Bugtraq: by date

PreviousPrevious period
Next periodNext

236 messages starting Sep 01 10 and ending Sep 30 10
Date index | Thread index | Author index

Wednesday, 01 September

[SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities Moritz Muehlenhoff
[ MDVSA-2010:167 ] perl-libwww-perl security
VMSA-2010-0013 VMware Security Team
VMSA-2010-0013 VMware ESX third party updates for Service Console VMware Security Team
XSS vulnerability in Amiro.CMS FAQ advisory
Tortoise SVN DLL Hijacking Vulnerability nikhil_uitrgpv
XSS vulnerability in Rumba CMS advisory
XSS vulnerability in ArtGK CMS forum advisory
XSS vulnerability in Rumba CMS tags advisory
Online Binary Planting Exposure Test ACROS Lists
XSS vulnerability in ArtGK CMS advisory

Thursday, 02 September

[USN-982-1] Wget vulnerability Marc Deslauriers
[ MDVSA-2010:169 ] mozilla-thunderbird security
[ MDVSA-2010:168 ] openssl security
Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll) YGN Ethical Hacker Group
{PRL} Novell Netware OpenSSH Remote Stack Overflow Francis Provencher
Vulnerabilities in CMS WebManager-Pro MustLive

Friday, 03 September

Rooted CON 2011 - Call for Papers Román Ramírez
[security bulletin] HPSBMA02572 SSRT100082 rev.1 - HP Operations Agent Running on Windows, Local Elevation of Privileges and Remote Execution of Arbitrary Code security-alert
[ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code Alex Legler
nullcon Goa dwitiya (2.0) Call For Papers nullcon
[SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution Sebastien Delafond
[ MDVSA-2010:170 ] wget security
VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249) VUPEN Security Research
Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation? steve . povolny

Tuesday, 07 September

Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL) YGN Ethical Hacker Group
chillyCMS Multiple Vulnerabilities admin
Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities sattler
[SECURITY] [DSA-2104-1] New quagga packages fix denial of service Florian Weimer
Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group
Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability sattler
[TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf Laurent OUDOT at TEHTRI-Security
nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. nikhil_uitrgpv
Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil Rodrigo Rubira Branco (BSDaemon)
XSS in Horde Application Framework <=3.3.8, icon_browser.php Moritz Naumann
H2HC São Paulo - Capture the Captcha Rodrigo Rubira Branco (BSDaemon)
[ GLSA 201009-03 ] sudo: Privilege Escalation Alex Legler
[SECURITY] [DSA-2103-1] New smbind packages fix sql injection Giuseppe Iuculano
The Zed Attack Proxy (ZAP) version 1.0.0 psiinon
[ MDVSA-2010:171 ] lvm2 security
[USN-983-1] Sudo vulnerability Jamie Strandboge
Security problems in Zenphoto version 1.3 Bogdan Calin

Wednesday, 08 September

[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities Giuseppe Iuculano
Recent developments in FireWire Attacks Freddie Witherden
[SECURITY] [DSA 2098-2] New typo3-src packages fix regression Thijs Kinkhorst
Re: etax 2010 failure to validate remote ssl certificate properly dave b
Call for Participation - GameSec 2010 - Berlin, Germany Albert Levi
[USN-984-1] LFTP vulnerability Marc Deslauriers
[security bulletin] HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS) security-alert
[ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code Stefan Behte
[ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities Stefan Behte
etax 2010 failure to validate remote ssl certificate properly dave b
Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability sattler
[ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities Tobias Heinlein
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco Systems Product Security Incident Response Team
ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSA® Access Manager Server under certain conditions. Security_Alert
ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA® Access Manager Agent when working with RSA® Adaptive Authentication. Security_Alert
[USN-985-1] mountall vulnerability Kees Cook
ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing. Security_Alert

Thursday, 09 September

[SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution Sebastien Delafond
Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability. Fyodor
ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1) ACROS Security Lists
[security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local security-alert
Binary Planting Goes "EXE" ACROS Security Lists
SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3 Bogdan Calin
[security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code security-alert
[USN-975-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge
[USN-978-1] Thunderbird vulnerabilities Jamie Strandboge
Re: etax 2010 failure to validate remote ssl certificate properly dave b

