Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
284 messages
starting Dec 16 10 and
ending Dec 20 10
Date index |
Thread index |
Author index
ACROS Security Lists
Updated online binary planting exposure test continues operation ACROS Security Lists (Dec 16)
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book ACROS Security Lists (Dec 15)
Adam Baldwin
Django admin list filter data extraction / leakage Adam Baldwin (Dec 27)
advisory
XSS vulnerability in BLOG:CMS advisory (Dec 16)
Path disclousure in Nibbleblog advisory (Dec 30)
LFI in LightNEasy advisory (Dec 30)
XSS in HTML-EDIT CMS advisory (Dec 21)
Path disclosure in LightNEasy advisory (Dec 30)
XSRF (CSRF) in BEdita advisory (Dec 16)
XSRF (CSRF) in CMScout advisory (Dec 09)
Cross Site Scripting vulnerability in Diferior advisory (Dec 09)
LFI in Exponent CMS advisory (Dec 08)
LFI in Exponent CMS advisory (Dec 08)
SQL injection in KaiBB advisory (Dec 29)
XSS vulnerability in Injader CMS advisory (Dec 21)
SQL injection in Hycus CMS advisory (Dec 21)
SQL injection in Injader CMS advisory (Dec 21)
Path disclosure in GetSimple CMS advisory (Dec 21)
XSS vulnerability in ImpressCMS advisory (Dec 21)
SQL Injection in LightNEasy advisory (Dec 30)
Stored Cross Site Scripting vulnerability in BEdita advisory (Dec 16)
SQL injection in Hycus CMS advisory (Dec 21)
Path disclosure in Habari advisory (Dec 21)
XSS vulnerability in Habari advisory (Dec 21)
LFI in Hycus CMS advisory (Dec 21)
SQL Injection in HTML-EDIT CMS advisory (Dec 21)
SQL injection in Hycus CMS advisory (Dec 21)
XSS vulnerability in Habari advisory (Dec 21)
SQL injection in Hycus CMS advisory (Dec 21)
SQL Injection in LightNEasy advisory (Dec 30)
Path disclosure in KaiBB advisory (Dec 29)
Path disclousure in OpenCart advisory (Dec 30)
SQL injection in KaiBB advisory (Dec 29)
XSS vulnerability in Zimplit CMS advisory (Dec 08)
XSS vulnerability in BLOG:CMS advisory (Dec 16)
XSS vulnerability in BEdita advisory (Dec 16)
CSRF (Cross-Site Request Forgery) in Open blog advisory (Dec 30)
BBcode XSS in KaiBB advisory (Dec 29)
XSRF (CSRF) in BLOG:CMS advisory (Dec 16)
XSS vulnerability in Injader CMS advisory (Dec 21)
cross site scripting vulnerability in BLOG:CMS advisory (Dec 16)
SQL injection in Injader CMS advisory (Dec 21)
Information disclosure in LightNEasy advisory (Dec 30)
XSS vulnerability in Zimplit CMS advisory (Dec 08)
XSS vulnerability in Diferior advisory (Dec 09)
Path disclosure in HTML-EDIT CMS advisory (Dec 21)
Path disclousure in ocPortal advisory (Dec 30)
Amit Klein
New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)" Amit Klein (Dec 02)
Andrea Lee
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Andrea Lee (Dec 13)
Ansgar Wiechers
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Ansgar Wiechers (Dec 13)
Ariel Biener
Re: [Full-disclosure] Linux kernel exploit Ariel Biener (Dec 15)
Attilla de Groot
OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS Attilla de Groot (Dec 30)
bt
www.eVuln.com : Non-persistent XSS in slickMsg bt (Dec 10)
www.eVuln.com : "url" BBCode XSS in slickMsg bt (Dec 13)
www.eVuln.com : HTTP Response Splitting in WWWThreads (php version) bt (Dec 08)
www.eVuln.com : "error" Non-persistent XSS in slickMsg bt (Dec 16)
www.eVuln.com : "link" and "linkdescription" XSS in Social Share bt (Dec 17)
[www.eVuln.com] SQL Injection vulnerability in Alguest bt (Dec 06)
www.eVuln.com : Non-persistent XSS in BizDir bt (Dec 10)
www.eVuln.com : HTTP Response Splitting in Social Share bt (Dec 22)
[eVuln.com] PHP Code Execution in Alguest bt (Dec 03)
www.eVuln.com : "post" - Non-persistent XSS in slickMsg bt (Dec 15)
www.eVuln.com : BBCode CSS XSS in slickMsg bt (Dec 15)
www.eVuln.com : Non-persistent XSS in WWWThreads (perl version) bt (Dec 09)
www.eVuln.com : XSS vulnerability in WWWThreads (php version) bt (Dec 07)
[eVuln.com] Cookie authentication bypass in Alguest bt (Dec 03)
www.eVuln.com : "postid" SQL Injection in Social Share bt (Dec 20)
[eVuln.com] Multiple XSS in Alguest bt (Dec 01)
www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share bt (Dec 17)
www.eVuln.com : Authentication Bypass by SQL Injection in Social Share bt (Dec 21)
Cal Leeming [Simplicity Media Ltd]
