Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
230 messages
starting Nov 26 10 and
ending Nov 26 10
Date index |
Thread index |
Author index
0kn0ck
CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp 0kn0ck (Nov 26)
NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) 0kn0ck (Nov 26)
ACROS Security Lists
ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player ACROS Security Lists (Nov 05)
Additional information on the Microsoft Office 2010 binary planting bugs ACROS Security Lists (Nov 12)
ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 ACROS Security Lists (Nov 10)
ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010 ACROS Security Lists (Nov 10)
ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 ACROS Security Lists (Nov 10)
advisories
vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization advisories (Nov 22)
Seo Panel 2.1.0 - Critical File Disclosure advisories (Nov 08)
vBulletin 4.0.8 - Persistent XSS via Profile Customization advisories (Nov 15)
Advisories Toucan-System
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption Advisories Toucan-System (Nov 26)
advisory
XSS in CompactCMS advisory (Nov 18)
XSS vulnerability in Frog CMS advisory (Nov 26)
Path disclosure in IceBB advisory (Nov 17)
BBcode XSS in CLANSPHERE advisory (Nov 17)
BBcode XSS in eoCMS advisory (Nov 04)
XSS in CompactCMS advisory (Nov 18)
Path disclosure in eoCMS advisory (Nov 04)
LFI in eoCMS advisory (Nov 04)
XSS vulnerability in Kandidat CMS advisory (Nov 02)
LFI in eoCMS advisory (Nov 04)
XSRF (CSRF) in Wolf CMS advisory (Nov 26)
Shell create & command execution in JAF CMS advisory (Nov 04)
SQL injection in IceBB advisory (Nov 17)
Reset admin password in SweetRice CMS advisory (Nov 04)
XSS in SweetRice CMS advisory (Nov 04)
RFI in JAF CMS advisory (Nov 04)
XSS vulnerability in Wolf CMS advisory (Nov 26)
XSS vulnerability in Kandidat CMS advisory (Nov 02)
SQL injection in eoCMS advisory (Nov 04)
SQL injection in MiniBB advisory (Nov 04)
Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal advisory (Nov 02)
XSS vulnerability in Frog CMS advisory (Nov 26)
XSRF (CSRF) in Frog CMS advisory (Nov 26)
XSS vulnerability in Frog CMS advisory (Nov 26)
XSS vulnerability in MemHT Portal advisory (Nov 02)
XSS vulnerability in MemHT Portal advisory (Nov 02)
XSS in Textpattern CMS advisory (Nov 04)
XSS vulnerability in Kandidat CMS advisory (Nov 02)
Path disclosure in CLANSPHERE advisory (Nov 17)
XSS vulnerability in Wolf CMS advisory (Nov 26)
Information disclosure in IceBB advisory (Nov 17)
XSS in CLANSPHERE advisory (Nov 17)
SQL injection in CompactCMS advisory (Nov 17)
SQL injection in SweetRice CMS advisory (Nov 04)
Information disclosure in IceBB advisory (Nov 17)
SQL Injection in CLANSPHERE advisory (Nov 17)
BBcode XSS in MiniBB advisory (Nov 04)
XSS vulnerability in Wolf CMS advisory (Nov 26)
Stored XSS vulnerability in Webmedia Explorer advisory (Nov 02)
Amit Klein
Quick update on Google Chrome's Math.random() predictability by Amit Klein, Trusteer Amit Klein (Nov 16)
Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability Amit Klein (Nov 22)
apa-iutcert
AOL Instant Messenger Insecure Library Loading Vulnerability apa-iutcert (Nov 29)
Google Desktop Insecure Library Loading Vulnerability apa-iutcert (Nov 29)
Arturo 'Buanzo' Busleiman
Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer Arturo 'Buanzo' Busleiman (Nov 04)
ascii
Vtiger CRM 5.2.0 Multiple Vulnerabilities ascii (Nov 19)
asmo
Re: D-Link DIR-300 authentication bypass asmo (Nov 15)
bt
[eVuln.com] SQL injections in FreeTicket bt (Nov 26)
[eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version) bt (Nov 22)
[eVuln.com] Multiple SQL injections in Wernhart Guestbook bt (Nov 30)
[eVuln.com] URL XSS in Easy Banner Free bt (Nov 26)
[eVuln.com] url XSS in Hot Links Lite bt (Nov 22)
[eVuln.com] Cookie Auth Bypass in Hot Links SQL bt (Nov 19)
[eVuln.com] URL and Title XSS in AxsLinks bt (Nov 19)
[eVuln.com] Multiple XSS inj in Wernhart Guestbook bt (Nov 30)
[eVuln.com] SQL injection Auth Bypass in Easy Banner Free bt (Nov 26)
bugtraq
Packet Storm - New Site bugtraq (Nov 15)
Cisco Systems Product Security Incident Response Team
