Bugtraq: by thread
297 messages
starting Apr 01 09 and
ending Apr 30 09
Date index |
Thread index |
Author index
- Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities Secunia Research (Apr 01)
- [security bulletin] HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access security-alert (Apr 01)
- VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim VMware Security team (Apr 01)
- [ MDVSA-2009:084 ] firefox security (Apr 01)
- Microsoft Internet Explorer 8 - Anti Spoofing is a Myth Aditya K Sood (Apr 01)
- Re: Microsoft Internet Explorer 8 - Anti Spoofing is a Myth Michal Zalewski (Apr 01)
- Massive exploitation of instant messaging applications proved feasible Julien TINNES (Apr 01)
- [SecNiche Whitepaper] Evading Web XSS Filters with Microsoft Word - WAPT Perspective Aditya K Sood (Apr 01)
- [ MDVSA-2009:083 ] mozilla-thunderbird security (Apr 01)
- Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities Secunia Research (Apr 01)
- OpenX 2.6.4 multiple vulnerabilities publists (Apr 01)
- EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009) Dragos Ruiu (Apr 02)
- [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities Matteo Beccati (Apr 02)
- OSCommerce Session Fixation Vulnerability laurent . desaulniers (Apr 02)
- <Possible follow-ups>
- Re: OSCommerce Session Fixation Vulnerability tech107 (Apr 14)
- Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 dh (Apr 02)
- <Possible follow-ups>
- Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3 prabhup (Apr 10)
- Remote access vulnerability using File Thingie v2.5.4 xiashing (Apr 02)
- Asbru Web Content Management Vulnerabilities Patrick Webster (Apr 02)
- Q2 Solutions ConnX - SQL Injection Vulnerability Patrick Webster (Apr 02)
- [SECURITY] [DSA 1762-1] New icu packages fix cross site scripting Steffen Joeris (Apr 02)
- ContentKeeper - Remote command execution and privilege escalation Patrick Webster (Apr 02)
- [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass Thierry Zoller (Apr 02)
- [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details) Thierry Zoller (Apr 02)
- [TZO-07-2009] F-PROT ZIP Method evasion Thierry Zoller (Apr 02)
- [ MDVSA-2009:085 ] gstreamer0.10-plugins-base security (Apr 02)
- Autodesk IDrop ActiveX Control Heap Corruption Vulnerability Elazar Broad (Apr 03)
- [SECURITY] [DSA 1761-1] New moodle packages fix file disclosure Nico Golde (Apr 03)
- glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit nospam (Apr 03)
- IBM DB2 Dennis Yurichev (Apr 03)
- rPSA-2009-0057-1 m2crypto openssl openssl-scripts rPath Update Announcements (Apr 03)
- [ GLSA 200904-02 ] GLib: Execution of arbitrary code Robert Buchholz (Apr 03)
- Family Connections 1.8.2 Arbitrary File Upload Salvatore "drosophila" Fresta (Apr 03)
- Family Connections <= 1.8.2 - Remote Shell Upload Exploit Salvatore "drosophila" Fresta (Apr 03)
- [ GLSA 200904-03 ] Gnumeric: Untrusted search path Robert Buchholz (Apr 03)
- Cyber Warfare Conference: Agenda k g (Apr 03)
- AST-2009-003: SIP responses expose valid usernames Asterisk Security Team (Apr 03)
- [ GLSA 200904-01 ] Openfire: Multiple vulnerabilities Pierre-Yves Rofes (Apr 03)
- Family Connections 1.8.2 Blind SQL Injection (Correct Version) Salvatore "drosophila" Fresta (Apr 03)
- [ MDVSA-2009:086 ] gstreamer-plugins security (Apr 06)
- VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues VMware Security Team (Apr 06)
- Joomla Component com_bookjoomlas SQL Injection Vulnerability Salvatore "drosophila" Fresta (Apr 06)
- [ MDVSA-2009:087 ] openssl security (Apr 06)
- [ GLSA 200904-04 ] WeeChat: Denial of Service Tobias Heinlein (Apr 06)
- [Aria-Security.com] vBulletin multiple XSS dontcontactorspamme (Apr 06)
- <Possible follow-ups>
- Re: [Aria-Security.com] vBulletin multiple XSS security (Apr 08)
- Amaya 11.1 XHTML Parser Buffer Overflow c1c4tr1z (Apr 06)
