Home page logo
/

815 messages starting Jan 01 12 and ending Mar 31 12
Date index | Thread index | Author index

Sunday, 01 January

Re: CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo
speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde
Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer
OpenSSL and *BSD *_Final context struct zeroization (was: weird crypt-sha* in DragonFly BSD) Solar Designer

Monday, 02 January

Re: OpenBSD bcrypt error return Solar Designer
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer
OpenBSD bcrypt 8-bit key_len wraparound Solar Designer
Re: weird crypt-sha* in DragonFly BSD Solar Designer
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Mike O'Connor
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Eitan Adler
Re: Disputing CVE-2011-4122 Oswald Buddenhagen
Re: Disputing CVE-2011-4122 Solar Designer
Two CVE requests Moritz Muehlenhoff
CVE request: libfpx "Free_All_Memory()" Double-Free Vulnerability Agostino Sarubbo
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde

Tuesday, 03 January

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer
CVE-request: PHP Booking Calendar 10e XSS Henri Salo
Re: CVE-request: PHP Booking Calendar 10e XSS Steven M. Christey
Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Netsparker Advisories
Re: CVE-request: PHP Booking Calendar 10e XSS Henri Salo
CVE request: maradns hash table collision cpu dos Vincent Danen
Re: CVE request: maradns hash table collision cpu dos Henri Salo
Re: CVE request: maradns hash table collision cpu dos Vincent Danen
Re: CVE Request: Security issue in backuppc Moritz Mühlenhoff
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer
Closed list unsubscribe Josh Bressers
Re: Two CVE requests Kurt Seifried
Re: CVE request: maradns hash table collision cpu dos Kurt Seifried
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried
Re: CVE Request: Security issue in backuppc Kurt Seifried
Re: CVE request: libfpx "Free_All_Memory()" Double-Free Vulnerability Kurt Seifried
CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo
CVE-request: Multiple e107 vulnerabilities Henri Salo
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde
CVE request: XSS in wordpress 3.3 Hanno Böck

Wednesday, 04 January

Re: CVE request: XSS in wordpress 3.3 Kurt Seifried
Re: CVE request: XSS in wordpress 3.3 cve-assign
Re: CVE-request: Multiple e107 vulnerabilities Kurt Seifried
CVE-2011-4858 confusion Sebastian Krahmer
CVE request: ghostscript: system initialization file uncontrolled search path element Ramon de C Valle
Re: CVE-2011-4858 confusion cve-assign
Re: CVE request: ghostscript: system initialization file uncontrolled search path element Kurt Seifried
CVE request: Pidgin Moritz Muehlenhoff
Re: CVE Request: Security issue in backuppc Moritz Muehlenhoff
Re: CVE Request: Security issue in backuppc Steven M. Christey
Re: Re: CVE-2011-4858 confusion Vincent Danen
Re: CVE Request: Security issue in backuppc Kurt Seifried
Re: CVE request: Pidgin Kurt Seifried
Re: CVE request: Pidgin Steven M. Christey
Re: CVE Request: Security issue in backuppc Kurt Seifried
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried
CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek
Re: CVE Request -- kernel: futex: clear robust_list on execve Kurt Seifried
Re: CVE Request -- kernel: futex: clear robust_list on execve Greg KH

Thursday, 05 January

CVE request: TORQUE Munge Authentication Security Bypass Agostino Sarubbo
Re: Re: CVE-2011-4858 confusion Mark Thomas
CVE-request: WordPress plugin Adminimize XSS Henri Salo
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) David Hicks
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) The Fungi
Re: CVE Request -- kernel: futex: clear robust_list on execve akuster
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek
Re: CVE request: TORQUE Munge Authentication Security Bypass Kurt Seifried
Re: CVE-request: WordPress plugin Adminimize XSS Kurt Seifried
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried
CVE Requests for FFmpeg 0.9.1 Michael Niedermayer
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried
Re: CVE Requests for FFmpeg 0.9.1 Steven M. Christey
Re: CVE Requests for FFmpeg 0.9.1 Michael Niedermayer
Re: CVE Requests for FFmpeg 0.9.1 Michael Niedermayer

Friday, 06 January

Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried
Re: CVE-2011-4858 confusion cve-assign
CVE request: redmine issues Moritz Muehlenhoff
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck
Re: CVE request: redmine issues Kurt Seifried
CVE Request for spamdyke "STARTTLS" Plaintext Injection Vulnerability Michael Harrison

Saturday, 07 January

Re: CVE Request for spamdyke "STARTTLS" Plaintext Injection Vulnerability Kurt Seifried
CVE request for OpenTTD Rubidium
Malicious devices & vulnerabilties Xi Wang

Sunday, 08 January

Re: Malicious devices & vulnerabilties Florian Weimer
CVE request: znc Moritz Muehlenhoff
New Intrusion Detection Evaluation Dataset Hadi Shiravi
Re: Malicious devices & vulnerabilties Greg KH
Re: Malicious devices & vulnerabilties Eitan Adler
Re: Malicious devices & vulnerabilties Eugene Teo
Re: Malicious devices & vulnerabilties Xi Wang
Re: Malicious devices & vulnerabilties Eitan Adler
Re: Malicious devices & vulnerabilties Xi Wang
Re: Malicious devices & vulnerabilties Hanno Böck
Re: Malicious devices & vulnerabilties Xi Wang
Re: Malicious devices & vulnerabilties Alistair Crooks

