<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>
Nmap Security Scanner
Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Advertising
About/Contact
Sponsors:
oss-sec
: by thread
RSS Feed
About List
All Lists
Previous period
Next period
591 messages
starting
Oct 01 11 and
ending
Jan 01 12
Date index
| Thread index |
Author index
libpurple vulnerability disclosure and fix
Ethan Blanton (Oct 01)
Re: libpurple vulnerability disclosure and fix
Josh Bressers (Oct 04)
Re: rpm/librpm/rpm-python memory corruption pre-verification
Solar Designer (Oct 01)
CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
YGN Ethical Hacker Group (Oct 02)
Re: CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
Josh Bressers (Oct 04)
CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
Jan Lieskovsky (Oct 03)
Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
Josh Bressers (Oct 04)
Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
Juliusz Chroboczek (Oct 06)
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
Vincent Danen (Oct 07)
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
Julien Cristau (Oct 07)
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests
Julien Cristau (Oct 07)
KDE Security Advisory 20111003-1 published
Jeff Mitchell (Oct 03)
Security issue in OpenStack (nova)
Jamie Strandboge (Oct 03)
Request for CVE Identifier for perl code injection vulnerability in Digest->new()
Ramon de C Valle (Oct 04)
Re: Request for CVE Identifier for perl code injection vulnerability in Digest->new()
Josh Bressers (Oct 04)
CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3
Jan Lieskovsky (Oct 04)
Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3
Josh Bressers (Oct 04)
CVE Request: vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities
YGN Ethical Hacker Group (Oct 04)
CVE-2011-3979 being duplicate of CVE-2011-3352
Jan Lieskovsky (Oct 04)
Request for linux-distros list membership
Tyler Hicks (Oct 04)
Re: Request for linux-distros list membership
Solar Designer (Oct 04)
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
Huzaifa Sidhpurwala (Oct 05)
Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
akuster (Oct 05)
Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
Huzaifa Sidhpurwala (Oct 07)
CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390 [was: Re: [oss-security] kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images]
Jan Lieskovsky (Oct 10)
CVE Request: vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability
YGN Ethical Hacker Group (Oct 05)
CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
YGN Ethical Hacker Group (Oct 05)
Re: CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
Tomas Hoger (Oct 05)
CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random
Jan Lieskovsky (Oct 05)
Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random
Josh Bressers (Oct 05)
Request for a CVE identifier: XML-RPC SAX Parser Information Exposure
Ramon de C Valle (Oct 05)
Re: Request for a CVE identifier: XML-RPC SAX Parser Information Exposure
Josh Bressers (Oct 05)
Request for CVE identifier: Libvoikko NULL Character Improper Input Validation
Ramon de C Valle (Oct 05)
Re: Request for CVE identifier: Libvoikko NULL Character Improper Input Validation
Josh Bressers (Oct 05)
[CVE REQUEST] VLC media player: NULL dereference in HTTP server
Rémi Denis-Courmont (Oct 06)
radvd 1.8.2 released with security fixes
Solar Designer (Oct 06)
Re: radvd 1.8.2 released with security fixes
Huzaifa Sidhpurwala (Oct 07)
Re: radvd 1.8.2 released with security fixes
Robert Święcki (Oct 07)
Re: radvd 1.8.2 released with security fixes
John Haxby (Oct 07)
Re: radvd 1.8.2 released with security fixes
Vasiliy Kulikov (Oct 08)
Re: radvd 1.8.2 released with security fixes
Reuben Hawkins (Oct 12)
Re: radvd 1.8.2 released with security fixes
Vasiliy Kulikov (Oct 12)
Re: radvd 1.8.2 released with security fixes
Vasiliy Kulikov (Oct 12)
Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-*
Kurt Seifried (Oct 12)
Re: radvd 1.8.2 released with security fixes
Reuben Hawkins (Oct 15)
Re: radvd 1.8.2 released with security fixes
Huzaifa Sidhpurwala (Oct 13)
Re: radvd 1.8.2 released with security fixes
Solar Designer (Oct 13)
Re: radvd 1.8.2 released with security fixes
Huzaifa Sidhpurwala (Oct 14)
Re: radvd 1.8.2 released with security fixes
Vasiliy Kulikov (Oct 14)
Re: radvd 1.8.2 released with security fixes
Yves-Alexis Perez (Oct 20)
Re: radvd 1.8.2 released with security fixes
Huzaifa Sidhpurwala (Oct 21)
CVE Request -- Multiple security issues in various versions of AWStats
Jan Lieskovsky (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats
Jan Lieskovsky (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats
MustLive (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats
Petr Lautrbach (Oct 10)
Re: CVE Request -- Multiple security issues in various versions of AWStats
MustLive (Oct 10)
Re: CVE Request -- Multiple security issues in various versions of AWStats
MustLive (Oct 07)
CVE request: serendipity freetag plugin before 3.30 and probably others
Hanno Böck (Oct 08)
Re: CVE request: serendipity freetag plugin before 3.30 and probably others
Josh Bressers (Oct 10)
CVE request: CSRF and file inclusion in usebb before 1.0.12
Hanno Böck (Oct 09)
Re: CVE request: CSRF and file inclusion in usebb before 1.0.12
Josh Bressers (Oct 10)
CVE request: vanilla forums cookie theft, plugin access control
Hanno Böck (Oct 09)
Re: CVE request: vanilla forums cookie theft, plugin access control
Josh Bressers (Oct 10)
CVE request: simple machines forum before 2.0.1 and 1.1.15
Hanno Böck (Oct 09)
Re: CVE request: simple machines forum before 2.0.1 and 1.1.15
Josh Bressers (Oct 10)
CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue
