Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
272 messages
starting Dec 10 08 and
ending Dec 01 08
Date index |
Thread index |
Author index
08253
Max's Guestbook (XSS) Remote Vulnerability 08253 (Dec 10)
0in . email
Neostrada Livebox Remote Network Down PoC Exploit 0in . email (Dec 08)
0xjbrown41
Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) 0xjbrown41 (Dec 15)
Re: /bin/login gives root to group utmp 0xjbrown41 (Dec 02)
Re: [USN-684-1] ClamAV vulnerability 0xjbrown41 (Dec 04)
admin
MagpieRSS XSS 0day admin (Dec 29)
chicomas <=2.0.4 Multiple Vulnerabilities admin (Dec 20)
CFAGCMS Remote File Inclusion admin (Dec 15)
Alexander Sotirov
MD5 Considered Harmful Today: Creating a rogue CA certificate Alexander Sotirov (Dec 31)
Already-sended-information-to-security-focus
Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC Already-sended-information-to-security-focus (Dec 25)
amir
php python extension safe_mode bypass amir (Dec 18)
Andrzej Targosz
CONFidence 2009, CFP Andrzej Targosz (Dec 18)
anonymous
hm? new vulnerabilities? wav windows media anonymous (Dec 29)
Antone Roundy
Re: MagpieRSS XSS 0day Antone Roundy (Dec 30)
ascii
Moodle 1.9.3 Remote Code Execution ascii (Dec 12)
Asterisk Security Team
AST-2008-012: Remote crash vulnerability in IAX2 Asterisk Security Team (Dec 11)
Bernhard Mueller
Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) Bernhard Mueller (Dec 10)
SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactions remote command injection vulnerability Bernhard Mueller (Dec 19)
SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability Bernhard Mueller (Dec 09)
Brett Moore
Insomnia : ISVA-081209.1 - IE Webdav Request Parsing Heap Corruption Vulnerability Brett Moore (Dec 10)
bruhns
DoS attacks on MIME-capable software via complex MIME emails bruhns (Dec 09)
Carmelo Brancato
MSN messenger sends IP addresses Public and Private Carmelo Brancato (Dec 29)
Chris Evans
Firefox cross-domain text theft (CESA-2008-011) Chris Evans (Dec 18)
ClubHack
ClubHack2008 presentations are now online ClubHack (Dec 29)
contact . fingers
PGP Desktop 9.0.6 Denial Of Service - ZeroDay contact . fingers (Dec 24)
CORE Security Technologies Advisories
CORE-2008-1210: Qemu and KVM VNC server remote DoS CORE Security Technologies Advisories (Dec 22)
CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability CORE Security Technologies Advisories (Dec 10)
CORE-2008-1127 - Vinagre show_error() format string vulnerability CORE Security Technologies Advisories (Dec 09)
cxib
SecurityReason: PHP 5.2.6 SAPI php_getuid() overload cxib (Dec 06)
dan . crowley
Re: Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) dan . crowley (Dec 11)
dann frazier
[SECURITY] [DSA 1687-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Dec 15)
[SECURITY] [DSA 1681-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier (Dec 04)
[SECURITY] [DSA 1676-1] New flamethrower packages fix denial of service dann frazier (Dec 01)
darkz . gsa
Re: Joomla: Session hijacking vulnerability, CVE-2008-4122 darkz . gsa (Dec 18)
David E. Thiel
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) David E. Thiel (Dec 11)
DDI . VulnerabilityAlert
DDIVRT-2008-18 Orb Denial of Service DDI . VulnerabilityAlert (Dec 04)
Devin Carraway
[SECURITY] [DSA 1684-1] New lcms packages fix multiple vulnerabilities Devin Carraway (Dec 10)
Digital Security Research Group [DSecRG]
[DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x Digital Security Research Group [DSecRG] (Dec 08)
[DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x Digital Security Research Group [DSecRG] (Dec 08)
Dominik 'Rathann' Mierzejewski
Re: CONFidence 2009, CFP Dominik 'Rathann' Mierzejewski (Dec 19)
Ehsan_Hp200
EasySiteNetwork (joke.php?id) Remote SQL injection Vulnerability Ehsan_Hp200 (Dec 18)
Eygene Ryabinkin