Monday, 09 January

Re: Malicious devices & vulnerabilties Eugene Teo
Re: Malicious devices & vulnerabilties Kurt Seifried
Re: CVE request: znc Henri Salo
Re: CVE request: znc Henri Salo
Re: Malicious devices & vulnerabilties Vasiliy Kulikov
Re: Malicious devices & vulnerabilties Ludwig Nussel
Re: CVE request for OpenTTD Kurt Seifried
Re: Malicious devices & vulnerabilties Florian Weimer
Re: Malicious devices & vulnerabilties Kurt Seifried
Re: Malicious devices & vulnerabilties Alistair Crooks

Tuesday, 10 January

Re: CVE request: znc Kurt Seifried
CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Kurt Seifried
Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Chong Yidong
Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Kurt Seifried
CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Eugene Teo
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Kurt Seifried
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Moritz Muehlenhoff
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Kurt Seifried
CVE request: kernel: xfs heap overflow Xi Wang
Re: CVE request: kernel: xfs heap overflow Kurt Seifried
Re: CVE request: kernel: xfs heap overflow Kurt Seifried
glib2 hash dos oCert-2011-003 Kurt Seifried

Wednesday, 11 January

CVE request: simpleSAMLphp 1.8.2 cross site scripting Thijs Kinkhorst
CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() Eugene Teo
CVE request: Wireshark multiple vulnerabilities Agostino Sarubbo
CVE request -- kernel: kvm: syscall instruction induced guest panic Petr Matousek
Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability David Engster
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Kurt Seifried
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried

Thursday, 12 January

Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() Kurt Seifried
Re: CVE request -- kernel: kvm: syscall instruction induced guest panic Kurt Seifried
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer
Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried
CVE request: Mediawiki Moritz Muehlenhoff
Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey
Re: CVE request: Mediawiki Kurt Seifried

Friday, 13 January

details about Tahoe-LAFS security problem #1654 Zooko Wilcox-O'Hearn
Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala
Secunia looking for Linux Vulnerability Specialist Henri Salo
CVE affected for PHP 5.3.9 ? Nicolas Grégoire
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried
Re: CVE request for OpenTTD Kurt Seifried
Re: CVE request for OpenTTD - use CVE-2012-0049! Kurt Seifried
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire

Saturday, 14 January

Re: CVE affected for PHP 5.3.9 ? Kurt Seifried
Re: CVE affected for PHP 5.3.9 ? Ignacio Espinosa
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried

Sunday, 15 January

Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried
CVE-request: WordPress 3.1.1 Henri Salo
Re: CVE-request: WordPress 3.1.1 Hanno Böck
Re: CVE-request: WordPress 3.1.1 Yves-Alexis Perez
Re: CVE-request: WordPress 3.1.1 Henri Salo
CVE Request for spamdyke "STARTTLS" Plaintext Agostino Sarubbo
ANNOUNCING Tahoe, the Least-Authority File System, v1.9.1 Zooko Wilcox-O'Hearn
CVE-request: NGS00109 remote code execution in ImpressPages CMS Henri Salo
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire
Re: details about Tahoe-LAFS security problem #1654 Kurt Seifried
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried

Monday, 16 January

CVE request: Jenkins Moritz Muehlenhoff
Re: weird crypt-sha* in DragonFly BSD Solar Designer

Tuesday, 17 January

Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala
gpw password generator giving short password at low rate Yves-Alexis Perez
Re: gpw password generator giving short password at low rate Henri Salo
Re: gpw password generator giving short password at low rate Yves-Alexis Perez
pwgen: non-uniform distribution of passwords Solar Designer
CVE Request: overlayfs Marc Deslauriers
CVE-request: golismero symlink vulnerability Henri Salo
Re: pwgen: non-uniform distribution of passwords Solar Designer
Re: Re: pwgen: non-uniform distribution of passwords Henri Salo
Re: CVE-request: golismero symlink vulnerability Kurt Seifried
Re: CVE Request: overlayfs Kurt Seifried
Re: Re: pwgen: non-uniform distribution of passwords Kurt Seifried
Re: gpw password generator giving short password at low rate Kurt Seifried
Re: pwgen: non-uniform distribution of passwords Solar Designer
Re: Re: pwgen: non-uniform distribution of passwords Steven M. Christey
Re: gpw password generator giving short password at low rate Steven M. Christey

Wednesday, 18 January

CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kurt Seifried
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Eugene Teo
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo
CVE request: kernel: Unused iocbs in a batch should not be accounted as active Eugene Teo
Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active Kurt Seifried
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried
CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kees Cook
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried
Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS Kurt Seifried
Re: CVE-request: WordPress 3.1.1 Kurt Seifried

