Bugtraq: by thread
272 messages
starting Dec 01 08 and
ending Dec 31 08
Date index |
Thread index |
Author index
- [SECURITY] [DSA 1673-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff (Dec 01)
- [SECURITY] [DSA 1674-1] New jailer packages fix denial of service Moritz Muehlenhoff (Dec 01)
- [SECURITY] [DSA 1675-1] New phpmyadmin packages fix cross site scripting Thijs Kinkhorst (Dec 01)
- [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability Tobias Klein (Dec 01)
- /bin/login gives root to group utmp Paul Szabo (Dec 01)
- <Possible follow-ups>
- Re: /bin/login gives root to group utmp 0xjbrown41 (Dec 02)
- Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability het_ebadi (Dec 01)
- <Possible follow-ups>
- Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability zimpel (Dec 01)
- Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability zimpel (Dec 03)
- [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0 Nam Nguyen (Dec 01)
- [USN-681-1] ImageMagick vulnerability Marc Deslauriers (Dec 01)
- [USN-682-1] libvorbis vulnerabilities Marc Deslauriers (Dec 01)
- [SECURITY] [DSA 1676-1] New flamethrower packages fix denial of service dann frazier (Dec 01)
- Dates for SyScan'09 organiser () syscan org (Dec 02)
- Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass" l1un (Dec 02)
- [USN-683-1] Imlib2 vulnerability Marc Deslauriers (Dec 02)
- [ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code Robert Buchholz (Dec 02)
- [ GLSA 200812-03 ] IPsec-Tools: racoon Denial of Service Robert Buchholz (Dec 02)
- [ GLSA 200812-06 ] libxml2: Multiple vulnerabilities Robert Buchholz (Dec 02)
- [ GLSA 200812-05 ] libsamplerate: User-assisted execution of arbitrary code Robert Buchholz (Dec 02)
- [ GLSA 200812-04 ] lighttpd: Multiple vulnerabilities Robert Buchholz (Dec 02)
- [ GLSA 200812-02 ] enscript: User-assisted execution of arbitrary code Robert Buchholz (Dec 02)
- [ GLSA 200812-07 ] Mantis: Multiple vulnerabilities Robert Buchholz (Dec 02)
- [SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution Martin Schulze (Dec 02)
- [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation office (Dec 03)
- VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 VMware Security team (Dec 03)
- [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation Steffen Joeris (Dec 03)
- [SECURITY] [DSA 1679-1] New awstats packages fix cross-site scripting Florian Weimer (Dec 03)
- [USN-684-1] ClamAV vulnerability Kees Cook (Dec 03)
- <Possible follow-ups>
- Re: [USN-684-1] ClamAV vulnerability 0xjbrown41 (Dec 04)
- [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM SVRT-Bkis (Dec 03)
- [security bulletin] HPSBUX02389 SSRT080141 rev.1 - HP-UX, Local Denial of Service (DoS) security-alert (Dec 03)
- Re: [HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation rene . sato (Dec 03)
- [USN-685-1] Net-SNMP vulnerabilities Kees Cook (Dec 03)
- [USN-686-1] AWStats vulnerability Kees Cook (Dec 04)
- [ MDVSA-2008:236 ] vim security (Dec 04)
- Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability Stefan Esser (Dec 04)
- Joomla Component GameQ r3d . w0rm (Dec 04)
- Re: Joomla Component GameQ packet (Dec 04)
- DDIVRT-2008-18 Orb Denial of Service DDI . VulnerabilityAlert (Dec 04)
- [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution Florian Weimer (Dec 04)
- CVE-2008-2086: Java Web Start File Inclusion via System Properties Override VSR Advisories (Dec 04)
- [UPRSN] Ubuntu Privacy Remix 8.04r1 fixes security issues Ubuntu Privacy Remix Team (Dec 04)
- Re: XSS in Internet Explorer 6 and 7 MustLive (Dec 04)
