [security bulletin] HPSBUX02479 SSRT090212 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Unauthorized Access security-alert
[security bulletin] HPSBOV02505 SSRT100023 rev.1 - HP OpenVMS RMS, Local Escalation of Privilege security-alert [SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities Giuseppe Iuculano [SECURITY] [DSA-1989-1] New fuse packages fix denial of service Giuseppe Iuculano [ MDVSA-2010:031 ] wireshark security [CSO10002] Attachment path traversal in Outlook Web Access Ricardo Martins - Chief Security Officers AST-2010-001: T.38 Remote Crash Vulnerability Asterisk Security Team [Suspected Spam]Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP Philippe Mailinglist [Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability karakorsankara [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS Alexandr Polyakov CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities Core Security Technologies Advisories
[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) security-alert [SECURITY] [DSA-1990-2] New trac-git package fixes regression Stefan Fritsch [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service Steffen Joeris [SECURITY] [DSA-1990-1] New trac-git packages fix code execution Florian Weimer [MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service david [ MDVSA-2010:032 ] rootcerts security Re: Multiple vulnerabilities in XAMPP (advisory #7) MustLive [SECURITY] [DSA 1992-1] New chrony packages fix denial of service Nico Golde
CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03 Peter Van Eeckhoutte CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL) Security CORE-2010-0104 - LANDesk OS command injection CORE Security Technologies Advisories JAHx101 - Huski retail mulitple SQL injection vulnerabilities noreply JAHx102 - HuskiCMS local file inclusion noreply Secunia Research: libmikmod Module Parsing Vulnerabilities Secunia Research Recon Call for Papers - July 9-11 2010 Hugo Fortier Samba Remote Zero-Day Exploit Kingcope Re: [Webappsec] Paper: Weaning the Web off of Session Cookies Timothy D. Morgan Re: Samba Remote Zero-Day Exploit Kingcope [ MDVSA-2010:033 ] squid security
Re: Multiple vulnerabilities in XAMPP (advisory #7) MustLive CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability Security Re: Samba Remote Zero-Day Exploit paul . szabo [Suspected Spam]Vulnerability in Tagcloud for DataLife Engine MustLive [DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method Alexandr Polyakov Re: Samba Remote Zero-Day Exploit paul . szabo Re: [Full-disclosure] Samba Remote Zero-Day Exploit paul . szabo Re: Samba Remote Zero-Day Exploit Stefan Kanthak LDF (Default.asp) Sql Injection Vulnerability Arash . Setayeshi mongoose Space Character Remote File Disclosure Vulnerability info [MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service david Re: Samba Remote Zero-Day Exploit paul . szabo Re: Samba Remote Zero-Day Exploit Dan Kaminsky Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller [ MDVSA-2010:034 ] kernel security [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access security-alert [security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other security-alert Re: Samba Remote Zero-Day Exploit paul . szabo RE: Samba Remote Zero-Day Exploit Michael Wojcik Re: Samba Remote Zero-Day Exploit Kingcope Re: Samba Remote Zero-Day Exploit Dan Kaminsky Re: Samba Remote Zero-Day Exploit Stefan Kanthak JDownloader Remote Code Execution Matthias -apoc- Hecker [Hacking Event] Night Da Hack 2010 : Call For Proposals m . mahdjoub [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers CORE Security Technologies Advisories
Hacktics Advisory Feb09: XSS in Oracle E-Business Suite Ofer Maor RE: Samba Remote Zero-Day Exploit Michael Wojcik ACM CCS 2010: Call for Workshop Proposals Christopher Kruegel Re: Samba Remote Zero-Day Exploit Stefan Kanthak Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability Robbie Gill Re: [Full-disclosure] Samba Remote Zero-Day Exploit Krzysztof Halasa RE: Samba Remote Zero-Day Exploit David Jacoby #HITB - Special Report: HITB2009 CTF Weapons of Mass Destruction Hafez Kamal Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow Secunia Research ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability ZDI Disclosures TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability ZDI Disclosures ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability ZDI Disclosures ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability ZDI Disclosures CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability CORE Security Technologies Advisories
[USN-898-1] gnome-screensaver vulnerability Marc Deslauriers Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance Cisco Systems Product Security Incident Response Team Windows SMB NTLM Authentication Weak Nonce Vulnerability Hernan Ochoa Re: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 Arian J. Evans [security bulletin] HPSBMA02484 SSRT090076 rev.1 - HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands security-alert [USN-897-1] MySQL vulnerabilities Marc Deslauriers stratsec Security Advisory SS-2010-003 - Microsoft SMB Client Pool Overflow stratsec Research Trustwave's SpiderLabs Security Advisory TWSL2010-001 Trustwave Advisories [security bulletin] HPSBMA02486 SSRT090049 rev.1 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert
[SECURITY] [DSA 1993-1] New otrs2 packages fix SQL injection Raphael Geissert [Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection Onapsis Research Labs [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector Onapsis Research Labs [Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal Onapsis Research Labs [SECURITY] [DSA 1994-1] New ajaxterm packages fix session hijacking Raphael Geissert [USN-899-1] Tomcat vulnerabilities Marc Deslauriers [ MDVSA-2010:035 ] openoffice.org security RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001 David Byrne [security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure security-alert [security bulletin] HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information security-alert
SQL injection vulnerability in apemCMS Maciej Gojny ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows Paul Craig iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability iDefense Labs (resend) RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 Chris Weber e-Sentinel Security Advisory - Ref: Session Hijacking iPhone Facebook Application ver 3.1.2 bill . robson iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability iDefense Labs iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability iDefense Labs [security bulletin] HPSBMA02486 SSRT090049 rev.2 - HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert cmsmadesimple Multiple Security Issues : XSS+ LFI beenudel1986
