Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
273 messages
starting Oct 27 10 and
ending Oct 06 10
Date index |
Thread index |
Author index
ACROS Security Lists
Breaking The SetDllDirectory Protection Against Binary Planting ACROS Security Lists (Oct 27)
RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack ACROS Security Lists (Oct 26)
How Visual Studio Makes Your Applications Vulnerable to Binary Planting ACROS Security Lists (Oct 25)
advisory
Stored XSS vulnerability in Zomplog advisory (Oct 27)
XSS vulnerability in Elxis CMS (contacts) advisory (Oct 05)
XSS vulnerability in Lantern CMS advisory (Oct 08)
SQL injection in BloofoxCMS registration plugin advisory (Oct 27)
XSS vulnerability in Zomplog advisory (Oct 27)
XSS vulnerability in Elxis CMS advisory (Oct 05)
Directory Traversal Vulnerability in FreshFTP advisory (Oct 13)
XSRF (CSRF) in Zomplog advisory (Oct 27)
XSS in NinkoBB advisory (Oct 27)
XSS vulnerability in sNews advisory (Oct 20)
XSS vulnerability in Ronny CMS advisory (Oct 13)
Directory Traversal Vulnerability in AnyConnect advisory (Oct 13)
Directory Traversal Vulnerability in Robo-FTP advisory (Oct 13)
XSS vulnerability in Expression CMS advisory (Oct 08)
XSS vulnerability in PluXml advisory (Oct 13)
XSS vulnerability in Docebo Announcements advisory (Oct 05)
SQL injection in DBHcms advisory (Oct 27)
OverLook Cross-site Scripting Vulnerability advisory (Oct 08)
SQL injection in Energine advisory (Oct 27)
XSS vulnerability in sNews advisory (Oct 20)
XSS vulnerability in BlogBird platform advisory (Oct 27)
XSS vulnerability in BlogBird platform advisory (Oct 27)
LFI in DZCP advisory (Oct 27)
SQL Injection in 4site CMS advisory (Oct 20)
Information disclosure in BloofoxCMS advisory (Oct 27)
XSS vulnerability in Elxis CMS polls module advisory (Oct 05)
Path disclosure in MyBB advisory (Oct 27)
SQL injection vulnerability in Elxis CMS advisory (Oct 05)
Directory Traversal Vulnerability in FTP Voyager advisory (Oct 08)
Authentication bypass in phpLiterAdmin advisory (Oct 27)
XSS vulnerability in Lantern CMS advisory (Oct 08)
XSS vulnerability in Ronny CMS advisory (Oct 13)
XSRF (CSRF) in Lara advisory (Oct 13)
XSS vulnerability in Zomplog advisory (Oct 27)
Collabtive Multiple Vulnerabilities Advisory (Oct 13)
XSS vulnerability in PluXml advisory (Oct 13)
Information disclosure in BloofoxCMS advisory (Oct 27)
Path disclosure in Tribiq CMS advisory (Oct 20)
XSS vulnerability in PluXml advisory (Oct 13)
XSS vulnerability in Expression CMS advisory (Oct 08)
SQL injection in DeluxeBB advisory (Oct 20)
LFI in Novaboard advisory (Oct 27)
XSS vulnerability in PluXml advisory (Oct 13)
Directory Traversal Vulnerability in FilterFTP advisory (Oct 08)
XSS vulnerability in Ronny CMS advisory (Oct 13)
an
Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo an (Oct 18)
apa-iutcert
Accounting Pro 2003 Insecure Library Loading Vulnerability apa-iutcert (Oct 18)
FlipAlbum Vista Pro Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
Nessus Client Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
Rafe 7 Insecure Library Loading Vulnerability apa-iutcert (Oct 18)
Orbit Downloader Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
Sahar Money Manager Insecure Library Loading Vulnerability apa-iutcert (Oct 18)
Brilliant Accounting System (59) Insecure Library Loading Vulnerability apa-iutcert (Oct 18)
WinMerge Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
Xilisoft Video Converter Ultimate Insecure Library Loading Vulnerability apa-iutcert (Oct 18)
Holoo Insecure Library Loading Vulnerability apa-iutcert (Oct 18)
Secunia PSI Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
Internet Download Manager Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
ACDSee Photo Manager Insecure Library Loading Vulnerability apa-iutcert (Oct 27)
Bruce Potter
Shmoocon 2011 Call for Papers Bruce Potter (Oct 14)
Carlos Serrão
IBWAS'10 CfP - Deadline Extension Carlos Serrão (Oct 07)
IBWAS'10 CfTraining - Deadline Approaching Carlos Serrão (Oct 13)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Oct 27)
CORE Security Technologies Advisories
[CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form CORE Security Technologies Advisories (Oct 20)