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Eygene Ryabinkin (Dec 08)
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Eygene Ryabinkin (Dec 06)
Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Eygene Ryabinkin (Dec 08)
Florian Weimer
[SECURITY] [DSA 1680-1] New clamav packages fix potential code execution Florian Weimer (Dec 04)
[SECURITY] [DSA 1683-1] New streamripper packages fix potential code execution Florian Weimer (Dec 08)
[SECURITY] [DSA 1690-1] New avahi packages fix denial of service Florian Weimer (Dec 22)
[SECURITY] [DSA 1678-2] New perl packages fix regression Florian Weimer (Dec 22)
[SECURITY] [DSA 1688-2] New courier-authlib packages fix regression Florian Weimer (Dec 24)
[SECURITY] [DSA 1679-1] New awstats packages fix cross-site scripting Florian Weimer (Dec 03)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-08:13.protosw FreeBSD Security Advisories (Dec 24)
FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd FreeBSD Security Advisories (Dec 24)
frisk
Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass frisk (Dec 16)
Gadi Evron
ISOI 6, Dallas, TX - January 29, 30 Gadi Evron (Dec 10)
reliable IOS exploitation Gadi Evron (Dec 30)
gat3way
PHP safe_mode can be bypassed via proc_open() and custom environment. gat3way (Dec 09)
hackeriri
Re: Moodle 1.9.3 Remote Code Execution hackeriri (Dec 16)
hadihadi_zedehal_2006
Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit hadihadi_zedehal_2006 (Dec 29)
Hanno Böck
Joomla: Session hijacking vulnerability, CVE-2008-4122 Hanno Böck (Dec 16)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Hanno Böck (Dec 11)
het_ebadi
Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability het_ebadi (Dec 01)
Hugo Dias
CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table Hugo Dias (Dec 05)
iDefense Labs
iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive) iDefense Labs (Dec 09)
iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability iDefense Labs (Dec 04)
iDefense Security Advisory 12.10.08: Microsoft Excel Malformed Object Memoy Corruption Vulnerability iDefense Labs (Dec 10)
iDefense Security Advisory 12.09.08: Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability iDefense Labs (Dec 09)
iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability iDefense Labs (Dec 04)
iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability iDefense Labs (Dec 04)
iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability iDefense Labs (Dec 04)
Ilia Alshanetsky
Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file Ilia Alshanetsky (Dec 06)
Integrigy Security
RE: [Full-disclosure] ZDI-08-088: Oracle E-Business Suite Self-Service Web Applications SQL Injection Vulnerability Integrigy Security (Dec 17)
ISecAuditors Security Advisories
[ISecAuditors Security Advisories] Multiple vulnerabilities in WiFi router COMTREND CT-536/HG-536+ ISecAuditors Security Advisories (Dec 22)
[ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS ISecAuditors Security Advisories (Dec 22)
[ISecAuditors Security Advisories] PSI remote integer overflow DoS ISecAuditors Security Advisories (Dec 24)
iViZ Security Advisories
[IVIZ-08-014] AVG antivirus for Linux vulnerability iViZ Security Advisories (Dec 10)
[IVIZ-08-015] Sophos Antivirus for Linux vulnerability iViZ Security Advisories (Dec 10)
[IVIZ-08-011] ClamAV lzh unpacking segmentation fault iViZ Security Advisories (Dec 10)
[IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass iViZ Security Advisories (Dec 10)
[IVIZ-08-013] Avast antivirus for Linux multiple vulnerabilities iViZ Security Advisories (Dec 10)
[IVIZ-08-012] Bitdefender antivirus for Linux multiple vulnerabilities iViZ Security Advisories (Dec 10)
Jacobo Avariento Gimeno
POC for CVE-2008-5619 (roundcubemail PHP arbitrary code injection) Jacobo Avariento Gimeno (Dec 22)
Jamie Riden