- [ GLSA 200904-05 ] ntp: Certificate validation error Pierre-Yves Rofes (Apr 06)
- [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow Tobias Klein (Apr 06)
- [SECURITY] [DSA 1763-1] New openssl packages fix denial of service Moritz Muehlenhoff (Apr 06)
- [security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Apr 07)
- TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow dvlabs (Apr 07)
- ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability ZDI Disclosures (Apr 07)
- [ GLSA 200904-07 ] Xpdf: Untrusted search path Robert Buchholz (Apr 07)
- Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow Secunia Research (Apr 07)
- TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow dvlabs (Apr 07)
- POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration Marco Mella (Apr 07)
- [USN-753-1] PostgreSQL vulnerability Marc Deslauriers (Apr 07)
- OSSTMM 3 Sample Released Pete Herzog (Apr 07)
- [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path Pierre-Yves Rofes (Apr 07)
- [ GLSA 200904-08 ] OpenSSL: Denial of Service Robert Buchholz (Apr 07)
- [USN-752-1] Linux kernel vulnerabilities Kees Cook (Apr 07)
- MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] Tom Yu (Apr 07)
- LayerOne 2009 - Registration Open, Initial Speakers Announced LayerOne Call For Papers (Apr 07)
- [security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access security-alert (Apr 07)
- MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] Tom Yu (Apr 07)
- [USN-754-1] ClamAV vulnerabilities Jamie Strandboge (Apr 07)
- [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Mark Thomas (Apr 07)
- [SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities Moritz Muehlenhoff (Apr 08)
- [SECURITY] [DSA 1765-1] New horde3 packages fix several vulnerabilities Steffen Joeris (Apr 08)
- [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability Bkis (Apr 08)
- rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (Apr 08)
- [USN-755-1] Kerberos vulnerabilities Kees Cook (Apr 08)
- Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
- Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
- Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
- Re: Adgregate ShopAd widget validation is vulnerable to replay attack Matthew Dempsky (Apr 08)
- SASPCMS Multiple Vulnerabilities admin (Apr 08)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances Cisco Systems Product Security Incident Response Team (Apr 08)
- OTSTurntables 1.00.027 (.ofl file) Local universal SOF Exploit alphanix00 (Apr 08)
- net2ftp <= 0.97 Cross-Site Scripting/Request Forgery c1c4tr1z (Apr 09)
- [ GLSA 200904-11 ] Tor: Multiple vulnerabilities Robert Buchholz (Apr 09)
- OpenVAS now beyond 10000 Network Vulnerability Tests Michael Wiegand (Apr 09)
- AdaptBB 1.0 Beta Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Apr 09)
- FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability noreply-secresearch () fortinet com (Apr 09)
- Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability nospam (Apr 09)
- Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit nospam (Apr 09)
- Exjune Guestbook v2 Remote Database Disclosure Exploit alphanix00 (Apr 09)
- [SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities Nico Golde (Apr 09)
- [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code security-alert (Apr 09)
- [ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities Robert Buchholz (Apr 09)
- IBM BladeCenter Advanced Management Module Multiple vulnerabilities Henri Lindberg - Smilehouse Oy (Apr 09)
- [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service Nico Golde (Apr 09)
- [ GLSA 200904-10 ] Avahi: Denial of Service Robert Buchholz (Apr 09)
- Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Secunia Research (Apr 09)
- [security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data security-alert (Apr 09)