Re: [Full-disclosure] Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 08)
cheffner
Default SSL Keys in Multiple Routers cheffner (Dec 20)
Christopher Kruegel
Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) Christopher Kruegel (Dec 06)
come2waraxe
[waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10 come2waraxe (Dec 29)
[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0 come2waraxe (Dec 27)
[waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34 come2waraxe (Dec 21)
Core Security Technologies Advisories
[CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service Core Security Technologies Advisories (Dec 13)
CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net CORE Security Technologies Advisories (Dec 01)
cxib
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow cxib (Dec 10)
dan . j . rosenberg
Re: [Full-disclosure] Linux kernel exploit dan . j . rosenberg (Dec 14)
Dan Rosenberg
Linux kernel exploit Dan Rosenberg (Dec 08)
David Gillett
RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)
eidelweiss
Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt eidelweiss (Dec 01)
embyte
Follow-up on HTTP Parameter Pollution embyte (Dec 09)
faghani
YEKTAWEB CMS XSS Vulnerability faghani (Dec 29)
Federico Maggi
Call for Papers -- BADGERS 2011 Federico Maggi (Dec 13)
firebits
Re: Re: [Full-disclosure] Linux kernel exploit firebits (Dec 13)
Florian Weimer
[SECURITY] [DSA-2130-1] New BIND packages fix denial of service Florian Weimer (Dec 13)
George Carlson
RE: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) George Carlson (Dec 13)
Giuseppe Iuculano
[SECURITY] [DSA 2138-1] Security update for wordpress Giuseppe Iuculano (Dec 29)
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution Giuseppe Iuculano (Dec 01)
Henri Lindberg
nSense-2010-004: Sybase Afaria Henri Lindberg (Dec 21)
nSense-2010-005: Winamp Henri Lindberg (Dec 21)
HI-TECH .
LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD HI-TECH . (Dec 13)
hpdisclosure
hidden admin user on every HP MSA2000 G3 hpdisclosure (Dec 13)
info
Asan Portal (IdehPardaz) Multiple Vulnerabilities info (Dec 27)
Microsoft Internet Explorer Denial of Service Vulnerability info (Dec 15)
Sigma Portal Denial of Service Vulnerability info (Dec 27)
ipsdix
CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc ipsdix (Dec 30)
Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc ipsdix (Dec 29)
Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc ipsdix (Dec 27)
HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc ipsdix (Dec 31)
Ivan Buetler
Call for Paper @ Swiss Cyber Storm 3 Ivan Buetler (Dec 16)
Jamie Strandboge
[USN-1019-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Dec 10)
[USN-1020-1] Thunderbird vulnerabilities Jamie Strandboge (Dec 10)
jcoyle
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) jcoyle (Dec 13)
Jeffrey Walton
iwconfig and recent patches? Jeffrey Walton (Dec 13)
Re: OpenBSD CARP Hash Vulnerability Jeffrey Walton (Dec 21)
John Blakley
Multiple XSS in Solarwinds Orion NPM 10.1 John Blakley (Dec 08)
John Jacobs
RE: [Full-disclosure] Linux kernel exploit John Jacobs (Dec 09)
Juha-Matti Laurio
Google Website Optimizer security issue reportedly fixed Juha-Matti Laurio (Dec 09)
Kai
Re: [Full-disclosure] Linux kernel exploit Kai (Dec 08)
Karol Celiński
Re: D-Link DIR-300 authentication bypass Karol Celiński (Dec 01)
Re: D-Link DIR-300 authentication bypass Karol Celiński (Dec 16)
Kees Cook
[USN-1024-2] OpenJDK regression Kees Cook (Dec 15)
[USN-1032-1] Exim vulnerability Kees Cook (Dec 13)
[USN-1033-1] Eucalyptus vulnerability Kees Cook (Dec 17)
Kotas, Kevin J
CA20101209-01: Security Notice for CA XOsoft Kotas, Kevin J (Dec 09)
Kryptos Logic Secure
Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root Kryptos Logic Secure (Dec 15)
Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser Kryptos Logic Secure (Dec 08)
Kurt Dillard
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Kurt Dillard (Dec 13)
labs-no-reply
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability labs-no-reply (Dec 13)
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability labs-no-reply (Dec 13)
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability labs-no-reply (Dec 15)
iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability labs-no-reply (Dec 08)
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability labs-no-reply (Dec 15)
Larry Seltzer
RE: [Full-disclosure] OpenBSD Paradox Larry Seltzer (Dec 16)
Lorenzo Cavallaro
DIMVA 2011 Call for Workshops Proposals Lorenzo Cavallaro (Dec 06)
Marc Deslauriers
[USN-1030-1] Kerberos vulnerabilities Marc Deslauriers (Dec 09)
[USN-1028-1] ImageMagick vulnerability Marc Deslauriers (Dec 08)
[USN-1025-1] Bind vulnerabilities Marc Deslauriers (Dec 01)
[USN-1026-1] Python Paste vulnerability Marc Deslauriers (Dec 08)
[USN-1027-1] Quagga vulnerabilities Marc Deslauriers (Dec 08)
Marcus Meissner
Re: [Full-disclosure] Linux kernel exploit Marcus Meissner (Dec 08)
Mark Stanislav
'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330) Mark Stanislav (Dec 06)
'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333) Mark Stanislav (Dec 16)
'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332) Mark Stanislav (Dec 16)
Marsh Ray
Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Marsh Ray (Dec 15)
Michael Bauer
Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 15)
Michael Scheidell
Re: OpenBSD's IPSEC is Backdoored Michael Scheidell (Dec 15)
Michael Wojcik
RE: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Wojcik (Dec 13)
Michal Zalewski
Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774) Michal Zalewski (Dec 09)
minor browser UI nitpicking Michal Zalewski (Dec 15)
Re: [Full-disclosure] minor browser UI nitpicking Michal Zalewski (Dec 15)
mike
Pligg XSS and SQL Injection mike (Dec 27)
Multiple Vulnerabilities in OpenClassifieds 1.7.0.3 mike (Dec 27)
Moritz Muehlenhoff
[SECURITY] [DSA 2137-1] Security update for libxml2 Moritz Muehlenhoff (Dec 27)
[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff (Dec 13)
[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities Moritz Muehlenhoff (Dec 22)
[SECURITY] [DSA 2134-1] Upcoming changes in advisory format Moritz Muehlenhoff (Dec 20)
musnt live
OpenBSD Paradox musnt live (Dec 15)
OpenBSD's IPSEC is Backdoored musnt live (Dec 15)
MustLive
Vulnerabilities in Register Plus Redux for WordPress MustLive (Dec 03)
Vulnerabilities in Fabrica Engine MustLive (Dec 01)
MyDoom2009
Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability MyDoom2009 (Dec 27)
Narendra Choyal
Re: D-Link DIR-300 authentication bypass Narendra Choyal (Dec 17)
nigel
Exim security issue in historical release nigel (Dec 13)
nightfighter
Re: hidden admin user on every HP MSA2000 G3 nightfighter (Dec 15)
niklas|brueckenschlaeger
Re: [Full-disclosure] Linux kernel exploit niklas|brueckenschlaeger (Dec 09)
non customers
HotWeb Rentals "PageId" SQL Injection Vulnerability non customers (Dec 29)
Pre Jobo .NET "Password" SQL Injection Vulnerability non customers (Dec 29)
Oliver Goebel
Re: [IMF 2011] 2nd Call - Deadline Extended - Addenunm Oliver Goebel (Dec 27)
[IMF 2011] 2nd Call - Deadline Extended Oliver Goebel (Dec 27)
Pavel Kankovsky
Re: hidden admin user on every HP MSA2000 G3 Pavel Kankovsky (Dec 15)
Pavel Machek
Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) Pavel Machek (Dec 13)
Pete Herzog
Making Security Suck Less Pete Herzog (Dec 17)
OSSTMM 3 Now Available! Pete Herzog (Dec 15)
psiinon
OWASP Zed Attack Proxy version 1.1.0 psiinon (Dec 06)
rafaldworaczek
Fedora 14 - Format string attack in allegro-tools package rafaldworaczek (Dec 29)
Raphael Geissert
[SECURITY] [DSA-2133-1] New collectd packages fix denial of service Raphael Geissert (Dec 14)
[SECURITY] [DSA-2136-1] New tor packages fix potential code execution Raphael Geissert (Dec 22)
research
PR10-06: Cross-domain redirect on PGP Universal Web Messenger research (Dec 16)
PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing) research (Dec 21)
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04 research (Dec 22)
Research@NGSSecure
NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration Research@NGSSecure (Dec 02)
Robert Święcki
Honggfuzz Robert Święcki (Dec 14)
robkraus
ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities robkraus (Dec 10)
Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability robkraus (Dec 10)
ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability robkraus (Dec 10)
Rodrigo Branco
Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277 Rodrigo Branco (Dec 17)
Apple Quicktime Memory Corruption - CVE-2010-3801 Rodrigo Branco (Dec 17)
rPath Update Announcements
rPSA-2010-0076-1 gnupg rPath Update Announcements (Dec 06)
Ryan Sears
Re: [Full-disclosure] Linux kernel exploit Ryan Sears (Dec 08)
Re: [Full-disclosure] Linux kernel exploit Ryan Sears (Dec 15)
Sam Banks
OpenBSD CARP Hash Vulnerability Sam Banks (Dec 20)
sato-san
Re: XSS vulnerability in ImpressCMS sato-san (Dec 27)
Secunia Research
Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow Secunia Research (Dec 21)
Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow Secunia Research (Dec 01)
Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability Secunia Research (Dec 08)
Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability Secunia Research (Dec 20)
Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability Secunia Research (Dec 27)
Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability Secunia Research (Dec 20)
Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability Secunia Research (Dec 21)
Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability Secunia Research (Dec 21)
Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability Secunia Research (Dec 20)
Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows Secunia Research (Dec 21)
Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows Secunia Research (Dec 21)
Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow Secunia Research (Dec 20)
Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability Secunia Research (Dec 21)
security
[ MDVSA-2010:248 ] openssl security (Dec 08)
[ MDVSA-2010:257 ] kernel security (Dec 17)
[ MDVSA-2010:259 ] pidgin security (Dec 27)
[ MDVSA-2010:247 ] kernel security (Dec 03)
[ MDVSA-2010:251-1 ] firefox security (Dec 27)
[ MDVSA-2010:251 ] firefox security (Dec 10)
[ MDVSA-2010:246 ] krb5 security (Dec 01)
[ MDVSA-2010:250 ] perl-CGI-Simple security (Dec 09)
[ MDVSA-2010:253 ] bind security (Dec 14)
[ MDVSA-2010:260 ] libxml2 security (Dec 30)
[ MDVSA-2010:258 ] mozilla-thunderbird security (Dec 21)
[ MDVSA-2010:251-2 ] firefox security (Dec 27)
[ MDVSA-2010:255 ] php-intl security (Dec 15)
[ MDVSA-2010:256 ] git security (Dec 16)
[ MDVSA-2010:245 ] krb5 security (Dec 01)
[ MDVSA-2010:252 ] perl-CGI-Simple security (Dec 14)
[ MDVSA-2010:249 ] clamav security (Dec 08)
[ MDVSA-2010:254 ] php security (Dec 15)
security-alert
[security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert (Dec 16)
[security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities security-alert (Dec 13)
[security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS) security-alert (Dec 09)
[security bulletin] HPSBUX02611 SSRT090201 rev.1 - HP-UX Running Threaded Processes, Remote Denial of Service (DoS) security-alert (Dec 08)
[security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access security-alert (Dec 16)
[security bulletin] HPSBST02619 SSRT100281 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code security-alert (Dec 21)
[security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS) security-alert (Dec 15)
[security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert (Dec 16)
[security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS) security-alert (Dec 16)
[security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code security-alert (Dec 16)
[security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure security-alert (Dec 15)
[security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access security-alert (Dec 15)
[security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code security-alert (Dec 08)
[security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access security-alert (Dec 29)
[security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Dec 03)
[security bulletin] HPSBST02619 SSRT100281 rev.2 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code security-alert (Dec 27)
[security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Dec 03)
security curmudgeon