Sean Amoss (Oct 09)
Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue
Josh Bressers (Oct 10)
CVE requests: Tahoe-LAFS and atop
Moritz Muehlenhoff (Oct 09)
Re: CVE requests: Tahoe-LAFS and atop
Josh Bressers (Oct 10)
CVE request: XSS in phorum before 5.2.18
Hanno Böck (Oct 10)
Re: CVE request: XSS in phorum before 5.2.18
Josh Bressers (Oct 18)
CVE request: fluxbb before 1.4.7
Hanno Böck (Oct 10)
Re: CVE request: fluxbb before 1.4.7
Henri Salo (Oct 13)
Re: CVE request: fluxbb before 1.4.7
Josh Bressers (Oct 18)
CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340
Michael Harrison (Oct 10)
Re: CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340
Josh Bressers (Oct 18)
Please REJECT CVE-2011-1161
Petr Matousek (Oct 11)
Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-*
Kurt Seifried (Oct 12)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-*
Matthias Weckbecker (Oct 18)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-*
Kurt Seifried (Oct 18)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-*
Josh Bressers (Oct 18)
CVE request: mplayer SAMI subtitle parsing buffer overflow
Tim Sammut (Oct 14)
Re: CVE request: mplayer SAMI subtitle parsing buffer overflow
Josh Bressers (Oct 18)
hardlink(1) has buffer overflows, is unsafe on changing trees
Solar Designer (Oct 15)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees
Josh Bressers (Oct 20)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees
Huzaifa Sidhpurwala (Oct 21)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees
Solar Designer (Oct 22)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees
Solar Designer (Oct 22)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees
Solar Designer (Oct 22)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees
Huzaifa Sidhpurwala (Oct 24)
Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710
Henri Salo (Oct 16)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710
Henri Salo (Nov 05)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710
Marcus Meissner (Nov 06)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710
Henri Salo (Nov 08)
Wrong MLIST link in CVE-2011-3783
Henri Salo (Oct 16)
Re: Wrong MLIST link in CVE-2011-3783
Henri Salo (Oct 16)
Re: Wrong MLIST link in CVE-2011-3783
Eugene Teo (Oct 17)
Re: Wrong MLIST link in CVE-2011-3783
Steven M. Christey (Oct 17)
CVE request: double-free vulnerability in logsurfer
Timo Warns (Oct 17)
Re: CVE request: double-free vulnerability in logsurfer
Marcus Meissner (Oct 17)
Re: CVE request: double-free vulnerability in logsurfer
Timo Warns (Oct 17)
Re: CVE request: double-free vulnerability in logsurfer
Josh Bressers (Oct 18)
CVE request: kernel/AppArmor local denial of service
Marcus Meissner (Oct 17)
Re: CVE request: kernel/AppArmor local denial of service
Petr Matousek (Oct 17)
CVE request: recursion level crash in clamav before 0.97.3
Hanno Böck (Oct 18)
Re: CVE request: recursion level crash in clamav before 0.97.3
Josh Bressers (Oct 18)
CVE Request: pam
Marc Deslauriers (Oct 18)
Re: CVE Request: pam
Josh Bressers (Oct 18)
CVE Request: FreeBSD kernel
Aurelien Jarno (Oct 19)
Re: CVE Request: FreeBSD kernel
Josh Bressers (Oct 20)
Re: CVE Request: FreeBSD kernel
Moritz Muehlenhoff (Oct 20)
Re: CVE Request: FreeBSD kernel
Eitan Adler (Oct 24)
Re: CVE Request: FreeBSD kernel
Colin Percival (Oct 24)
CVE-request: Joomla 20111001 Core - Information Disclosure
Henri Salo (Oct 18)
Re: CVE-request: Joomla 20111001 Core - Information Disclosure
Josh Bressers (Oct 18)
Fwd: X.Org security advisory: xserver locking code issues
Matthieu Herrb (Oct 18)
MySQL executable comment execution on MySQL slave server (from 2009)
Kurt Seifried (Oct 18)
Re: MySQL executable comment execution on MySQL slave server (from 2009)
Josh Bressers (Oct 18)
CVE Request: mplayer RDT parsing integer underlow
Tim Sammut (Oct 19)
Re: CVE Request: mplayer RDT parsing integer underlow
Josh Bressers (Oct 20)
Re: CVE Request: mplayer RDT parsing integer underlow
Moritz Muehlenhoff (Oct 20)
CVE request: piwik before 1.6
Hanno Böck (Oct 19)
Re: CVE request: piwik before 1.6
Steven M. Christey (Oct 19)
Re: CVE request: piwik before 1.6
Anthon Pang (Oct 19)
Re: CVE request: piwik before 1.6
Anthon Pang (Oct 20)
Re: CVE request: piwik before 1.6
Josh Bressers (Oct 20)
Re: CVE request: piwik before 1.6
Henri Salo (Oct 28)
<Possible follow-ups>
Re: CVE request: piwik before 1.6
Henri Salo (Oct 28)
CVE Request: apt
Marc Deslauriers (Oct 19)
Re: CVE Request: apt
Josh Bressers (Oct 20)
CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes
Vincent Danen (Oct 19)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes
Josh Bressers (Oct 20)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes
Hanno Böck (Oct 20)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes
Moritz Mühlenhoff (Oct 20)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws
cve-assign (Oct 19)
qemu: CVE-2011-3346
Petr Matousek (Oct 20)
PR attack against XML Encryption
Florian Weimer (Oct 20)
Re: PR attack against XML Encryption
Jan Lieskovsky (Oct 20)
Re: PR attack against XML Encryption
Yves-Alexis Perez (Oct 20)
Re: PR attack against XML Encryption
Florian Weimer (Oct 21)
CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops
Petr Matousek (Oct 21)
Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops
Eugene Teo (Oct 24)
kernel; CVE-2011-2942 and CVE-2011-3209
Eugene Teo (Oct 24)
CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
Jan Lieskovsky (Oct 24)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
Reed Loden (Oct 24)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
Jan Lieskovsky (Oct 24)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
Robert Relyea (Oct 24)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
