Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
198 messages
starting Sep 12 11 and
ending Sep 06 11
Date index |
Thread index |
Author index
abhijeet
[Announcement] ClubHack Magazine - Call for Articles abhijeet (Sep 12)
[Announcement] ClubHack Mag Issue 20- September 2011 Released abhijeet (Sep 06)
ACROS Security Lists
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 15)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
Adam Baso
OWASP AppSec USA 2011 - Two Weeks Away Adam Baso (Sep 08)
advisory
Multiple vulnerabilities in Traq advisory (Sep 28)
Multiple vulnerabilities in SiT! Support Incident Tracker advisory (Sep 14)
XSS in Zikula advisory (Sep 07)
Multiple vulnerabilities in Help Desk Software advisory (Sep 21)
Multiple vulnerabilities in MantisBT advisory (Sep 06)
Alexandr Polyakov
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan) Alexandr Polyakov (Sep 16)
CFP for first independent international Security Conference in Russia - ZeroNights (by Defcon-Russia) Alexandr Polyakov (Sep 16)
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan) Alexandr Polyakov (Sep 16)
Aliz 'Randomdude'
Windows server 2008 R1 local DoS Aliz 'Randomdude' (Sep 07)
Amir
PunBB 1.3.6 bug Amir (Sep 26)
Apple Product Security
APPLE-SA-2011-09-09-1 Security Update 2011-005 Apple Product Security (Sep 09)
Boldizsar Bencsath
secureURL.php design flaws Boldizsar Bencsath (Sep 23)
Bugs NotHugs
openvas 2.x race condition Bugs NotHugs (Sep 06)
Call for papers
Extended submission deadline for: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)! Call for papers (Sep 06)
cipri
Security issue is_a function in PHP 5.3.7+ cipri (Sep 23)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Sep 07)
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 15)
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Sep 28)
Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities Cisco Systems Product Security Incident Response Team (Sep 15)
CORE Security Technologies Advisories
CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus CORE Security Technologies Advisories (Sep 15)
Dan Luedtke
Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)] Dan Luedtke (Sep 01)
Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)] Dan Luedtke (Sep 01)
dann frazier
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression dann frazier (Sep 12)
[SECURITY] [DSA 2310-1] linux-2.6 security update dann frazier (Sep 23)
[SECURITY] [DSA 2303-1] linux-2.6 security update dann frazier (Sep 09)
DeepSec Conference
DeepSec 2011 Conference - Final Schedule Published DeepSec Conference (Sep 29)
ehsan_hp200
Virtualismi (prodotto.php?id) Cross Site Scripting Vulnerabilities ehsan_hp200 (Sep 06)
TTW (ricetta.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
WSTAFF Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
ph5gruppo (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 05)
Fulci (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 01)
Manifattura Web (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
MaiNick (ricetta.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
Loop (ricetta.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
Abarkam (detail.php?input) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability ehsan_hp200 (Sep 01)
Editel (news-dettaglio.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
Pranian Group e107 Cross Site Scripting Vulnerabilities ehsan_hp200 (Sep 06)
ITTWeb Remote SQL injection Vulnerability ehsan_hp200 (Sep 05)
Sana Net (viewpages.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 01)
BvCom (dettaglio.php?idnews) Remote SQL injection Vulnerability ehsan_hp200 (Sep 06)
Studio Linea (prodotto.php?id) Remote SQL injection Vulnerability ehsan_hp200 (Sep 05)
fergal . cassidy
Re: Vulnerabilities in trading and SCADA softwares fergal . cassidy (Sep 14)
Fernando Gont
More on IPv6 RA-Guard evasion (IPv6 security) Fernando Gont (Sep 01)
Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)] Fernando Gont (Sep 01)
Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)] Fernando Gont (Sep 01)
IPv6 security presentation at Hack.lu 2011 Fernando Gont (Sep 21)
Florian Weimer
[SECURITY] [DSA 2311-1] openjdk-6 security update Florian Weimer (Sep 28)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-11:03.bind FreeBSD Security Advisories (Sep 28)
FreeBSD Security Advisory FreeBSD-SA-11:04.compress FreeBSD Security Advisories (Sep 28)
FreeBSD Security Advisory FreeBSD-SA-11:05.unix FreeBSD Security Advisories (Sep 28)
fukami
28C3: CFP for 28th Chaos Communication Congress fukami (Sep 09)
Giuseppe Iuculano
[SECURITY] [DSA 2306-1] ffmpeg security update Giuseppe Iuculano (Sep 12)
[SECURITY] [DSA 2307-1] chromium-browser security update Giuseppe Iuculano (Sep 12)
Henri Salo
Re: PunBB 1.3.6 bug Henri Salo (Sep 27)
Irene Abezgauz
Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal Irene Abezgauz (Sep 14)
Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal Irene Abezgauz (Sep 13)
Ivan Buetler
Disassembling .NET Client Challenge Ivan Buetler (Sep 09)
Jeffrey Walton
Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Jeffrey Walton (Sep 16)
Re: Vulnerabilities in trading and SCADA softwares Jeffrey Walton (Sep 15)
Jonathan Brossard
PMCMA: Post Memory Corruption Memory Analysis Jonathan Brossard (Sep 05)
labs-no-reply
iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability labs-no-reply (Sep 14)
iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability labs-no-reply (Sep 28)
iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability labs-no-reply (Sep 14)
iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability labs-no-reply (Sep 28)
iDefense Security Advisory 09.26.11: Novell GroupWise iCal TZNAME Heap Overflow Vulnerability labs-no-reply (Sep 27)
iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability labs-no-reply (Sep 14)
iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability labs-no-reply (Sep 28)
iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability labs-no-reply (Sep 14)
Lists
Cisco TelePresence Multiple Vulnerabilities - SOS-11-010 Lists (Sep 19)
NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF - SOS-11-011 Lists (Sep 20)
liuqx
KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow liuqx (Sep 05)
Luciano Bello
[SECURITY] [DSA 2301-1] rails security update Luciano Bello (Sep 06)
Luigi Auriemma
Vulnerabilities in BroadWin WebAccess Client 1.0.0.10 Luigi Auriemma (Sep 05)
Vulnerabilities in trading and SCADA softwares Luigi Auriemma (Sep 13)
Vulnerabilities in EViews 7.2 Luigi Auriemma (Sep 28)
Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA) Luigi Auriemma (Sep 23)
Integer overflow in Sterling Trader 7.0.2 Luigi Auriemma (Sep 28)
Advisory for MS11-035 / ZDI-11-167 Luigi Auriemma (Sep 13)
Vulnerabilities in PcVue 10 (SCADA) Luigi Auriemma (Sep 28)
Arbitrary memory corruption in NCSS 07.1.21 Luigi Auriemma (Sep 29)
Marc Heuse
Re: [Full-disclosure] HP A-series switches are affected, too. [WAS: More on IPv6 RA-Guard evasion (IPv6 security)] Marc Heuse (Sep 01)
Mark Thomas
[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Mark Thomas (Sep 26)
mbadra
[NTMS 2012] Call for Papers, Istanbul- Turkey, 7 - 10 May 2012 mbadra (Sep 12)
Moritz Muehlenhoff
[SECURITY] [DSA 2308-1] mantis security update Moritz Muehlenhoff (Sep 12)
[SECURITY] [DSA 2313-1] iceweasel security update Moritz Muehlenhoff (Sep 30)
[SECURITY] [DSA 2312-1] iceape security update Moritz Muehlenhoff (Sep 29)
mu-b
Trusteer Rapport and anti-keylogging mu-b (Sep 21)
Nasel Pentest
Vulnerability found in Flynax Classifieds products Nasel Pentest (Sep 26)
Netsparker Advisories
XSS Vulnerabilities in TWiki < 5.1.0 Netsparker Advisories (Sep 23)
Nico Golde
[SECURITY] [DSA 2302-1] bcfg2 security update Nico Golde (Sep 08)