Friday, 10 September

[SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities Moritz Muehlenhoff
[ MDVSA-2010:172 ] kernel security
Re: Binary Planting Goes "EXE" Stefan Kanthak
Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group
Medium security flaw in Apache Traffic Server Tim Brown
PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll) YGN Ethical Hacker Group
Re: Binary Planting Goes "EXE" Christian Sciberras
Internet Download Accelerator 5.8 Remote Buffer Overflow g1xsystem
[DCA-00015] YOPS Web Server Remote Command Execution Rodrigo Escobar

Monday, 13 September

International Hacking Conference "POC2001" Call for Paper pocadm
[SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities Thijs Kinkhorst
MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability marian . ventuneac
[ MDVSA-2010:175 ] sudo security
[ MDVSA-2010:179 ] libglpng security
[ MDVSA-2010:174 ] quagga security
MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability marian . ventuneac
[ MDVSA-2010:180 ] rpm security
MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities marian . ventuneac
Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service yangdn
Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities Secunia Research
H2HC 2010 Sao Paulo - Capture the Flag Rodrigo Rubira Branco (BSDaemon)
[ MDVSA-2010:176 ] tomcat5 security
Adobe LiveCycle ES DLL Hijacking Exploit (.dll) admin
[ MDVSA-2010:177 ] tomcat5 security
[ MDVSA-2010:178 ] ocsinventory security
MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities marian . ventuneac
ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability ZDI Disclosures

Tuesday, 14 September

CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability Aditya K Sood
[DCA-00016 - Nokia E72 Keyboard Password bypass] Crash
[SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution Sébastien Delafond
Web challenges from RootedCON'2010 CTF - Contest Roman Medina-Heigl Hernandez
ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2010:181 ] ntop security
rPSA-2010-0056-1 httpd mod_ssl rPath Update Announcements
[security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information security-alert
[USN-987-1] Samba vulnerability Marc Deslauriers
ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability ZDI Disclosures
[FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS) Lyndon Nerenberg
[FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS) Lyndon Nerenberg
[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS) Lyndon Nerenberg
Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability Secunia Research
New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1" Amit Klein
[FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS) Lyndon Nerenberg
ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability ZDI Disclosures
[ MDVSA-2010:182 ] kdegraphics security

Wednesday, 15 September

XSS vulnerability in AContent search advisory
XSS vulnerability in Atutor edit content folder advisory
XSS vulnerability in AContent advisory
XSS vulnerability in AContent advisory
XSS vulnerability in ATutor advisory
XSS vulnerability in AChecker advisory
[Suspected Spam]Directory Traversal in Axigen v7.4.1 running on Windows Bogdan Calin
XSS (cross site scripting) vulnerability in Serendipity advisory
XSS vulnerability in SantaFox search module advisory
XSRF (CSRF) in SantaFox advisory
ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2010:183 ] socat security
MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities marian . ventuneac
MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities marian . ventuneac

Thursday, 16 September

[security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS) security-alert
[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities security-alert
[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow Stefan Fritsch

Friday, 17 September

[ MDVSA-2010:184 ] samba security
[SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues dann frazier
[USN-978-2] Thunderbird regression Jamie Strandboge
[security bulletin] HPSBUX02546 SSRT100159 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information security-alert
[oCERT-2010-003] Free Simple CMS path sanitization errors Andrea Barisani
[USN-975-2] Firefox and Xulrunner regression Jamie Strandboge

Monday, 20 September

Searching for DropBox security contact Rebecca Menessec
[security bulletin] HPSBMA02568 SSRT100219 rev.2 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities security-alert
SQL injection vulnerability in e107 advisory
[SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities Steffen Joeris
[USN-986-2] ClamAV vulnerability Jamie Strandboge
[USN-986-1] bzip2 vulnerability Jamie Strandboge
[SECURITY] [DSA 2111-1] New squid3 packages fix denial of service Steffen Joeris
[SECURITY] [DSA-2106-2] New xulrunner packages fix regression Stefan Fritsch
SQL injection vulnerability in e107 advisory
n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760 security
[SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow Stefan Fritsch
Vulnerabilities in IB Promotion Advanced Business Web Suite MustLive
FreeBSD Security Advisory FreeBSD-SA-10:08.bzip2 FreeBSD Security Advisories
n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760 security
n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server security
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall Stefan Kanthak
Binary Planting Attack Vectors - There's more than one way to skin a cat... or plant a binary, for that matter ACROS Security Lists
[USN-986-3] dpkg vulnerability Jamie Strandboge
[ MDVSA-2010:185 ] bzip2 security
Battle.net Mobile Authenticator MITM Vulnerability yawninglol
[USN-989-1] PHP vulnerabilities Marc Deslauriers