Thursday, 19 January

Screen locking programs on Xorg 1.11 Gu1
Re: Screen locking programs on Xorg 1.11 Michael Gilbert
CVE request: tucan insecure plugin update mechanism Vincent Danen
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo
Re: CVE request: tucan insecure plugin update mechanism Kurt Seifried
Re: Screen locking programs on Xorg 1.11 Kurt Seifried
Re: Screen locking programs on Xorg 1.11 Michael Gilbert
Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink
Re: Screen locking programs on Xorg 1.11 Sebastian Pipping
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink
Re: Screen locking programs on Xorg 1.11 Yves-Alexis Perez
Re: CVE-request: WordPress 3.1.1 Yves-Alexis Perez
Re: weird crypt-sha* in DragonFly BSD Solar Designer
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Henri Salo
CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan Lieskovsky
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Yves-Alexis Perez
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan Lieskovsky
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan-Wijbrand Kolman
Request for linux-distros () vs openwall org membership John Johansen
Re: Request for linux-distros () vs openwall org membership Jamie Strandboge
R: pwgen: non-uniform distribution of passwords valentino.angeletti
Re: Screen locking programs on Xorg 1.11 Florian Weimer
Re: pwgen: non-uniform distribution of passwords Solar Designer
CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability Kurt Seifried
Re: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability Kurt Seifried
Re: Screen locking programs on Xorg 1.11 Tim Zingelman

Friday, 20 January

Re: Screen locking programs on Xorg 1.11 Gu1
Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala
Potential security issues fixed in PHP 5.3.9 Kurt Seifried
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried
Re: Re: pwgen: non-uniform distribution of passwords Michael Niedermayer
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried
Re: CVE Request for spamdyke "STARTTLS" Plaintext Kurt Seifried
Re: CVE request: Jenkins Kurt Seifried
pdf attacks vectors Alexander Pletnev
CVE request: spamdyke buffer overflow vulnerability Agostino Sarubbo
Re: Request for linux-distros () vs openwall org membership Solar Designer
distros & linux-distros embargo period and message format Solar Designer
Re: Potential security issues fixed in PHP 5.3.9 Pierre Joye
Re: weird crypt-sha* in DragonFly BSD Solar Designer
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo
CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Jan Lieskovsky
Re: distros & linux-distros embargo period and message format Kurt Seifried
Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Steven M. Christey
Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Jan Lieskovsky
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Steven M. Christey
Re: distros & linux-distros embargo period and message format Solar Designer
CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities Vincent Danen
Re: weird crypt-sha* in DragonFly BSD Samuel J. Greear
Re: pdf attacks vectors Solar Designer
Re: weird crypt-sha* in DragonFly BSD Samuel J. Greear
Re: weird crypt-sha* in DragonFly BSD Solar Designer
Re: pdf attacks vectors Alexander Pletnev
Re: pdf attacks vectors Solar Designer
CVE request: smokeping XSS Vincent Danen
Re: Potential security issues fixed in PHP 5.3.9 Kurt Seifried

Saturday, 21 January

Re: CVE request: smokeping XSS Kurt Seifried
Re: CVE request: spamdyke buffer overflow vulnerability Kurt Seifried
CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Jan Lieskovsky
Re: pdf attacks vectors Henri Salo
Re: weird crypt-sha* in DragonFly BSD Solar Designer
Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Kurt Seifried

Sunday, 22 January

Re: CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities Kurt Seifried
Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Steven M. Christey
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Jason A. Donenfeld
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer
Re: pwgen: non-uniform distribution of passwords Solar Designer

Monday, 23 January

Re: distros & linux-distros embargo period and message format Michael Gilbert
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo
CVE id assignment dates Solar Designer
Re: CVE id assignment dates Steven M. Christey
Re: CVE request: spamdyke buffer overflow vulnerability Kurt Seifried
Re: CVE request: spamdyke buffer overflow vulnerability Michael Harrison

Tuesday, 24 January

Re: CVE id assignment dates Michael Gilbert
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo
Re: CVE id assignment dates Kurt Seifried
CVE request: bip buffer overflow Luciano Bello
Re: CVE id assignment dates Steven M. Christey
Re: CVE id assignment dates Henri Salo
CVE requests: Suhosin extension / as31 Moritz Muehlenhoff
XSLT issue in MoinMoin Nicolas Grégoire
Re: XSLT issue in MoinMoin Kurt Seifried
Re: CVE request: bip buffer overflow Kurt Seifried
Re: CVE requests: Suhosin extension / as31 Kurt Seifried
Re: XSLT issue in MoinMoin Nicolas Grégoire

Wednesday, 25 January

Fwd Joomla! Security News 2012-01 Henri Salo
Re: Fwd Joomla! Security News 2012-01 Henri Salo
TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo

Thursday, 26 January

Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Kurt Seifried
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo
Re: Fwd Joomla! Security News 2012-01 Henri Salo
CVE request: PostfixAdmin SQL injections and XSS Christian Boltz
Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Patrick R McDonald
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Christian Hoffmann
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Patrick R McDonald
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Kurt Seifried
Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried
Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz
Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried
CVE request: wicd writes sensitive information in log files (password, passphrase...) Kurt Seifried
Re: CVE request: wicd writes sensitive information in log files (password, passphrase...) Kurt Seifried
CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried
Re: XSLT issue in MoinMoin Kurt Seifried