Elio Maldonado (Oct 24)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
Josh Bressers (Oct 25)
CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws
Vincent Danen (Oct 24)
Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws
Kurt Seifried (Oct 25)
CVE request: nova
Jamie Strandboge (Oct 25)
Re: CVE request: nova
Kurt Seifried (Oct 25)
CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink()
Petr Matousek (Oct 26)
Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink()
Kurt Seifried (Oct 26)
CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject
Jan Lieskovsky (Oct 26)
Re: CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject
Kurt Seifried (Oct 26)
CVE Request: slapd off by one
Sebastian Krahmer (Oct 26)
CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow
Marcus Meissner (Oct 26)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow
Marcus Meissner (Oct 26)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow
Ramon de C Valle (Oct 28)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow
Kurt Seifried (Oct 26)
CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Petr Matousek (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Kurt Seifried (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Vasiliy Kulikov (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Kurt Seifried (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Vasiliy Kulikov (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Petr Matousek (Oct 27)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Kurt Seifried (Oct 27)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Steven M. Christey (Oct 28)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Solar Designer (Nov 04)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Solar Designer (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Dan Rosenberg (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Petr Matousek (Oct 27)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict
Dan Rosenberg (Oct 27)
CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18
Marcus Meissner (Oct 26)
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18
Vincent Danen (Nov 15)
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18
Kurt Seifried (Nov 15)
CVE request: kernel: crypto: ghash: null pointer deref if no key is set
Eugene Teo (Oct 27)
Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set
Huzaifa Sidhpurwala (Oct 27)
CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS
Jan Lieskovsky (Oct 27)
Re: CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS
Kurt Seifried (Oct 27)
CVE Request: Security issue in backuppc
Jamie Strandboge (Oct 27)
CVE request: serendipity before 1.6 backend XSS in karma plugin
Hanno Böck (Oct 28)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin
Kurt Seifried (Oct 28)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin
Hanno Böck (Oct 29)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin
Kurt Seifried (Oct 30)
CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0
Marcus Meissner (Oct 28)
Re: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0
Kurt Seifried (Oct 28)
CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code
Sean Amoss (Oct 28)
Re: CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code
Yves-Alexis Perez (Oct 28)
Request for CVE Identifier: bzexe insecure temporary file
Ramon de C Valle (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file
Hanno Böck (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file
Ramon de C Valle (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file
Benjamin Renaut (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file
vladz (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file
Kurt Seifried (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file
vladz (Nov 06)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding
Yves-Alexis Perez (Oct 29)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding
Yves-Alexis Perez (Oct 29)
Jara 1.6 SQL injection and XSS
Henri Salo (Oct 30)
Re: Jara 1.6 SQL injection and XSS
Kurt Seifried (Oct 31)
Re: Jara 1.6 SQL injection and XSS
Henri Salo (Oct 31)
Re: Jara 1.6 SQL injection and XSS
Kurt Seifried (Oct 31)
CVE request: 3 flaws in libobby and libnet6
Vasiliy Kulikov (Oct 30)
Re: CVE request: 3 flaws in libobby and libnet6
Armin Burgmeier (Oct 30)
Re: CVE request: 3 flaws in libobby and libnet6
Vasiliy Kulikov (Oct 30)
Re: CVE request: 3 flaws in libobby and libnet6
Kurt Seifried (Oct 31)
CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
Jan Lieskovsky (Oct 31)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
Kurt Seifried (Oct 31)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
Henrik Nordström (Nov 01)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
Steven M. Christey (Nov 14)
CVE request: kernel: oom: fix integer overflow of points in oom_badness
Eugene Teo (Nov 01)
Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness
Kurt Seifried (Nov 01)
libcap/capsh: does not chdir after chroot
Huzaifa Sidhpurwala (Nov 01)
CVE request for Django-piston and Tastypie
David Black (Nov 01)
Re: CVE request for Django-piston and Tastypie
Kurt Seifried (Nov 01)
Re: CVE request for Django-piston and Tastypie
Vincent Danen (Nov 01)
Re: CVE request for Django-piston and Tastypie
Kurt Seifried (Nov 01)
Re: CVE request for Django-piston and Tastypie
David Black (Nov 02)
Re: Re: CVE request for Django-piston and Tastypie
Kurt Seifried (Nov 02)
CVE request for wireshark flaws
Vincent Danen (Nov 01)
Re: CVE request for wireshark flaws
Kurt Seifried (Nov 01)
CVE request for Calibre
Jason A. Donenfeld (Nov 02)
Re: CVE request for Calibre
Jason A. Donenfeld (Nov 02)
Re: Re: CVE request for Calibre
Dan Rosenberg (Nov 03)
Re: Re: CVE request for Calibre
