Movatterモバイル変換

Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

297 messagesstarting Apr 01 09 andending Apr 30 09
Date index |Thread index |Author index

• Secunia Research: UltraISO Image Name Parsing Format String VulnerabilitiesSecunia Research (Apr 01)
• [security bulletin] HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Accesssecurity-alert (Apr 01)
• VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vimVMware Security team (Apr 01)
• [ MDVSA-2009:084 ] firefoxsecurity (Apr 01)
• Microsoft Internet Explorer 8 - Anti Spoofing is a MythAditya K Sood (Apr 01)
  • Re: Microsoft Internet Explorer 8 - Anti Spoofing is a MythMichal Zalewski (Apr 01)
• Massive exploitation of instant messaging applications proved feasibleJulien TINNES (Apr 01)
• [SecNiche Whitepaper] Evading Web XSS Filters with Microsoft Word - WAPT PerspectiveAditya K Sood (Apr 01)
• [ MDVSA-2009:083 ] mozilla-thunderbirdsecurity (Apr 01)
• Secunia Research: UltraISO Image Parsing Buffer Overflow VulnerabilitiesSecunia Research (Apr 01)
• OpenX 2.6.4 multiple vulnerabilitiespublists (Apr 01)
• EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)Dragos Ruiu (Apr 02)
• [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilitiesMatteo Beccati (Apr 02)
• OSCommerce Session Fixation Vulnerabilitylaurent . desaulniers (Apr 02)
  • <Possible follow-ups>
  • Re: OSCommerce Session Fixation Vulnerabilitytech107 (Apr 14)
• Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3dh (Apr 02)
  • <Possible follow-ups>
  • Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3prabhup (Apr 10)
• Remote access vulnerability using File Thingie v2.5.4xiashing (Apr 02)
• Asbru Web Content Management VulnerabilitiesPatrick Webster (Apr 02)
• Q2 Solutions ConnX - SQL Injection VulnerabilityPatrick Webster (Apr 02)
• [SECURITY] [DSA 1762-1] New icu packages fix cross site scriptingSteffen Joeris (Apr 02)
• ContentKeeper - Remote command execution and privilege escalationPatrick Webster (Apr 02)
• [TZO-05-2009] Clamav 0.94 and below - Evasion /bypassThierry Zoller (Apr 02)
• [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)Thierry Zoller (Apr 02)
• [TZO-07-2009] F-PROT ZIP Method evasionThierry Zoller (Apr 02)
• [ MDVSA-2009:085 ] gstreamer0.10-plugins-basesecurity (Apr 02)
• Autodesk IDrop ActiveX Control Heap Corruption VulnerabilityElazar Broad (Apr 03)
• [SECURITY] [DSA 1761-1] New moodle packages fix file disclosureNico Golde (Apr 03)
• glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploitnospam (Apr 03)
• IBM DB2Dennis Yurichev (Apr 03)
• rPSA-2009-0057-1 m2crypto openssl openssl-scriptsrPath Update Announcements (Apr 03)
• [ GLSA 200904-02 ] GLib: Execution of arbitrary codeRobert Buchholz (Apr 03)
• Family Connections 1.8.2 Arbitrary File UploadSalvatore "drosophila" Fresta (Apr 03)
• Family Connections <= 1.8.2 - Remote Shell Upload ExploitSalvatore "drosophila" Fresta (Apr 03)
• [ GLSA 200904-03 ] Gnumeric: Untrusted search pathRobert Buchholz (Apr 03)
• Cyber Warfare Conference: Agendak g (Apr 03)
• AST-2009-003: SIP responses expose valid usernamesAsterisk Security Team (Apr 03)
• [ GLSA 200904-01 ] Openfire: Multiple vulnerabilitiesPierre-Yves Rofes (Apr 03)
• Family Connections 1.8.2 Blind SQL Injection (Correct Version)Salvatore "drosophila" Fresta (Apr 03)
• [ MDVSA-2009:086 ] gstreamer-pluginssecurity (Apr 06)
• VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issuesVMware Security Team (Apr 06)
• Joomla Component com_bookjoomlas SQL Injection VulnerabilitySalvatore "drosophila" Fresta (Apr 06)
• [ MDVSA-2009:087 ] opensslsecurity (Apr 06)
• [ GLSA 200904-04 ] WeeChat: Denial of ServiceTobias Heinlein (Apr 06)
• [Aria-Security.com] vBulletin multiple XSSdontcontactorspamme (Apr 06)
  • <Possible follow-ups>
  • Re: [Aria-Security.com] vBulletin multiple XSSsecurity (Apr 08)
• Amaya 11.1 XHTML Parser Buffer Overflowc1c4tr1z (Apr 06)