[SECURITY] [DSA 2304-1] squid3 security update Nico Golde (Sep 12)
[SECURITY] [DSA 2305-1] vsftpd security update Nico Golde (Sep 19)
Nicolas Grégoire
XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke Nicolas Grégoire (Sep 15)
noreply
[PT-2011-19] SQL injection vulnerability in Help Request System noreply (Sep 05)
nospam
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit nospam (Sep 15)
Embarcadero ER/Studio XE2 Server Portal Tom Sawyer's Default GET Extension Factory ActiveX Control Remote Code Execution nospam (Sep 07)
Onapsis Research Labs
[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service Onapsis Research Labs (Sep 15)
[Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting Onapsis Research Labs (Sep 15)
[Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation Onapsis Research Labs (Sep 15)
Philippe Langlois
Hackito Ergo Sum 2012 dates Philippe Langlois (Sep 26)
Raphael Geissert
[SECURITY] [DSA 2309-1] openssl security update Raphael Geissert (Sep 14)
Rener Silva
XSS Ebuddy (responsible disclosure) Rener Silva (Sep 06)
Research@NGSSecure
NGS00109 Patch Notification: ImpressPages CMS Remote code execution Research@NGSSecure (Sep 27)
NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux Research@NGSSecure (Sep 21)
research () vulnerability-lab com
European Security Services GPS v1.0 - Multiple Vulnerabilities research () vulnerability-lab com (Sep 28)
Barracuda Backup v2.0 - Multiple Web Vulnerabilities research () vulnerability-lab com (Sep 28)
Roee Hay
Advisory: Dolphin Browser HD Cross-Application Scripting Roee Hay (Sep 20)
Advisory: Opera Mobile Cache Poisoning XAS Roee Hay (Sep 20)
s2-security
CVE-2011-2730: Spring Framework Information Disclosure s2-security (Sep 09)
CVE-2011-2732: Spring Security header injection vulnerability s2-security (Sep 09)
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager s2-security (Sep 09)
CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities s2-security (Sep 09)
Secunia Research
Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow Secunia Research (Sep 27)
Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability Secunia Research (Sep 27)
Secunia Research: InduSoft ISSymbol ActiveX Control Buffer Overflow Vulnerabilities Secunia Research (Sep 01)
security
[ MDVSA-2011:135 ] iproute2 security (Sep 23)
[ MDVSA-2011:133-1 ] mozilla security (Sep 19)
[ MDVSA-2011:137 ] openssl security (Sep 28)
[ MDVSA-2011:132 ] pidgin security (Sep 06)
[ MDVSA-2011:134-1 ] rsyslog security (Sep 19)
[ MDVSA-2011:130-1 ] apache security (Sep 19)
[ MDVSA-2011:132-1 ] pidgin security (Sep 19)
[ MDVSA-2011:136 ] openssl security (Sep 28)
[ MDVSA-2011:133 ] mozilla security (Sep 08)
[ MDVSA-2011:134 ] rsyslog security (Sep 09)
[ MDVSA-2011:138 ] wireshark security (Sep 29)
[ MDVSA-2011:131 ] libxml security (Sep 06)
[ MDVSA-2011:129 ] mozilla security (Sep 06)
[ MDVSA-2011:130 ] apache security (Sep 06)
Security_Alert
ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products Security_Alert (Sep 15)
ESA-2011-018: Domain administration privilege enforcement bypass in EMC Avamar Security_Alert (Sep 12)
security-alert
[security bulletin] HPSBUX02702 SSRT100606 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert (Sep 08)
[security bulletin] HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code security-alert (Sep 01)
[security bulletin] HPSBOV02497 SSRT090245 rev.4 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS) security-alert (Sep 23)
[security bulletin] HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert (Sep 09)
[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification security-alert (Sep 13)
[security bulletin] HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code security-alert (Sep 19)
[security bulletin] HPSBUX02707 SSRT100626 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert (Sep 29)
