Bugtraq: by date

200 messages starting Nov 02 09 and ending Nov 30 09
Date index | Thread index | Author index


Monday, 02 November

{PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability Protek Research Lab
Re: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities schwartz
Reminder for DeepSec 2009 Conference DeepSec Conference - Announcement
ACROS Security: HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1) ACROS Lists
[SECURITY] [DSA 1924-1] New mahara packages fix several vulnerabilities Steffen Joeris
[USN-853-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge
[SECURITY] [DSA 1925-1] New proftpd-dfsg packages fix SSL certificate verification weakness Steffen Joeris
Re: {PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability Vladimir '3APA3A' Dubrovin
Re: /proc filesystem allows bypassing directory permissions on Martin Rex
Re: /proc filesystem allows bypassing directory permissions on Pavel Machek
NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow NSO Research

Tuesday, 03 November

Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas
ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability ZDI Disclosures
Re: /proc filesystem allows bypassing directory permissions on Martin Rex
[USN-850-3] poppler vulnerabilities Marc Deslauriers
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas
Re: /proc filesystem allows bypassing directory permissions on Dan Yefimov
Fwd: {Lostmon“s Group} Re: Wowd search client multiple variable xss (solution) Lostmon lords
[ MDVSA-2009:292 ] wireshark security
QuahogCon Call for Papers info
[ MDVSA-2009:293 ] squidGuard security
New vulnerability in Xerox Fiery Webtools Bernardo Luis
Re: Cherokee Web Server 0.5.4 Denial Of Service daniel . crowley

Wednesday, 04 November

Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow Secunia Research
Bractus SunTrack Multiple XSS Bugs NotHugs
Re: /proc filesystem allows bypassing directory permissions on Pavel Machek
Re: /proc filesystem allows bypassing directory permissions on Pavel Machek
Re: /proc filesystem allows bypassing directory permissions on psz
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas
[security bulletin] HPSBUX02355 SSRT080023 rev.2 - HP-UX Using libc, Remote Denial of Service (DoS) security-alert
VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities VUPEN Security Research
Re: /proc filesystem allows bypassing directory permissions on psz
Re: /proc filesystem allows bypassing directory permissions on Gabor Gombas
Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox Context IS - Disclosure

Thursday, 05 November

[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities Thijs Kinkhorst
AST-2009-009: Cross-site AJAX request vulnerability Asterisk Security Team
AST-2009-008: SIP responses expose valid usernames Asterisk Security Team
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability ZDI Disclosures
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability ZDI Disclosures
ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability ZDI Disclosures
ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability ZDI Disclosures
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability ZDI Disclosures
Re: /proc filesystem allows bypassing directory permissions on Pavel Kankovsky
CONFidence 2.0 schedule online - last time to register Andrzej Targosz
[Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report Bkis
[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert
CORE-2009-0912: Blender .blend Project Arbitrary Command Execution CORE Security Technologies Advisories
ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability ZDI Disclosures
[USN-855-1] libhtml-parser-perl vulnerability Marc Deslauriers
[USN-854-1] GD library vulnerabilities Marc Deslauriers
[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier

Friday, 06 November

[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier
Using Blended Browser Threats involving Chrome to steal files on your computer Inferno
[ MDVSA-2009:294 ] firefox security
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier
Php 5.3.0 pdflib extension open_basedir bypass r3d . w0rm
[ GLSA 200911-01 ] Horde: Multiple vulnerabilities Alex Legler

Monday, 09 November

[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities Steffen Joeris
[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities Moritz Muehlenhoff
[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution Moritz Muehlenhoff
[ MDVSA-2009:295 ] apache security
[SECURITY] CVE-2009-3548 Apache Tomcat Windows Installer insecure default administrative password Mark Thomas
FRHACK01 DVDs Jerome Athias
ToutVirtual VirtualIQ Multiple Vulnerabilities Claudio Criscione
DoS vulnerability in Internet Explorer MustLive
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Cisco Systems Product Security Incident Response Team
Re: DoS vulnerability in Internet Explorer r . st
Re: Re: DoS vulnerability in Internet Explorer notdisclosed
Re: FRHACK01 DVDs Jerome Athias