- [SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier (Dec 04)
- iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability iDefense Labs (Dec 04)
- Joomla Component mydyngallery r3d . w0rm (Dec 04)
- iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability iDefense Labs (Dec 04)
- iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability iDefense Labs (Dec 04)
- [ MDVSA-2008:237 ] apache2 security (Dec 04)
- [USN-687-1] nfs-utils vulnerability Marc Deslauriers (Dec 04)
- iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability iDefense Labs (Dec 04)
- ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability zdi-disclosures (Dec 05)
- ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability zdi-disclosures (Dec 05)
- ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability zdi-disclosures (Dec 05)
- ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability zdi-disclosures (Dec 05)
- ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities zdi-disclosures (Dec 05)
- [ MDVSA-2008:238 ] libsamplerate security (Dec 05)
- CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table Hugo Dias (Dec 05)
- RE: DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal VulnerabilityAlert (Dec 05)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Ilia Alshanetsky (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
- Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Ilia Alshanetsky (Dec 06)
- [ MDVSA-2008:239 ] clamav security (Dec 06)
- [ GLSA 200812-08 ] Mgetty: Insecure temporary file usage Pierre-Yves Rofes (Dec 06)
- SecurityReason: PHP 5.2.6 SAPI php_getuid() overload cxib (Dec 06)
- Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Eygene Ryabinkin (Dec 08)
- Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Maksymilian Arciemowicz (Dec 08)
- Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Eygene Ryabinkin (Dec 08)
- Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Maksymilian Arciemowicz (Dec 08)
- Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Eygene Ryabinkin (Dec 08)
- [SECURITY] [DSA 1682-1] New squirrelmail packages fix cross site scripting Thijs Kinkhorst (Dec 08)
- Two XSS Flaws in PrestaShop 1.1.0.3 th3 . r00k . ieatpork (Dec 08)
- XSS in PHPepperShop v 1.4 th3 . r00k . ieatpork (Dec 08)
- RadAsm <=2.2.1.5 Local Command Execution xhakerman2006 (Dec 08)
- Re: RadAsm <=2.2.1.5 Local Command Execution Li Gen (Dec 08)
- Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass xhakerman2006 (Dec 08)
- [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x Digital Security Research Group [DSecRG] (Dec 08)
- [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x Digital Security Research Group [DSecRG] (Dec 08)
- [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops SVRT-Bkis (Dec 08)
- [security bulletin] HPSBMA02391 SSRT071481 rev.1 - HP OpenView Reporter and HP Reporter Running on Windows, Remote Denial of Service (DoS) security-alert (Dec 08)
- ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability zdi-disclosures (Dec 08)
- Neostrada Livebox Remote Network Down PoC Exploit 0in . email (Dec 08)
- DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808) Robbie (Rupinder) Gill (Dec 08)
- [SECURITY] [DSA 1683-1] New streamripper packages fix potential code execution Florian Weimer (Dec 08)
- [security bulletin] HPSBMA02390 SSRT071481 rev.1 - HP OpenView Performance Agent, HP Performance Agent, Remote Denial of Service (DoS) security-alert (Dec 08)
- Multiple XSRF in DD-WRT (Remote Root Command Execution) th3 . r00k . ieatpork (Dec 08)
- <Possible follow-ups>