Kurt Seifried (Nov 03)
Re: Re: CVE request for Calibre
Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre
Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre
Steven M. Christey (Nov 04)
Re: Re: CVE request for Calibre
Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre
Kurt Seifried (Nov 07)
Re: Re: CVE request for Calibre
Jason A. Donenfeld (Nov 07)
Re: Re: CVE request for Calibre
Kurt Seifried (Nov 08)
kiwi shell meta char injection
Thomas Biege (Nov 02)
Re: kiwi shell meta char injection
Thomas Biege (Nov 02)
Re: [LightDM] Version 1.0.6 released
Yves-Alexis Perez (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released
Kurt Seifried (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released
Yves-Alexis Perez (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released
Kurt Seifried (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released
Marc Deslauriers (Nov 09)
Re: Re: [LightDM] Version 1.0.6 released
Guido Berhoerster (Nov 10)
Re: Re: [LightDM] Version 1.0.6 released
Robert Ancell (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released
Guido Berhoerster (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released
John Haxby (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released
Marc Deslauriers (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released
Yves-Alexis Perez (Nov 22)
Re: Re: [LightDM] Version 1.0.6 released
Marc Deslauriers (Nov 22)
Re: Re: [LightDM] Version 1.0.6 released
Guido Berhoerster (Nov 22)
Re: Re: [LightDM] Version 1.0.6 released
Guido Berhoerster (Nov 02)
CVE request: wordpress plugin timthumb before 2.0 remote code execution
Hanno Böck (Nov 03)
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution
Kurt Seifried (Nov 03)
CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files
Jan Lieskovsky (Nov 03)
Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files
Kurt Seifried (Nov 03)
CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052)
Jan Lieskovsky (Nov 04)
Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052)
Kurt Seifried (Nov 04)
CVE request: unsafe use of /tmp in multiple CPAN modules
John Lightsey (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
Kurt Seifried (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
Solar Designer (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
John Lightsey (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
John Lightsey (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
Solar Designer (Nov 05)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
Solar Designer (Nov 05)
CVE request: Mahara
Moritz Muehlenhoff (Nov 04)
Re: CVE request: Mahara
Kurt Seifried (Nov 04)
/proc/$PID/sched PoC: spy-gksu
Vasiliy Kulikov (Nov 05)
caml-light insecure temporary files
David Holland (Nov 06)
Re: caml-light insecure temporary files
Florian Weimer (Nov 06)
Re: caml-light insecure temporary files
Eitan Adler (Nov 07)
Re: caml-light insecure temporary files
David Holland (Nov 08)
Re: caml-light insecure temporary files
Kurt Seifried (Nov 07)
CVE Request -- pam_yubico -- Authentication bypass via NULL password
Jan Lieskovsky (Nov 07)
Re: CVE Request -- pam_yubico -- Authentication bypass via NULL password
Kurt Seifried (Nov 07)
/proc/interrupts PoC: spy-interrupts
Vasiliy Kulikov (Nov 07)
Re: /proc/interrupts PoC: spy-interrupts
David Hicks (Nov 08)
CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation
Jan Lieskovsky (Nov 07)
Re: CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation
Kurt Seifried (Nov 07)
Fwd: DSA 2338-1 moodle security update
Henri Salo (Nov 07)
Re: Fwd: DSA 2338-1 moodle security update
jmm (Nov 07)
Re: Fwd: DSA 2338-1 moodle security update
Kurt Seifried (Nov 14)
CVE request: kernel: multiple flaws allowing to sniff keystrokes timings
Vasiliy Kulikov (Nov 08)
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings
Eugene Teo (Nov 08)
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings
Eugene Teo (Nov 09)
CVE request: Android: vold stack buffer overflow
Dan Rosenberg (Nov 08)
Re: CVE request: Android: vold stack buffer overflow
Dan Rosenberg (Nov 08)
Re: Re: CVE request: Android: vold stack buffer overflow
Kurt Seifried (Nov 08)
<Possible follow-ups>
Re: Re: CVE request: Android: vold stack buffer overflow
Nick Kralevich (Nov 10)
potential OpenPAM vulnerability
Sebastian Krahmer (Nov 08)
Re: potential OpenPAM vulnerability
Kurt Seifried (Nov 08)
CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
Vincent Danen (Nov 09)
Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
Kurt Seifried (Nov 09)
CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus
Jan Lieskovsky (Nov 09)
Re: CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus
Kurt Seifried (Nov 09)
CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420)
Jan Lieskovsky (Nov 10)
Re: CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420)
Kurt Seifried (Nov 10)
CVE Request -- kernel: nfs4_getfacl decoding kernel oops
Petr Matousek (Nov 11)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops
Kurt Seifried (Nov 12)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops
Kurt Seifried (Nov 13)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops
Kurt Seifried (Nov 12)
CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops
Petr Matousek (Nov 11)
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops
Kurt Seifried (Nov 13)
CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption
Hanno Böck (Nov 13)
Re: CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption
Kurt Seifried (Nov 14)
CVE request: ResourceSpace before 4.2.2833 insufficient access check
Hanno Böck (Nov 13)
Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check
Kurt Seifried (Nov 14)
Did this ArchLinux/shaman thing ever get a CVE?