Re: XSS vulnerability in Lantern CMS security curmudgeon (Dec 17)
Re: XSS vulnerability in Expression CMS security curmudgeon (Dec 17)
Sense of Security
Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 Sense of Security (Dec 20)
Solar Designer
Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project Solar Designer (Dec 16)
Stefan Fritsch
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution Stefan Fritsch (Dec 10)
[SECURITY] [DSA-2129-1] New krb5 packages fix checksum verification weakness Stefan Fritsch (Dec 01)
Stefan Kanthak
Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalatePrivileges and Login as Cached Domain Admin Accounts(2010-M$-002) Stefan Kanthak (Dec 15)
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 15)
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 10)
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 13)
Stefan Roas
Re: Linux kernel exploit Stefan Roas (Dec 14)
Re: [Full-disclosure] Linux kernel exploit Stefan Roas (Dec 10)
Steno Plasma
Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) Steno Plasma (Dec 02)
StenoPlasma @ ExploitDevelopment
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ ExploitDevelopment (Dec 13)
Re: Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) StenoPlasma @ ExploitDevelopment (Dec 03)
StenoPlasma @ www.ExploitDevelopment.com
Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ www.ExploitDevelopment.com (Dec 10)
Re: RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ www.ExploitDevelopment.com (Dec 15)
Steve Beattie
[USN-1031-1] ClamAV vulnerabilities Steve Beattie (Dec 10)
[USN-1029-1] OpenSSL vulnerabilities Steve Beattie (Dec 08)
Theo de Raadt
Re: OpenBSD Paradox Theo de Raadt (Dec 15)
Thijs Kinkhorst
[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities Thijs Kinkhorst (Dec 31)
Thor (Hammer of God)
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 15)
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
Tobias Heinlein
[ GLSA 201012-01 ] Chromium: Multiple vulnerabilities Tobias Heinlein (Dec 17)
Trustwave Advisories
TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities Trustwave Advisories (Dec 13)
Vadim Grinco
Re: [Full-disclosure] Linux kernel exploit Vadim Grinco (Dec 09)
Victor Ribeiro Hora
Security Advisory - FlexVision Listener Vulnerability Victor Ribeiro Hora (Dec 27)
VMware Security team
VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues VMware Security team (Dec 03)
VMSA-2010-0019 VMware ESX third party updates for Service Console VMware Security Team (Dec 07)
VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw VMware Security Team (Dec 22)
VSR Advisories
VSR Advisories: Citrix Access Gateway Command Injection Vulnerability VSR Advisories (Dec 22)
VUPEN Security Research
VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003) VUPEN Security Research (Dec 14)
VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041) VUPEN Security Research (Dec 16)
VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004) VUPEN Security Research (Dec 14)
VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31) VUPEN Security Research (Dec 14)
VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199) VUPEN Security Research (Dec 16)
VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206) VUPEN Security Research (Dec 16)
VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005) VUPEN Security Research (Dec 14)
VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200) VUPEN Security Research (Dec 16)
VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201) VUPEN Security Research (Dec 16)
VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30) VUPEN Security Research (Dec 14)
Williams, James K
CA20101231-01: Security Notice for CA ARCserve D2D Williams, James K (Dec 31)
Wolf
Re: Linux kernel exploit Wolf (Dec 13)
wsn1983
Alt-N WebAdmin Source Code Disclosure wsn1983 (Dec 17)
www.eVuln.com Advisories
www.eVuln.com : "post" - Non-persistent XSS in slickMsg www.eVuln.com Advisories (Dec 15)
xpo xpo
USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb xpo xpo (Dec 14)
YGN Ethical Hacker Group
MyBB 1.6 <= SQL Injection Vulnerability YGN Ethical Hacker Group (Dec 27)
MyBB 1.6 <= Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Dec 20)