- [ MDVSA-2009:088 ] wireshark security (Apr 09)
- Reminder: RAID 2009 CFP Corrado Leita (Apr 09)
- [ MDVSA-2009:089 ] opensc security (Apr 10)
- [DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow DSecRG (Apr 10)
- Bid 34130 Invalid vpandey (Apr 10)
- PHP-agenda <= 2.2.5 Remote File Overwriting Salvatore "drosophila" Fresta (Apr 10)
- Loggix Project 9.4.5 Blind SQL Injection Salvatore "drosophila" Fresta (Apr 10)
- PHP 5.2.9 curl safe_mode & open_basedir bypass cxib (Apr 10)
- [SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation Florian Weimer (Apr 10)
- Summer Camp Garrotxa 2009 event Gerardo García Peña (Apr 10)
- [SECURITY] [DSA 1768-1] New openafs packages potential code execution Florian Weimer (Apr 10)
- [DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download DSecRG (Apr 10)
- [ MDVSA-2009:090 ] php security (Apr 10)
- [ GLSA 200904-12 ] Wicd: Information disclosure Tobias Heinlein (Apr 10)
- Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Apr 10)
- VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability VMware Security Team (Apr 10)
- Opening Intranets to attack by using Internet Explorer [paper] Cesar (Apr 10)
- [SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution Florian Weimer (Apr 11)
- [BMSA 2009-04] Remote DoS in Internet Explorer Nam Nguyen (Apr 11)
- In Response to Bid 34130 Invalid Aditya K Sood (Apr 11)
- <Possible follow-ups>
- Re: In Response to Bid 34130 Invalid vpandey (Apr 11)
- HP Deskjet 6800 XSS in Web Interface mcyr2 (Apr 11)
- ftpdmin v. 0.96 RNFR remote buffer overflow exploit nospam (Apr 11)
- [ MDVSA-2009:091 ] mod_perl security (Apr 13)
- Hacker Space Fest 2009 CFP: Call For Paper Philippe Mailinglist (Apr 13)
- Re: Critical SQL Injection PHPNuke <= 7.8 - Your_Account module mefuentes61 (Apr 13)
- [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting Steffen Joeris (Apr 13)
- [Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities Valery Marchuk (Apr 13)
- OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic) rembrandt (Apr 13)
- [USN-756-1] ClamAV vulnerability Jamie Strandboge (Apr 13)
- [ MDVSA-2009:092 ] ntp security (Apr 13)
- Re: PHP-Revista Multiple vulnerabilities marianiscc (Apr 13)
- MonGoose 2.4 Directory Traversal Vulnerability ew1zz (Apr 14)
- Re: [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure Anonymous (Apr 14)
- BugCON '09, Mexico: Call For Papers Carlos Augusto (Apr 14)
- [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities DSecRG (Apr 14)
- <Possible follow-ups>
- Re: [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities sales (Apr 23)
- iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability iDefense Labs (Apr 14)
- [ GLSA 200904-13 ] Ventrilo: Denial of Service Pierre-Yves Rofes (Apr 14)
- ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability ZDI Disclosures (Apr 14)
- [ GLSA 200904-14 ] F-PROT Antivirus: Denial of Service Pierre-Yves Rofes (Apr 14)
- Zervit Webserver Buffer Overflow ewizz (Apr 15)
- Microsoft Office Excel Remote Memory Corruption Vulnerability noreply-secresearch () fortinet com (Apr 15)
- Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow Secunia Research (Apr 15)
- Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method Secunia Research (Apr 15)
- [USN-757-1] Ghostscript vulnerabilities Marc Deslauriers (Apr 15)
- Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow Secunia Research (Apr 15)
- SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming Bernhard Mueller (Apr 15)
- HITBSecConf2009 - Malaysia: Call for Papers S. Praburaajan (Apr 15)
- Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow Secunia Research (Apr 15)
- XSS with mod_perl perl_status utility antonia . goodwin (Apr 15)
- SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure Vulnerability Bernhard Mueller (Apr 15)