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) s . gottschall (Dec 10)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Hanno Böck (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
- Re[2]: Multiple XSRF in DD-WRT (Remote Root Command Execution) Vladimir '3APA3A' Dubrovin (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) pUm (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
- Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
- Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
- Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) 0xjbrown41 (Dec 15)
- Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] Peter Watkins (Dec 08)
- DoS attacks on MIME-capable software via complex MIME emails bruhns (Dec 09)
- Re: DoS attacks on MIME-capable software via complex MIME emails Vladimir '3APA3A' Dubrovin (Dec 09)
- [ MDVSA-2008:236-1 ] vim security (Dec 09)
- PHP safe_mode can be bypassed via proc_open() and custom environment. gat3way (Dec 09)
- SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability Bernhard Mueller (Dec 09)
- rPSA-2008-0332-1 kernel rPath Update Announcements (Dec 09)
- Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update- xhakerman2006 (Dec 09)
- Secunia Research: Microsoft Word RTF Polyline/Polygon Integer Overflow Secunia Research (Dec 09)
- Secunia Research: Microsoft Excel NAME Record Array Indexing Vulnerability Secunia Research (Dec 09)
- CORE-2008-1127 - Vinagre show_error() format string vulnerability CORE Security Technologies Advisories (Dec 09)
- Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows Secunia Research (Dec 09)
- iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive) iDefense Labs (Dec 09)
- iDefense Security Advisory 12.09.08: Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability iDefense Labs (Dec 09)
- ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability zdi-disclosures (Dec 09)
- ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability zdi-disclosures (Dec 09)
- ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability zdi-disclosures (Dec 09)
- ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability zdi-disclosures (Dec 09)
- ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability zdi-disclosures (Dec 09)
- Insomnia : ISVA-081209.1 - IE Webdav Request Parsing Heap Corruption Vulnerability Brett Moore (Dec 10)
- ISOI 6, Dallas, TX - January 29, 30 Gadi Evron (Dec 10)
- [USN-689-1] Vinagre vulnerability Kees Cook (Dec 10)
- [USN-678-2] GnuTLS regression Jamie Strandboge (Dec 10)
- [SECURITY] [DSA 1684-1] New lcms packages fix multiple vulnerabilities Devin Carraway (Dec 10)
- [IVIZ-08-011] ClamAV lzh unpacking segmentation fault iViZ Security Advisories (Dec 10)
- [IVIZ-08-012] Bitdefender antivirus for Linux multiple vulnerabilities iViZ Security Advisories (Dec 10)
- [IVIZ-08-013] Avast antivirus for Linux multiple vulnerabilities iViZ Security Advisories (Dec 10)
- [IVIZ-08-014] AVG antivirus for Linux vulnerability iViZ Security Advisories (Dec 10)
- [IVIZ-08-015] Sophos Antivirus for Linux vulnerability iViZ Security Advisories (Dec 10)
- [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass iViZ Security Advisories (Dec 10)
- <Possible follow-ups>
- Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass frisk (Dec 16)
- Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass mikael . albrecht (Dec 22)
- Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) Bernhard Mueller (Dec 10)
- CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability CORE Security Technologies Advisories (Dec 10)
- [security bulletin] HPSBUX02393 SSRT080057 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) security-alert (Dec 10)