Kurt Seifried (Nov 14)
Re: Did this ArchLinux/shaman thing ever get a CVE?
Kurt Seifried (Nov 22)
Arch Linux Shaman issue
Kurt Seifried (Nov 14)
glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Solar Designer (Nov 15)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Solar Designer (Nov 15)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Solar Designer (Nov 17)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Steve Grubb (Nov 17)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Henri Salo (Nov 17)
weird crypt-sha* in DragonFly BSD
Solar Designer (Nov 15)
Re: weird crypt-sha* in DragonFly BSD
Solar Designer (Nov 15)
OpenBSD bcrypt error return
Solar Designer (Nov 15)
Re: OpenBSD bcrypt error return
Solar Designer (Nov 15)
*BSD's DES-based crypt(3) treats all invalid salt chars as '.'
Solar Designer (Nov 15)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.'
Solar Designer (Nov 15)
CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)
Jan Lieskovsky (Nov 15)
Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)
Kurt Seifried (Nov 15)
CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information
David Jorm (Nov 16)
Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information
Kurt Seifried (Nov 17)
CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
Solar Designer (Nov 16)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
Solar Designer (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
Solar Designer (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
The Fungi (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
Vincent Danen (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
Solar Designer (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
Solar Designer (Nov 17)
CVE Request: nginx resolver heap overflow
Ben Hawkes (Nov 17)
Re: CVE Request: nginx resolver heap overflow
Kurt Seifried (Nov 17)
Re: CVE Request: nginx resolver heap overflow
Kurt Seifried (Nov 17)
linux-distros list setup update
Solar Designer (Nov 18)
linux-distros Slackware membership
Patrick J. Volkerding (Nov 28)
Re: linux-distros Slackware membership
Solar Designer (Nov 28)
Re: linux-distros list setup update
Solar Designer (Dec 13)
non-Linux advance notification list
Solar Designer (Nov 18)
Re: non-Linux advance notification list
Tim Zingelman (Nov 18)
Re: non-Linux advance notification list
Solar Designer (Nov 26)
Re: non-Linux advance notification list
Joost Hoogendoorn (Nov 26)
Re: non-Linux advance notification list
Solar Designer (Nov 26)
Re: non-Linux advance notification list
Michael Harrison (Nov 27)
Re: non-Linux advance notification list
Solar Designer (Nov 27)
Re: non-Linux advance notification list
Solar Designer (Nov 27)
Re: non-Linux advance notification list
Michael Harrison (Nov 28)
Re: non-Linux advance notification list
Alex Legler (Nov 28)
Re: non-Linux advance notification list
Solar Designer (Dec 09)
CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying
Jan Lieskovsky (Nov 18)
Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying
Timo Sirainen (Nov 18)
Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying
Kurt Seifried (Nov 18)
CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method
Jan Lieskovsky (Nov 18)
Re: CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method
Kurt Seifried (Nov 18)
CVE request: ejabberd before 2.1.9
Hanno Böck (Nov 19)
Re: CVE request: ejabberd before 2.1.9
Kurt Seifried (Nov 19)
Re: closed-list membership transition
Solar Designer (Nov 19)
CVE request: joomla 1.5 before 1.5.25 password change vulnerability
Hanno Böck (Nov 20)
Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability
Kurt Seifried (Nov 21)
CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module
Hanno Böck (Nov 20)
Re: CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module
Kurt Seifried (Nov 21)
CVE request: drupal before 7.5 access bypass
Hanno Böck (Nov 20)
Re: CVE request: drupal before 7.5 access bypass
Kurt Seifried (Nov 21)
Re: CVE request: drupal before 7.5 access bypass
Moritz Muehlenhoff (Nov 21)
Re: CVE request: drupal before 7.5 access bypass
Kurt Seifried (Nov 21)
CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0
Eugene Teo (Nov 21)
kernel: hfs: add sanity check for file name length
Eugene Teo (Nov 21)
Re: kernel: hfs: add sanity check for file name length
Kurt Seifried (Nov 21)
Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Henri Salo (Nov 21)
Fwd: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Kurt Seifried (Nov 21)
CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies
Jan Lieskovsky (Nov 21)
Re: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies
Kurt Seifried (Nov 21)
CVE Request: openssh 5.8p2
Marcus Meissner (Nov 21)
Re: CVE Request: openssh 5.8p2
Kurt Seifried (Nov 21)
CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment()
Petr Matousek (Nov 21)
Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment()
Kurt Seifried (Nov 21)
Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
Henri Salo (Nov 21)
Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
Kurt Seifried (Nov 22)
CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities
Henri Salo (Nov 21)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities
Kurt Seifried (Nov 21)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities
Henri Salo (Nov 21)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities
Kurt Seifried (Nov 21)
Fwd: XSS vulnerability in Joomla 1.6.3
Henri Salo (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3
Kurt Seifried (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3
Henri Salo (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue
Kurt Seifried (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue
Steven M. Christey (Nov 23)
Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue]
Jan Lieskovsky (Nov 23)
Re: Fwd: XSS vulnerability in Joomla 1.6.3
Kurt Seifried (Nov 21)
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Petr Matousek (Nov 21)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Kurt Seifried (Nov 21)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Eugene Teo (Nov 22)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
Kurt Seifried (Nov 22)
CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027)
Henri Salo (Nov 21)
Re: CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027)
Kurt Seifried (Nov 22)
CVE-request: Contao 2.10.1 Cross-site scripting vulnerability
Henri Salo (Nov 21)
Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability
Kurt Seifried (Nov 22)
Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
Henri Salo (Nov 22)
Re: Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
Kurt Seifried (Nov 22)
CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)
Henri Salo (Nov 22)
Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)
Kurt Seifried (Nov 22)
CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value
Jan Lieskovsky (Nov 23)
Re: CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value
Kurt Seifried (Nov 23)
CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read
Hanno Böck (Nov 23)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read
Kurt Seifried (Nov 23)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read
Hanno Böck (Nov 24)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read
Kurt Seifried (Nov 25)
CVE request: jenkins
Jamie Strandboge (Nov 23)
Re: CVE request: jenkins
Kurt Seifried (Nov 23)
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
Eugene Teo (Nov 24)
Please REJECT CVE-2011-4112
Petr Matousek (Nov 24)
Re: Please REJECT CVE-2011-4112
Tavis Ormandy (Nov 24)
Re: Re: Please REJECT CVE-2011-4112
Petr Matousek (Nov 24)
CVE request -- kernel: kvm: device assignment DoS
Petr Matousek (Nov 24)
Re: CVE request -- kernel: kvm: device assignment DoS
Kurt Seifried (Nov 24)
CVE Request: colord sql injections
Ludwig Nussel (Nov 25)
Re: CVE Request: colord sql injections
Jan Lieskovsky (Nov 25)
Re: CVE Request: colord sql injections
Ludwig Nussel (Nov 25)
Re: CVE Request: colord sql injections
Kurt Seifried (Nov 25)
CVE Request -- yaws -- Directory traversal flaw
Jan Lieskovsky (Nov 25)
Re: CVE Request -- yaws -- Directory traversal flaw
Rob Keith (Nov 25)
Re: CVE Request -- yaws -- Directory traversal flaw
Kurt Seifried (Nov 25)
CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module
Jan Lieskovsky (Nov 27)
Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module
Colin Watson (Nov 27)
Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module
Kurt Seifried (Nov 28)
CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001
Jan Lieskovsky (Nov 28)
Re: CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001
Kurt Seifried (Nov 28)
CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts
Kurt Seifried (Nov 28)
CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces
David Jorm (Nov 29)
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces
Kurt Seifried (Nov 29)
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces
Kurt Seifried (Dec 07)
Fwd: Bug script install slackware
Raphael Bastos (Nov 29)
Re: Fwd: Bug script install slackware
Kurt Seifried (Nov 29)
Re: Fwd: Bug script install slackware
Solar Designer (Nov 29)
Re: Fwd: Bug script install slackware
Raphael Bastos (Nov 29)
Re: Fwd: Bug script install slackware
Patrick J. Volkerding (Nov 29)
Re: Fwd: Bug script install slackware
Raphael Bastos (Nov 29)
Re: Fwd: Bug script install slackware
Solar Designer (Nov 29)
CVE request: mediawiki before 1.17.1
Hanno Böck (Nov 29)
Re: CVE request: mediawiki before 1.17.1
Kurt Seifried (Nov 29)
CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error
Stefan Bühler (Nov 29)
Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error
Kurt Seifried (Nov 29)
CVE id request: ffmpeg
Nico Golde (Nov 30)
Re: CVE id request: ffmpeg
Kurt Seifried (Nov 30)
Re: CVE id request: ffmpeg
Kurt Seifried (Nov 30)
CVE request: Proc::ProcessTable perl module
Moritz Muehlenhoff (Nov 30)
Re: CVE request: Proc::ProcessTable perl module
Kurt Seifried (Nov 30)
XSSer v1.6 -beta- aka "Grey Swarm!" released.
psy (Nov 30)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released.
Solar Designer (Dec 01)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released.
Kurt Seifried (Dec 01)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released.
