Bugtraq: by thread
289 messages
starting Mar 02 09 and
ending Mar 31 09
Date index |
Thread index |
Author index
- [SECURITY] [DSA 1719-2] New GNUTLS packages fix regression Florian Weimer (Mar 02)
- Weekly Web Hacking Incidents update for Feb 25th Ofer Shezaf (Mar 02)
- Re: djbdns misformats some long response packets; patch and example attack Matthew Dempsky (Mar 02)
- <Possible follow-ups>
- Re: djbdns misformats some long response packets; patch and example attack Matthew Dempsky (Mar 05)
- Afian Document Manager Local File Inclusion contact (Mar 02)
- Re: Nokia N95-8 browser denial of service MustLive (Mar 02)
- YEKTA WEB Academic Web Tools CMS Multiple XSS mr . faghani (Mar 02)
- BlogMan 0.45 Multiple Vulnerabilities Salvatore "drosophila" Fresta (Mar 02)
- EZ-Blog Beta 1 Multiple SQL Injection Salvatore "drosophila" Fresta (Mar 02)
- Announcing Cap'r Mak'r kowsik (Mar 02)
- [CFP] FRHACK 2nd Call For Papers Jerome Athias (Mar 02)
- [security bulletin] HPSBUX02401 SSRT090005 rev.3 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF) security-alert (Mar 02)
- [SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities Steffen Joeris (Mar 02)
- rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl rPath Update Announcements (Mar 02)
- [ISecAuditors Security Advisories] eXtplorer Remote Code Execution ISecAuditors Security Advisories (Mar 02)
- [SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites Steffen Joeris (Mar 02)
- [ MDVSA-2009:062 ] shadow-utils security (Mar 02)
- Re: Re: Local vulnerability in suexec + FastCGI + PHP configurations security . 432 (Mar 02)
- RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability Salvatore "drosophila" Fresta (Mar 02)
- Blogsa <= 1.0 Beta 3 XSS Vulnerability contact (Mar 02)
- [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability Steffen Joeris (Mar 02)
- [SECURITY] [DSA 1732-1] New squid3 packages fix denial of service Steffen Joeris (Mar 03)
- WARNING - CORRECT: BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI) Salvatore "drosophila" Fresta (Mar 03)
- [ MDVSA-2009:063 ] eog security (Mar 03)
- Zabbix 1.6.2 Frontend Multiple Vulnerabilities ascii (Mar 03)
- Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities Roberto Muñoz Fernandez (Mar 06)
- Re: Zabbix 1.6.2 Frontend Multiple Vulnerabilities Eygene Ryabinkin (Mar 09)
- [SECURITY] [DSA 1733-1] New vim packages fix multiple vulnerabilities Steffen Joeris (Mar 03)
- Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability Secunia Research (Mar 03)
- Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability Secunia Research (Mar 03)
- BlindBlog 1.3.1 Multiple Vulnerabilities (SQL Inj - Auth Bypass - LFI) Salvatore "drosophila" Fresta (Mar 03)
- [USN-726-1] curl vulnerability Marc Deslauriers (Mar 03)
- [USN-727-1] network-manager-applet vulnerabilities Marc Deslauriers (Mar 03)
- [USN-727-2] NetworkManager vulnerability Marc Deslauriers (Mar 03)
- [ MDVSA-2009:064 ] imap security (Mar 03)
- NovaBoard <= 1.0.1 / XSS Vulnerability Jose Luis (Mar 03)
- [USN-726-2] curl regression Marc Deslauriers (Mar 04)
- Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 04)
- CelerBB 0.0.2 Multiple Vulnerabilities Salvatore "drosophila" Fresta (Mar 05)
- Re: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability iDefense Labs (Mar 05)
- SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7) nospam (Mar 05)
- libc:fts_*():multiple vendors, Denial-of-service cxib (Mar 05)
- ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability ZDI Disclosures (Mar 05)
- iDefense COMRaider, ActiveX controls, and browser configuration Steven M. Christey (Mar 05)
- Re: iDefense COMRaider, ActiveX controls, and browser configuration Vladimir '3APA3A' Dubrovin (Mar 06)
- [ MDVSA-2009:065 ] php4 security (Mar 05)
- [ MDVSA-2009:066 ] php security (Mar 05)