Tuesday, 10 November

Atheros Driver Reserved Frame Vulnerability Laurent Butti
[USN-856-1] CUPS vulnerability Marc Deslauriers
[USN-857-1] Qt vulnerabilities Marc Deslauriers
[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News Andrew Horton
Marvell Driver Multiple Information Element Overflows Laurent Butti
[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities security-alert
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting Steffen Joeris
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability zhangmc
TPTI-09-07: Microsoft Windows License Logging Service Heap Corruption Vulnerability dvlabs
ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability ZDI Disclosures
ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability ZDI Disclosures
iDefense Security Advisory 11.10.09: Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability iDefense Labs
iDefense Security Advisory 11.10.09: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability iDefense Labs

Thursday, 12 November

Exploit writing tutorials Peter Van Eeckhoutte
Novell eDirectory 8.8 SP5 Denial of Service advisory
Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability Secunia Research
[USN-858-1] OpenLDAP vulnerability Marc Deslauriers
Re: XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability Protek Research Lab
[USN-853-2] Firefox and Xulrunner regression Jamie Strandboge
Panda Security Software Local Privilege Escalation Maxim A. Kulakov
Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability advisory
Re: New vulnerability in Xerox Fiery Webtools laurent . hermelin
[SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability ctu-no-reply
VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities VUPEN Security Research
WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution golunski
[SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability ctu-no-reply
RE: Exploit writing tutorials Peter Van Eeckhoutte

Friday, 13 November

Re: WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution golunski
rPSA-2009-0142-1 httpd mod_ssl rPath Update Announcements
rPSA-2009-0143-1 util-linux util-linux-extras rPath Update Announcements
rPSA-2009-0144-1 apr-util rPath Update Announcements
rPSA-2009-0145-1 samba samba-client samba-server samba-swat rPath Update Announcements
XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability zhangmc
rPSA-2009-0142-2 httpd mod_ssl rPath Update Announcements
[ MDVSA-2009:296 ] gimp security
[USN-859-1] OpenJDK vulnerabilities Kees Cook

Monday, 16 November

[ MDVSA-2009:298 ] xine-lib security
[ MDVSA-2009:297 ] ffmpeg security
[ MDVSA-2009:299 ] xine-lib security
[ MDVSA-2009:300 ] apache-conf security
[ MDVSA-2009:158-1 ] pango security
[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities DSecRG
Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability zhangmc
Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation contact . fingers
[SECURITY] [DSA-1934-1] New apache2 packages fix several issues Stefan Fritsch
Re: DoS vulnerability in Internet Explorer MustLive

Tuesday, 17 November

[ MDVSA-2009:158-2 ] pango security
[security bulletin] HPSBUX02451 SSRT090137 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability karakorsankara
[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness Giuseppe Iuculano
Metasploit Framework 3.3 Released HD Moore
Secunia Research: Gimp PSD Image Parsing Integer Overflow Vulnerability Secunia Research
[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert
[security bulletin] HPSBMA02456 SSRT090188 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Execution of Arbitrary Code security-alert
Home FTP Server 'MKD' Command Directory Traversal Vulnerability zhangmc
Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability s . leberre
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities Giuseppe Iuculano

Wednesday, 18 November

CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability CORE Security Technologies Advisories
[ GLSA 200911-02 ] Sun JDK/JRE: Multiple vulnerabilites Alex Legler
[security bulletin] HPSBUX02409 SSRT080171 rev.2 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege security-alert
DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009 Major Malfunction
TLS / SSLv3 vulnerability explained (DRAFT) Thierry Zoller
[security bulletin] HPSBMI02473 SSRT080138 rev.1 - Cisco Catalyst Blade Switch 3020/3120, Remote Denial of Service (DoS) security-alert
Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow Secunia Research
Announcement: Critical Internet Infrastructure WG is now open to public participation Gadi Evron
CORE-2009-1027: IBM SolidDB invalid error code vulnerability CORE Security Technologies Advisories