Henri Salo (Dec 01)
CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Henri Salo (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Henri Salo (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Hanno Böck (Dec 04)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Kurt Seifried (Dec 04)
<Possible follow-ups>
RE: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Secunia Research (Dec 02)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Henri Salo (Dec 01)
CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys
Billy Brumley (Dec 01)
DOM based XSS in the JBoss AS 7 administration console - CVE-2011-3606
David Jorm (Dec 02)
CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609
David Jorm (Dec 02)
CVE request: CSRF in xt:commerce 3.04 SP2.1
dishix (Dec 03)
Re: CVE request: CSRF in xt:commerce 3.04 SP2.1
Kurt Seifried (Dec 04)
CVE Request: ffmpeg
Marc Deslauriers (Dec 04)
Re: CVE Request: ffmpeg
Kurt Seifried (Dec 04)
Re: CVE Request: ffmpeg
Marc Deslauriers (Dec 05)
Re: CVE Request: ffmpeg
Kurt Seifried (Dec 07)
CVE request: glibc: timezone integer overflow
Matthias Weckbecker (Dec 05)
Re: CVE request: glibc: timezone integer overflow
Kurt Seifried (Dec 07)
C|Net Download.Com is now bundling Nmap with malware!
Henri Salo (Dec 06)
CVE request: acpid
Moritz Muehlenhoff (Dec 06)
Re: CVE request: acpid
Kurt Seifried (Dec 06)
acpid - possible issue in socket handling
Kurt Seifried (Dec 06)
Disputing CVE-2011-4122
Jeff Mitchell (Dec 07)
Re: Disputing CVE-2011-4122
Kurt Seifried (Dec 07)
Re: Disputing CVE-2011-4122
Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122
Kurt Seifried (Dec 08)
Re: Disputing CVE-2011-4122
Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122
Kurt Seifried (Dec 08)
Re: Disputing CVE-2011-4122
Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122
Solar Designer (Dec 23)
Re: Disputing CVE-2011-4122
Jeff Mitchell (Dec 27)
Re: Disputing CVE-2011-4122
Solar Designer (Dec 27)
Re: Disputing CVE-2011-4122
Sebastian Krahmer (Dec 28)
CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases
Vincent Danen (Dec 07)
Re: CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases
Kurt Seifried (Dec 07)
CVE-request WordPress pretty-link plugin 1.5.2 XSS
Henri Salo (Dec 08)
Re: CVE-request WordPress pretty-link plugin 1.5.2 XSS
Kurt Seifried (Dec 08)
CVE Request -- kernel: send(m)msg: user pointer dereferences
Petr Matousek (Dec 08)
Re: CVE Request -- kernel: send(m)msg: user pointer dereferences
Kurt Seifried (Dec 08)
CVE Request: icu out of bounds access
Ludwig Nussel (Dec 09)
Re: CVE Request: icu out of bounds access
Kurt Seifried (Dec 09)
CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014
Jan Lieskovsky (Dec 09)
Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014
Kurt Seifried (Dec 09)
CVE request: Pidgin crash
Mark Doliner (Dec 10)
Re: CVE request: Pidgin crash
Kurt Seifried (Dec 10)
cve request: bat_socket_read memory corruption
Paul (Dec 10)
Re: cve request: bat_socket_read memory corruption
Kurt Seifried (Dec 10)
Re: cve request: bat_socket_read memory corruption
Paul (Dec 11)
<Possible follow-ups>
Fwd: Re: cve request: bat_socket_read memory corruption
Kurt Seifried (Dec 12)
CVE request: rocksndiamonds world-writable working/config directory
Vincent Danen (Dec 12)
Re: CVE request: rocksndiamonds world-writable working/config directory
Kurt Seifried (Dec 12)
CVE request: putty does not wipe keyboard-interactive replies from memory after authentication
Vincent Danen (Dec 12)
Re: CVE request: putty does not wipe keyboard-interactive replies from memory after authentication
Kurt Seifried (Dec 12)
OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
Huzaifa Sidhpurwala (Dec 13)
CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing
Eugene Teo (Dec 15)
Re: CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing
Kurt Seifried (Dec 15)
CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8)
vladz (Dec 15)
Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8)
Kurt Seifried (Dec 15)
Security issue in icecast
Jamie Strandboge (Dec 15)
RE: [Icecast-dev] Security issue in icecast
Thomas.Rucker (Dec 15)
Re: RE: [Icecast-dev] Security issue in icecast
Jamie Strandboge (Dec 15)
Re: Security issue in icecast
Kurt Seifried (Dec 15)
TYPO3 typo3-core-sa-2011-004
Kurt Seifried (Dec 16)
CVE request: zabbix persistent XSS flaw
Vincent Danen (Dec 16)
Re: CVE request: zabbix persistent XSS flaw
Kurt Seifried (Dec 16)
CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page=
Henri Salo (Dec 18)
Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page=
Kurt Seifried (Dec 19)
CVE for HTML-Template-Pro 0.9506 XSS
Kurt Seifried (Dec 19)
CVE id request: python-virtualenv
Nico Golde (Dec 19)
Re: CVE id request: python-virtualenv
Kurt Seifried (Dec 19)
Re: CVE id request: python-virtualenv
Nico Golde (Dec 19)
Re: CVE id request: python-virtualenv
Kurt Seifried (Dec 19)
CVE assignment from previous years
Tim Sammut (Dec 20)
Re: CVE assignment from previous years