- [ GLSA 200812-09 ] OpenSC: Insufficient protection of smart card PIN Robert Buchholz (Dec 10)
- [ GLSA 200812-10 ] Archive::Tar: Directory traversal vulnerability Robert Buchholz (Dec 10)
- Max's Guestbook (XSS) Remote Vulnerability 08253 (Dec 10)
- iDefense Security Advisory 12.10.08: Microsoft Excel Malformed Object Memoy Corruption Vulnerability iDefense Labs (Dec 10)
- [ MDVSA-2008:240 ] vinagre security (Dec 10)
- CA ARCserve Backup LDBserver Vulnerability Williams, James K (Dec 10)
- [ GLSA 200812-11 ] CUPS: Multiple vulnerabilities Pierre-Yves Rofes (Dec 11)
- Browser Security Handbook Michal Zalewski (Dec 11)
- AST-2008-012: Remote crash vulnerability in IAX2 Asterisk Security Team (Dec 11)
- Black Hat: New Webinar, Japan audio now on-line. jmoss (Dec 11)
- aspProductCatalog Sql Injection r3d . w0rm (Dec 11)
- Meta Cart Free Database Disclosure r3d . w0rm (Dec 11)
- facto Database Disclosure r3d . w0rm (Dec 11)
- Secunia Research: CA ARCserve Backup RPC "handle_t" Argument Vulnerability Secunia Research (Dec 11)
- Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities Rafel Ivgi (Dec 11)
- ASP-CMS v.1.0 Sql Injection/Database Disclosure r3d . w0rm (Dec 12)
- rPSA-2008-0336-1 tshark wireshark rPath Update Announcements (Dec 12)
- Nokia N70/N73 Bluetooth Stack OBEX Implementation Denial of Service yangdn (Dec 12)
- [SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities Steffen Joeris (Dec 12)
- Moodle 1.9.3 Remote Code Execution ascii (Dec 12)
- <Possible follow-ups>
- Re: Moodle 1.9.3 Remote Code Execution lent (Dec 15)
- Re: Moodle 1.9.3 Remote Code Execution Jamie Riden (Dec 15)
- Re: Re: Moodle 1.9.3 Remote Code Execution martin (Dec 16)
- Re: Moodle 1.9.3 Remote Code Execution hackeriri (Dec 16)
- [ GLSA 200812-12 ] Honeyd: Insecure temporary file creation Tobias Heinlein (Dec 12)
- [ GLSA 200812-13 ] OpenOffice.org: Multiple vulnerabilities Pierre-Yves Rofes (Dec 15)
- [ GLSA 200812-14 ] aview: Insecure temporary file usage Tobias Heinlein (Dec 15)
- [SECURITY] [DSA 1686-1] New no-ip packages fix arbitrary code execution Moritz Muehlenhoff (Dec 15)
- [ GLSA 200812-15 ] POV-Ray: User-assisted execution of arbitrary code Pierre-Yves Rofes (Dec 15)
- [ GLSA 200812-16 ] Dovecot: Multiple vulnerabilities Tobias Heinlein (Dec 15)
- CFAGCMS Remote File Inclusion admin (Dec 15)
- [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability Tobias Klein (Dec 15)
- Multiple XSS Vulnerabilities in World Recipe 2.11 security (Dec 15)
- phpList vulnerability phplist (Dec 15)
- TmaxSoft JEUS Alternate Data Streams Vulnerability Simon Ryeo (Dec 15)
- Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability Simon Ryeo (Dec 15)
- [ MDVSA-2008:242 ] wireshark security (Dec 15)
- [SECURITY] [DSA 1687-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Dec 15)
- [ MDVSA-2008:243 ] enscript security (Dec 16)
- [USN-691-1] Ruby vulnerability Marc Deslauriers (Dec 16)
- Re: ooVoo 1.7.1.35 (URL Protocol) remote unicode buffer overflow poc philip . robertson (Dec 16)
- [ GLSA 200812-17 ] Ruby: Multiple vulnerabilities Tobias Heinlein (Dec 16)
- ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection Vulnerability zdi-disclosures (Dec 16)
- CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability marian . ventuneac (Dec 16)
- CVE-2008-0971 - Barracuda Networks products Multiple Cross-Site Scripting Vulnerabilities marian . ventuneac (Dec 16)
- Joomla: Session hijacking vulnerability, CVE-2008-4122 Hanno Böck (Dec 16)
- <Possible follow-ups>
- Re: Joomla: Session hijacking vulnerability, CVE-2008-4122 darkz . gsa (Dec 18)