- [USN-758-1] udev vulnerabilities Kees Cook (Apr 15)
- [SECURITY] [DSA 1771-1] New clamav packages fix several vulnerabilities Florian Weimer (Apr 16)
- SQL Injection in package DBMS_AQIN ak (Apr 16)
- Unprivileged DB users can see APEX password hashes ak (Apr 16)
- Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow Secunia Research (Apr 16)
- Phorum < 5.2.10 Cross-Site Scripting/Request Forgery research (Apr 16)
- Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit nospam (Apr 16)
- iDefense Security Advisory 04.15.09: IBM AIX muxatmd Buffer Overflow Vulnerability iDefense Labs (Apr 16)
- [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation Florian Weimer (Apr 16)
- SQL Injection in package DBMS_AQADM_SYS ak (Apr 16)
- webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY-- y3nh4ck3r (Apr 16)
- iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability iDefense Labs (Apr 16)
- DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues ddvulnalert (Apr 16)
- skpd: A tool to dump processes to executable ELF files Albert Sellarès (Apr 16)
- [DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities DSecRG (Apr 16)
- [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt DSecRG (Apr 16)
- [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities DSecRG (Apr 16)
- Miniweb server Multiple Vulnerabilities ew1zz (Apr 16)
- Miniweb Buffer Overflow ew1zz (Apr 16)
- [USN-760-1] CUPS vulnerability Jamie Strandboge (Apr 17)
- rPSA-2009-0062-1 tshark wireshark rPath Update Announcements (Apr 17)
- ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service mozilla (Apr 17)
- [TZO-08-2009] Bitdefender generic bypass/evasion Thierry Zoller (Apr 17)
- [TZO-09-2009] Avast bypass / evasion (Limited details) Thierry Zoller (Apr 17)
- [USN-759-1] poppler vulnerabilities Marc Deslauriers (Apr 17)
- [SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution Steffen Joeris (Apr 17)
- rPSA-2009-0061-1 cups rPath Update Announcements (Apr 17)
- rPSA-2009-0063-1 udev rPath Update Announcements (Apr 17)
- [IMF 2009] 2nd Call for Papers - Submission Open Oliver Goebel (Apr 17)
- rPSA-2009-0064-1 icu rPath Update Announcements (Apr 17)
- Tiny Blogr 1.0.0 rc4 Authentication Bypass Salvatore "drosophila" Fresta (Apr 17)
- [SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting Steffen Joeris (Apr 17)
- [ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code Robert Buchholz (Apr 17)
- [TZO-11-2009] Fortinet bypass / evasion (Limited details) Thierry Zoller (Apr 17)
- Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow Secunia Research (Apr 17)
- rPSA-2009-0060-1 ghostscript rPath Update Announcements (Apr 17)
- [TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details) Thierry Zoller (Apr 17)
- Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability Secunia Research (Apr 17)
- rPSA-2009-0059-1 poppler rPath Update Announcements (Apr 17)
- [ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code Pierre-Yves Rofes (Apr 17)
- CLAN TIGER CMS--(module custompage.php) BLIND SQL INJECTION--> y3nh4ck3r (Apr 17)
- CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES--> y3nh4ck3r (Apr 17)
- CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)--> y3nh4ck3r (Apr 17)
- Malleo 1.2.3 Local File Inclusion Vulnerability Salvatore "drosophila" Fresta (Apr 17)
- [ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code Robert Buchholz (Apr 20)
- [ GLSA 200904-18 ] udev: Multiple vulnerabilities Pierre-Yves Rofes (Apr 20)
- [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities Pierre-Yves Rofes (Apr 20)
- [SECURITY] [DSA 1775-1] New php-json-ext packages fix denial of service Steffen Joeris (Apr 20)
- CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION y3nh4ck3r (Apr 20)
- Cross-site Scripting vulnerability in Stronghold/2.3 Apache/1.2.6 C2NetUS/2007 XiaShing (Apr 20)