Friday, 27 January

Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Marc Deslauriers
testing pwqgen Solar Designer
Subscribe to linux-distros Ramon de C Valle
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Yves-Alexis Perez
Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz
Re: Subscribe to linux-distros Kurt Seifried
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Yves-Alexis Perez
Re: Subscribe to linux-distros Solar Designer
Re: Subscribe to linux-distros Ramon de C Valle
Re: non-Linux advance notification list Solar Designer
Re: non-Linux advance notification list Solar Designer
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried

Saturday, 28 January

Re: non-Linux advance notification list Stuart Henderson
Re: non-Linux advance notification list Solar Designer
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried
(maybe) CVE request: libvpx before 1.0 crasher Hanno Böck

Monday, 30 January

Re: Fwd Joomla! Security News 2012-01 Kurt Seifried
Re: (maybe) CVE request: libvpx before 1.0 crasher Kurt Seifried
Re: Yubiserver package ships with pre-filled identities Jonathan Wiltshire
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried
Sudo format string vulnerability (CVE 2012-0809) nicolas vigier
Re: Yubiserver package ships with pre-filled identities Nanakos V. Chrysostomos
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos

Tuesday, 31 January

Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried
gnusound 0.7.5 file name handling format string issue Kurt Seifried
Re: gnusound 0.7.5 file name handling format string issue Kurt Seifried
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos
Re: Re: Yubiserver package ships with pre-filled identities Gian Piero Carrubba
Mibew messenger multiple XSS Henri Salo
Re: Re: Yubiserver package ships with pre-filled identities Steven M. Christey

Wednesday, 01 February

Fwd: Apache HTTP Server 2.2.22 Released Solar Designer
Re: Fwd: Apache HTTP Server 2.2.22 Released Kurt Seifried
Re: Fwd: Apache HTTP Server 2.2.22 Released Solar Designer
CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Jan Lieskovsky
Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Berke Viktor
Re: Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Yves-Alexis Perez
Re: distros & linux-distros embargo period and message format Solar Designer
Re: distros & linux-distros embargo period and message format Marc Deslauriers
Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Kurt Seifried
Re: Mibew messenger multiple XSS Kurt Seifried
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried
Re: Subscribe to linux-distros Agostino Sarubbo
XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Steven M. Christey
Re: Subscribe to linux-distros Alex Legler
Re: distros & linux-distros embargo period and message format Thomas Klausner
Re: distros & linux-distros embargo period and message format Solar Designer
Re: Subscribe to linux-distros Solar Designer
Re: distros & linux-distros embargo period and message format Solar Designer

Thursday, 02 February

Re: distros & linux-distros embargo period and message format Kurt Seifried
Re: distros & linux-distros embargo period and message format Marc Deslauriers
Re: distros & linux-distros embargo period and message format Solar Designer
Re: distros & linux-distros embargo period and message format Kurt Seifried
Re: distros & linux-distros embargo period and message format Solar Designer
Re: distros & linux-distros embargo period and message format Kurt Seifried
Re: distros & linux-distros embargo period and message format Solar Designer
RE: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Carsten Eiram
CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability Agostino Sarubbo
Re: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Filippo Cavallarin
Xen Security Advisory 6 (CVE-2012-0029) - HVM e1000, buffer overflow Ian Jackson
PHP remote code execution introduced via HashDoS fix Tomas Hoger
Re: PHP remote code execution introduced via HashDoS fix Solar Designer

Friday, 03 February

Re: PHP remote code execution introduced via HashDoS fix Pierre Joye
Re: Subscribe to linux-distros Solar Designer
Re: CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability Kurt Seifried
Adding Xen.org contact to linux-distros security list Ian Campbell
CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Marcus Meissner
CVE-request: Joomla! Security News 2012-02-03 Henri Salo
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Kurt Seifried
Re: Adding Xen.org contact to linux-distros security list Kurt Seifried
Re: CVE-request: Joomla! Security News 2012-02-03 Kurt Seifried
Re: Adding Xen.org contact to linux-distros security list Solar Designer

Saturday, 04 February

Re: distros & linux-distros embargo period and message format Michael Gilbert
Re: distros & linux-distros embargo period and message format Solar Designer
Re: distros & linux-distros embargo period and message format Michael Gilbert
Re: distros & linux-distros embargo period and message format Solar Designer
Re: distros & linux-distros embargo period and message format Michael Gilbert
Re: distros & linux-distros embargo period and message format Solar Designer

Sunday, 05 February

Re: Adding Xen.org contact to linux-distros security list Ian Campbell

Monday, 06 February

CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access Solar Designer
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Solar Designer
Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Solar Designer
CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Solar Designer

Tuesday, 07 February

CVE request: Hash DoS vulnerability (ocert-2011-003) Kurt Seifried
Re: CVE request: Hash DoS vulnerability (ocert-2011-003) Kurt Seifried
Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Petr Matousek

Wednesday, 08 February

Re: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access Jason A. Donenfeld
Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer
CVE request: apr - Hash DoS vulnerability Moritz Muehlenhoff
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni

Thursday, 09 February

Re: CVE request: apr - Hash DoS vulnerability Kurt Seifried
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer
Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Solar Designer
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni
MySQL 0-day - does it need a CVE? Kurt Seifried
Re: MySQL 0-day - does it need a CVE? Henri Salo
Re: MySQL 0-day - does it need a CVE? Henri Salo
Re: MySQL 0-day - does it need a CVE? Solar Designer
Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez
Re: MySQL 0-day - does it need a CVE? Kurt Seifried
Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez

Friday, 10 February

CVE request: surf Florian Weimer
Re: CVE request: surf Kurt Seifried
Re: MySQL 0-day - does it need a CVE? Henri Salo
imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Henri Salo
[vs] CVE-2012-1037 GLPI <= 0.80.61 LFI/RFI Emilien Girault
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen
Re: CVE request: surf Florian Weimer
RE: CVE request: surf Daniel Suarez

Saturday, 11 February

Re: MySQL 0-day - does it need a CVE? Solar Designer
CVE-request: Webcalendar 1.2.4 location XSS Henri Salo
Re: CVE request: surf Kurt Seifried

Sunday, 12 February

Re: CVE-request: Webcalendar 1.2.4 location XSS Eitan Adler
Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo
Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group

Monday, 13 February

Subscribe to linux-distros? Matthias Weckbecker
Re: Subscribe to linux-distros? Marcus Meissner
CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Jan Lieskovsky
Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Kurt Seifried
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried
Re: CVE-request: Webcalendar 1.2.4 location XSS Kurt Seifried

Tuesday, 14 February

Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Jan Lieskovsky
Re: Subscribe to linux-distros? Solar Designer
Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request David Malcolm
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried

Wednesday, 15 February

CVE request: mumble local information disclosure Vincent Danen
Re: CVE request: mumble local information disclosure Kurt Seifried

Thursday, 16 February

Re: CVE request: mumble local information disclosure Ludwig Nussel
Re: CVE request: mumble local information disclosure Kurt Seifried
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group

Friday, 17 February

Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried
CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow Stefan Cornelius

Saturday, 18 February

Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried
TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez

Monday, 20 February

Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Nico Golde
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Henri Salo
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Nico Golde
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Bugs in "file" program VU#621745 CERT(R) Coordination Center
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Kurt Seifried
Re: Bugs in "file" program VU#621745 Kurt Seifried
Re: OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried
Re: Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried

Wednesday, 22 February

libxml2: hash table collisions CPU usage DoS Huzaifa Sidhpurwala
CVE-2012-0875: systemtap memory disclosure/kernel panic when processing malformed DWARF unwind data Vincent Danen

Thursday, 23 February

CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root Jan Lieskovsky
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Steven M. Christey
CVE request -- kernel: block: CLONE_IO io_context refcounting issues Petr Matousek
Re: CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root Kurt Seifried
Re: CVE request -- kernel: block: CLONE_IO io_context refcounting issues Kurt Seifried

Friday, 24 February

Re: MySQL 0-day - does it need a CVE? Tomas Hoger
Re: MySQL 0-day - does it need a CVE? Kurt Seifried
Re: MySQL 0-day - does it need a CVE? Larry Stefonic

Saturday, 25 February

Attack on badly configured Netfilter-based firewalls Eric Leblond
Re: Attack on badly configured Netfilter-based firewalls Yves-Alexis Perez

Sunday, 26 February

Re: Attack on badly configured Netfilter-based firewalls Eric Leblond
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond
Re: Attack on badly configured Netfilter-based firewalls Solar Designer
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond

Monday, 27 February

Re: Attack on badly configured Netfilter-based firewalls Eugene Teo
Re: Attack on badly configured Netfilter-based firewalls Solar Designer
CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Jan Lieskovsky
Re: Attack on badly configured Netfilter-based firewalls Sebastian Krahmer
Re: Attack on badly configured Netfilter-based firewalls ArkanoiD
Re: Attack on badly configured Netfilter-based firewalls Sebastian Krahmer
Case YVS Image Gallery Henri Salo
CVE Request -- Multiple instances of insecure temporary file use Jan Lieskovsky
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond
CVE request: openssl: null pointer dereference issue Matthias Weckbecker
Re: Case YVS Image Gallery Kurt Seifried
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
Re: CVE Request -- Multiple instances of insecure temporary file use Kurt Seifried
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried
Re: Attack on badly configured Netfilter-based firewalls Florian Weimer
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond
Re: CVE request: smokeping XSS Florian Weimer
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski
Re: Attack on badly configured Netfilter-based firewalls yersinia
DesktopOnNet 3 Beta LFI Whitney Houston
Re: DesktopOnNet 3 Beta LFI Whitney Houston
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik
Re: Re: DesktopOnNet 3 Beta LFI Kurt Seifried
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski
Re: Case YVS Image Gallery Henri Salo

Tuesday, 28 February

Re: Attack on badly configured Netfilter-based firewalls Eric Leblond
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski
CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount Petr Matousek
Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount Kurt Seifried
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
CVE request: init script x11-common creates directories in insecure manners vladz
CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Jan Lieskovsky
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried
Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Marcus Meissner
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Kurt Seifried