Tuesday, 21 September

Security Contact Allianz IT-Infrastructure - Germany Stefan Bauer
[ MDVSA-2010:186 ] phpmyadmin security
Exploit Next Generation® Methodology Nelson Brito
[USN-990-2] Apache vulnerability Marc Deslauriers
[USN-990-1] OpenSSL vulnerability Marc Deslauriers
CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability sk
[ISecAuditors Security Advisories] Insecure Direct Object Reference in tuenti.com allow to read of any message user ISecAuditors Security Advisories
[ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0 ISecAuditors Security Advisories

Wednesday, 22 September

[ GLSA 201009-08 ] python-updater: Untrusted search path Stefan Behte
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS SSL VPN Vulnerability Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
[ GLSA 201009-07 ] libxml2: Denial of Service Stefan Behte
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team
TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities Salvatore Fresta aka Drosophila
CONFidence 2.0 2010 - Call for Papers - 29-30.11.2010 Prague Andrzej Targosz
[ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability adv
ESA-2010-017: RSA, The Security Division of EMC, announces a security update for RSA Authentication Agent 7.0 for Web, which addresses a potential directory traversal vulnerability Security_Alert

Thursday, 23 September

[ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483 ISecAuditors Security Advisories
[security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection security-alert
Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability info
[security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure security-alert
[security bulletin] HPSBMA02585 SSRT100256 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) security-alert
[ MDVSA-2010:187 ] squid security
[ MDVSA-2010:188 ] kernel security
[security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection security-alert
Netscape Web Browser (CSS) Cross Domain Vulnerability info
Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability phara0h

Friday, 24 September

Re: Netscape Web Browser (CSS) Cross Domain Vulnerability Michal Zalewski
TWSL2010-005: FreePBX recordings interface allows remote code execution Trustwave Advisories
VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues VMware Security team
Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability security
[ MDVSA-2010:189 ] pcsc-lite security

Monday, 27 September

[ MDVSA-2010:189-1 ] pcsc-lite security
Vulnerabilities in CMS MYsite MustLive
Exploit Next Generation(R) Example Codes Nelson Brito
Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453 Rodrigo Branco
[SECURITY] [DSA-2114-1] New git-core packages fix regression Stefan Fritsch
SQL injection vulnerability in e107 advisory
XSS vulnerability in Entrans advisory
SQL injection vulnerability in Entrans advisory
SQL injection vulnerability in Entrans advisory
XSS in Horde IMP <=4.3.7, fetchmailprefs.php Moritz Naumann

Tuesday, 28 September

[oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference Andrea Barisani

Wednesday, 29 September

Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS Yam Mesicka
Re: XSS vulnerability in CompuCMS security curmudgeon
[USN-996-1] Mako vulnerability Marc Deslauriers
XSS vulnerability in GetSimple CMS advisory
[USN-994-1] libHX vulnerability Marc Deslauriers
[USN-995-1] libMikMod vulnerabilities Marc Deslauriers
Re: XSS vulnerability in Auto CMS security curmudgeon
[USN-993-1] libgdiplus vulnerability Marc Deslauriers
XSRF (CSRF) in Zimplit advisory
[security bulletin] HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege Escalation security-alert
XSS vulnerability in Pluck advisory
[Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service Onapsis Research Labs
[USN-992-1] Avahi vulnerabilities Marc Deslauriers

Thursday, 30 September

[ GLSA 201009-09 ] fence: Multiple symlink vulnerabilites Stefan Behte
VMSA-2010-0015 VMware ESX third party updates for Service Console VMware Security team
[SECURITY] [DSA-2115-1] New moodle packages fix several vulnerabilities Florian Weimer
ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities ZDI Disclosures
JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities Salvatore Fresta aka Drosophila
ZDI-10-185: IBM TSM FastBack Server _Eventlog Format String Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-187: IBM TSM FastBack Server _DAS_ReadBlockReply Remote Denial of Service Vulnerability ZDI Disclosures
ZDI-10-179: IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability ZDI Disclosures
[security bulletin] HPSBMA02558 SSRT100158 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert
ZDI-10-184: IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability ZDI Disclosures
ZDI-10-181: IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability ZDI Disclosures
ZDI-10-183: IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability ZDI Disclosures
[ MDVSA-2010:190 ] libtiff security
ZDI-10-180: IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability ZDI Disclosures
Re: XSS vulnerability in Pluck security curmudgeon
PreviousPrevious period
Next periodNext