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products Cisco Systems Product Security Incident Response Team (Nov 17)
CORE Security Technologies Advisories
[CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch CORE Security Technologies Advisories (Nov 09)
CORE-2010-1018 - Landesk OS command injection CORE Security Technologies Advisories (Nov 12)
danieljcrteixeira
Common consumer routers password disclosure danieljcrteixeira (Nov 05)
dann frazier
[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues dann frazier (Nov 30)
Dan Rosenberg
Re: [Full-disclosure] Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :( Dan Rosenberg (Nov 26)
Kernel 0-day Dan Rosenberg (Nov 10)
Re: Kernel 0-day Dan Rosenberg (Nov 19)
Deng Ching
[CVE-2010-3449] Apache Archiva CSRF Vulnerability Deng Ching (Nov 30)
ecco
Re: Saved XSS vulnerability in Internet Explorer ecco (Nov 19)
eidelweiss
AWCM v2.2 Auth Bypass Vulnerabilities eidelweiss (Nov 17)
Fatih Kilic
IBM OmniFind - several vulnerabilities Fatih Kilic (Nov 09)
Felipe Martins
Re: Kernel 0-day Felipe Martins (Nov 18)
Florent Daigniere
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038 Florent Daigniere (Nov 17)
Florian Weimer
[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses Florian Weimer (Nov 02)
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities Florian Weimer (Nov 02)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs FreeBSD Security Advisories (Nov 12)
FreeBSD Security Advisory FreeBSD-SA-10:10.openssl FreeBSD Security Advisories (Nov 30)
g . maone
Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) g . maone (Nov 26)
Hafez Kamal
[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal (Nov 12)
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal (Nov 18)
Hans Wolters
RE: Saved XSS vulnerability in Internet Explorer Hans Wolters (Nov 19)
Henri Lindberg
nSense-2010-003: Cisco Unified Communications Manager Henri Lindberg (Nov 08)
info
Mozilla Firefox 3.6.12 Denial of Service Vulnerability info (Nov 26)
Ivan Buetler
Wargame Qualifications - Win a car !!! Ivan Buetler (Nov 05)
James Lay
Re: Kernel 0-day James Lay (Nov 10)
Jamie Strandboge
[USN-1008-4] libvirt regression Jamie Strandboge (Nov 09)
[USN-1015-1] libvpx vulnerability Jamie Strandboge (Nov 10)
[USN-1016-1] libxml2 vulnerability Jamie Strandboge (Nov 12)
[USN-1011-3] Xulrunner vulnerability Jamie Strandboge (Nov 01)
Juan Galiana Lara
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities Juan Galiana Lara (Nov 30)
Karol Celiński
Re: D-Link DIR-300 authentication bypass Karol Celiński (Nov 19)
Re: D-Link DIR-300 authentication bypass Karol Celiński (Nov 09)
D-Link DIR-300 authentication bypass Karol Celiński (Nov 09)
k g
Call for Papers: The International Conference on Cyber Conflict, Estonia k g (Nov 01)
Konrad Rieck
CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment Konrad Rieck (Nov 08)
labs-no-reply
iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability labs-no-reply (Nov 10)
iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability labs-no-reply (Nov 12)
Laurent OUDOT at TEHTRI-Security
[TEHTRI-Security] CVE-2010-1752: Update your MacOSX Laurent OUDOT at TEHTRI-Security (Nov 12)
Les Hazlewood
CVE-2010-3863: Apache Shiro information disclosure vulnerability Les Hazlewood (Nov 03)
Lorenzo Cavallaro
DIMVA 2011 Call for Workshops Proposals Lorenzo Cavallaro (Nov 08)
Luiz Eduardo
Call for Papers -YSTS V - Security Conference, Brazil Luiz Eduardo (Nov 01)
Marc Deslauriers
[USN-1022-1] APR-util vulnerability Marc Deslauriers (Nov 26)
[USN-1024-1] OpenJDK vulnerability Marc Deslauriers (Nov 30)
[USN-1017-1] MySQL vulnerabilities Marc Deslauriers (Nov 12)
[USN-1021-1] Apache vulnerabilities Marc Deslauriers (Nov 26)
[USN-1014-1] Pidgin vulnerabilities Marc Deslauriers (Nov 04)
[USN-1013-1] FreeType vulnerabilities Marc Deslauriers (Nov 04)
[USN-1012-1] CUPS vulnerability Marc Deslauriers (Nov 04)
Mark Stanislav
'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313) Mark Stanislav (Nov 30)
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) Mark Stanislav (Nov 22)
'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) Mark Stanislav (Nov 01)