Wednesday, 29 February

Re: CVE request: init script x11-common creates directories in insecure manners Kurt Seifried
CVE Request: NetworkManager arbitrary file access Ludwig Nussel
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Marcus Meissner
Re: Bugs in "file" program VU#621745 Florian Weimer
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign
Re: Bugs in "file" program VU#621745 Kurt Seifried
Re: Bugs in "file" program VU#621745 Kurt Seifried

Thursday, 01 March

Re: CVE request: init script x11-common creates directories in insecure manners vladz
Re: CVE request: init script x11-common creates directories in insecure manners Jason A. Donenfeld
CVE-request: Joomla core information disclosure 1.7.1 Henri Salo
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo

Friday, 02 March

Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Kurt Seifried
Re: CVE Request: NetworkManager arbitrary file access Kurt Seifried
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo
Re: Attack on badly configured Netfilter-based firewalls Jussi Eronen
CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws Jan Lieskovsky
Partial ASLR bypass Tim Brown
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo

Saturday, 03 March

Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws Kurt Seifried

Sunday, 04 March

CVE-request: systemd local denial of login or local users can create arbitrary services Henri Salo
CVE-Request taglib vulnerabilities Zubin Mithra
CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer
Re: CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer
CVE request: notmuch Moritz Mühlenhoff
CVE request: XML::Atom Perl module Moritz Muehlenhoff
CVE Requests for phpCAS Joachim Fritschi
Re: CVE request: XML::Atom Perl module Adam D. Barratt

Monday, 05 March

CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets Eugene Teo
CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482 Eugene Teo
CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames Eugene Teo
Re: CVE-request: systemd local denial of login or local users can create arbitrary services Kurt Seifried
Re: CVE Request: XML entity expansion in the XML::Atom Perl module Kurt Seifried
Re: CVE request: notmuch Kurt Seifried
Re: CVE Requests for phpCAS Kurt Seifried
Re: CVE-Request taglib vulnerabilities Kurt Seifried
Re: CVE-Request taglib vulnerabilities Zubin Mithra
Ruby on Rails github compromise Kurt Seifried
Re: CVE request: notmuch Florian Weimer
CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Jan Lieskovsky
CVE Request: lightdm Marc Deslauriers
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
CVE request: mwlib < 0.13.5 DoS flaw Vincent Danen
CVE-2012-1106 assignment notification -- abrt: Setuid process core dump archived with unsafe GID permissions Stefan Cornelius
Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez
Re: CVE-Request taglib vulnerabilities Kurt Seifried
Re: CVE request: mwlib < 0.13.5 DoS flaw Kurt Seifried
Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried
Re: CVE Request: lightdm Kurt Seifried
Re: Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability Kurt Seifried
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Kurt Seifried

Tuesday, 06 March

Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Roland Gruber
CVE-request: phxEventManager search.php search_terms Parameter SQL Injection Henri Salo
CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo
CVE request: mantisbt before 1.2.9 Hanno Böck
CVE-request: Joomla! Security News 2012-03 Henri Salo
Re: CVE request: mantisbt before 1.2.9 David Hicks
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Dmitry Butskoy
Re: CVE request: mantisbt before 1.2.9 Kurt Seifried
Re: CVE-request: phxEventManager search.php search_terms Parameter SQL Injection Kurt Seifried
Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Kurt Seifried
Re: CVE-request: Joomla! Security News 2012-03 Kurt Seifried
CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Jan Lieskovsky
Re: CVE-request: Joomla! Security News 2012-03 Kurt Seifried
Re: CVE request: smokeping XSS Vincent Danen
Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Kurt Seifried
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Tomas Hoger

Wednesday, 07 March

CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops Petr Matousek
Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Werner LEMBERG
Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops Kurt Seifried

Thursday, 08 March

Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo
CVE-request: phpMyFAQ index.php URI XSS Henri Salo
CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Henri Salo
CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried
Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Kurt Seifried
Re: CVE-request: phpMyFAQ index.php URI XSS Kurt Seifried

Friday, 09 March

expat 2.1.0beta fixes 5 Denial of Service attacks, CVE's/details inside Kurt Seifried
Re: expat 2.1.0beta fixes 5 Denial of Service attacks, CVE's/details inside Kurt Seifried
Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Henri Salo
CVE-request: Ariadne 2.7.6 XSS Henri Salo
CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Henri Salo
CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Jan Lieskovsky
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond
Re: Attack on badly configured Netfilter-based firewalls ArkanoiD
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond

Saturday, 10 March

CVE Request: Python Hash DoS (Issue 13703) Kurt Seifried
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried
Re: CVE Request: Python Hash DoS (Issue 13703) Kurt Seifried
Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Kurt Seifried
Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Kurt Seifried
Re: CVE-request: Ariadne 2.7.6 XSS Kurt Seifried

Monday, 12 March

Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Jan Lieskovsky
CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Jan Lieskovsky
Re: CVE request: openssl: null pointer dereference issue Tomas Hoger
Re: CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Kurt Seifried
CVE Request: ldm (LTSP display manager) Marc Deslauriers
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried
Re: CVE Request: ldm (LTSP display manager) Kurt Seifried
running the distros lists Solar Designer
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Roland Gruber

Tuesday, 13 March

Re: running the distros lists Solar Designer
Re: CVE request: openssl: null pointer dereference issue Tomas Hoger
Re: running the distros lists Thomas Klausner
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Huzaifa Sidhpurwala
Re: running the distros lists Solar Designer