[ MDVSA-2010:036 ] webmin security [SECURITY] [DSA-1996-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier RE: Trustwave's SpiderLabs Security Advisory TWSL2010-001 David Byrne [SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities Giuseppe Iuculano Joomla (Jw_allVideos) Remote File Download Vulnerability info [ MDVSA-2010:037 ] fetchmail security [USN-900-1] Ruby vulnerabilities Marc Deslauriers Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0) Martin Barbella Chrome Password Manager Cross Origin Weakness (CVE-2010-0556) VSR Advisories [USN-901-1] Squid vulnerabilities Marc Deslauriers Multiple Stored XSS in XOOPS 2.4.4 Admin Section beenudel1986 Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. sam . johnston [ MDVSA-2010:038 ] maildrop security Re: Joomla (Jw_allVideos) Remote File Download Vulnerability lafrancevi VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities VUPEN Security Research MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service Tom Yu VMSA-2010-0003 ESX Service Console update for net-snmp VMware Security Team Pogodny CMS SQL vulnerabilities Maciej Gojny Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability Brett Moore IE address bar characters into a small feature info Huawei HG510 CSRF, Auth Bypass, DoS ivan . markovic Trusteer Rapport Security Circumvention barkley
Pixel Portal Sql Injection Vulnerability info Cross-Site Scriting on Portwise SSL VPN v4.6 research ZDI-10-018: IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability ZDI Disclosures Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team Secunia Research: Mozilla Firefox Memory Corruption Vulnerability Secunia Research Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances Cisco Systems Product Security Incident Response Team [ MDVSA-2010:040 ] gnome-screensaver security [ MDVSA-2010:034-1 ] kernel security Circumventing Critical Security in Windows XP barkley [SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff [ MDVSA-2010:039 ] netpbm security [USN-895-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities Jamie Strandboge [ MDVSA-2010:041 ] pidgin security Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent Cisco Systems Product Security Incident Response Team Re: Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. lars [SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution Moritz Muehlenhoff [ MDVSA-2010:034-2 ] kernel security RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 Ivan Buetler Re: Re: Joomla (Jw_allVideos) Remote File Download Vulnerability info BugCon 2010 Call For Papers saintarmin RE: Trusteer Rapport Security Circumvention Amit Klein TLS/SSL Hardening & Compatibility Report 2010 Thierry Zoller [USN-896-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities Jamie Strandboge Kusaba X <= 0.9 XSS/CSRF vulnerabilities systemx00 SphereCMS Blind SQL Injection Vulnerability admin
[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities Moritz Muehlenhoff [USN-890-5] XML-RPC for C and C++ vulnerabilities Jamie Strandboge AST-2010-002: Dialplan injection vulnerability Asterisk Security Team Re: Circumventing Critical Security in Windows XP Ansgar Wiechers SQL injection vulnerability in Amelia CMS Maciej Gojny [SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities Raphael Geissert Re: [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector david . durham [SECURITY] [DSA-2002-1] New polipo packages fix denial of service Stefan Fritsch [ MDVSA-2010:042 ] firefox security
RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001 David Byrne SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface SEC Consult Research CA20100222-01: Security Notice for CA Service Desk Kotas, Kevin J Secunia Research: Bournal ccrypt Information Disclosure Security Issue Secunia Research [USN-902-1] Pidgin vulnerabilities Marc Deslauriers Secunia Research: Bournal Insecure Temporary Files Security Issue Secunia Research [ MDVSA-2010:044 ] mysql security Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities Roberto Suggi Liverani Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal Ofer Maor [SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier Re: Circumventing Critical Security in Windows XP Jeroen ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability ZDI Disclosures Easy FTP Server 1.7.0.2 Remote BoF jonbutler88 jQuery Validate 1.6.0 Demo Code Advisory CodeScan Labs Advisories Request for feedback on TCP security (IETF effort) Fernando Gont [ MDVSA-2010:043 ] libtheora security [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. Alexandr Polyakov Official Portal 2007 Multiple Vulnerabilities info London DEFCON February meet - DC4420 - Wed 24th Feb 2010 Major Malfunction Chuck Norris Botnet and Broadband Routers Gadi Evron [ MDVSA-2010:045 ] php security [ MDVSA-2010:046 ] ncpfs security [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption Tobias Klein ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability ZDI Disclosures CA20100223-01: Security Notice for CA eHealth Performance Manager Kotas, Kevin J VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability VUPEN Security Research Kojoney (SSH honeypot) remote DoS Nicob ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability ZDI Disclosures Re: Chuck Norris Botnet and Broadband Routers Adrian P. [ MDVSA-2010:047 ] fuse security
iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability iDefense Labs [USN-904-1] Squid vulnerability Marc Deslauriers ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability Security_Alert Rbot Owner Reaction Command Execution Matthias -apoc- Hecker SQL injection vulnerability in LiveChatNow Support TEAM
Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM Ofer Maor SQL injection vulnerability in WebAdministrator Lite CMS Maciej Gojny NSOADV-2010-003: DATEV ActiveX Control remote command execution NSO Research Form-based HTTP Authentication Proof of Concept Timothy D. Morgan [ MDVSA-2010:048 ] roundcubemail security
SyScan'10 CALL FOR PAPERS thomas () syscan org [ MDVSA-2010:050 ] apache-mod_security security AST-2010-003: Invalid parsing of ACL rules can compromise security Asterisk Security Team [ MDVSA-2010:049 ] sudo security ARISg5 (version 5.0) cross site scripting vulnerability Yaniv Miron getPlus insufficient domain name validation vulnerability Akita Software Security
RSS Feed
About List
All Lists
Previous period