Mark Thomas
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability Mark Thomas (Nov 22)
Max Kanat-Alexander
Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 Max Kanat-Alexander (Nov 04)
md . r00t . defacer
Adsoft Remote Sql Injection Vulnerability md . r00t . defacer (Nov 04)
mfardiles
Re: D-Link DIR-300 authentication bypass mfardiles (Nov 12)
Michal Zalewski
some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability) Michal Zalewski (Nov 08)
Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability Michal Zalewski (Nov 26)
MustLive
New vulnerabilities in CMS SiteLogic MustLive (Nov 22)
Vulnerabilities in Joomla MustLive (Nov 29)
Re: Saved XSS vulnerability in Internet Explorer MustLive (Nov 19)
Saved XSS vulnerability in Internet Explorer MustLive (Nov 15)
XSS and SQL Injection vulnerabilities in CMS WebManager-Pro MustLive (Nov 01)
Vulnerabilities in PHPShop MustLive (Nov 08)
[Suspected Spam]Vulnerabilities in Register Plus for WordPress MustLive (Nov 26)
Vulnerability in Google AJAX Search MustLive (Nov 12)
Nelson Brito
[DEMO] Sample videos about IDS/IPS evasions... Nelson Brito (Nov 01)
neza0x
Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer neza0x (Nov 04)
Nick Freeman
Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability Nick Freeman (Nov 02)
nullcon
nullcon Goa dwitiya (2.0) Call For Papers Closing on 30th November nullcon (Nov 17)
Onapsis Research Labs
[Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation Onapsis Research Labs (Nov 03)
[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution Onapsis Research Labs (Nov 03)
[Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access Onapsis Research Labs (Nov 03)
Philippe Langlois
Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP Philippe Langlois (Nov 08)
Research@NGSSecure
NGS00015 Patch Notification: ImageIO Memory Corruption Research@NGSSecure (Nov 22)
Rodrigo Branco
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088 Rodrigo Branco (Nov 01)
Apple Directory Services Memory Corruption - CVE-2010-1840 Rodrigo Branco (Nov 12)
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086 Rodrigo Branco (Nov 01)
Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978 Rodrigo Branco (Nov 08)
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089 Rodrigo Branco (Nov 01)
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 Rodrigo Branco (Nov 01)
Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087 Rodrigo Branco (Nov 01)
Rodrigo Rubira Branco (BSDaemon)
Malware Collections and Feed Exchange Rodrigo Rubira Branco (BSDaemon) (Nov 08)
H2HC Cancun - Free Entrance! Rodrigo Rubira Branco (BSDaemon) (Nov 22)
H2CSO (Hackers to CSO) debate second edition - Free Live Streaming Rodrigo Rubira Branco (BSDaemon) (Nov 19)
H2HC 2010 - Final Speakers List Available Rodrigo Rubira Branco (BSDaemon) (Nov 01)
Roee Hay
Babylon Cross-Application Scripting Code Execution Roee Hay (Nov 10)
Salvatore Fresta aka Drosophila
Audacity <= 1.3 Beta Multiple Local Vulnerabilities Salvatore Fresta aka Drosophila (Nov 01)
eBlog 1.7 Multiple SQL Injection Vulnerabilities Salvatore Fresta aka Drosophila (Nov 10)
Revision: Audacity <= 1.3 Beta Multiple Local Vulnerabilities ===> Audacity <= 1.3 Beta DLL Hijacking Vulnerability Salvatore Fresta aka Drosophila (Nov 01)
Zen Cart 1.3.9h Local File Inclusion Vulnerability Salvatore Fresta aka Drosophila (Nov 04)
JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability Salvatore Fresta aka Drosophila (Nov 09)
SecPod Research
LFI and XSS vulnerability in openEngine SecPod Research (Nov 16)
Secunia Research
Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow Secunia Research (Nov 01)
Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability Secunia Research (Nov 01)
Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability Secunia Research (Nov 12)
Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability Secunia Research (Nov 09)
Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability Secunia Research (Nov 01)
Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability Secunia Research (Nov 09)
security
[ MDVSA-2010:226 ] dhcp security (Nov 10)