- [USN-729-1] Python Crypto vulnerability Kees Cook (Mar 06)
- [USN-728-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Mar 06)
- [USN-728-2] Firefox vulnerabilities Jamie Strandboge (Mar 06)
- [USN-728-3] Firefox vulnerabilities Jamie Strandboge (Mar 06)
- [ MDVSA-2009:067 ] libsndfile security (Mar 06)
- [USN-730-1] libpng vulnerabilities Jamie Strandboge (Mar 06)
- [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability aanisimov (Mar 06)
- Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass) Salvatore "drosophila" Fresta (Mar 06)
- [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application Mark Thomas (Mar 06)
- DEFCON CTF Submissions are in, DC-16 video online! The Dark Tangent (Mar 06)
- WarVOX 1.0.0 Released H D Moore (Mar 06)
- [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability aanisimov (Mar 06)
- [ MDVSA-2009:068 ] poppler security (Mar 06)
- [ GLSA 200903-01 ] Vinagre: User-assisted execution of arbitrary code Pierre-Yves Rofes (Mar 06)
- nForum 1.5 Multiple SQL Injection Salvatore "drosophila" Fresta (Mar 06)
- [ GLSA 200903-02 ] ZNC: Privilege escalation Tobias Heinlein (Mar 09)
- [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code Tobias Heinlein (Mar 09)
- [ GLSA 200903-04 ] DevIL: User-assisted execution of arbitrary code Tobias Heinlein (Mar 09)
- [ MDVSA-2009:069 ] curl security (Mar 09)
- [ MDVSA-2009:068-1 ] poppler security (Mar 09)
- [ GLSA 200903-05 ] PDFjam: Multiple vulnerabilities Robert Buchholz (Mar 09)
- [ GLSA 200903-06 ] nfs-utils: Access restriction bypass Robert Buchholz (Mar 09)
- [ GLSA 200903-07 ] Samba: Data disclosure Robert Buchholz (Mar 09)
- [ GLSA 200903-08 ] gEDA: Insecure temporary file creation Robert Buchholz (Mar 09)
- [ GLSA 200903-09 ] OpenTTD: Execution of arbitrary code Robert Buchholz (Mar 09)
- phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS) Salvatore "drosophila" Fresta (Mar 09)
- [ GLSA 200903-10 ] Irrlicht: User-assisted execution of arbitrary code Pierre-Yves Rofes (Mar 09)
- Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system alexchf . fyp (Mar 09)
- Re: Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control system Julien Thomas (Mar 09)
- Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability Secunia Research (Mar 09)
- [ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code Robert Buchholz (Mar 09)
- [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code Robert Buchholz (Mar 09)
- [ GLSA 200903-13 ] MPFR: Denial of Service Robert Buchholz (Mar 09)
- [ GLSA 200903-14 ] BIND: Incorrect signature verification Robert Buchholz (Mar 09)
- [ GLSA 200903-15 ] git: Multiple vulnerabilties Robert Buchholz (Mar 09)
- [ GLSA 200903-16 ] Epiphany: Untrusted search path Robert Buchholz (Mar 09)
- [ GLSA 200903-17 ] Real VNC: User-assisted execution of arbitrary code Robert Buchholz (Mar 09)
- [ GLSA 200903-18 ] Openswan: Insecure temporary file creation Robert Buchholz (Mar 09)
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation Paul Wouters (Mar 09)
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation Robert Buchholz (Mar 10)
- Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation Paul Wouters (Mar 09)
- [ GLSA 200903-19 ] Xerces-C++: Denial of Service Robert Buchholz (Mar 09)
- [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities Robert Buchholz (Mar 09)
- DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability ddivulnalert (Mar 09)
- DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability ddivulnalert (Mar 09)
- Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability Elazar Broad (Mar 09)
- [ GLSA 200903-21 ] cURL: Arbitrary file access Tobias Heinlein (Mar 09)
- Foxit Reader Multiple Vulnerabilities (CORE-2009-0218) Core Security Technologies Advisories (Mar 09)
- SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability Bernhard Mueller (Mar 10)
- SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability Bernhard Mueller (Mar 10)
- SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability Bernhard Mueller (Mar 10)
- Aryanic HighCMS and HighPortal multiple Vulnerabilities mr . faghani (Mar 10)
- [ GLSA 200903-22 ] Ganglia: Execution of arbitrary code Robert Buchholz (Mar 10)
- Multiple Vulnerabilities in iAntiVirus Carsten Eilers (Mar 10)
- [ MDVSA-2009:070 ] openoffice.org security (Mar 10)
- FINAL: Call for Papers on Cyber Warfare k g (Mar 10)
- Paper: Socket Capable Browser Plugins Result In Transparent Proxy Abuse robert (Mar 10)
- Addonics NAS Adapter Post-Auth DoS mcyr2 (Mar 10)
- [USN-731-1] Apache vulnerabilities Marc Deslauriers (Mar 10)
- [USN-732-1] dash vulnerability Marc Deslauriers (Mar 10)
- AST-2009-002: Remote Crash Vulnerability in SIP channel driver Asterisk Security Team (Mar 10)
- [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities vuln (Mar 10)
- [ MDVSA-2009:071 ] kernel security (Mar 10)
- [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability ISecAuditors Security Advisories (Mar 10)
- [SECURITY] [DSA 1735-1] New znc packages fix privilege escalation Florian Weimer (Mar 10)
- Sun Java System Communications Express [HTML Injection] sosoblood (Mar 11)
- <Possible follow-ups>
- Re: Sun Java System Communications Express [HTML Injection] sosoblood (Mar 12)
- [ GLSA 200903-24 ] Shadow: Privilege escalation Pierre-Yves Rofes (Mar 11)
- [ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilities Pierre-Yves Rofes (Mar 11)
- [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting Steffen Joeris (Mar 11)
- [security bulletin] HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities security-alert (Mar 11)
- [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access security-alert (Mar 11)
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Matthew Dempsky (Mar 11)
- Re: Adobe Flash Player plug-in null pointer dereference and browser crash Alex Legler (Mar 12)
- [SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access Nico Golde (Mar 11)
- Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 11)
- TOORCAMP 2009 CALL FOR PARTICIPATION h1kari (Mar 12)
- TikiWiki 2.2 XSS Vulnerability in URI iliz-z (Mar 12)
- <Possible follow-ups>
- Re: TikiWiki 2.2 XSS Vulnerability in URI danny (Mar 13)
- [ MDVSA-2009:072 ] perl-MDK-Common security (Mar 12)
- POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability Krakow Labs (Mar 12)
- [ MDVSA-2009:073 ] sarg security (Mar 12)
- [USN-724-1] Squid vulnerability Jamie Strandboge (Mar 12)
- [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities Steffen Joeris (Mar 12)
- [ GLSA 200903-25 ] Courier Authentication Library: SQL Injection vulnerability Pierre-Yves Rofes (Mar 12)
- [ GLSA 200903-26 ] TMSNC: Execution of arbitrary code Robert Buchholz (Mar 12)
- Trellis Desk v1.0 XSS Vulnerability larry (Mar 12)
- [ MDVSA-2009:074 ] libneon0.27 security (Mar 12)
- flv2mpeg4: Malformed parameters Denial of Service Anon (Mar 12)
- [security bulletin] HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access security-alert (Mar 12)
- [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service Valery Marchuk (Mar 12)
- [oCERT-2008-015] glib and glib-predecessor heap overflows Will Drewry (Mar 12)
- rPSA-2009-0042-1 curl rPath Update Announcements (Mar 13)
- rPSA-2009-0041-1 dhclient dhcp libdhcp4client rPath Update Announcements (Mar 13)
- [ GLSA 200903-27 ] ProFTPD: Multiple vulnerabilities Pierre-Yves Rofes (Mar 13)
- rPSA-2009-0040-1 tshark wireshark rPath Update Announcements (Mar 13)
- Apple iTunes DAAP Messages Handling Denial of Service Vulnerability secresearch () fortinet com (Mar 13)
- rPSA-2009-0046-1 libpng rPath Update Announcements (Mar 13)
- rPSA-2009-0045-1 glib rPath Update Announcements (Mar 13)
- GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit nospam (Mar 13)
- [Positive Technologies SA:2009-15] Living CMS Cross-Site Scripting vulnerability aanisimov (Mar 13)
- [Positive Technologies SA:2009-14] BLOG CMS Cross-Site Scripting vulnerability aanisimov (Mar 13)
- [Positive Technologies SA:2009-20] A.CMS Multiple Vulnerabilities aanisimov (Mar 13)
- [ MDVSA-2009:075 ] firefox security (Mar 13)
- [SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure Florian Weimer (Mar 13)
- Infopop UBB.Threads Admin Credentials via SQL Injection swhite (Mar 13)
- [SECURITY] [DSA 1740-1] New yaws packages fix denial of service Steffen Joeris (Mar 16)
- [ MDVSA-2009:076 ] avahi security (Mar 16)
- [SECURITY] [DSA 1741-1] New psi packages fix denial of service Moritz Muehlenhoff (Mar 16)
- [ GLSA 200903-28 ] libpng: Multiple vulnerabilities Pierre-Yves Rofes (Mar 16)
- [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36 Bkis (Mar 16)
- rosoft media player local BOF exploit multi tagets maroc-anti-connexion (Mar 16)
- [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow Bkis (Mar 16)
- [SECURITY] [DSA 1742-1] New libsnd packages fix arbitrary code execution Nico Golde (Mar 16)
- NGENUITY-2009-005 OpenCart Order By Blind SQL Injection Adam Baldwin (Mar 16)
- reporting CVE rahimeh . khodadadi (Mar 16)
- [USN-734-1] FFmpeg vulnerabilities Marc Deslauriers (Mar 17)
- [USN-738-1] GLib vulnerability Jamie Strandboge (Mar 17)
- [USN-733-1] evolution-data-server vulnerability Marc Deslauriers (Mar 17)
- CPANEL File Manager XSS Vulnerability rizki . wicaksono (Mar 17)
- [USN-736-1] GStreamer Good Plugins vulnerabilities Marc Deslauriers (Mar 17)
- [ GLSA 200903-29 ] BlueZ: Arbitrary code execution Pierre-Yves Rofes (Mar 17)
- HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration Henri Lindberg (Mar 17)
- PHPRunner SQL Injection admin (Mar 17)
- [SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution Steffen Joeris (Mar 17)
- [USN-735-1] GStreamer Base Plugins vulnerability Marc Deslauriers (Mar 17)
- [ GLSA 200903-30 ] Opera: Multiple vulnerabilities Tobias Heinlein (Mar 17)
- [USN-737-1] libsoup vulnerability Marc Deslauriers (Mar 17)
- [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability vuln (Mar 17)
- [USN-739-1] Amarok vulnerabilities Marc Deslauriers (Mar 17)
- DEFCON London DC4420 March meeting - Thursday 19th March Major Malfunction (Mar 17)
- [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability vuln (Mar 17)
- [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability vuln (Mar 17)
- [ GLSA 200903-31 ] libcdaudio: User-assisted execution of arbitrary code Pierre-Yves Rofes (Mar 17)
- iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability iDefense Labs (Mar 18)
- Sitecore .NET 5.3.x - web service information disclosure security . assurance (Mar 18)
- Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5 dh (Mar 18)
- [USN-740-1] NSS vulnerability Jamie Strandboge (Mar 18)
- [SECURITY] [DSA 1744-1] New weechat packages fix denial of service Nico Golde (Mar 18)
- CDex v1.70b2 (.ogg) local buffer overflow exploit poc nospam (Mar 18)
- [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS) ISecAuditors Security Advisories (Mar 19)
- [ GLSA 200903-32 ] phpMyAdmin: Multiple vulnerabilities Pierre-Yves Rofes (Mar 19)
- Command Execution in Hannon Hill Cascade Server Elliot Kendall (Mar 19)
- [USN-742-1] JasPer vulnerabilities Marc Deslauriers (Mar 19)
- rPSA-2009-0050-1 ghostscript rPath Update Announcements (Mar 19)
- Slides from uCon Security Conference 2009 available online uCon Security Conference (Mar 19)
- [ MDVSA-2009:060-1 ] nfs-utils security (Mar 20)
- [USN-741-1] Thunderbird vulnerabilities Jamie Strandboge (Mar 20)
- [SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution Steffen Joeris (Mar 20)
- LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) Chris Evans (Mar 20)
- [ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities Pierre-Yves Rofes (Mar 20)
- [security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Mar 20)
- [SECURITY] [DSA 1746-1] New ghostscript packages fix arbitrary code execution Steffen Joeris (Mar 20)
- [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution Steffen Joeris (Mar 20)
- Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh) nospam (Mar 20)
- [SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution Steffen Joeris (Mar 20)
- [oCERT-2009-003] LittleCMS integer errors Andrea Barisani (Mar 20)
- [ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code Tobias Heinlein (Mar 20)
- [SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier (Mar 21)
- [SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Mar 23)
- ExpressionEngine Persistent Cross-Site Scripting Adam Baldwin (Mar 23)
- Rittal CMC-TC Processing Unit II multiple vulnerabilities Henri Lindberg - Smilehouse Oy (Mar 23)
- [ MDVSA-2009:077 ] pam security (Mar 23)
- [SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities Florian Weimer (Mar 23)
- FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer FreeBSD Security Advisories (Mar 23)
- CORE-2009-0122: HP OpenView Buffer Overflows CORE Security Technologies Advisories (Mar 23)
- [SECURITY] [DSA 1752-1] New webcit packages fix potential remote code execution Florian Weimer (Mar 23)
- [ MDVSA-2009:078 ] evolution-data-server security (Mar 23)
- [ MDVSA-2009:079 ] postgresql security (Mar 23)
- [USN-743-1] Ghostscript vulnerabilities Marc Deslauriers (Mar 23)
- [USN-744-1] LittleCMS vulnerabilities Marc Deslauriers (Mar 23)
- [ GLSA 200903-35 ] Muttprint: Insecure temporary file usage Pierre-Yves Rofes (Mar 24)
- [ GLSA 200903-36 ] MLDonkey: Information disclosure Pierre-Yves Rofes (Mar 24)
- [ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code Pierre-Yves Rofes (Mar 24)
- [security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Mar 24)
- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation (php.ini independent) nospam (Mar 24)
- ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability ZDI Disclosures (Mar 24)
- [security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege security-alert (Mar 24)
- [SECURITY] [DSA 1753-1] End-of-life announcement for Iceweasel in oldstable Moritz Muehlenhoff (Mar 24)
- iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability iDefense Labs (Mar 24)
- [ GLSA 200903-38 ] Squid: Multiple Denial of Service vulnerabilities Pierre-Yves Rofes (Mar 25)
- Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Secunia Research (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Florian Weimer (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Eric C. Lukens (Mar 25)
- Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Vladimir '3APA3A' Dubrovin (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Eric C. Lukens (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Florian Weimer (Mar 25)
- [SECURITY] [DSA 1745-2] New lcms packages fix regression Steffen Joeris (Mar 25)
- Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Mar 25)
- Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Mar 25)
- Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities Cisco Systems Product Security Incident Response Team (Mar 25)
- Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability Cisco Systems Product Security Incident Response Team (Mar 25)
- Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities Cisco Systems Product Security Incident Response Team (Mar 25)
- [SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation Moritz Muehlenhoff (Mar 25)
- CFP RAID 2009 Corrado Leita (Mar 25)
- [ GLSA 200903-39 ] pam_krb5: Privilege escalation Pierre-Yves Rofes (Mar 26)