Thursday, 19 November

[USN-860-1] Apache vulnerabilities Jamie Strandboge
[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service security-alert
[security bulletin] HPSBMA02477 SSRT090177 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert
Auto Manager admin.cgi Multiple Field XSS Bugs NotHugs
AssetsSoSimple supplier_admin.php Supplier Field XSS Bugs NotHugs
NSA Iraqi Computer Attacks And U.S. Defense Gadi Evron

Friday, 20 November

Opera 10.01 Remote Array Overrun (Arbitrary code execution) cxib
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) cxib
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) cxib
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) cxib
Firefox 3.5.3 Remote Array Overrun (UPDATE) cxib
PHP "multipart/form-data" denial of service Bogdan Calin
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access security-alert
IE7 info
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components VMware Security Team

Monday, 23 November

ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2009:301 ] kernel security
[Bkis-13-2009] e107 Multiple Vulnerabilities Bkis
[ MDVSA-2009:302 ] php security
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting Steffen Joeris
Vulnerabilities in plugins for WordPress MustLive
[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising Steffen Joeris
Code to mitigate IE STYLE zero-day ds . adv . pub
Millions of PDF invisibly embedded with your internal disk paths Inferno
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution CORE Security Technologies Advisories
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution CORE Security Technologies Advisories
CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution CORE Security Technologies Advisories

Tuesday, 24 November

RE: Millions of PDF invisibly embedded with your internal disk paths Thor (Hammer of God)
TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote DoS Vulnerabilities leinakesi
XM Easy Personal FTP Server Remote DoS Vulnerability leinakesi
Executing arbitrary PHP code on OpenX <= 2.8.1 Moritz Naumann
New Paper: MitM Attacks against the chipTAN comfort Online Banking System RedTeam Pentesting GmbH
[USN-861-1] libvorbis vulnerabilities Marc Deslauriers

Wednesday, 25 November

[security bulletin] HPSBMA02417 SSRT090031 rev.2 - HP Data Protector Express and HP Data Protector Express Single Server security-alert
Vulnerabilities in WP-Cumulus for WordPress MustLive
[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilities Giuseppe Iuculano
rPSA-2009-0154-1 httpd mod_ssl rPath Update Announcements
rPSA-2009-0155-1 httpd mod_ssl rPath Update Announcements
rPSA-2009-0156-1 sun-jdk sun-jre rPath Update Announcements
Re: Millions of PDF invisibly embedded with your internal disk paths Patrick Webster
[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities Robert Buchholz
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path Robert Buchholz
[ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities Alex Legler

Monday, 30 November

[SECURITY] [DSA-1940-1] New php5 packages fix several issues Stefan Fritsch
[ MDVSA-2009:303 ] php security
[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities Moritz Muehlenhoff
[security bulletin] HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of security-alert
[USN-862-1] PHP vulnerabilities Marc Deslauriers
[ MDVSA-2009:306 ] dovecot security
Remote Command Execution in dotDefender Site Management John Dos
Cacti 0.8.7e: Multiple security issues Moritz Naumann
Some more details on IE STYLE zero-day ds . adv . pub
[BMSA-2009-07] Backdoor in PyForum Nam Nguyen
Xxasp v3.3.2 Sql injection secu_lab_ir
TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) Thierry Zoller
Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition k4mr4n_St
Announce: RFIDIOt-1.0a released - November 2009 Adam Laurie
Windows packages for BIND9 contain vulnerable MSVC runtime components Stefan Kanthak
[ MDVSA-2009:304 ] php security
[ GLSA 200911-06 ] PEAR Net_Traceroute: Command injection Alex Legler
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others Andrea Purificato
[ MDVSA-2009:304 ] bind security
Eshopbuilde CMS SQL Injection Vulnerability faghani
[SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff
[ MDVSA-2009:305 ] php security