- [ GLSA 200812-18 ] JasPer: User-assisted execution of arbitrary code Robert Buchholz (Dec 16)
- Network Security Scanner OpenVAS 2.0.0 Released Michael Wiegand (Dec 17)
- n.runs-SA-2008.010 - Opera HTML parsing Code Execution security (Dec 17)
- [ MDVSA-2008:244 ] mozilla-firefox security (Dec 17)
- [USN-690-1] Firefox and xulrunner vulnerabilities Jamie Strandboge (Dec 18)
- [TKADV2008-015] Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference Tobias Klein (Dec 18)
- Firefox cross-domain text theft (CESA-2008-011) Chris Evans (Dec 18)
- [USN-692-1] Gadu vulnerability Kees Cook (Dec 18)
- [USN-693-1] LittleCMS vulnerability Kees Cook (Dec 18)
- [USN-690-2] Firefox vulnerabilities Jamie Strandboge (Dec 18)
- [USN-690-3] Firefox vulnerabilities Jamie Strandboge (Dec 18)
- [SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2 Mark Thomas (Dec 18)
- [USN-694-1] libvirt vulnerability Jamie Strandboge (Dec 18)
- [USN-695-1] shadow vulnerability Kees Cook (Dec 18)
- php python extension safe_mode bypass amir (Dec 18)
- EasySiteNetwork (joke.php?id) Remote SQL injection Vulnerability Ehsan_Hp200 (Dec 18)
- [ MDVSA-2008:245 ] firefox security (Dec 18)
- CONFidence 2009, CFP Andrzej Targosz (Dec 18)
- Re: CONFidence 2009, CFP Dominik 'Rathann' Mierzejewski (Dec 19)
- [USN-696-1] Avahi vulnerabilities Jamie Strandboge (Dec 18)
- SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactions remote command injection vulnerability Bernhard Mueller (Dec 19)
- [security bulletin] HPSBST02394 SSRT080183 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-070 to MS08-077 security-alert (Dec 19)
- HTC Touch vCard over IP Denial of Service Mobile Security Lab (Dec 19)
- PHP APC vulnerable to local attacks Moritz Naumann (Dec 19)
- rPSA-2008-0338-1 cups rPath Update Announcements (Dec 19)
- [ GLSA 200812-19 ] PowerDNS: Multiple vulnerabilities Pierre-Yves Rofes (Dec 19)
- [SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection Steffen Joeris (Dec 20)
- chicomas <=2.0.4 Multiple Vulnerabilities admin (Dec 20)
- Re: chicomas <=2.0.4 Multiple Vulnerabilities security curmudgeon (Dec 20)
- [SECURITY] [DSA 1678-2] New perl packages fix regression Florian Weimer (Dec 22)
- [USN-699-1] Blender vulnerabilities Marc Deslauriers (Dec 22)
- [USN-698-1] Nagios vulnerability Marc Deslauriers (Dec 22)
- Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability Secunia Research (Dec 22)
- [USN-698-2] Nagios3 vulnerabilities Marc Deslauriers (Dec 22)
- POC for CVE-2008-5619 (roundcubemail PHP arbitrary code injection) Jacobo Avariento Gimeno (Dec 22)
- [UPRSN] Ubuntu Privacy Remix 8.04r2 introduces "noexec"-mounting by default Ubuntu Privacy Remix Team (Dec 22)
- [SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilities Thijs Kinkhorst (Dec 22)
- FreeSSHd Multiple Remote Stack Overflow Vulnerabilities writ3r-dont-want-bugtraq-spam- (Dec 22)
- Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution Secunia Research (Dec 22)
- CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit writ3r-dont-want-bugtraq-spam- (Dec 22)
- [USN-697-1] Imlib2 vulnerability Marc Deslauriers (Dec 22)
- [ GLSA 200812-20 ] phpCollab: Multiple vulnerabilities Pierre-Yves Rofes (Dec 22)
- CORE-2008-1210: Qemu and KVM VNC server remote DoS CORE Security Technologies Advisories (Dec 22)
- [SECURITY] [DSA 1689-1] New proftpd-dfsg packages fix Cross-Site Request Forgery Martin Schulze (Dec 22)
- [ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS ISecAuditors Security Advisories (Dec 22)
- [SECURITY] [DSA 1690-1] New avahi packages fix denial of service Florian Weimer (Dec 22)