[CORE-2010-0624] MS OpenType CFF Parsing Vulnerability Core Security Technologies Advisories (Oct 12)
CORE-2010-0517 - Microsoft Office HtmlDlgHelper class memory corruption CORE Security Technologies Advisories (Oct 14)
(CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability CORE Security Technologies Advisories (Oct 06)
Dan Kaminsky
Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Dan Kaminsky (Oct 20)
Dan Rosenberg
Re: VSR Advisories: Linux RDS Protocol Local Privilege Escalation Dan Rosenberg (Oct 20)
Re: ubuntu 10.04 xterm heap overflow,can it be exploit ? Dan Rosenberg (Oct 13)
ddivulnalert
DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509) ddivulnalert (Oct 13)
Delf Tonder
LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component Delf Tonder (Oct 08)
dickey
Re: ubuntu 10.04 xterm heap overflow,can it be exploit ? dickey (Oct 14)
DSecRG
[DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting DSecRG (Oct 27)
[DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability DSecRG (Oct 27)
Early Warning
Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Early Warning (Oct 21)
Java Multiple Issues Early Warning (Oct 21)
Felipe M. Aragon
Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability Felipe M. Aragon (Oct 07)
Fernando Gont
Re: IPv6 security myths Fernando Gont (Oct 26)
IPv6 security myths Fernando Gont (Oct 25)
Florian Weimer
[SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation Florian Weimer (Oct 13)
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation Florian Weimer (Oct 22)
[SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities Florian Weimer (Oct 20)
[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities Florian Weimer (Oct 12)
geinblues
Another new technique to bypass SEHOP. ( no 'xor pop pop ret' ) geinblues (Oct 04)
gopherit
Re: Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 gopherit (Oct 08)
HD Moore
R7-0037: SAP BusinessObjects Axis2 Default Admin Password HD Moore (Oct 14)
Henri Lindberg
"Back with another one of those block rockin' beats" Henri Lindberg (Oct 27)
nSense-2010-002: Teamspeak 2 Windows client Henri Lindberg (Oct 28)
info
[STANKOINFORMZASCHITA-10-02] ITS SCADA Authorization bypass info (Oct 04)
[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities info (Oct 01)
Jakob Balle
Re: Secunia PSI Insecure Library Loading Vulnerability Jakob Balle (Oct 28)
Jamie Strandboge
[USN-1011-1] Firefox vulnerability Jamie Strandboge (Oct 28)
[USN-1007-1] NSS vulnerabilities Jamie Strandboge (Oct 21)
[USN-1004-1] Django vulnerability Jamie Strandboge (Oct 15)
[USN-998-1] Thunderbird vulnerabilities Jamie Strandboge (Oct 21)
[USN-1008-2] Virtinst update Jamie Strandboge (Oct 22)
[USN-1011-2] Thunderbird vulnerability Jamie Strandboge (Oct 28)
[USN-997-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Oct 21)
[USN-1008-1] libvirt vulnerabilities Jamie Strandboge (Oct 22)
[USN-1008-3] libvirt update Jamie Strandboge (Oct 25)
Jann Horn
RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack Jann Horn (Oct 26)
jason
Antivirus detection after malware execution jason (Oct 18)
Johannes Greil
SEC Consult SA-20101021-0 :: Multiple critical vulnerabilities in Sawmill log analysis software Johannes Greil (Oct 21)
joomextensions
Re: JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities joomextensions (Oct 12)
karakorsankara
[SecurityArchitect-009]: Microsoft Windows Mobile Double Free Vulnerability karakorsankara (Oct 21)
Kees Cook
[USN-1009-1] GNU C Library vulnerabilities Kees Cook (Oct 25)
[USN-999-1] Kerberos vulnerability Kees Cook (Oct 06)
[USN-959-2] PAM vulnerability Kees Cook (Oct 25)
kerem . kocaer
NetWin Surgemail XSS vulnerability kerem . kocaer (Oct 04)
Marc Deslauriers
[USN-1002-2] PostgreSQL vulnerability Marc Deslauriers (Oct 07)
[USN-1003-1] OpenSSL vulnerabilities Marc Deslauriers (Oct 07)
[USN-1002-1] PostgreSQL vulnerability Marc Deslauriers (Oct 07)
[USN-1006-1] WebKit vulnerabilities Marc Deslauriers (Oct 19)
[USN-1005-1] poppler vulnerabilities Marc Deslauriers (Oct 19)
[USN-1001-1] LVM2 vulnerability Marc Deslauriers (Oct 06)
Michael Wojcik
RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting Michael Wojcik (Oct 26)
Michal Zalewski
Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Michal Zalewski (Oct 20)
Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Michal Zalewski (Oct 20)
Mike Duncan
Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Mike Duncan (Oct 20)
Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Mike Duncan (Oct 21)
Mitja Kolsek
RE: [vonage.com #25400427] RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting Mitja Kolsek (Oct 26)
Moritz Muehlenhoff
[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities Moritz Muehlenhoff (Oct 13)
Moritz Naumann
[Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1 Moritz Naumann (Oct 06)
Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1 Moritz Naumann (Oct 18)
MustLive
Vulnerabilities in W-Agora MustLive (Oct 25)
Vulnerabilities in AltConstructor MustLive (Oct 12)
Multiple vulnerabilities in WordPress 2 and 3 MustLive (Oct 04)
Re: Insecure SMS authorization scheme at LiqPAY micro-payments of PrivatBank (Ukraine) MustLive (Oct 19)
Vulnerabilities in CMS WebManager-Pro MustLive (Oct 05)
Nelson Brito
[TOOL RELEASE] Exploit Next Generation SQL Fingerprint v. Nelson Brito (Oct 08)
[WARNING] A fake version of T50!!! Nelson Brito (Oct 08)
Nico Golde
[SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass Nico Golde (Oct 12)
Oliver Goebel
[IMF 2011] Call for Papers Oliver Goebel (Oct 05)
Paul Lesniewski
Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1 Paul Lesniewski (Oct 18)
paul . szabo
Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 19)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 15)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 15)
XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 08)
Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 19)
Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 13)
Pepelux
HP Data Protector Manager v6.11 / NULL Pointer Dereference Remote Denial of Service Vulnerabilities Pepelux (Oct 07)
Pierre-Yves Rofes
[ GLSA 201010-01 ] Libpng: Multiple vulnerabilities Pierre-Yves Rofes (Oct 06)
psiinon
OWASP ZAP psiinon (Oct 05)
Renaud Deraison
Re: Nessus Client Insecure Library Loading Vulnerability Renaud Deraison (Oct 27)
Riyaz Walikar
Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Riyaz Walikar (Oct 18)
Roberto Suggi Liverani
Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Roberto Suggi Liverani (Oct 19)
Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Roberto Suggi Liverani (Oct 21)
robi
Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---> robi (Oct 25)
Rodrigo Branco
Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331 Rodrigo Branco (Oct 13)
Rodrigo Rubira Branco (BSDaemon)
H2HC Cancun - Registrations are open Rodrigo Rubira Branco (BSDaemon) (Oct 19)
H2HC 2009 Videos Available! Rodrigo Rubira Branco (BSDaemon) (Oct 15)
Roman Medina-Heigl Hernandez
Re: Web challenges from RootedCON'2010 CTF - Contest -> Solutions and Write-ups Roman Medina-Heigl Hernandez (Oct 26)
rPath Update Announcements
rPSA-2010-0058-1 bzip2 bzip2-extras rPath Update Announcements (Oct 18)
rPSA-2010-0071-1 automake rPath Update Announcements (Oct 27)
rPSA-2010-0060-1 httpd mod_ssl rPath Update Announcements (Oct 18)
rPSA-2010-0059-1 kernel rPath Update Announcements (Oct 18)
rPSA-2010-0066-1 samba samba-client samba-server samba-swat rPath Update Announcements (Oct 18)
rPSA-2010-0064-1 libtiff rPath Update Announcements (Oct 18)
rPSA-2010-0072-1 curl rPath Update Announcements (Oct 27)
rPSA-2010-0065-1 krb5 krb5-server krb5-services krb5-workstation rPath Update Announcements (Oct 18)
rPSA-2010-0074-1 ImageMagick rPath Update Announcements (Oct 27)
rPSA-2010-0063-1 perl rPath Update Announcements (Oct 18)
rPSA-2010-0073-1 lftp rPath Update Announcements (Oct 27)
rPSA-2010-0070-1 cpio tar rPath Update Announcements (Oct 27)
rPSA-2010-0075-1 sudo rPath Update Announcements (Oct 27)
s2-security
CVE-2010-3700: Spring Security bypass of security constraints s2-security (Oct 27)
Salvatore Fresta aka Drosophila
MyCart 2.0 Multiple Remote Vulnerabilities Salvatore Fresta aka Drosophila (Oct 27)
JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities Salvatore Fresta aka Drosophila (Oct 12)
AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities Salvatore Fresta aka Drosophila (Oct 27)
SecPod Research
Pecio CMS XSS Vulnerability SecPod Research (Oct 21)
Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities SecPod Research (Oct 21)
Micro CMS Persistent XSS Vulnerability. SecPod Research (Oct 21)
Secunia Research
Secunia Research: RealPlayer QCP Sample Chunk Parsing Buffer Overflow Secunia Research (Oct 18)
Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability Secunia Research (Oct 27)
Secunia Research: Microsoft Excel Record Parsing Integer Overflow Vulnerability Secunia Research (Oct 13)
Secunia Research: Microsoft Excel Ghost Record Type Parsing Vulnerability Secunia Research (Oct 13)
Secunia Research: Microsoft Excel Extra Out of Boundary Record Vulnerability Secunia Research (Oct 13)
Secunia Research: Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability Secunia Research (Oct 13)
security
[ MDVSA-2010:201 ] freetype2 security (Oct 13)
[ MDVSA-2010:212 ] glibc security (Oct 25)
[ MDVSA-2010:202 ] krb5 security (Oct 13)
[ MDVSA-2010:210 ] firefox security (Oct 25)
[ MDVSA-2010:208 ] pidgin security (Oct 21)
[ MDVSA-2010:209 ] libsmi security (Oct 22)
[ MDVSA-2010:203 ] automake security (Oct 14)
[ MDVSA-2010:211 ] mozilla-thunderbird security (Oct 25)
[ MDVSA-2010:199 ] subversion security (Oct 12)
[ MDVSA-2010:198 ] kernel security (Oct 08)
[ MDVSA-2010:196 ] dovecot security (Oct 05)
[ MDVSA-2010:213 ] xulrunner security (Oct 28)
[ MDVSA-2010:205 ] freeciv security (Oct 15)
[ MDVSA-2010:192 ] apr-util security (Oct 04)
[ MDVSA-2010:197 ] postgresql security (Oct 06)
[ MDVSA-2010:193 ] qt-creator security (Oct 04)
[ MDVSA-2010:195 ] libesmtp security (Oct 05)
[ MDVSA-2010:191 ] mailman security (Oct 04)
[ MDVSA-2010:207 ] glibc security (Oct 21)
[ MDVSA-2010:194 ] git security (Oct 04)
[ MDVSA-2010:204 ] avahi security (Oct 14)
[ MDVSA-2010:200 ] wireshark security (Oct 13)
[ MDVSA-2010:199 ] subversion security (Oct 12)
Security_Alert
ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator Security_Alert (Oct 06)
security-alert
[security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) security-alert (Oct 26)
[security bulletin] HPSBUX02351 SSRT080058 rev.5 - HP-UX Running BIND, Remote DNS Cache Poisoning security-alert (Oct 14)
[security bulletin] HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Modification security-alert (Oct 21)
[security bulletin] HPSBMA02591 SSRT100299 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Privilege Escalation security-alert (Oct 21)
[security bulletin] HPSBMA02533 SSRT080049 rev.1 - HP LoadRunner Web Tours 9.10 Remote Denial of Service security-alert (Oct 27)
[security bulletin] HPSBMA02593 SSRT100237 rev.1 - HP Virtual Connect Enterprise Manager (VCEM) for Windows, Remote Arbitrary File Download security-alert (Oct 22)
[security bulletin] HPSBMI02580 SSRT100254 rev.1 - Palm webOS, Code execution vulnerability in Palm webOS service API security-alert (Oct 27)
[security bulletin] HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Arbitrary Code security-alert (Oct 27)
[security bulletin] HPSBTU02496 SSRT090245 rev.1 - HP Tru64 UNIX Running NTP, Denial of Service (DoS) security-alert (Oct 05)
[security bulletin] HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download security-alert (Oct 26)
[security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access security-alert (Oct 27)
[security bulletin] HPSBPI02398 SSRT080166 rev.6 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files security-alert (Oct 14)
[security bulletin] HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS) security-alert (Oct 26)
[security bulletin] HPSBGN02589 SSRT100296 rev.1 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation security-alert (Oct 14)
[security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access security-alert (Oct 26)
[security bulletin] HPSBMA02598 SSRT100314 rev.1 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF). security-alert (Oct 26)
[security bulletin] HPSBMA02590 SSRT100182 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Arbitrary File Download security-alert (Oct 14)
[security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access security-alert (Oct 27)
[security bulletin] HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS) security-alert (Oct 21)
[security bulletin] HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code security-alert (Oct 26)