- [Bkis-05-2009] PowerCHM Stack-based Buffer Overflow Bkis (Mar 26)
- ICAP adaptation: missing data flow control to client side Martin Huter (Mar 27)
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability iDefense Labs (Mar 27)
- [USN-746-1] xine-lib vulnerability Marc Deslauriers (Mar 27)
- [USN-747-1] ICU vulnerability Marc Deslauriers (Mar 27)
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability iDefense Labs (Mar 27)
- [ MDVSA-2009:080 ] glib2.0 security (Mar 27)
- [USN-748-1] OpenJDK vulnerabilities Kees Cook (Mar 27)
- Aurora Nutritive Analysis Module Multiple XSS Bugs NotHugs (Mar 27)
- Moodle: Sensitive File Disclosure Christian Eibl (Mar 27)
- iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability iDefense Labs (Mar 27)
- iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability iDefense Labs (Mar 27)
- iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability iDefense Labs (Mar 27)
- Novell Netstorage Multiple Vulnerabilities Bugs NotHugs (Mar 27)
- [USN-745-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Mar 30)
- [SECURITY] [DSA 1756-1] New xulrunner packages fix multiple vulnerabilities Noah Meyerhans (Mar 30)
- [tool release] Watcher v1.0.0 - passive Web-app security testing and compliance auditing Chris Weber (Mar 30)
- [ GLSA 200903-40 ] Analog: Denial of Service Pierre-Yves Rofes (Mar 30)
- glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit nospam (Mar 30)
- [ MDVSA-2009:081 ] libsoup security (Mar 30)
- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow Bugs NotHugs (Mar 30)
- [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection Steffen Joeris (Mar 30)
- CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec Paul Wouters (Mar 30)
- Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 Positron Security (Mar 30)
- [ MDVSA-2009:082 ] krb5 security (Mar 30)
- Family Connections 1.8.1 Multiple Remote Vulnerabilities Salvatore "drosophila" Fresta (Mar 30)
- <Possible follow-ups>
- Re: Family Connections 1.8.1 Multiple Remote Vulnerabilities r_haudenschilt (Mar 31)
- DeepSec 2009 - Call for Papers is open DeepSec Conference (Mar 30)
- [USN-749-1] libsndfile vulnerability Marc Deslauriers (Mar 30)
- Community CMS 0.5 Multiple SQL Injection Vulnerabilities Salvatore "drosophila" Fresta (Mar 30)
- [ GLSA 200903-41 ] gedit: Untrusted search path Pierre-Yves Rofes (Mar 31)
- [SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure Moritz Muehlenhoff (Mar 31)
- ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability ZDI Disclosures (Mar 31)
- Zabbix Multiple Frontend CSRF (Password reset & command execution) Adam Baldwin (Mar 31)
- [ECHO_ADV_108$2009] JobHut <= 1.2 (pk) Remote Sql Injection Vulnerability vuln (Mar 31)
- [USN-750-1] OpenSSL vulnerability Jamie Strandboge (Mar 31)
- [SECURITY] [DSA 1759-1] New strongswan packages fix denial of service Steffen Joeris (Mar 31)
- [SECURITY] [DSA 1760-1] New openswan packages fix denial of service Steffen Joeris (Mar 31)
- aspWebCalendar Free Edition bug joseph . giron13 (Mar 31)
- Re: [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability tiha (Mar 31)
- Cisco ASA5520 Web VPN Host Header XSS Bugs NotHugs (Mar 31)
- [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities Valery Marchuk (Mar 31)
- webEdition 6.0.0.4 Local File Inclusion Salvatore "drosophila" Fresta (Mar 31)
- [DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities DSecRG (Mar 31)
- [security bulletin] HPSBMA02416 SSRT090008 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Mar 31)
- [DSECRG-09-016] SAP SAPDB Multiple XSS Alexandr Polyakov (Mar 31)
- [DSECRG-09-030] PrecisionID Datamatrix ActiveX control - Arbitrary File overwriting DSecRG (Mar 31)
- CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server CORE Security Technologies Advisories (Mar 31)