Wednesday, 14 March

CVE Request: libgdata did not verify SSL certificates Ludwig Nussel
CVE request: Two Pidgin crashes Mark Doliner
Re: CVE Request: libgdata did not verify SSL certificates Marc Deslauriers
CVE request: pyfribidi buffer overflow flaw Vincent Danen
CVE request: gnash integer overflow Vincent Danen
Re: CVE request: gnash integer overflow Kurt Seifried
Re: CVE request: Two Pidgin crashes Kurt Seifried
Re: CVE Request: libgdata did not verify SSL certificates Kurt Seifried
Re: CVE request: pyfribidi buffer overflow flaw Kurt Seifried
Re: running the distros lists Kurt Seifried
Was a CVE ever assigned for Python SimpleHTTPServer.py XSS? Vincent Danen
Re: running the distros lists Solar Designer
Re: running the distros lists Tim Brown

Thursday, 15 March

Re: Was a CVE ever assigned for Python SimpleHTTPServer.py XSS? Kurt Seifried
Re: running the distros lists Kurt Seifried
Re: running the distros lists Josh Bressers
CVE request: eZ Publish: unspecified vulnerability Luc ABRIC
CVE Request: nginx fix for malformed HTTP responses from upstream servers Andrew Alexeev
Android CVE identifiers Dan Rosenberg
CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON() Petr Matousek
Re: CVE request: eZ Publish: unspecified vulnerability Kurt Seifried
Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers Kurt Seifried
CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost Daniel Kahn Gillmor
CVE Requests Mark Stanislav
Re: CVE request: eZ Publish: unspecified vulnerability Solar Designer

Friday, 16 March

Re: CVE Requests Kurt Seifried
Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost Kurt Seifried
Re: CVE Requests Mark Stanislav
Re: running the distros lists Solar Designer
Re: CVE Requests Kurt Seifried
Re: CVE Requests Mark Stanislav
Re: CVE Requests Kurt Seifried
Re: CVE Requests Mark Stanislav
CVE-request: Drupal Finder SA-CONTRIB-2012-017 Henri Salo
CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Jan Lieskovsky
Joomla! Security News 2012-03-16 Henri Salo
Re: CVE Requests Andreas Ericsson
Re: CVE Requests Solar Designer
Re: CVE Requests Adam D. Barratt
Re: CVE Requests Mark Stanislav
Re: CVE Requests Kurt Seifried
Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Kurt Seifried
Re: CVE Requests Mark Stanislav
Re: CVE Requests Tim Brown
Re: CVE Requests Mark Stanislav
[Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session Jan Lieskovsky
Drupal CORE and Drupal Contrib Kurt Seifried
Re: CVE Requests Kurt Seifried
Re: CVE Requests Kurt Seifried
Re: CVE Requests Kurt Seifried
Re: CVE Requests Tim Brown
Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Matthew Jordan
Re: [security] Drupal CORE and Drupal Contrib Greg Knaddison

Sunday, 18 March

Re: CVE request: piwik before 1.6 Henri Salo

Monday, 19 March

Re: CVE Requests Eugene Teo
CVE request for bitlebee David Black
Re: CVE Requests Andreas Ericsson
Re: running the distros lists Josh Bressers
CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 Stefan Cornelius
CVE request: eZ Publish: insecure direct object reference Luc ABRIC
Re: CVE request for bitlebee Kurt Seifried
Re: CVE request: piwik before 1.6 Kurt Seifried
Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017 Kurt Seifried
Re: Re: [security] Drupal CORE and Drupal Contrib Kurt Seifried
Re: Joomla! Security News 2012-03-16 Kurt Seifried
Re: Case YVS Image Gallery Kurt Seifried
Re: CVE request: eZ Publish: insecure direct object reference Kurt Seifried
LinuxMint - temp file creation vulns in mintNanny and mintUpdate Kurt Seifried

Tuesday, 20 March

CVE request: maradns deleted domain record cache persistance flaw Vincent Danen
CVE request -- kernel: execshield: predictable ascii armour base address Petr Matousek
CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue Stefan Cornelius
Re: CVE request -- kernel: execshield: predictable ascii armour base address Eugene Teo
Re: CVE request -- kernel: execshield: predictable ascii armour base address Nick Kralevich
Re: CVE request -- kernel: execshield: predictable ascii armour base address Marcus Meissner
Re: CVE request -- kernel: execshield: predictable ascii armour base address Kurt Seifried
Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue Kurt Seifried
Re: CVE request: eZ Publish: insecure direct object reference Kurt Seifried
Re: CVE request: maradns deleted domain record cache persistance flaw Kurt Seifried
Re: Bugs in "file" program VU#621745 Jan Lieskovsky
Re: Re: Bugs in "file" program VU#621745 Kurt Seifried
RE: CVE request: eZ Publish: insecure direct object reference Luc ABRIC
Re: Re: [security] Drupal CORE and Drupal Contrib Greg Knaddison