[security bulletin] HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access security-alert (Oct 27)
security curmudgeon
Re: XSRF (CSRF) in Zimplit security curmudgeon (Oct 01)
Sense of Security
Adobe Reader 9.3.4 Multiple Memory Corruption - Security Advisory - SOS-10-003 Sense of Security (Oct 07)
Sim IJskes
FIrefox: Bug 602181 – password exposed in memory cache Sim IJskes (Oct 08)
Stefan Fritsch
[SECURITY] [DSA-2117-1] New apr-util packages fix denial of service Stefan Fritsch (Oct 05)
[SECURITY] [DSA-2116-1] New freetype packages integer overflow Stefan Fritsch (Oct 05)
Tavis Ormandy
The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads. Tavis Ormandy (Oct 25)
The GNU C library dynamic linker expands $ORIGIN in setuid library search path Tavis Ormandy (Oct 19)
Thor (Hammer of God)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 13)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 15)
RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 26)
RE: RE: [Full-disclosure] Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 26)
THOTCON Announce
THOTCON 0x2 - Call For Papers is Open -> 10.01.10 THOTCON Announce (Oct 01)
Tom Yu
MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling Tom Yu (Oct 05)
VSR Advisories
VSR Advisories: Linux RDS Protocol Local Privilege Escalation VSR Advisories (Oct 19)
VUPEN Security Research
VUPEN Security Research - Oracle Products HTTP Request Remote Buffer Overflow Vulnerability (CVE-2010-2390) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel RealTimeData Array Indexing Vulnerability (CVE-2010-3240) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Extra PtgExtraArray Parsing Vulnerability (CVE-2010-3239) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Formula Substream Memory Corruption (CVE-2010-3234) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Negative Future Function Vulnerability (CVE-2010-3238) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word LVL Structure Heap Overflow Vulnerability (CVE-2010-3220) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability (CVE-2010-3215) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Formula Record Buffer Overflow Vulnerability (CVE-2010-3231) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Document Buffer Overflow Vulnerability (CVE-2010-2748) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Merge Cell Record Invalid Pointer Vulnerability (CVE-2010-3237) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer Vulnerability (CVE-2010-3216) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Formula Record Dangling Pointer Vulnerability (CVE-2010-3235) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Record Array Indexing Vulnerability (CVE-2010-3236) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Document Heap Overflow Vulnerability (CVE-2010-3218) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Out-of-Bounds Memory Write Vulnerability (CVE-2010-3241) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Short Sign Memory Corruption Vulnerability (CVE-2010-3221) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing Vulnerability (CVE-2010-3219) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Uninitialized Pointer Vulnerability (CVE-2010-2747) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability (CVE-2010-3242) VUPEN Security Research (Oct 14)
VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217) VUPEN Security Research (Oct 14)
watercloud watercloud
ubuntu 10.04 xterm heap overflow,can it be exploit ? watercloud watercloud (Oct 13)
xpo xpo
USBsploit 0.3b xpo xpo (Oct 14)
USBsploit 0.4b - added: Auto[run|play] USB infection & PDF xpo xpo (Oct 27)
Yam Mesicka
Aardvark Topsite XSS vulnerability Yam Mesicka (Oct 25)
YGN Ethical Hacker Group
Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Oct 12)
ZDI Disclosures
ZDI-10-192: Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability ZDI Disclosures (Oct 06)
ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability ZDI Disclosures (Oct 04)
ZDI-10-193: Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability ZDI Disclosures (Oct 06)
ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability ZDI Disclosures (Oct 04)
ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability ZDI Disclosures (Oct 06)