• [ GLSA 200904-05 ] ntp: Certificate validation errorPierre-Yves Rofes (Apr 06)
• [TKADV2009-005] xine-lib Quicktime STTS Atom Integer OverflowTobias Klein (Apr 06)
• [SECURITY] [DSA 1763-1] New openssl packages fix denial of serviceMoritz Muehlenhoff (Apr 06)
• [security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Codesecurity-alert (Apr 07)
• TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflowdvlabs (Apr 07)
• ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution VulnerabilityZDI Disclosures (Apr 07)
• [ GLSA 200904-07 ] Xpdf: Untrusted search pathRobert Buchholz (Apr 07)
• Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer OverflowSecunia Research (Apr 07)
• TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflowdvlabs (Apr 07)
• POC - Sun Java System Acccess Manager & Identity Manager Users EnumerationMarco Mella (Apr 07)
• [USN-753-1] PostgreSQL vulnerabilityMarc Deslauriers (Apr 07)
• OSSTMM 3 Sample ReleasedPete Herzog (Apr 07)
• [ GLSA 200904-06 ] Eye of GNOME: Untrusted search pathPierre-Yves Rofes (Apr 07)
• [ GLSA 200904-08 ] OpenSSL: Denial of ServiceRobert Buchholz (Apr 07)
• [USN-752-1] Linux kernel vulnerabilitiesKees Cook (Apr 07)
• MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]Tom Yu (Apr 07)
• LayerOne 2009 - Registration Open, Initial Speakers AnnouncedLayerOne Call For Papers (Apr 07)
• [security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Accesssecurity-alert (Apr 07)
• MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]Tom Yu (Apr 07)
• [USN-754-1] ClamAV vulnerabilitiesJamie Strandboge (Apr 07)
• [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerabilityMark Thomas (Apr 07)
• [SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilitiesMoritz Muehlenhoff (Apr 08)
• [SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilitiesSteffen Joeris (Apr 08)
• [Bkis-06-2009] GOM Player Subtitle Buffer Overflow VulnerabilityBkis (Apr 08)
• rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstationrPath Update Announcements (Apr 08)
• [USN-755-1] Kerberos vulnerabilitiesKees Cook (Apr 08)
• Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)
  • Re: Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)
    • Re: Adgregate ShopAd widget validation is vulnerable to replay attackMatthew Dempsky (Apr 08)
• SASPCMS Multiple Vulnerabilitiesadmin (Apr 08)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security AppliancesCisco Systems Product Security Incident Response Team (Apr 08)
• OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploitalphanix00 (Apr 08)
• net2ftp <= 0.97 Cross-Site Scripting/Request Forgeryc1c4tr1z (Apr 09)
• [ GLSA 200904-11 ] Tor: Multiple vulnerabilitiesRobert Buchholz (Apr 09)
• OpenVAS now beyond 10000 Network Vulnerability TestsMichael Wiegand (Apr 09)
• AdaptBB 1.0 Beta Multiple Remote VulnerabilitiesSalvatore "drosophila" Fresta (Apr 09)
• FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerabilitynoreply-secresearch () fortinet com (Apr 09)
• Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerabilitynospam (Apr 09)
• Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploitnospam (Apr 09)
• Exjune Guestbook v2 Remote Database Disclosure Exploitalphanix00 (Apr 09)
• [SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilitiesNico Golde (Apr 09)
• [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Codesecurity-alert (Apr 09)
• [ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilitiesRobert Buchholz (Apr 09)
• IBM BladeCenter Advanced Management Module Multiple vulnerabilitiesHenri Lindberg - Smilehouse Oy (Apr 09)
• [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of serviceNico Golde (Apr 09)
• [ GLSA 200904-10 ] Avahi: Denial of ServiceRobert Buchholz (Apr 09)
• Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer OverflowSecunia Research (Apr 09)
• [security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Datasecurity-alert (Apr 09)