Wednesday, 21 March

Re: Attack on badly configured Netfilter-based firewalls Jussi Eronen
CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns
Re: CVE request -- kernel: execshield: predictable ascii armour base address Petr Matousek
CVE request: GnuTLS TLS record handling issue / MU-201202-01 Stefan Cornelius
Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 Tomas Hoger
Re: CVE-Request taglib vulnerabilities Ludwig Nussel
Vulnerabilities reported in ClamAV 0.96.4 Vincent Danen
Re: Vulnerabilities reported in ClamAV 0.96.4 Vincent Danen
Re: CVE-Request taglib vulnerabilities Kurt Seifried
Re: Re: [security] Drupal CORE and Drupal Contrib Moritz Muehlenhoff
Re: CVE-Request taglib vulnerabilities Zubin Mithra

Thursday, 22 March

Re: Vulnerabilities reported in ClamAV 0.96.4 Matt Watchinski
Re: Vulnerabilities reported in ClamAV 0.96.4 Török Edwin
atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour William Pitcock
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour Kurt Seifried
Re: Re: [security] Drupal CORE and Drupal Contrib Kurt Seifried
CVE for OpenBSD random() bug? Kurt Seifried
Re: CVE for OpenBSD random() bug? Todd C. Miller
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour William Pitcock
MediaWiki security and maintenance release 1.18.2 Henri Salo

Friday, 23 March

Re: MediaWiki security and maintenance release 1.18.2 Kurt Seifried
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour Kurt Seifried
CVE-request: ImpressPages CMS Unspecified Remote Code Execution Henri Salo
CVE-request: MyBB 1.6 <= SQL Injection Henri Salo
CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability Henri Salo
CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo
Re: Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour The Fungi
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried
Re: CVE-request: MyBB 1.6 <= SQL Injection Kurt Seifried
openssl security issue or not? (CVE Request?) Marcus Meissner
Re: openssl security issue or not? (CVE Request?) Jan Lieskovsky
Re: openssl security issue or not? (CVE Request?) Ivan Nestlerode
Re: CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability Kurt Seifried
Re: CVE for OpenBSD random() bug? Kurt Seifried
Re: Re: openssl security issue or not? (CVE Request?) Marcus Meissner
Re: CVE-request: ImpressPages CMS Unspecified Remote Code Execution Kurt Seifried

Saturday, 24 March

CVEs for MediaWiki security and maintenance release 1.18.2 Kurt Seifried

Sunday, 25 March

Re: CVE-request: MyBB 1.6 <= SQL Injection Henri Salo

Monday, 26 March

Re: CVE-Request taglib vulnerabilities Ludwig Nussel
CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Jan Lieskovsky
CVE request: quake3 reflective DoS Florian Weimer
Re: CVE-Request taglib vulnerabilities Kurt Seifried
Re: CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Kurt Seifried

Tuesday, 27 March

CVE id request: cifs-utils Nico Golde
CVE request: distutils creates ~/.pypirc insecurely Vincent Danen
Re: CVE request: distutils creates ~/.pypirc insecurely Jakub Wilk
Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer
Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried
Re: CVE id request: cifs-utils Kurt Seifried
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen
Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Timothy D. Morgan

Wednesday, 28 March

CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Tim Sammut
Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Kurt Seifried
CVE request: Struts2 xsltResult local code execution flaw David Jorm
CVE-request: e107 HTB23004 Henri Salo
CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Henri Salo
CVE-request: Joomla core information disclosure 372-20111003 Henri Salo
CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 Huzaifa Sidhpurwala
CVE request: eZ Publish XSS Luc ABRIC
CVE 2012-1565 Insecure object reference Luc ABRIC
CVE-request: Joomla 20120305 / 20120306 Henri Salo
CVE request: phppgadmin before 5.0.4 XSS Hanno Böck
Re: CVE request: Struts2 xsltResult local code execution flaw Kurt Seifried
Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 Kurt Seifried
CVE request: egroupware before 1.8.002 various security issues Hanno Böck

Thursday, 29 March

Re: CVE request: egroupware before 1.8.002 various security issues Kurt Seifried
Re: CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Kurt Seifried
Re: CVE-request: e107 HTB23004 Kurt Seifried
Re: CVE request: eZ Publish XSS Kurt Seifried
Re: CVE-request: Joomla 20120305 / 20120306 Kurt Seifried
Re: CVE request: phppgadmin before 5.0.4 XSS Kurt Seifried
Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa Kurt Seifried
CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080 Henri Salo
Re: CVE request: egroupware before 1.8.002 various security issues Hanno Böck
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer
Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns
CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency Petr Matousek
Re: Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa Florian Weimer
CVE request: TYPO3-CORE-SA-2012-001 Florian Weimer

Friday, 30 March

Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency Kurt Seifried
Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080 Kurt Seifried
Re: CVE request: egroupware before 1.8.002 various security issues Kurt Seifried
Re: CVE request: TYPO3-CORE-SA-2012-001 Kurt Seifried
CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo
Re: CVE request: phppgadmin before 5.0.4 XSS Henri Salo
CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Jan Lieskovsky
postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Ludwig Nussel
Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Robert Haas
Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Robert Haas
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Kurt Seifried
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Tomas Hoger
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law
Re: postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Florian Weimer

Saturday, 31 March

SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer
Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Kurt Seifried
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]