Re: Moodle 1.9.3 Remote Code Execution Jamie Riden (Dec 15)
Jamie Strandboge
[USN-696-1] Avahi vulnerabilities Jamie Strandboge (Dec 18)
[USN-677-2] OpenOffice.org Internationalization update Jamie Strandboge (Dec 24)
[USN-690-1] Firefox and xulrunner vulnerabilities Jamie Strandboge (Dec 18)
[USN-678-2] GnuTLS regression Jamie Strandboge (Dec 10)
[USN-690-2] Firefox vulnerabilities Jamie Strandboge (Dec 18)
[USN-694-1] libvirt vulnerability Jamie Strandboge (Dec 18)
[USN-690-3] Firefox vulnerabilities Jamie Strandboge (Dec 18)
Jerome Athias
FRHACK Registration open (Christmas offer) Jerome Athias (Dec 24)
jmoss
Black Hat: New Webinar, Japan audio now on-line. jmoss (Dec 11)
John Haywood
Re: php-nuke 8.0 module sections artid blind sql inj vuln. John Haywood (Dec 31)
Kees Cook
[USN-695-1] shadow vulnerability Kees Cook (Dec 18)
[USN-693-1] LittleCMS vulnerability Kees Cook (Dec 18)
[USN-684-1] ClamAV vulnerability Kees Cook (Dec 03)
[USN-689-1] Vinagre vulnerability Kees Cook (Dec 10)
[USN-686-1] AWStats vulnerability Kees Cook (Dec 04)
[USN-700-1] Perl vulnerabilities Kees Cook (Dec 24)
[USN-692-1] Gadu vulnerability Kees Cook (Dec 18)
[USN-685-1] Net-SNMP vulnerabilities Kees Cook (Dec 03)
l1un
Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass" l1un (Dec 02)
Laurent . gaffie
MS Windows Media Player * (.WAV) Remote Integrer Overflow Laurent . gaffie (Dec 25)
lent
Re: Moodle 1.9.3 Remote Code Execution lent (Dec 15)
Li Gen
Re: RadAsm <=2.2.1.5 Local Command Execution Li Gen (Dec 08)
lovebug
joomla com_lowcosthotels sql injection lovebug (Dec 25)
Maksymilian Arciemowicz
Re: SecurityReason: PHP 5.2.6 SAPI php_getuid() overload Maksymilian Arciemowicz (Dec 08)
Marc Deslauriers
[USN-699-1] Blender vulnerabilities Marc Deslauriers (Dec 22)
[USN-691-1] Ruby vulnerability Marc Deslauriers (Dec 16)
[USN-697-1] Imlib2 vulnerability Marc Deslauriers (Dec 22)
[USN-698-2] Nagios3 vulnerabilities Marc Deslauriers (Dec 22)
[USN-681-1] ImageMagick vulnerability Marc Deslauriers (Dec 01)
[USN-698-1] Nagios vulnerability Marc Deslauriers (Dec 22)
[USN-683-1] Imlib2 vulnerability Marc Deslauriers (Dec 02)
[USN-682-1] libvorbis vulnerabilities Marc Deslauriers (Dec 01)
[USN-687-1] nfs-utils vulnerability Marc Deslauriers (Dec 04)
[USN-698-3] Nagios vulnerabilities Marc Deslauriers (Dec 24)
marian . ventuneac
CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability marian . ventuneac (Dec 16)
CVE-2008-0971 - Barracuda Networks products Multiple Cross-Site Scripting Vulnerabilities marian . ventuneac (Dec 16)
Mark Thomas
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2 Mark Thomas (Dec 18)
martin
Re: Re: Moodle 1.9.3 Remote Code Execution martin (Dec 16)
Martin Schulze
[SECURITY] [DSA 1689-1] New proftpd-dfsg packages fix Cross-Site Request Forgery Martin Schulze (Dec 22)
[SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution Martin Schulze (Dec 02)
Michael Scheidell
Castlecops security site closed for good Michael Scheidell (Dec 25)
Michael Wiegand
Network Security Scanner OpenVAS 2.0.0 Released Michael Wiegand (Dec 17)
Michal Zalewski
Browser Security Handbook Michal Zalewski (Dec 11)
mikael . albrecht
Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass mikael . albrecht (Dec 22)
Mobile Security Lab
HTC Touch vCard over IP Denial of Service Mobile Security Lab (Dec 19)
Moritz Muehlenhoff
[SECURITY] [DSA 1686-1] New no-ip packages fix arbitrary code execution Moritz Muehlenhoff (Dec 15)
[SECURITY] [DSA 1674-1] New jailer packages fix denial of service Moritz Muehlenhoff (Dec 01)
[SECURITY] [DSA 1673-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff (Dec 01)
Moritz Naumann
PHP APC vulnerable to local attacks Moritz Naumann (Dec 19)
MustLive
Re: XSS in Internet Explorer 6 and 7 MustLive (Dec 04)
Nam Nguyen
[BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0 Nam Nguyen (Dec 01)