- Linksys WRT54GC - Admin Password Change (POC) gabriel (Apr 20)
- Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Apr 20)
- Sungard Banner System XSS reportback (Apr 20)
- WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit--> y3nh4ck3r (Apr 20)
- Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI--> y3nh4ck3r (Apr 20)
- Creasito e-commerce content manager Authentication Bypass Salvatore "drosophila" Fresta (Apr 20)
- Windows Update (re-)installs outdated Flash ActiveX on Windows XP Stefan Kanthak (Apr 20)
- Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Vladimir '3APA3A' Dubrovin (Apr 22)
- Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Andrew Kuriger (Apr 23)
- Re: Windows Update (re-)installs outdated Flash ActiveX on Windows XP Vladimir '3APA3A' Dubrovin (Apr 22)
- Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details) Thierry Zoller (Apr 20)
- [security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges security-alert (Apr 20)
- [security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access security-alert (Apr 20)
- Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) mcyr2 (Apr 20)
- Re: Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth) Jeremy Brown (Apr 21)
- [USN-761-1] PHP vulnerabilities Marc Deslauriers (Apr 21)
- [USN-762-1] APT vulnerabilities Jamie Strandboge (Apr 21)
- [USN-763-1] xine-lib vulnerabilities Marc Deslauriers (Apr 21)
- CVE-2009-0991 PoC Dennis Yurichev (Apr 21)
- [SECURITY] [DSA 1777-1] New git-core packages fix privilege escalation Thijs Kinkhorst (Apr 21)
- Trend Micro OfficeScan Client - DOS jplopezy (Apr 21)
- Re: Trend Micro OfficeScan Client - DOS Thierry Zoller (Apr 21)
- [SECURITY] [DSA 1776-1] New slurm-llnl packages fix privilege escalation Thijs Kinkhorst (Apr 21)
- MixedCMS 1.0--Multiple Remote Vulnerabilities--> y3nh4ck3r (Apr 21)
- Python winappdbg module v1.0 is out! Mario Alejandro Vilas Jerez (Apr 21)
- CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator CORE Security Technologies Advisories (Apr 21)
- SAP Cfolders Multiple Linked XSS Vulnerabilities Digital Security Research Group [DSecRG] (Apr 22)
- SAP Cfolders Multiple Stored XSS Vulnerabilies Digital Security Research Group [DSecRG] (Apr 22)
- [TZO-12-2009] SUN / Oracle JVM Remote code execution Thierry Zoller (Apr 22)
- FreeBSD Security Advisory FreeBSD-SA-09:08.openssl FreeBSD Security Advisories (Apr 22)
- [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities Bkis (Apr 22)
- Re: [Bkis-07-2009] 010 Editor Multiple Buffer Overflow Vulnerabilities Tavis Ormandy (Apr 22)
- [Tool] sqlmap 0.7rc1 released Bernardo Damele A. G. (Apr 22)
- FreeBSD Security Advisory FreeBSD-SA-09:07.libc FreeBSD Security Advisories (Apr 22)
- [ MDVSA-2009:093 ] mpg123 security (Apr 22)
- [SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting Nico Golde (Apr 22)
- [ MDVSA-2009:094 ] mysql security (Apr 22)
- [USN-764-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Apr 23)
- FOWLCMS 1.1--Multiple Remote Vulnerabilities--> y3nh4ck3r (Apr 23)
- [ GLSA 200904-20 ] CUPS: Multiple vulnerabilities Pierre-Yves Rofes (Apr 24)
- WOOT'09 call for papers Alexander Sotirov (Apr 24)
- CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability Mark Thomas (Apr 24)
- Formshield Captcha - Older Version vulnerable to replay attacks arvind doraiswamy (Apr 24)
- <Possible follow-ups>
- Re: Formshield Captcha - Older Version vulnerable to replay attacks arvind doraiswamy (Apr 28)
- RE: Cisco ASA5520 Web VPN Host Header XSS Mark-David McLaughlin (marmclau) (Apr 24)
- Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities Salvatore "drosophila" Fresta (Apr 24)
- REMOTE SQL INJECTION (SQLi) VULNERABILITY--Photo-Rigma.BiZ v30--> y3nh4ck3r (Apr 24)
- Juniper Advisory security (Apr 24)
- [ MDVSA-2009:095 ] ghostscript security (Apr 24)