[ MDVSA-2010:220 ] pam security (Nov 04)
[ MDVSA-2010:239 ] php security (Nov 19)
[ MDVSA-2010:216 ] python security (Nov 01)
[ MDVSA-2010:225-1 ] libmbfl security (Nov 10)
[ MDVSA-2010:235 ] freetype2 security (Nov 16)
[ MDVSA-2010:233 ] cups security (Nov 16)
[ MDVSA-2010:224 ] php security (Nov 10)
[ MDVSA-2010:244 ] phpmyadmin security (Nov 30)
[ MDVSA-2010:241 ] gnucash security (Nov 26)
[ MDVSA-2010:240 ] mono security (Nov 26)
[ MDVSA-2010:243 ] libxml2 security (Nov 29)
[ MDVSA-2010:234 ] cups security (Nov 16)
[ MDVSA-2010:214 ] kernel security (Nov 01)
[ MDVSA-2010:221 ] openoffice.org security (Nov 08)
[ MDVSA-2010:219 ] mozilla-thunderbird security (Nov 01)
n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface security (Nov 29)
[ MDVSA-2010:231 ] poppler security (Nov 12)
[ MDVSA-2010:232 ] cups security (Nov 16)
[ MDVSA-2010:230 ] poppler security (Nov 12)
[ MDVSA-2010:227 ] proftpd security (Nov 12)
[ MDVSA-2010:236 ] freetype2 security (Nov 16)
[ MDVSA-2010:229 ] kdegraphics security (Nov 12)
[ MDVSA-2010:202-1 ] krb5 security (Nov 03)
[ MDVSA-2010:218 ] php security (Nov 01)
[ MDVSA-2010:223 ] mysql security (Nov 09)
[ MDVSA-2010:237 ] perl-CGI security (Nov 16)
[ MDVSA-2010:228 ] xpdf security (Nov 12)
[ MDVSA-2010:222 ] mysql security (Nov 09)
[ MDVSA-2010:238 ] openssl security (Nov 18)
[ MDVSA-2010:225 ] libmbfl security (Nov 10)
[ MDVSA-2010:242 ] wireshark security (Nov 29)
[ MDVSA-2010:155-1 ] mysql security (Nov 08)
[ MDVSA-2010:215 ] python security (Nov 01)
[ MDVSA-2010:217 ] dovecot security (Nov 01)
security-alert
[security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF) security-alert (Nov 01)
[security bulletin] HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized security-alert (Nov 26)
[security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download security-alert (Nov 01)
[security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF) security-alert (Nov 01)
[security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download security-alert (Nov 01)
[security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access security-alert (Nov 01)
[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files security-alert (Nov 16)
[security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF) security-alert (Nov 01)
[security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download security-alert (Nov 01)
Soporte CERT
Multiple vulnerabilities in chCounter <= 3.1.3 Soporte CERT (Nov 18)
Stefan Fritsch
[SECURITY] [DSA-2127-1] New wireshark packages fix denial of service Stefan Fritsch (Nov 29)
Steve Beattie
[USN-1018-1] OpenSSL vulnerability Steve Beattie (Nov 19)
Thijs Kinkhorst
[SECURITY] [DSA 2038-3] New pidgin packages fix regression Thijs Kinkhorst (Nov 15)
Tobias Heinlein
[ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities Tobias Heinlein (Nov 16)
Tom Yu
MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] Tom Yu (Nov 30)
Trustwave Advisories
TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera Trustwave Advisories (Nov 15)
u6q
SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X u6q (Nov 29)
underground stockholm
jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload underground stockholm (Nov 29)
VMware Security team
VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components VMware Security team (Nov 16)
VMSA-2010-0017 VMware ESX third party update for Service Console kernel VMware Security Team (Nov 30)
VUPEN Security Research
VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246) VUPEN Security Research (Nov 19)
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245) VUPEN Security Research (Nov 19)
Wesley Kerfoot
Angel LMS Exploit Wesley Kerfoot (Nov 05)
xpzhang
[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability xpzhang (Nov 05)
YGN Ethical Hacker Group
Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group (Nov 01)
Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Nov 16)
Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group (Nov 05)
Zach C
Re: Seo Panel 2.1.0 - Critical File Disclosure Zach C (Nov 08)
zed
Re: [DCA-00015] YOPS Web Server Remote Command Execution zed (Nov 26)