nospam
Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC nospam (Dec 29)
Google Chrome Browser (ChromeHTML://) remote parameter injection POC nospam (Dec 24)
office
[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation office (Dec 03)
olga
Re: rPSA-2008-0341-1 dovecot olga (Dec 24)
organiser () syscan org
Dates for SyScan'09 organiser () syscan org (Dec 02)
packet
Re: Joomla Component GameQ packet (Dec 04)
Paul Szabo
/bin/login gives root to group utmp Paul Szabo (Dec 01)
Peter Watkins
Re: [Full-disclosure] MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] Peter Watkins (Dec 08)
philip . robertson
Re: ooVoo 1.7.1.35 (URL Protocol) remote unicode buffer overflow poc philip . robertson (Dec 16)
phplist
phpList vulnerability phplist (Dec 15)
Pierre-Yves Rofes
[ GLSA 200812-13 ] OpenOffice.org: Multiple vulnerabilities Pierre-Yves Rofes (Dec 15)
[ GLSA 200812-20 ] phpCollab: Multiple vulnerabilities Pierre-Yves Rofes (Dec 22)
[ GLSA 200812-21 ] ClamAV: Multiple vulnerabilities Pierre-Yves Rofes (Dec 24)
[ GLSA 200812-23 ] Imlib2: User-assisted execution of arbitrary code Pierre-Yves Rofes (Dec 24)
[ GLSA 200812-19 ] PowerDNS: Multiple vulnerabilities Pierre-Yves Rofes (Dec 19)
[ GLSA 200812-11 ] CUPS: Multiple vulnerabilities Pierre-Yves Rofes (Dec 11)
[ GLSA 200812-08 ] Mgetty: Insecure temporary file usage Pierre-Yves Rofes (Dec 06)
[ GLSA 200812-22 ] Ampache: Insecure temporary file usage Pierre-Yves Rofes (Dec 24)
[ GLSA 200812-15 ] POV-Ray: User-assisted execution of arbitrary code Pierre-Yves Rofes (Dec 15)
pUm
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) pUm (Dec 11)
pyro
Megacubo 5.0.7 (mega://) remote eval() injection exploit pyro (Dec 30)
r3d . w0rm
Joomla Component mydyngallery r3d . w0rm (Dec 04)
Mavi Emlak Sql Injection r3d . w0rm (Dec 29)
Joomla Component GameQ r3d . w0rm (Dec 04)
Meta Cart Free Database Disclosure r3d . w0rm (Dec 11)
aspProductCatalog Sql Injection r3d . w0rm (Dec 11)
PHP-Fusion Mod TI - Blog System Sql Injection r3d . w0rm (Dec 25)
ASP-CMS v.1.0 Sql Injection/Database Disclosure r3d . w0rm (Dec 12)
facto Database Disclosure r3d . w0rm (Dec 11)
Madrese-Portal Sql Injection r3d . w0rm (Dec 29)
Rafel Ivgi
Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities Rafel Ivgi (Dec 11)
rene . sato
Re: [HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation rene . sato (Dec 03)
Robbie (Rupinder) Gill
DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808) Robbie (Rupinder) Gill (Dec 08)
Robert Buchholz
[ GLSA 200812-03 ] IPsec-Tools: racoon Denial of Service Robert Buchholz (Dec 02)
[ GLSA 200812-18 ] JasPer: User-assisted execution of arbitrary code Robert Buchholz (Dec 16)
[ GLSA 200812-10 ] Archive::Tar: Directory traversal vulnerability Robert Buchholz (Dec 10)
[ GLSA 200812-05 ] libsamplerate: User-assisted execution of arbitrary code Robert Buchholz (Dec 02)
[ GLSA 200812-09 ] OpenSC: Insufficient protection of smart card PIN Robert Buchholz (Dec 10)
[ GLSA 200812-06 ] libxml2: Multiple vulnerabilities Robert Buchholz (Dec 02)
[ GLSA 200812-07 ] Mantis: Multiple vulnerabilities Robert Buchholz (Dec 02)
[ GLSA 200812-02 ] enscript: User-assisted execution of arbitrary code Robert Buchholz (Dec 02)
[ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code Robert Buchholz (Dec 02)
[ GLSA 200812-04 ] lighttpd: Multiple vulnerabilities Robert Buchholz (Dec 02)
rPath Update Announcements
rPSA-2008-0336-1 tshark wireshark rPath Update Announcements (Dec 12)
rPSA-2008-0341-1 dovecot rPath Update Announcements (Dec 22)
rPSA-2008-0338-1 cups rPath Update Announcements (Dec 19)
rPSA-2008-0332-1 kernel rPath Update Announcements (Dec 09)
Sebastian Gottschall (DD-WRT)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Sebastian Gottschall (DD-WRT) (Dec 11)
Secunia Research