- [ISecAuditors Security Advisories] Multiple vulnerabilities in WiFi router COMTREND CT-536/HG-536+ ISecAuditors Security Advisories (Dec 22)
- rPSA-2008-0341-1 dovecot rPath Update Announcements (Dec 22)
- <Possible follow-ups>
- Re: rPSA-2008-0341-1 dovecot olga (Dec 24)
- [ MDVA-2008:241 ] mailscanner security (Dec 22)
- [security bulletin] HPSBST02397 SSRT080187 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-078 security-alert (Dec 24)
- [USN-677-2] OpenOffice.org Internationalization update Jamie Strandboge (Dec 24)
- [ISecAuditors Security Advisories] PSI remote integer overflow DoS ISecAuditors Security Advisories (Dec 24)
- FreeBSD Security Advisory FreeBSD-SA-08:13.protosw FreeBSD Security Advisories (Dec 24)
- DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832 VulnerabilityResearch (Dec 24)
- [USN-700-1] Perl vulnerabilities Kees Cook (Dec 24)
- [SECURITY] [DSA 1688-2] New courier-authlib packages fix regression Florian Weimer (Dec 24)
- [USN-698-3] Nagios vulnerabilities Marc Deslauriers (Dec 24)
- [ GLSA 200812-23 ] Imlib2: User-assisted execution of arbitrary code Pierre-Yves Rofes (Dec 24)
- FRHACK Registration open (Christmas offer) Jerome Athias (Dec 24)
- Personal Sticky Threads v1.0.3c vbulletin Add-on problem xl4nothing (Dec 24)
- [ GLSA 200812-22 ] Ampache: Insecure temporary file usage Pierre-Yves Rofes (Dec 24)
- FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd FreeBSD Security Advisories (Dec 24)
- [ GLSA 200812-24 ] VLC: Multiple vulnerabilities Tobias Heinlein (Dec 24)
- [ GLSA 200812-21 ] ClamAV: Multiple vulnerabilities Pierre-Yves Rofes (Dec 24)
- PGP Desktop 9.0.6 Denial Of Service - ZeroDay contact . fingers (Dec 24)
- Google Chrome Browser (ChromeHTML://) remote parameter injection POC nospam (Dec 24)
- <Possible follow-ups>
- Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC Already-sended-information-to-security-focus (Dec 25)
- Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC nospam (Dec 29)
- MS Windows Media Player * (.WAV) Remote Integrer Overflow Laurent . gaffie (Dec 25)
- joomla com_lowcosthotels sql injection lovebug (Dec 25)
- Castlecops security site closed for good Michael Scheidell (Dec 25)
- PHP-Fusion Mod TI - Blog System Sql Injection r3d . w0rm (Dec 25)
- ClubHack2008 presentations are now online ClubHack (Dec 29)
- Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit hadihadi_zedehal_2006 (Dec 29)
- [SECURITY] [DSA 1692-1] New php-xajax packages fix cross-site scripting Steffen Joeris (Dec 29)
- hm? new vulnerabilities? wav windows media anonymous (Dec 29)
- MSN messenger sends IP addresses Public and Private Carmelo Brancato (Dec 29)
- ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities XiaShing (Dec 29)
- Madrese-Portal Sql Injection r3d . w0rm (Dec 29)
- MagpieRSS XSS 0day admin (Dec 29)
- Re: MagpieRSS XSS 0day Antone Roundy (Dec 30)
- [SECURITY] [DSA 1693-1] New phppgadmin packages fix several vulnerabilities Thijs Kinkhorst (Dec 29)
- [ MDVSA-2008:246 ] kernel security (Dec 29)
- Mavi Emlak Sql Injection r3d . w0rm (Dec 29)
- Megacubo 5.0.7 (mega://) remote eval() injection exploit pyro (Dec 30)
- reliable IOS exploitation Gadi Evron (Dec 30)
- php-nuke 8.0 module sections artid blind sql inj vuln. the . dumenci (Dec 30)
- Re: php-nuke 8.0 module sections artid blind sql inj vuln. John Haywood (Dec 31)
- MD5 Considered Harmful Today: Creating a rogue CA certificate Alexander Sotirov (Dec 31)
- apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit‎ v8i (Dec 31)
- CFP uCon Security Conference 2009 - Recife, Brazil uCon Security Conference (Dec 31)