• [ MDVSA-2009:088 ] wiresharksecurity (Apr 09)
• Reminder: RAID 2009 CFPCorrado Leita (Apr 09)
• [ MDVSA-2009:089 ] openscsecurity (Apr 10)
• [DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap OverflowDSecRG (Apr 10)
• Bid 34130 Invalidvpandey (Apr 10)
• PHP-agenda <= 2.2.5 Remote File OverwritingSalvatore "drosophila" Fresta (Apr 10)
• Loggix Project 9.4.5 Blind SQL InjectionSalvatore "drosophila" Fresta (Apr 10)
• PHP 5.2.9 curl safe_mode & open_basedir bypasscxib (Apr 10)
• [SECURITY] [DSA 1754-1] New roundup packages fix privilege escalationFlorian Weimer (Apr 10)
• Summer Camp Garrotxa 2009 eventGerardo García Peña (Apr 10)
• [SECURITY] [DSA 1768-1] New openafs packages potential code executionFlorian Weimer (Apr 10)
• [DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File DownloadDSecRG (Apr 10)
• [ MDVSA-2009:090 ] phpsecurity (Apr 10)
• [ GLSA 200904-12 ] Wicd: Information disclosureTobias Heinlein (Apr 10)
• Dynamic Flash Forum 1.0 Beta Multiple Remote VulnerabilitiesSalvatore "drosophila" Fresta (Apr 10)
• VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerabilityVMware Security Team (Apr 10)
• Opening Intranets to attack by using Internet Explorer [paper]Cesar (Apr 10)
• [SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code executionFlorian Weimer (Apr 11)
• [BMSA 2009-04] Remote DoS in Internet ExplorerNam Nguyen (Apr 11)
• In Response to Bid 34130 InvalidAditya K Sood (Apr 11)
  • <Possible follow-ups>
  • Re: In Response to Bid 34130 Invalidvpandey (Apr 11)
• HP Deskjet 6800 XSS in Web Interfacemcyr2 (Apr 11)
• ftpdmin v. 0.96 RNFR remote buffer overflow exploitnospam (Apr 11)
• [ MDVSA-2009:091 ] mod_perlsecurity (Apr 13)
• Hacker Space Fest 2009 CFP: Call For PaperPhilippe Mailinglist (Apr 13)
• Re: Critical SQL Injection PHPNuke <= 7.8 - Your_Account modulemefuentes61 (Apr 13)
• [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scriptingSteffen Joeris (Apr 13)
• [Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple VulnerabilitiesValery Marchuk (Apr 13)
• OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)rembrandt (Apr 13)
• [USN-756-1] ClamAV vulnerabilityJamie Strandboge (Apr 13)
• [ MDVSA-2009:092 ] ntpsecurity (Apr 13)
• Re: PHP-Revista Multiple vulnerabilitiesmarianiscc (Apr 13)
• MonGoose 2.4 Directory Traversal Vulnerabilityew1zz (Apr 14)
• Re: [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information DisclosureAnonymous (Apr 14)
• BugCON '09, Mexico: Call For PapersCarlos Augusto (Apr 14)
• [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilitiesDSecRG (Apr 14)
  • <Possible follow-ups>
  • Re: [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilitiessales (Apr 23)
• iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption VulnerabilityiDefense Labs (Apr 14)
• [ GLSA 200904-13 ] Ventrilo: Denial of ServicePierre-Yves Rofes (Apr 14)
• ZDI-09-017: Oracle Applications Server 10g Format String VulnerabilityZDI Disclosures (Apr 14)
• [ GLSA 200904-14 ] F-PROT Antivirus: Denial of ServicePierre-Yves Rofes (Apr 14)
• Zervit Webserver Buffer Overflowewizz (Apr 15)
• Microsoft Office Excel Remote Memory Corruption Vulnerabilitynoreply-secresearch () fortinet com (Apr 15)
• Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer OverflowSecunia Research (Apr 15)
• Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure MethodSecunia Research (Apr 15)
• [USN-757-1] Ghostscript vulnerabilitiesMarc Deslauriers (Apr 15)
• Secunia Research: DivX Web Player Stream Format Chunk Buffer OverflowSecunia Research (Apr 15)
• SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell TeamingBernhard Mueller (Apr 15)
• HITBSecConf2009 - Malaysia: Call for PapersS. Praburaajan (Apr 15)
• Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer OverflowSecunia Research (Apr 15)
• XSS with mod_perl perl_status utilityantonia . goodwin (Apr 15)
• SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure VulnerabilityBernhard Mueller (Apr 15)
• [USN-758-1] udev vulnerabilitiesKees Cook (Apr 15)
• [SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilitiesFlorian Weimer (Apr 16)
• SQL Injection in package DBMS_AQINak (Apr 16)
• Unprivileged DB users can see APEX password hashesak (Apr 16)
• Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer OverflowSecunia Research (Apr 16)
• Phorum < 5.2.10 Cross-Site Scripting/Request Forgeryresearch (Apr 16)
• Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploitnospam (Apr 16)
• iDefense Security Advisory 04.15.09: IBM AIX muxatmd Buffer Overflow VulnerabilityiDefense Labs (Apr 16)
• [SECURITY] [DSA 1772-1] New udev packages fix privilege escalationFlorian Weimer (Apr 16)
• SQL Injection in package DBMS_AQADM_SYSak (Apr 16)
• webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--y3nh4ck3r (Apr 16)
• iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow VulnerabilityiDefense Labs (Apr 16)
• DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issuesddvulnalert (Apr 16)
• skpd: A tool to dump processes to executable ELF filesAlbert Sellarès (Apr 16)
• [DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilitiesDSecRG (Apr 16)
• [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txtDSecRG (Apr 16)
• [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilitiesDSecRG (Apr 16)
• Miniweb server Multiple Vulnerabilitiesew1zz (Apr 16)
• Miniweb Buffer Overflowew1zz (Apr 16)
• [USN-760-1] CUPS vulnerabilityJamie Strandboge (Apr 17)
• rPSA-2009-0062-1 tshark wiresharkrPath Update Announcements (Apr 17)
• ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Servicemozilla (Apr 17)
• [TZO-08-2009] Bitdefender generic bypass/evasionThierry Zoller (Apr 17)
• [TZO-09-2009] Avast bypass / evasion (Limited details)Thierry Zoller (Apr 17)
• [USN-759-1] poppler vulnerabilitiesMarc Deslauriers (Apr 17)
• [SECURITY] [DSA 1773-1] New cups packages fix arbitrary code executionSteffen Joeris (Apr 17)
• rPSA-2009-0061-1 cupsrPath Update Announcements (Apr 17)
• rPSA-2009-0063-1 udevrPath Update Announcements (Apr 17)
• [IMF 2009] 2nd Call for Papers - Submission OpenOliver Goebel (Apr 17)
• rPSA-2009-0064-1 icurPath Update Announcements (Apr 17)
• Tiny Blogr 1.0.0 rc4 Authentication BypassSalvatore "drosophila" Fresta (Apr 17)
• [SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scriptingSteffen Joeris (Apr 17)
• [ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary codeRobert Buchholz (Apr 17)
• [TZO-11-2009] Fortinet bypass / evasion (Limited details)Thierry Zoller (Apr 17)
• Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer OverflowSecunia Research (Apr 17)
• rPSA-2009-0060-1 ghostscriptrPath Update Announcements (Apr 17)
• [TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details)Thierry Zoller (Apr 17)
• Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow VulnerabilitySecunia Research (Apr 17)
• rPSA-2009-0059-1 popplerrPath Update Announcements (Apr 17)
• [ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary codePierre-Yves Rofes (Apr 17)
• CLAN TIGER CMS--(module custompage.php) BLIND SQL INJECTION-->y3nh4ck3r (Apr 17)
• CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES-->y3nh4ck3r (Apr 17)
• CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)-->y3nh4ck3r (Apr 17)
• Malleo 1.2.3 Local File Inclusion VulnerabilitySalvatore "drosophila" Fresta (Apr 17)
• [ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary codeRobert Buchholz (Apr 20)
• [ GLSA 200904-18 ] udev: Multiple vulnerabilitiesPierre-Yves Rofes (Apr 20)
• [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilitiesPierre-Yves Rofes (Apr 20)
• [SECURITY] [DSA 1775-1] New php-json-ext packages fix denial of serviceSteffen Joeris (Apr 20)
• CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTIONy3nh4ck3r (Apr 20)
• Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007XiaShing (Apr 20)
• Linksys WRT54GC - Admin Password Change (POC)gabriel (Apr 20)
• Multi-lingual E-Commerce System 0.2 Multiple Remote VulnerabilitiesSalvatore "drosophila" Fresta (Apr 20)
• Sungard Banner System XSSreportback (Apr 20)
• WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit-->y3nh4ck3r (Apr 20)
• Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->y3nh4ck3r (Apr 20)
• Creasito e-commerce content manager Authentication BypassSalvatore "drosophila" Fresta (Apr 20)
• Windows Update (re-)installs outdated Flash ActiveX on Windows XPStefan Kanthak (Apr 20)
  • Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XPVladimir '3APA3A' Dubrovin (Apr 22)
    • Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XPAndrew Kuriger (Apr 23)
• Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details)Thierry Zoller (Apr 20)
• [security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privilegessecurity-alert (Apr 20)
• [security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Accesssecurity-alert (Apr 20)
• Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)mcyr2 (Apr 20)
  • Re: Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)Jeremy Brown (Apr 21)
• [USN-761-1] PHP vulnerabilitiesMarc Deslauriers (Apr 21)
• [USN-762-1] APT vulnerabilitiesJamie Strandboge (Apr 21)
• [USN-763-1] xine-lib vulnerabilitiesMarc Deslauriers (Apr 21)
• CVE-2009-0991 PoCDennis Yurichev (Apr 21)
• [SECURITY] [DSA 1777-1] New git-core packages fix privilege escalationThijs Kinkhorst (Apr 21)
• Trend Micro OfficeScan Client - DOSjplopezy (Apr 21)
  • Re: Trend Micro OfficeScan Client - DOSThierry Zoller (Apr 21)
• [SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalationThijs Kinkhorst (Apr 21)
• MixedCMS 1.0--Multiple Remote Vulnerabilities-->y3nh4ck3r (Apr 21)
• Python winappdbg module v1.0 is out!Mario Alejandro Vilas Jerez (Apr 21)
• CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated AdministratorCORE Security Technologies Advisories (Apr 21)
• SAP Cfolders Multiple Linked XSS VulnerabilitiesDigital Security Research Group [DSecRG] (Apr 22)
• SAP Cfolders Multiple Stored XSS VulnerabiliesDigital Security Research Group [DSecRG] (Apr 22)
• [TZO-12-2009] SUN / Oracle JVM Remote code executionThierry Zoller (Apr 22)
• FreeBSD Security Advisory FreeBSD-SA-09:08.opensslFreeBSD Security Advisories (Apr 22)
• [Bkis-07-2009] 010 Editor Multiple Buffer Overflow VulnerabilitiesBkis (Apr 22)
  • Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow VulnerabilitiesTavis Ormandy (Apr 22)
• [Tool] sqlmap 0.7rc1 releasedBernardo Damele A. G. (Apr 22)
• FreeBSD Security Advisory FreeBSD-SA-09:07.libcFreeBSD Security Advisories (Apr 22)
• [ MDVSA-2009:093 ] mpg123security (Apr 22)
• [SECURITY] [DSA 1778-1] New mahara packages fix cross-site scriptingNico Golde (Apr 22)
• [ MDVSA-2009:094 ] mysqlsecurity (Apr 22)
• [USN-764-1] Firefox and Xulrunner vulnerabilitiesJamie Strandboge (Apr 23)
• FOWLCMS 1.1--Multiple Remote Vulnerabilities-->y3nh4ck3r (Apr 23)
• [ GLSA 200904-20 ] CUPS: Multiple vulnerabilitiesPierre-Yves Rofes (Apr 24)
• WOOT'09 call for papersAlexander Sotirov (Apr 24)
• CVE-2009-1190: Spring Framework Remote Denial of Service VulnerabilityMark Thomas (Apr 24)
• Formshield Captcha - Older Version vulnerable to replay attacksarvind doraiswamy (Apr 24)
  • <Possible follow-ups>
  • Re: Formshield Captcha - Older Version vulnerable to replay attacksarvind doraiswamy (Apr 28)
• RE: Cisco ASA5520 Web VPN Host Header XSSMark-David McLaughlin (marmclau) (Apr 24)
• Pragyan CMS 2.6.4 Multiple SQL Injection VulnerabilitiesSalvatore "drosophila" Fresta (Apr 24)
• REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30-->y3nh4ck3r (Apr 24)
• Juniper Advisorysecurity (Apr 24)
• [ MDVSA-2009:095 ] ghostscriptsecurity (Apr 24)
• MSL-2009-001 - Samsung Missing Provisioning AuthenticationMobile Security Lab (Apr 24)