Secunia Research: Microsoft Excel NAME Record Array Indexing Vulnerability Secunia Research (Dec 09)
Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability Secunia Research (Dec 22)
Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows Secunia Research (Dec 09)
Secunia Research: CA ARCserve Backup RPC "handle_t" Argument Vulnerability Secunia Research (Dec 11)
Secunia Research: Microsoft Word RTF Polyline/Polygon Integer Overflow Secunia Research (Dec 09)
Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution Secunia Research (Dec 22)
security
Multiple XSS Vulnerabilities in World Recipe 2.11 security (Dec 15)
[ MDVSA-2008:244 ] mozilla-firefox security (Dec 17)
[ MDVSA-2008:246 ] kernel security (Dec 29)
n.runs-SA-2008.010 - Opera HTML parsing Code Execution security (Dec 17)
[ MDVSA-2008:243 ] enscript security (Dec 16)
[ MDVSA-2008:245 ] firefox security (Dec 18)
[ MDVSA-2008:238 ] libsamplerate security (Dec 05)
[ MDVA-2008:241 ] mailscanner security (Dec 22)
[ MDVSA-2008:240 ] vinagre security (Dec 10)
[ MDVSA-2008:237 ] apache2 security (Dec 04)
[ MDVSA-2008:239 ] clamav security (Dec 06)
[ MDVSA-2008:242 ] wireshark security (Dec 15)
[ MDVSA-2008:236 ] vim security (Dec 04)
[ MDVSA-2008:236-1 ] vim security (Dec 09)
security-alert
[security bulletin] HPSBUX02389 SSRT080141 rev.1 - HP-UX, Local Denial of Service (DoS) security-alert (Dec 03)
[security bulletin] HPSBMA02390 SSRT071481 rev.1 - HP OpenView Performance Agent, HP Performance Agent, Remote Denial of Service (DoS) security-alert (Dec 08)
[security bulletin] HPSBUX02393 SSRT080057 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) security-alert (Dec 10)
[security bulletin] HPSBST02397 SSRT080187 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-078 security-alert (Dec 24)
[security bulletin] HPSBST02394 SSRT080183 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-070 to MS08-077 security-alert (Dec 19)
[security bulletin] HPSBMA02391 SSRT071481 rev.1 - HP OpenView Reporter and HP Reporter Running on Windows, Remote Denial of Service (DoS) security-alert (Dec 08)
security curmudgeon
Re: chicomas <=2.0.4 Multiple Vulnerabilities security curmudgeon (Dec 20)
s . gottschall
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) s . gottschall (Dec 10)
Simon Ryeo
Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability Simon Ryeo (Dec 15)
TmaxSoft JEUS Alternate Data Streams Vulnerability Simon Ryeo (Dec 15)
Stefan Esser
Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability Stefan Esser (Dec 04)
Steffen Joeris
[SECURITY] [DSA 1678-1] New perl packages fix privilege escalation Steffen Joeris (Dec 03)
[SECURITY] [DSA 1692-1] New php-xajax packages fix cross-site scripting Steffen Joeris (Dec 29)
[SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities Steffen Joeris (Dec 12)
[SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection Steffen Joeris (Dec 20)
Steve Shockley
Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 Steve Shockley (Dec 03)
SVRT-Bkis
[SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM SVRT-Bkis (Dec 03)
[SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops SVRT-Bkis (Dec 08)
th3 . r00k . ieatpork
Two XSS Flaws in PrestaShop 1.1.0.3 th3 . r00k . ieatpork (Dec 08)
Multiple XSRF in DD-WRT (Remote Root Command Execution) th3 . r00k . ieatpork (Dec 08)
XSS in PHPepperShop v 1.4 th3 . r00k . ieatpork (Dec 08)
the . dumenci
php-nuke 8.0 module sections artid blind sql inj vuln. the . dumenci (Dec 30)
Thijs Kinkhorst
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilities Thijs Kinkhorst (Dec 22)
[SECURITY] [DSA 1675-1] New phpmyadmin packages fix cross site scripting Thijs Kinkhorst (Dec 01)
[SECURITY] [DSA 1693-1] New phppgadmin packages fix several vulnerabilities Thijs Kinkhorst (Dec 29)
[SECURITY] [DSA 1682-1] New squirrelmail packages fix cross site scripting Thijs Kinkhorst (Dec 08)