- MSL-2009-001 - Samsung Missing Provisioning Authentication Mobile Security Lab (Apr 24)
- [ MDVSA-2009:096 ] printer-drivers security (Apr 24)
- Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication Robbie Gill (Apr 24)
- [ MDVSA-2009:097 ] clamav security (Apr 27)
- <Possible follow-ups>
- [ MDVSA-2009:097 ] clamav security (Apr 27)
- Remote iodinetd DoS vulnerability on Debian Lenny Albert Sellarès (Apr 27)
- T2'09: Call for Papers 2009 (Helsinki / Finland) Tomi Tuominen (Apr 27)
- MataChat Cross-Site Scripting Vulnerabilities IrIsT . Ir (Apr 27)
- [TZO-13-2009] Avira Antivir generic CAB evasion / bypass Thierry Zoller (Apr 27)
- Errata: [TZO-13-2009] Avira Antivir generic CAB evasion / bypass Thierry Zoller (Apr 28)
- [TZO-15-2009] Aladdin eSafe generic bypass - Forced release Thierry Zoller (Apr 27)
- [SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities Thijs Kinkhorst (Apr 27)
- SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2--> y3nh4ck3r (Apr 27)
- <Possible follow-ups>
- RE: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2--> Memisyazici, Aras (Apr 28)
- [TZO-14-2009] Comodo Antivirus RAR evasion Thierry Zoller (Apr 27)
- [ MDVSA-2009:096-1 ] printer-drivers security (Apr 27)
- DDIVRT-2009-24 Precidia Ether232 Memory Corruption ddivulnalert (Apr 27)
- [security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Apr 27)
- [ MDVSA-2009:098 ] krb5 security (Apr 27)
- [ MDVSA-2009:099 ] openafs security (Apr 28)
- Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass security (Apr 28)
- [security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access security-alert (Apr 28)
- security tools list Ying (Apr 28)
- Re: security tools list Andrew L. Davis (Apr 28)
- Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow Secunia Research (Apr 28)
- [USN-767-1] FreeType vulnerability Marc Deslauriers (Apr 28)
- [USN-761-2] PHP vulnerabilities Marc Deslauriers (Apr 28)
- one shot remote root for linux? Gadi Evron (Apr 28)
- MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> y3nh4ck3r (Apr 28)
- [USN-766-1] acpid vulnerability Marc Deslauriers (Apr 28)
- [USN-765-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Apr 28)
- iDefense Security Advisory 04.28.09: TIBCO SmartSockets Stack Buffer Overflow Vulnerability iDefense Labs (Apr 28)
- [SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution Florian Weimer (Apr 28)
- [SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution Steffen Joeris (Apr 29)
- [ MDVA-2009:057 ] usermode security (Apr 29)
- [ MDVSA-2009:101 ] xpdf security (Apr 29)
- Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness Positron Security (Apr 29)
- [SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution Steffen Joeris (Apr 29)
- [SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities Devin Carraway (Apr 29)
- Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 SEC Consult Research (Apr 29)
- Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit nospam (Apr 29)
- <Possible follow-ups>
- Re: Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit secure (Apr 30)
- Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller (Apr 29)
- SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final--> y3nh4ck3r (Apr 29)
- ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability ZDI Disclosures (Apr 29)
- Re: ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability Steve Shockley (Apr 30)
- [TZO-16-2009] Nod32 CAB bypass/evasion Thierry Zoller (Apr 29)
- [security bulletin] HPSBMA02400 SSRT080144 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Apr 29)
- [TZO-17-2009]Trendmicro multiple bypass/evasions Thierry Zoller (Apr 29)
- iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability iDefense Labs (Apr 29)
- Security tools list: First Version Ying (Apr 30)
- MULTIPLE REMOTE VULNERABILITIES--Leap CMS 0.1.4--> y3nh4ck3r (Apr 30)