Kurt Seifried (Dec 20)
Re: CVE assignment from previous years
Steven M. Christey (Dec 20)
Re: CVE assignment from previous years
Kurt Seifried (Dec 21)
CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI, ioctl
Kurt Seifried (Dec 20)
plib ulSetError() buffer overflow - CVE-2011-4620
Kurt Seifried (Dec 21)
CVE Request -- kernel: tight loop and no preemption can cause system stall
Petr Matousek (Dec 21)
Re: CVE Request -- kernel: tight loop and no preemption can cause system stall
Kurt Seifried (Dec 21)
kernel: kvm: pit timer with no irqchip crashes the system
Petr Matousek (Dec 21)
Re: kernel: kvm: pit timer with no irqchip crashes the system
Petr Matousek (Dec 21)
Re: kernel: kvm: pit timer with no irqchip crashes the system
Kurt Seifried (Dec 21)
CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer
Jan Lieskovsky (Dec 22)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer
Kurt Seifried (Dec 22)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer
Kyle Creyts (Dec 22)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer
Jan Lieskovsky (Dec 22)
Status of two Linux kernel issues w/o CVE assignments
Moritz Muehlenhoff (Dec 22)
Re: Status of two Linux kernel issues w/o CVE assignments
Kurt Seifried (Dec 23)
Re: Status of two Linux kernel issues w/o CVE assignments
Michael Gilbert (Dec 23)
Re: Status of two Linux kernel issues w/o CVE assignments
Solar Designer (Dec 23)
Re: Status of two Linux kernel issues w/o CVE assignments
Eugene Teo (Dec 24)
Re: Status of two Linux kernel issues w/o CVE assignments
Vasiliy Kulikov (Dec 27)
Re: Status of two Linux kernel issues w/o CVE assignments
Kurt Seifried (Dec 28)
Re: Status of two Linux kernel issues w/o CVE assignments
Kurt Seifried (Dec 28)
Re: Status of two Linux kernel issues w/o CVE assignments
Eugene Teo (Dec 24)
CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl
Petr Matousek (Dec 22)
CVE-request: WordPress flash-album-gallery plugin facebook.php XSS
Henri Salo (Dec 22)
Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS
Kurt Seifried (Dec 23)
CVE request: simplesamlphp / Typo3
Moritz Muehlenhoff (Dec 23)
Re: CVE request: simplesamlphp / Typo3
Kurt Seifried (Dec 23)
Re: CVE request: simplesamlphp / Typo3
Moritz Mühlenhoff (Dec 23)
Re: CVE request: simplesamlphp / Typo3
Kurt Seifried (Dec 24)
CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection
Henri Salo (Dec 24)
Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection
Kurt Seifried (Dec 24)
CVE-request for three 2009 Joomla issues
Henri Salo (Dec 25)
Re: CVE-request for three 2009 Joomla issues
Kurt Seifried (Dec 25)
CVE Request for Apache ActiveMQ DoS
David Jorm (Dec 25)
Re: CVE Request for Apache ActiveMQ DoS
Kurt Seifried (Dec 25)
CVE-request for three 2009 Joomla issues (second part)
Henri Salo (Dec 25)
Re: CVE-request for three 2009 Joomla issues (second part)
Kurt Seifried (Dec 25)
CVE-request: Joomla com_mailto automated mail timeout bypass (2009)
Henri Salo (Dec 25)
Re: CVE-request: Joomla com_mailto automated mail timeout bypass (2009)
Kurt Seifried (Dec 25)
CVE-2011-4862 is not BSD-specific
Florian Weimer (Dec 25)
Re: CVE-2011-4862 is not BSD-specific
Kurt Seifried (Dec 25)
Re: CVE-2011-4862 is not BSD-specific
Huzaifa Sidhpurwala (Dec 26)
Re: CVE-2011-4862 is not BSD-specific
Florian Weimer (Dec 26)
Re: CVE-2011-4862 is not BSD-specific
Huzaifa Sidhpurwala (Dec 26)
Re: closed-list
Kurt Seifried (Dec 28)
Re: closed-list
Solar Designer (Dec 29)
Re: CVE request: kernel: multiple issues in ROSE
Kurt Seifried (Dec 28)
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
Andrea Barisani (Dec 28)
More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
Hanno Böck (Dec 29)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
Kurt Seifried (Dec 29)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
David Jorm (Dec 29)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
Andrea Barisani (Dec 29)
Re: More CVEs? (was Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
cve-assign (Dec 30)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
Tomas Hoger (Dec 30)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
Hanno Böck (Dec 30)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
Solar Designer (Dec 29)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
Andrea Barisani (Dec 29)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
Solar Designer (Jan 01)
Re: Closed list
Solar Designer (Dec 29)
CVE-request: Elxis CMS two XSS-vulnerabilities
Henri Salo (Dec 30)
Re: CVE-request: Elxis CMS two XSS-vulnerabilities
Kurt Seifried (Dec 31)
mpack 1.6 allows eavesdropping on mails sent by other users
Sebastian Pipping (Dec 31)
Re: mpack 1.6 allows eavesdropping on mails sent by other users
Kurt Seifried (Dec 31)
Re: mpack 1.6 allows eavesdropping on mails sent by other users
Sebastian Pipping (Dec 31)
Previous period
Next period
[
Nmap
|
Sec Tools
|
Mailing Lists
|
Site News
|
About/Contact
|
Advertising
|
Privacy
]
RSS Feed
About List
All Lists
Previous period