Tobias Heinlein
[ GLSA 200812-17 ] Ruby: Multiple vulnerabilities Tobias Heinlein (Dec 16)
[ GLSA 200812-24 ] VLC: Multiple vulnerabilities Tobias Heinlein (Dec 24)
[ GLSA 200812-16 ] Dovecot: Multiple vulnerabilities Tobias Heinlein (Dec 15)
[ GLSA 200812-14 ] aview: Insecure temporary file usage Tobias Heinlein (Dec 15)
[ GLSA 200812-12 ] Honeyd: Insecure temporary file creation Tobias Heinlein (Dec 12)
Tobias Klein
[TKADV2008-015] Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference Tobias Klein (Dec 18)
[TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability Tobias Klein (Dec 01)
[TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability Tobias Klein (Dec 15)
Ubuntu Privacy Remix Team
[UPRSN] Ubuntu Privacy Remix 8.04r1 fixes security issues Ubuntu Privacy Remix Team (Dec 04)
[UPRSN] Ubuntu Privacy Remix 8.04r2 introduces "noexec"-mounting by default Ubuntu Privacy Remix Team (Dec 22)
uCon Security Conference
CFP uCon Security Conference 2009 - Recife, Brazil uCon Security Conference (Dec 31)
v8i
apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit‎ v8i (Dec 31)
Vladimir '3APA3A' Dubrovin
Re: DoS attacks on MIME-capable software via complex MIME emails Vladimir '3APA3A' Dubrovin (Dec 09)
Re[2]: Multiple XSRF in DD-WRT (Remote Root Command Execution) Vladimir '3APA3A' Dubrovin (Dec 11)
VMware Security team
VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 VMware Security team (Dec 03)
VSR Advisories
CVE-2008-2086: Java Web Start File Inclusion via System Properties Override VSR Advisories (Dec 04)
VulnerabilityAlert
RE: DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal VulnerabilityAlert (Dec 05)
VulnerabilityResearch
DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832 VulnerabilityResearch (Dec 24)
Williams, James K
CA ARCserve Backup LDBserver Vulnerability Williams, James K (Dec 10)
writ3r-dont-want-bugtraq-spam-
FreeSSHd Multiple Remote Stack Overflow Vulnerabilities writ3r-dont-want-bugtraq-spam- (Dec 22)
CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit writ3r-dont-want-bugtraq-spam- (Dec 22)
xhakerman2006
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass xhakerman2006 (Dec 08)
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update- xhakerman2006 (Dec 09)
RadAsm <=2.2.1.5 Local Command Execution xhakerman2006 (Dec 08)
XiaShing
ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities XiaShing (Dec 29)
xl4nothing
Personal Sticky Threads v1.0.3c vbulletin Add-on problem xl4nothing (Dec 24)
yangdn
Nokia N70/N73 Bluetooth Stack OBEX Implementation Denial of Service yangdn (Dec 12)
zdi-disclosures
ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability zdi-disclosures (Dec 05)
ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability zdi-disclosures (Dec 05)
ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability zdi-disclosures (Dec 09)
ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability zdi-disclosures (Dec 08)
ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability zdi-disclosures (Dec 09)
ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability zdi-disclosures (Dec 05)
ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities zdi-disclosures (Dec 05)
ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability zdi-disclosures (Dec 09)
ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability zdi-disclosures (Dec 09)
ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability zdi-disclosures (Dec 05)
ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability zdi-disclosures (Dec 09)
ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection Vulnerability zdi-disclosures (Dec 16)
zimpel
Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability zimpel (Dec 03)
Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability zimpel (Dec 01)