• [ MDVSA-2009:096 ] printer-driverssecurity (Apr 24)
• Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH AuthenticationRobbie Gill (Apr 24)
• [ MDVSA-2009:097 ] clamavsecurity (Apr 27)
  • <Possible follow-ups>
  • [ MDVSA-2009:097 ] clamavsecurity (Apr 27)
• Remote iodinetd DoS vulnerability on Debian LennyAlbert Sellarès (Apr 27)
• T2'09: Call for Papers 2009 (Helsinki / Finland)Tomi Tuominen (Apr 27)
• MataChat Cross-Site Scripting VulnerabilitiesIrIsT . Ir (Apr 27)
• [TZO-13-2009] Avira Antivir generic CAB evasion / bypassThierry Zoller (Apr 27)
  • Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypassThierry Zoller (Apr 28)
• [TZO-15-2009] Aladdin eSafe generic bypass - Forced releaseThierry Zoller (Apr 27)
• [SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilitiesThijs Kinkhorst (Apr 27)
• SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->y3nh4ck3r (Apr 27)
  • <Possible follow-ups>
  • RE: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->Memisyazici, Aras (Apr 28)
• [TZO-14-2009] Comodo Antivirus RAR evasionThierry Zoller (Apr 27)
• [ MDVSA-2009:096-1 ] printer-driverssecurity (Apr 27)
• DDIVRT-2009-24 Precidia Ether232 Memory Corruptionddivulnalert (Apr 27)
• [security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Codesecurity-alert (Apr 27)
• [ MDVSA-2009:098 ] krb5security (Apr 27)
• [ MDVSA-2009:099 ] openafssecurity (Apr 28)
• Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypasssecurity (Apr 28)
• [security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Accesssecurity-alert (Apr 28)
• security tools listYing (Apr 28)
  • Re: security tools listAndrew L. Davis (Apr 28)
• Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer OverflowSecunia Research (Apr 28)
• [USN-767-1] FreeType vulnerabilityMarc Deslauriers (Apr 28)
• [USN-761-2] PHP vulnerabilitiesMarc Deslauriers (Apr 28)
• one shot remote root for linux?Gadi Evron (Apr 28)
• MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003--->y3nh4ck3r (Apr 28)
• [USN-766-1] acpid vulnerabilityMarc Deslauriers (Apr 28)
• [USN-765-1] Firefox and Xulrunner vulnerabilitiesJamie Strandboge (Apr 28)
• iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow VulnerabilityiDefense Labs (Apr 28)
• [SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code executionFlorian Weimer (Apr 28)
• [SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code executionSteffen Joeris (Apr 29)
• [ MDVA-2009:057 ] usermodesecurity (Apr 29)
• [ MDVSA-2009:101 ] xpdfsecurity (Apr 29)
• Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass WeaknessPositron Security (Apr 29)
• [SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code executionSteffen Joeris (Apr 29)
• [SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilitiesDevin Carraway (Apr 29)
• Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000SEC Consult Research (Apr 29)
• Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploitnospam (Apr 29)
  • <Possible follow-ups>
  • Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploitsecure (Apr 30)
• Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasionsThierry Zoller (Apr 29)
• SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->y3nh4ck3r (Apr 29)
• ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow VulnerabilityZDI Disclosures (Apr 29)
  • Re: ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow VulnerabilitySteve Shockley (Apr 30)
• [TZO-16-2009] Nod32 CAB bypass/evasionThierry Zoller (Apr 29)
• [security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Codesecurity-alert (Apr 29)
• [TZO-17-2009]Trendmicro multiple bypass/evasionsThierry Zoller (Apr 29)
• iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error VulnerabilityiDefense Labs (Apr 29)
• Security tools list: First VersionYing (Apr 30)
• MULTIPLE REMOTE VULNERABILITIES--Leap CMS 0.1.4-->y3nh4ck3r (Apr 30)

Previous period

Next period