[security bulletin] HPSBUX02702 SSRT100606 rev.4 - HP-UX Apache Web Server, Remote Denial of Service (DoS) security-alert (Sep 27)
Serguei A. Mokhov (on behalf of EJC2011SecForensics-11)
Invitation to Register and Participate in the Entretiens Jacques Cartier (EJC) Colloquium on IT Security, Cyber Forensics and Combating Cybercrime Serguei A. Mokhov (on behalf of EJC2011SecForensics-11) (Sep 14)
Slackware Security Team
[slackware-security] httpd (SSA:2011-252-01) Slackware Security Team (Sep 09)
[slackware-security] seamonkey (SSA:2011-249-03) Slackware Security Team (Sep 07)
[slackware-security] mozilla-firefox (SSA:2011-249-01) Slackware Security Team (Sep 07)
[slackware-security] mozilla-thunderbird (SSA:2011-249-02) Slackware Security Team (Sep 07)
sohil_garg
[CVE-2011-3645] Multiple vulnerability in Newgen's Omnidocs sohil_garg (Sep 26)
sschurtz
XSS vulnerability in FortiMail Messaging Security Appliance sschurtz (Sep 13)
AdaptCMS 2.0.1 Multiple security vulnerabilities sschurtz (Sep 26)
Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities sschurtz (Sep 29)
openEngine 2.0 'id' Blind SQL Injection vulnerability sschurtz (Sep 27)
Multiple XSS vulnerabilities in LightNEasy 3.2.4 sschurtz (Sep 08)
Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability sschurtz (Sep 26)
Multiple XSS vulnerabilities in CMS Papoo Light Version sschurtz (Sep 12)
Stefan Fritsch
[SECURITY] [DSA 2298-2] apache2 regression fix Stefan Fritsch (Sep 06)
supernothing
Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin supernothing (Sep 07)
Tavis Ormandy
Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux Tavis Ormandy (Sep 23)
Thierry Zoller
TLS/SSL Compatibility Report 2011 Thierry Zoller (Sep 23)
Thijs Kinkhorst
[SECURITY] [DSA 2300-2] nss security update Thijs Kinkhorst (Sep 06)
Thor (Hammer of God)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Thor (Hammer of God) (Sep 16)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Thor (Hammer of God) (Sep 16)
Tomi Tuominen
t2′11 Challenge to be released 2011-09-10 10:00 EEST Tomi Tuominen (Sep 06)
Trustwave Advisories
TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation Trustwave Advisories (Sep 26)
TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server Trustwave Advisories (Sep 26)
vuln
Colasoft Capsa7.2.1 Malformed SNMP Packet Denial of Service vuln (Sep 14)
VUPEN Security Research
VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability VUPEN Security Research (Sep 19)
VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability VUPEN Security Research (Sep 14)
VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability VUPEN Security Research (Sep 28)
VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability VUPEN Security Research (Sep 14)
VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability VUPEN Security Research (Sep 14)
VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability VUPEN Security Research (Sep 14)
VUPEN Security Research - Novell GroupWise "BYWEEKNO" Remote Memory Corruption Vulnerability VUPEN Security Research (Sep 28)
VUPEN Security Research - Novell GroupWise "integerList" Remote Buffer Overflow Vulnerability VUPEN Security Research (Sep 28)
VUPEN Security Research - Novell GroupWise "RRULE" Remote Buffer Overflow Vulnerability VUPEN Security Research (Sep 28)
VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability VUPEN Security Research (Sep 14)
VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability VUPEN Security Research (Sep 14)
YGN Ethical Hacker Group
Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Sep 26)
Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group (Sep 29)
ZDI Disclosures
ZDI-11-279: (0day) Witness Systems eQuality Unify Remote Code Execution Vulnerability ZDI Disclosures (Sep 06)
ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability ZDI Disclosures (Sep 01)
ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability ZDI Disclosures (Sep 06)